After changing the VTP mode to from client to transparent, I noticed the output of 'show run' now displays the vlans. I don't have any spare 2970s to check this with at the moment. Output of 'show run' looks like this now with vlans info, this was not shown before changing the VTP mode.
vlan 2
name 16.6.16.0/27
!
[Code]......
My current production network is setup using VTP in Client mode, and I am looking to enable VTP Transparent so I can enable the extended VLANs. My main question would be, would enabling VTP Transparent on my 6509 affect all of the access switches it is connected to? And if so, would changing all of the access switches to VTP Transparent allow them to regain connectivity quickly with little downtime? Or is there another way that I should be handling this situation to enable the extended VLANs?
View 2 Replies View RelatedWe are moving a small network of 3560 and 3750X switches from VTP Server and Client to VTP Transparent. I noticed the vlan database is stored differently depending on the VTP mode.
Is there any chance of losing vlan database on a given switch when moving from Server or Client to Transparent?
We have 2 internet connections- one for production and one as a backup. The backup connection will be used for allowing guest visitors on a wireless network that is on a seperate VLAN.
We have the following networks:
VLAN 1 production, 192.168.1.0
VLAN 10 backup internet connection, 192.168.100.0, Interface 100.2
VLAN 41 wireless guests, 192.168.41.0, interface 41.1
VLAN routing provided by Dell 6224 switch and other switching is Cisco 2970 (L2) switches.Backup Internet router is SMC (Comcast)
I would like to allow clients on VLAN 41 access the internet connection in VLAN 10 at 192.168.100.1. Clients on VLAN 41 can PING and trace to the default gateway 100.1. VLAN 41 clients are also able to get DHCP info from VLAN 1. NSlookup fails when using the ISP DNS servers. NSlookup is suscessful when using our internal DNS servers, but web pages are not returned. It eventually fails.We've tried to set the DFGW on the clients to both 41.1 and 100.1 with no success.
100.2 know where to find 41.1 interface for the 41.0 network. The router/gateway can PING the clients on VLAN 41, 192.168.41.0 network and visa-vera.
It seems like the clients are not able to get through 100.1 to the internet or the gateway/router doesn't know how to get packets back to the clients.A static entry was made on the router that mapped back to the next hop at 100.2. 1 Someone alluded to a NAT issue, where the returning packets have information for the 100.0 network only and the internet router doesn't know to send the packets through to the 41.1 interface to the clients.
This is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
View 2 Replies View RelatedI am using a catalyst 2970 switch for 2 vlans. Corporate data and a separate VLAN for backups. What I want to do is create an LACP etherchannel to the switch and also trunk these ports so the server is part of both VLANS.Due to fact that some of these servers are on totally separated networks, they really shouldn't be able to talk to the backup server. Creating the VLAN for backups works to achieve this. I plan to create inbound ACLs on each port to allow only the ports and IPs for the backup network and allow everything we need for corporate data.I read somewhere that you can't have ACLs on an etherchannel and I just want to get it all straightened out. I notice I can't add an access group to the port-channel itself but I can on the port- channel member ports. Is this all I need to do or does this not work?
View 1 Replies View RelatedI have a Cisco 2970 port 24 configured as a trunk port to handle all 11 vlans. This switch is also plugged into a couple other Cisco switches all is good on that side.
Here comes the ODD ball of the bunch. Since our wondeful execs wont let us buy anymore Cisco switches till our numbers get better they gave me this pos Netgear GSM7224. I know this isnt a Cisco product but someone out these has been thru this before.
a switch port is shutdown, but when i use NO SHUTDOWN command it is working and shows administratively down. like this command does not affect on it. i should enable this port? what can i do btw, port is not in errdisable and portfast is enabled.
View 3 Replies View RelatedWe have a few stacked 3750 switches with vtp transparent configured...some plugged in a fiber from another network into our stacked switches...that network/switch has vtp server configured...once that switch connected to our stack of switches, it turned that stack switch into vtp server...causing the previous vlans configured to erase thus causing management issues with the stacked switches..
View 4 Replies View RelatedI have to put an ACL Firewall in front of a public IP range.There's no routing so I want to do it with a transparent layer 2 Firewall. I found this document which descibes exactly that feature I need: [URL]
It seems to be a feature introduced in IOS 12.3.
My Questions:
1.) is it possible use this transparent firewall feature with the 3750 Switch instead of a "normal" IOS-Based router?
2.) I've seen there is no IOS 12.3 for the 3750 but rather 12.2 (currently installed) or 15.0.1. Is this Feature included in 15.0.1?
If the feature described above is not available, is there any other way to achieve my goal?
On a low-end switch like a 2960 the maximum VLANs is 255, as shown in the output of VTP status:
Maximum VLANs supported locally : 255
Number of existing VLANs : 245
When the VTP mode is changed to transparent, VLANs from the extended range can be added without increasing the number of existing VLANs - e.g. if I create VLANs 3000 - 4000 the number of existing VLANs is still listed as 245.
If MST is used to cut down on the number of spanning-tree instances - and assuming propagation of VLAN configuration via VTP is not required - is there any downside to using transparent-mode VTP to increase the number of available VLANs? It does feel like I'm cheating the maximum listed in the datasheet.
I recently upgraded our 5508s to 7.0.98 I am now seeing this message on the primary WLC while running adebug on a client *apfMsConnTask_1: Sep 29 11:05:36.114: Deleting the client immediately since WLAN is changed.
View 6 Replies View RelatedI've just been testing QOS on 3560 with version 15.0(1) and it seems the the default qos trust behavior on access ports has changed. By default the trust state of a port is not to trust anything, however rather than rewriting the DSCP value of the incoming packets and settign it to 0 the switch now seems to leave the DSCP value unchanged.
SW04-C3560(config)# do sh mls qos int g0/2
GigabitEthernet0/2
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
[Code]......
I would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:
Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
We have two networks in our lan: 10.0.0.0/24 and 192.168.1.0/24. Actually the networks are separated. The 192.168.1.0/24 network contains some hosts that ip can not be changed. We want redesign the network and communicate with both networks without routers. I thougnt about changing the netmask for 192.168.1.0/24 in 192.168.1.0/22 (1022 hosts) and change IP's in the 10.0.0.0/24 network in 192.168.2.0/22.
View 3 Replies View RelatedBasically, I was following instructions of how to forward a port to get higher speeds on bitcomet.After doing allsorts which I don't understand (yes, very stupid I know, but I've learned my lesson now), I restarted my computer and have since been unable to connet to the internet.
I have tried a system restore which didn't work and also searched google for hours but to no avail.When I diagnose the problem with windows,it states," "Wireless Network Connection" doesn't have a valid IP configuration.I am running Windows 7 btw.
I have voice Bandwidth on Cisco Router 7200 and catalyst 3750.Now i want to sell some BW ( 15MB ) to any cleint. How to do that .We have Ethernet connectivity with my cleint.How i restrict client to 15MB. Will i have to form any VLAn or just port limit with bandwidth and which is better way?
View 8 Replies View RelatedHaving an issue with my WLC 5500 and client connectivity. This just started today. Clients will connect for a short period of time and then drop off. WLC appears fine with the exception of a bunch of trap errors. I've rebooted the WLC but this did not clear the issue.
View 3 Replies View RelatedWe're attempting to SSH from a Cisco 2960S to an SRX240, and are having some issues. The error we're seeing on the switch is: ops-switch1#ssh -l root 10.10.10.1. Any way to work around this on either the server or client side?
View 1 Replies View RelatedI need to configure public and private wireless access using an ASA 5505 and an Aironet AIR-AP1041N-A-K9. I need to be able to do this via ASDM and http if at all possible. I simply do not have the time to learn hundreds of lines of arcane CLI code. The Aironet connects to the ASA successfully, and receives an IP. I can then connect to the AP wirelessly, but do not receive an IP. I have setup a second SSIDVLAN on the AP, and can't connect to it at all.
View 4 Replies View RelatedI'm trying to have a standard equipment for our POP deployment. Basically this edge router will connect to our customers and pass data and or voice traffic, capable of BGP and good enough to accomodate up to 4 clients.
We have on hand a 3845 Router, and ME3600X. The 3845 is EOS and replacement is 3945. The ME3600X is a fixed configuration so would you recommend a 3945 or a much higher model like a 7300.
I can ping [URL], from the router but not from a client attached to the router dhcp interface(10.1.3.1). When I turn on ip routing I cannot ping at all. Here is the config I have now that can ping the internet from the router.
sh runBuilding configuration... Current configuration : 1191 bytes!! No configuration change since last restart!version 12.3no service timestamps debug uptimeservice timestamps log datetime msecno service password-encryption!hostname
[code]....
We have dlink dir320 router and cisco 877W.
The goal is to make a 877W to work as a wireless client of dlink dir320 and brigde the LAN&WLAN so than the LAN clients of 877W could take DHCP from Dlink 320 directly.
Here's the config of 877w:
!
bridge irb
!
dot11 ssid DLINK_SSID
[Code].....
We are finding the price for ASA 5505 to high and our clients are having problem securing budgets for these devices. We don't want to move to different vendors and we have a team of people we already know Cisco well.I have seen Cisco router 877 which have the ipadvance ios, is this the same as the ASA5505.We would like to offer our clients an alternative to ASA5505, but something which can do the same as a edge device but also protect the client from malicious attacks and has CLI.
View 1 Replies View RelatedWe had core(4503), distribution(3750), and access switches(2960) in our environment. Currently we configured the clock manually in each switch, but a reboot of the switch resets the clock also. We are planning to make a single switch as a NTP servers and others are clients to synchronise the correct time even after a reboot of the access switches.
View 6 Replies View RelatedHow to configure hsrp in my client location.They have 1 no of router and 2 no of 3750 switch.they need to configure Hsrp in switch.
View 5 Replies View RelatedI have a small home network currently using a cisco 841 which is working great. Host a web site and Exchange plus all 10 computers access the net using Verizon FIOS all works. I can even VPN in to my newtwork remotely.I can only VPN using the Cisco client. I would like to use the Native Windows Client and Ipads and Iphones. I believe they use PPTP and the Cisco client is using IPSEC.Which Cisco router can I get that would support all the above?
View 14 Replies View RelatedWhich smaller POE switch is capable of powering a 9971 IP phone with a cam and a think client attached?
View 3 Replies View Related1 Cisco switch stack (SGE2010) in L3 mode, 2 Vlans.
Vlan 1 = 192.168.0.253/24, untagged on all ports except 14/15
Vlan 2 = 192.168.22.1/24, untagged on port 14 and 15
SGE2010 default route 0.0.0.0/0 next hop 192.168.0.1 (Checkpoint UTM)
DHCP Relay enabled
DHCP server set to 192.168.0.16
DHCP interface set to Vlan2
[code]....
Expanding the ICMP entry, it appears that the destination is the pc client since it shows a Dell mac address, and the source is the Checkpoint UTM (Sofaware).
I can ping and tracert from the Checkpoint to my static IP on Vlan 2. The same goes for the DHCP server to/from Vlan2, so I am confused as to why the routing is failing. I have tried adding Port Fast to the stack ports, but nothing changes.
i am not sure if this is something with my DHCP setup or not, but it certainly seems to be the culprit. I am running a 3560G and using it as DHCP and to do V LAN routing (Geiger protocol). I have 10 pools configured with a few static addresses per pool. Now to get down to the problem. I have a computer (and this problem seems to be a gremlin as it changes what computer is affected quite often) that will connect, get its IP, immediately disconnect, then send out a DHCP req again. The computer has a static assignment in the pool, and for the brief second that it connects, it gets the right address. If i move the computer to another v lan, all works right. If i delete the static entry it will get an address in the right v lan no problem. The command i have been using to add static entries is:
address xxx.xxx.xxx.xxx client-id 01xx.xxxx.xxxx.xx
That seems to have been working on all my static routes except for a bank of computers in vlan3. I have went as far as to delete the pool and recreate it, heck i even recreated the v lan and i am still having issues. Below are some snippets of the running config for review.
The DHCP Pool for the affected LAN:
ip dhcp pool Dev3
network 192.168.3.0 255.255.255.0
boot file bootx86wdsnbp.com
next-server 192.168.1.78
dns- server 192.168.1.8 192.168.1.78
[Code] .....
I'm working at a company that has several 6509 switches running CatOS. They have two of the 6509's running in vtp server mode and the rest as clients. I set up a new vlan from one of the vtp servers and it propagated out. The problem comes when I try to assign a port on one of the vtp clients to this new vlan. It gives me an error that the switch must be in vtp server mode to add/delete vlans. I'm not trying to add/or delete a vlan just trying to add a port into an existing vlan. I'm hesitant to put the switch in vtp server mode. Is this a CatOS thing or is there a specific command to accomplish this?
View 5 Replies View RelatedI have upgraded a C3750G-12S-E to c3750-ipserviceslmk9-tar.122-55.SE5This switch is a distribution layer switch for one of my remote sites. it contains an ip helper-address on the site vlan's SVI.DHCP relay is no longer functioning for client PCs. Static address assignment allows full network functionality. I enabled debug ip dhcp server packet. [code] Actually I am betting you upgraded your IOS from something before 12.2(50)SE to 12.2(50)SE or later. We added enhancement CSCso19800 which will validate DHCP options when we are a relay agent.
View 1 Replies View Related