Cisco Switching/Routing :: 3560 / Administrative Control On L3 Switch For DHCP Service
Sep 25, 2012
My Network Layout is as, Firewall (with Routing)------>Cisco 3560 Switch (L3)------> connected 8 Cisco 2960 switch (L2)----> all users I have configured 20 VLAN's on cisco 3560 switch with Dynamic Pool and Static, Means, 5 Vlan's are Dynamic and remaining are Static Our Company process provides only internet access to existing clients computers. Problem is that, I configured Static VLAN 5 for one of our Client in their seperate room, mean to say, i activated all ports of their room with Static VLAN 5. one day they configured own DHCP server on Windows 2003 Server with same subnet (Same as VLAN5) in their room without any information and now their all computer/ Laptop acquiring ip address Dynamically.
If i have configured Static vlan on that port's then how it is get Dynamic ip from same port's.How to restrict to permit another DHCP server/Service in our premises. I Do not want to give administrative control to Clients to do such kind of thing with LAN.
View 8 Replies
ADVERTISEMENT
Mar 19, 2012
can you enable dhcp service on a 3560 switch.
View 3 Replies
View Related
Apr 15, 2011
What is the difference between administrative mode & operational mode in cisco 3560/3550 ?
View 6 Replies
View Related
May 25, 2012
I have made a topology by using one 3560 switch and 2 2950 switches. I have also made 2 vlans name Clients and other Servers and vlan 1 is for anagement purposes. The left 2950 switch is for clients and the right is for servers. Clients is vlan 2 and servers is vlan3 . Now what i want is that my dhcp is should assign ips to clients in vlans 2 provided that servers are in vlan 3. I am also using a border router and i have introduced a default route on the 3560 to the border router.
Now when i assign static ips to my clients pc and server dhcp then i can ping between vlans but when i try to assign ip through dhcp then it wont work. Also the default route on the switch to the border router doesnt seem to work. I can ping only the border router when i put a default route on the border router instead of the 3560 switch.
View 3 Replies
View Related
Jul 23, 2012
I have a cisco 3560 24PS and its connected to two ADSL broard band routers.one is a personal broadband line using a Billion ADSL broadband router, and the other is a business broardband line using BT's 2wire broadband line.on the Billion routers i have various things attached like a NAS and a printers, both wired connections. then i have laptops and phones that connect over wifi, so its configured to act as a DHCP server
the only thing conncted to my 2wire router is my company's laptop (wired or wifi depending on where i'm working from), so again i have it working as a dhcp server.The switch is configured with multiple vlans, with dhcp scopes assigned for each vlan.I have a static route pointing all traffic to my Billion ADSL for internet connectivity.
The problem i'm having is that when i turn on the cisco switch, all wifi conected devices loose their conection. only 2 things get it working again, a reboot of the router, or disabling then enabling the DHCP service on the router.upon further analysis i was able to find out that the devices were not able to pick up an address from the router. again i looked deeper into this and i can see the following on logs of my router: [code]
so it seems that the router tuns off its DHCP capabilities because it detects that my Cisco switch is running DHCP services. I need to figure out how to keep the billion routers DHCP running when ever the switch is turned on.is there a way of filtering out any DHCP chat from the switch to the router?
View 7 Replies
View Related
Jan 16, 2013
I have two WAP4410N plugged into my Catylist 3560 switches.One of these switches is my Default Gateway for the LAN.The only way I can get a device to connect to the WAP4410N is by assigning it a static IP. Then it works perfectly.
View 10 Replies
View Related
Apr 26, 2012
I'm attempting to configure a Catalyst 3560-X Switch to act as a DHCP Server. There is documentation that supports this feature. Below is my config procedure however after the completed procedue no IPs are handed out to clients. [code]
View 1 Replies
View Related
Jun 5, 2013
Configuration: VM with ACS 5.4 with patch 3. (upgraded from 5.2.0.26 patch 10)When I go on "System Administration" - "Administrators" - "Administrative Access Control" - "Authorization", I got this error:
What I tried:
"acs backup" on this server and shutdown
Install an ACS 5.4 with patch 3 on new VM --> I don't have the problem on GUI
"acs restore" to restore my configuration on new server --> I got this problem again...
I want to use this feature...After this error, others pages generate this error: I have to reload server or restart management service to get him back...How could I solve this? (I don't want to reconfigure manually the server )
View 3 Replies
View Related
Feb 7, 2013
So I have a 2600 that I have configured three sub interfaces on. FA0.0.1 is set for DHCP and supports VLAN 1. FA 0/0.2 for Voice, FA 0/0.3 for Data. I have this router interface plugged into FA 0/24 on my 3550 and the 3550 is configured as a dot1Q trunk (I have attached configs for RTR and SW).I have most ports configured as access VLAN 1 which is where i have my ISP connection plugged FA0/1 on the 3550. When I connect the service provider link FA0/0.1 never picks up an address. If I take my internal DHCP server and connect it to FA0/1 of the 3550 it snags an address almost immediately.In my mind this validates that my config is fine. I also took the same cable from the service provider cable modem and connected it to my laptop and the laptop is pulling DHCP.
View 4 Replies
View Related
Apr 12, 2012
Would like to impliment VLAN's on Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(25)SEB4...But I need a DHCP Realy to my Windows Based DHCP Server. How do I enable DHCP Relay on the 3560?
View 8 Replies
View Related
Oct 12, 2011
I have attempted to implement DHCP snooping and have been having some strange issues. I have 5 3560s taht I use for my edge and when I attempt to implement on all five, the VLAN that houses my voice data appears to no longer be able to recieve DHCP lease renewals so after the 24 expiration all of my phones lose their configs. Once I roll back the changes the voice VLAN comes back. The other VLANs seem to function correctly as theya re able to renew their DHCP addresses.
The 3560s tie into each other using GIG Ports 1 & 2 and the top and bottom switches tie into our core switch, a 4507. The config that I use is below, failry simple and straightforward.
4 of the 5 switches feed our general office vlans for voice and data however the 5th switch is there for expansion and not in use. As such I have left the config changes in place on it and have tied myself and a colleague into it and have been operating fine for over a week now. So the config that I use seems sound in theory and should work on the other 4 switches with no issue.
View 14 Replies
View Related
Jan 18, 2013
I am trying to understand the basics of DHCP snooping. I have a just a 3560 switch and a laptop ( to get a DHCP address) and my DSL router which has a DHCP server running. On the switch I have enabled "IP DHCP Snooping" and "IP DHCP Snooping VLAN 1" plugged the laptop and DSL router in and the laptop gets and IP address, should it?
I thought all ports were untrusted by default so the DHCP server should be blocked at offering IP addresses? If I wanted the DHCP server to be allowed to offer IP's I thought I should need to trust the port.
View 3 Replies
View Related
Jan 3, 2012
I want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
ip dhcp server use subscriber-id client-id
View 3 Replies
View Related
Apr 29, 2012
we have a 3560 switch configured with EIGRP with dhcp. We have a user that we cannot ping, however the interface show up / up and no errors on interface. the ip address is 10.2.0.199 - however we have dhcp configured to exclude the range from dhcp ip dhcp excluded-address 10.22.0.1 10.22.0.200 how can this work station get a dhcp address if we have that ip range excluded from the dhcp pool?
The user is off a different switch that is a uplink to this distribution switch. Traceroutes shows that the problem is with the distribution switch.
View 4 Replies
View Related
Nov 16, 2011
I am in the process of setting up an interop lab for some engineers. The enviornment will consist of some 3750's, H3C's and ProCurves. My concern is that the end user will have Priv-Exec access for CLI usage on the 3750's and they can change the "en" password (I hope they don't but it has happened).Is there a way I can "break in" during the boot process to reset the password? The reason I am doing it this way is because I have an Altiris server with rebuild automation scripts in xpect and I would like to automate the process so I do not have to use a manual factory default reset.
View 5 Replies
View Related
May 31, 2012
i am not sure if this is something with my DHCP setup or not, but it certainly seems to be the culprit. I am running a 3560G and using it as DHCP and to do V LAN routing (Geiger protocol). I have 10 pools configured with a few static addresses per pool. Now to get down to the problem. I have a computer (and this problem seems to be a gremlin as it changes what computer is affected quite often) that will connect, get its IP, immediately disconnect, then send out a DHCP req again. The computer has a static assignment in the pool, and for the brief second that it connects, it gets the right address. If i move the computer to another v lan, all works right. If i delete the static entry it will get an address in the right v lan no problem. The command i have been using to add static entries is:
address xxx.xxx.xxx.xxx client-id 01xx.xxxx.xxxx.xx
That seems to have been working on all my static routes except for a bank of computers in vlan3. I have went as far as to delete the pool and recreate it, heck i even recreated the v lan and i am still having issues. Below are some snippets of the running config for review.
The DHCP Pool for the affected LAN:
ip dhcp pool Dev3
network 192.168.3.0 255.255.255.0
boot file bootx86wdsnbp.com
next-server 192.168.1.78
dns- server 192.168.1.8 192.168.1.78
[Code] .....
View 4 Replies
View Related
Dec 13, 2012
We have a problem with CDP packets on sent by our Cisco 6509's. Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan. As a result the CDP packets are sent with an 802.1Q header with a tag of 1. The other switches send the CDP packets untagged on the native vlan. This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509. They see the packets from the 4948 and 5020 just fine.
How can I disable the administrative native vlan tagging on the 6509? Here is the current setup:
nwkdev-6509-1#show vlan dot1q tag native
dot1q native vlan tagging is disabled globally
nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport
[Code].....
View 13 Replies
View Related
Jul 30, 2012
How to configure cisco 3560 to force the client only can get ip by dhcp-relay server ?
The company i am working in has 5 vlans which have been set an lay-3 switch(3560), uses the dhcp-relay server .(in svi configuration: ip helper-address X.X.X.X) well , that works ok~
Now , I got my problem: I need to force the client only can get ip by dhcp-relay server, that means if anyone set static IP manunally , he can't really access to anywhere (to provent anyone set static IP with malignancy )
I know if a h3c router , how to set this configuration n svi configuration : dhcp relay security address-check enable )
the how to configure on a cisco 3560 ?
View 1 Replies
View Related
Jun 5, 2012
I have issue with 3560 switch QoS configuration . I checked in cisco site about mentioned model QoS configuration.once we mark the frame and map the CoS to DSCP and once it enters into switch and it processes according to LAN QoS configured on interface
we have configured both the commands shape and share.
once it leaves the switch and enters into Edge router and if we do not have configured QoS in router which is normally MQC , how does it process each packet ?Do we need to have end to end QoS configured in LAN ?
View 5 Replies
View Related
Jan 5, 2012
My actual Scenario
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1
-----------------------------------
| 4500 |
-----------------------------------
interface Vlan1
ip address 10.10.0.2 255.255.0.0
ip helper-address 10.10.0.1
standby 1 ip 10.10.0.1
[code]....
View 3 Replies
View Related
Dec 8, 2011
The last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
View 4 Replies
View Related
May 8, 2012
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
View 9 Replies
View Related
Jun 4, 2013
I am trying to get my workstation to talk to a workstation on a different sub-net through a Cisco 3560 switch. The switch is running the following IOS version: [code]
My primary network is 172.16.0.0 and I am trying to connect to a device on a 192.168.111.0 sub-net. [code]
What would be the best way to get the two workstations talking via the switch?
View 3 Replies
View Related
Feb 26, 2012
how to take the event log of Cisco switch 3560, its argent.
View 1 Replies
View Related
Nov 22, 2011
I have a 3560-48 switch running Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE3 and i need to implement basic QOS commands to the fast Ethernet interfaces as well as the gig interfaces and Also I need to create port channels on the switch and need what the port channel syntax are as well for that particular IOS version?
I have only read only access and i can't see what the QOS and Port channels syntax should be for that IOS version.
View 3 Replies
View Related
Jul 22, 2012
I'm in the process of configuring QOS on a 3560 routing switch in a GOLD, SILVER, BRONZE priority type scenario.
Firstly, I understand that this config will add a tag of "precedence 5" to a packet if it matches the "ACL_QOS_GOLD_In" access list. Question is does the router see this "precedence 5" tag and then sets the priority, or am I missing something in my config where at present it just sees the "precedence 5" and doesn’t act on it ?
Secondly, Since the "precedence 5" tag has already been added to the packets, do downstream routers see this tag and act accordingly or so I need to configure those is well ? [code]
View 2 Replies
View Related
Jun 7, 2012
configure QoS on 3560 switch i have taken the template from cisco configuration guide since we have different QoS configuration on each model.
below is the configuration :
configure terminal
mls qos
end
mls qos map cos-dscp 0 8 16 26 32 46 48 56
no mls qos srr-queue input cos-map mls qos srr-queue input cos-map queue 1 threshold 2 1 mls qos srr-queue input cos-map queue 1 threshold 3 0
[code]....
Currently all the cisco phones are connected to this switch and configuration with only one vlan that is voice vlan .
1) what is the outcome of this configuration , i mean, what will be the expected output ? end of the day we need to prioritize the voice traffic but why other commands including threshold and buffers are mentioned with respectives queues , if I need to explain that what am i expecting out of this configuration ?
2) this is LAN QoS which i understood but again , do i need to configure policy-map along with class-map which is MQC on this switch ?
3) i have edge router where i have MQC already configured but confusion with this switch which is working as a Access switch .
4) I referred the cisco QoS document for the respetive model whereas we have policy-map configured on the same switch with class-map .
My understanding is if we have configured the LAN QoS , and mapped the CoS value with DSCP , we need not to have MQC.
View 4 Replies
View Related
Nov 9, 2011
I am configuring some quotes for a customer whom I will be building a wireless network for. The wireless network will support about 60 AP's, as well as some other wired drops. The customer is working with a wireless vendor for the AP's, but I will be able to sell the switches for the network.
I want to ensure that he is pushing Gig and POE on each copper port for the AP's, since they will be "N" capable. I have selected several 3560 models which are in 24 port models, and I also think i have a requirement which mandates a 48 port in another location. What I have not been able to find in the Enterprise switch line is an 8 port which supports IOS and POE.
That being said, and since I am also "Select" certified, I went out to the SMB site, and did find that there were two models in the Small Business 300 line (models SG300-10P and SG300-10MP) which seem to support Gig ports as well as POE. I looked over the specs for each one of the two respective models, and I was not able to find what the difference between each of these two are. In other words, the specs, line by line, were identical.
View 6 Replies
View Related
Nov 28, 2011
we have a class based qos scheme (see attached file) on our 4500 series access switches and we have a access 3560-48 switch runing IOS Version 12.2(44)SE3 my question is can I use the same QOS scheme for the 3560 switch?
View 3 Replies
View Related
Mar 18, 2013
I have a 3560 switch with 1 VLAN (VLAN 10) where I need to make ports:
1-10 as isolated (can't contact each other)
11-20 as community (need to contact each other like a normal VLAN)
23 as promiscuous (server that ports 1-20 need to get to)
24 as promiscuous (WAN router where ports 1-20 need to get to and the remote servers).
[Code]...
View 26 Replies
View Related
Oct 31, 2012
I wanted to upload image having .tar extension in Cisco 3560 switch. What are the steps to upload.
View 1 Replies
View Related
Feb 12, 2013
I have observed a situation where one of our cisco switch 3560 is rebooting daily at periodic times.We have checked the power cables and source everything is fine and still clueless whats causing the issue. [code]
View 13 Replies
View Related
Aug 19, 2012
I want to configure Cisco 3560 SWITCH with IP cameras. I need to configure the ports connected to Camers. IP addresses to the Cameras has been assigned.
View 1 Replies
View Related
