Cisco Switching/Routing :: 2960S / QoS At Layer For Single VLAN
Jun 27, 2012
I got a different scenario from one of my client.My client have two different branch offices and have 50Mbps point to point connectivity between them. All users in both braches using same series of IP pool ( 192.168.224.0/24) in both branches.Both branches he had only Cisco 2960S series switches only. And in both branches he is using IP cameras. He will monitor the assets by accessing IP cameras through the browser.His requirement is, he wants to prioritize the Video traffic( monitoring through the browser) over the normal data traffic.Note: He had a single VLAN only.
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20. At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
I have a live 28port Catalyst 2960S switch. By live I mean that there is an essential piece of equipment plugged into this switch that can suffer little to no downtime. Over the course of time the number of devices patched into this location has increased to exceed the 24 ports available and we have had to resort to adding unmanaged switches to fill the need. We have acquired an additional 2960 & stacking modules that I would like to stack together, keeping the existing switch as the master. It is my understanding that the stacking modules are hot-swappable and that this member switch can be added without bringing the master switch down, thus creating zero down time for the financial server that is connected.
The steps I believe that need to be followed are as such: write mem to existing switch and backup to our TFTP serverinstall the stack module in the existing (while powered up) and new (while powered down)place the 2 redundant FlexStack link cables on both switchesthen simply power the member switch on After boot the member switch will get it's OS and configuration from the master and I can begin moving CAT5 cables from the unmanaged switches to the stack.
I need to set QOS in our new network. We have connected 2 cities together with 700Mbit leased line. On each side we have Catalyst 2960S switches and between them is TRUNK for VLAN 10 and Vlan 20.Vlan 10 is for IPTV (fixed 400 Mb/s for CATV)Vlan 20 is for Internet (rest).Sometimes is happening that Vlan 20 takes more than 400 Mb/s for a few seconds and in this situation we have problems with CATV.Is there any way to make a guaranteed bandwidth 410 Mb/s for CAT - VLAN 10 on this swithces?
I have hybrid network in which I want to configure VLAN on Cisco 2960 S switch. I have unmanged switch where my DHCP server and other servers are connected. Now I created two VLANs on cisco 2960S and they don't talk each other, but as soon as I connect unmanaged switch to 2960S switch, both VLANs start communicating which I don't want. I want to listen server traffic from unmanaged switch from both VLANs but simultaneously I don't want to communication between two VLANs.
We are trying to setup a new configuration with 2960S as access switchs and a 4507 as a core switch.I want to protect the management IP VLAN of the swich using vrf on the 4507 so we :
SHUT VLAN 1 on every switch (2960 + 4507) CREATE A NEW VLAN 289 (management vlan) -> IP network : 10.32.126.192/26 L3 VLAN on every switch VLAN 289 in the VRF XXX on the 4507 create tunk between the switch and the 4507 : switch mode trunk allowed vlan 200-230 sw trunk native vlan 289
so with this configuration on the 2960 the vlan 289 is UP/DOWN and UP/UP on the 4507 I can access to the 4507 using the IP in the VLAN 289 but i cannot access to the 2960 behind the 4507 CDP connectivity is ok?
Have multiple Catalyst 2960S switches, Cisco 2911 router and ASA 5510 firewall.
On the router have subinterfaces created for the VLAN's Int FA0.0/41 for wirless VLAN setup with IP 10.10.41.100 Int FA0.0/60 for new Voice VLAN setup with IP 10.10.60.100 Internal network is 10.10.10.0/24 and LAN IP of router is 10.10.10.100 Have default route setup to push traffic from the router to the firewall ip route 0.0.0.0 0.0.0.0 10.10.10.251
On the firewall have added the new VLAN 10 (10.10.60.0) to the network object-group Have configured route inside command route 10.10.60.0 255.255.255.0 10.10.10.100 1 Have also added the NAT command nat (inside) 1 10.10.60.0 255.255.255.0
On the 2960 I have my laptop connected to port 45 and I have it configured as follows switchport mode access switchport access vlan 10
I assign my computer a static IP address of 10.10.60.84/255.255.255.0/10.10.60.100 with 10.10.10.11 as DNS server. When I do this, I can ping anything on the 10.10.60.0 network, I can ping anythign on the LAN 10.10.10.0 network. I am able to connect MSN messenger, I am able to do NSLOOKUP and get outside IP addresses to resolve. I am unable to browse the Internet though. I am not sure where the problem is at though. It doesn't make sense to me, as it is setup the same way as VLAN 41 which is the wireless network, and when users connect to that, they get out to the Internet with no issues.
i have a Catalyst 2960S since 2 days. I am a new user, i like to configure the switch! my first problem is: i have 2 v LAN vlan1/24 and vlan200/24. I'd like to config port1 to be tagged on the 2 v LAN i know from hp port must be tagged. how can i config port 1 to be tagged on vlan1 and vlan200? and port 2 to be untagged in vlan1 and untagged in vlan200?
I've turned up a new layer 2 WAN link between two data centres and i'm having some trouble trying to logically figure out how things should be configured.As you can see from the diagram i've created, I have the link connected on port 13 on one switch and port 14 on the other. Both ports have an IP address assigned to them and they can both ping each other..
The problem comes when I need to add routes in order to get traffic flowing over the link.I added an IP address to switch 2 on the link interface (port 14) as: 192.168.4.10
I then added an IP address to switch 1 on the link interface (port 13) as:
192.168.1.10 192.168.2.10
When I tried to add 192.168.3.10, it said "192.168.3.0 overlaps with VLAN2626". This would be correct as Vlan 2626 has an IP address of 192.168.3.15.
However, if I remove the IP address from vlan 2626 and add 192.168.3.10 to vlan 2 (the link port VLAN), I would surely lose remote access to the switch. (I'm telnetting into the switch from a machine on vlan 2626).
I started to tinker with this by manually adding a route to a server in each location and seeing if I could get traffic to flow:
On server 1: route add 192.168.4.0 MASK 255.255.255.0 192.168.1.10 METRIC 1 On server 2: route add 192.168.1.0 MASK 255.255.255.0 192.168.4.10 METRIC 1
If I try to tracert 192.168.1.20 from server 2, the first hop is the default gateway instead of 192.168.4.10.
The ultimate goal is to add the static routes to the Layer 3 router/firewall, but before I do that, I need to be sure of what to add to that router (It's a manged firewall from the data centre, so I don't have access to it and I need to raise firewall change requests to get the work done, so want to ensure it's right first time.
Has anything changed in the way of defaults for creating a trunk port and spanning-tree between a 3750x and the newer 2960s? I have one of each I just took out of the box and applied my standard switch configuration template but I cannot get my VLANs that are configured on my 3750X to appear on the 2960S. I find nothing that is blocking and everything seems to be forwarding and I am running out of things to check.
I would like to know if it is possible to assign a 3rd IP address to my end user vlan. Basically the 45xx acts as my end user gateway and has been confirgured as below
interface VlanXX description Main Vlan ip address 2.X.X.X 255.255.255.0 secondary ip address 1.X.X.X 255.255.252.0
[Code].....
Here, due to IP address exhaustion in my end-user network, i want to add one more subnet X.X.X.X/22 to my network and assign one IP more from this range to the above vlan to act as the gateway IP.
I have enabled IP DHCP snooping on a 24 port 3560 switch (v small office) and let the database fill up, now I have added dynamic arp inspection on the single vlan and I amd getting these errors.
I understand the vlans on the catalyst side of the house on 2900 to 6500 Catalyst switches.
This 7010 running nx-os 5.1(3) I did not setup, but have to manage it. Hasn't really been a proble till now.
My nexus 7010 has a Layer 2 only vlan 11. It is "Active" but the interface is "shutdown". Yet, it is passing traffic across the directly connected ports on the nexus 7010 and to other switches in my network. Vlan 11 is being set out via VTP to all my switches and things are running fine.
I need to create another L2 only Vlan. I can't seem to find any docs that indicate that a Layer2 vlan Interface on nx-os should be in "shutdown" mode as part of the setup. I do see in the docs where it has to be set "Active" as part of the process.
Is this the correct way to seutp a L2 only vlan on nex-os? Leave the interface in "shutdown" but make it "Active"?
Mystery Vlan 4 and 6 The mystery deepens. I have other L2 vlans ,Vlan4&6 that are NOT defined as "Interface Vlan4" in the nexus config, yet it is applied to GigE ports on the nexus and these Vlans 4/6is also being sent out VTP to all switches. Even weirder is that these vlans have names associated with the numbers. These are valid Vlans that were configured on the old 6509 before the Nexus was installed.
I have checked all switches, NONE are running in Server mode for VTP, all are in CLIENT. The nexus 7010 is the only device running in VTP Server mode.
We are currently using two Nexus 5548UP's as our Datacenter Network Core. I have a pretty simple objective: I would like to enable Jumbo Frames on a single VLAN only(VLAN 65). This VLAN is used strictly for backups. I do not want to enable Jumbo Frames on the other VLANs(VLANs 1-10). Im not sure what the best way to do this is.....or if it is even possible but I am hoping to get some configuration examples.
I just inherited a network and feel like.I am missing something. We use ATT&T Opt-E-Man which limits the MAC address to 50 for the connection or you have to pay.Hence the routing VLAN is the only access across the two sites.I have a VoIP vendor who insists on using the same VLAN for all sites. Upon exam the VLAN is at the remote site but it does not work.
My first question is I have an access layer switch which is a single VLAN and I am trunking that VLAN to a distribution layer switch, I can ping the gateway on the distribution layer switch for THAT VLAN, But cannot ping the gateway address for the second VLAN I have on the distribution layer switch. I know it is simple, But I have forgotten and just need a push
Also I have a third VLAN set to route traffic not bound for those 2 VLANs out to a router is the statement "ip route 0.0.0.0 0.0.0.0 172.16.252.2" good enough and do I actually need to create a VLAN for that traffic? and if so, is an access switchport the best option?
I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right? Doesn't this limitation significantly reduce the usefulness of the DVA feature?
I have six Cisco 300 Series switches in Layer 2 mode. They are all connected using ports in Trunk mode. These Trunks are tagged members of all VLANS.
I have one 300 series in layer 3 mode with IP address assigned to each VLAN.I would like to use one Internet gateway for multiple VLANS. This gateway has numerous IP ports that forward to internal ip addresses on various machines.
All i9nternal clients use their respective VLAN IP as their default gateway.The Layer 3 switch is connected to one of the Layer 2's using a Trunk that is a tagged member of all of the VLANS.
I understand how traffic routes from a client to its respective VLAN gateway. Where I am confused is how it routes from there to the Internet gateway? Internet gateway is 192.168.1.1.VLAN IP's are 192.168.2.1, 192.168.3.1, etc...
Should the Internet Gateway be patched into the Layer 3 switch or one of the Layer 2's using a separate "Internet" VLAN?
Connecting ASA 5520 to two Catalyst 3560G layer 3 switches. What's the best practice to connect the asa-5520 at the edge, to the core of my network? What I'm looking to do is connect two routed gigabit ports (gi0/2 and gi03) to two seperate layer 3 routed ports on catalyst 3560G. I'm wondering how to do it, or if there's any type of failover method? I'm running EIGRP in the network and the link to the first core switch has a /30 point to point connection. Everything works fine, I'm just not sure how to connect the second switch to the firewall. Should I use the a different /30 for the point to point connection to csw02 gi0/48? (See attachment) How would this affect traffic flowing through this interface? Would I have to duplicate rules I have on my inside (gi0/2) interface? Is there a way to make the inside2 interface standby some how? I want to know the best way to set this up, so in the event csw01 goes down I don't loose internet. Will EIGRP work it's magic and only use 1 path to the ASA? Should I even be using routed interfaces on the ASA and just use trunked mode?Running ASA 8.4?
I have recently split the voice vlan (10) from the data network (1), and am wondering why my catalysts and router do not require an interface Vlan10 statement. In the past I used OpenBSD boxes to do the routing, and I first needed to configure vlan 10 on the interface before I could get inter-vlan communication to work. With these Cisco devices it works, and I am wondering if it is because of VTP, for the fact that the ports maybe just pass all traffic, or is there some other explanation? Below is the setup, and firmware is up-to-date on all of the devices.
When I plug a phone into the POE SGE, the phone turns on, obtains an address on the proper subnet, and conversations are clear (whereas without the ip nat inside on the new subnet the calls had a lot of static). Possibly the reason that it works is because the phones properly create the tcp/ip packet, and it hops over the trunks and creates the states so that traffic routes back properly. I will install wireshark to see exactly what is going on, but is there a simple explanation that I am overlooking?
I have C2960S-48FPS-L and C2960S-24TS-S both of them are using C2960S-UNVERSALK9-M image with version 15.0(2)SE on both I run "mls qos"
and on 48FPS-L I run "mls qos map cos-dscp..."on 24TS-S I cannot run it. there is no such command. there is just "mls qos rewrite..." and "mls qos srr-queue..." variants.
I thought that one image give the same set of commands...?
It is understood that sub-50 ms ERPS convergence can be achieved with certain HW/SW combinations.
1) What are the platforms supported (and with what FW/SW) has this been tested ?any results that can be shared?
2) Link failure detection in GigE on Copper is slower compared to GigE over "pure" Fibre; so no sub-50ms would be possible with Copper ring ports.is sub-50ms convergence achievable with "combo SFP ports" ?
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE) 6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4 For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
We are setting up a test lab in our DMZ. The path to the internet is basically like this. Anything past the firewall is irrelevant. For this lab lets assume it is vlan 300.
LAB SW ---> DMZ-SW ---> ASA FW ---> INTERNET LAB IP Range = 172.16.300.0 /24 GW = 172.16.300.1 (On FW int) Trunked all the way through.
I have an int vlan set up on the LAB SW. It is being trunked to DMZ SW. DMZ trunks it to ASA FW where there is a failover with a redundant switch.On the ASA the interface 0/2 is a subinterface 0/2.300 being used as the default gateway.
I have DHCP running in a specific range on the LAB SW and do get an ip address when plugged in. I cannot ping the default gateway on the ASA FW.The GW is defined using default-router command for 172.16.300.1 i.e. default-router 172.16.300.1?
We are running ospf on the firewall. There appears to be a pattern with ospf and a similar subnet setup elsewhere. I was wondering based off of this info would configuring ospf for 172.16.300.0/24 allow me to ping the GW from a client on the LAB SW.Secondly. I trunked 300 on the DMZ SW but I didnt add the vlan to the configuration. i.e. conf t <enter> vlan 300 <enter> Does this really matter? Or is having the vlan in the configuration only pertain to access mode on interfaces?
while i am configuring a port on switch .The switch reloads.After reload the show version says,System returned to ROM by bus error at PC 0x458F6C, address 0x0,show version from the effected switch is,Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1).
I am currently having an issue with connecting a Catalyst 2960-S switch to a Small Business SG300 switch. When I connect them they are unable to form a link. When I do a show spanning-tree it says the mst link is in dispute.
I read some papers about QoS. The thing is that I have to implement 30 switches with QoS to connect to a lot of Cisco IP phones. The switches are Cisco 2960S with code image "C2960S Software (C2960S-UNIVERSALK9-M), Version 12.2(55)SE3". Should I use autoQoS feature or manually configure them?. How should I treat uplinks between access switchs and core/distribution? I have a lot of doubts regarding queueing, because all the info I had read its for another model/image.
I'm looking at the WS-C2960S-48TD-L and have a question about the uplink ports. Is it possible to mix 10G on one uplink and 1G on the other? The datasheet says 2x10G SFP+, 2x1G SFP so I am thinking mixing is not possible.
just got new hardware and decided to try the newer USB port for IOS upgrades. I could not get the switch to recognize my 2gig flash drive. Do I need a proprietary stick or special format?
I also noticed when I removed it the switches crash dump and rebooted?
vlan 10 ports 1-10 vlan 21 ports 11-20 vlan 30 port 21-30 vlan 40 ports 31-40 default vlan should be vlan 21
I have the servers, switch and router connected to vlan 21. Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19
[code] Building configuration... Current configuration : 4833 bytes ! version 12.2 no service pad
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
