We are moving a small network of 3560 and 3750X switches from VTP Server and Client to VTP Transparent. I noticed the vlan database is stored differently depending on the VTP mode.
Is there any chance of losing vlan database on a given switch when moving from Server or Client to Transparent?
How to configure cisco 3560 to force the client only can get ip by dhcp-relay server ?
The company i am working in has 5 vlans which have been set an lay-3 switch(3560), uses the dhcp-relay server .(in svi configuration: ip helper-address X.X.X.X) well , that works ok~
Now , I got my problem: I need to force the client only can get ip by dhcp-relay server, that means if anyone set static IP manunally , he can't really access to anywhere (to provent anyone set static IP with malignancy )
I know if a h3c router , how to set this configuration n svi configuration : dhcp relay security address-check enable )
the how to configure on a cisco 3560 ?
After changing the VTP mode to from client to transparent, I noticed the output of 'show run' now displays the vlans. I don't have any spare 2970s to check this with at the moment. Output of 'show run' looks like this now with vlans info, this was not shown before changing the VTP mode.
vlan 2
name 16.6.16.0/27
!
[Code]......
My current production network is setup using VTP in Client mode, and I am looking to enable VTP Transparent so I can enable the extended VLANs. My main question would be, would enabling VTP Transparent on my 6509 affect all of the access switches it is connected to? And if so, would changing all of the access switches to VTP Transparent allow them to regain connectivity quickly with little downtime? Or is there another way that I should be handling this situation to enable the extended VLANs?
View 2 Replies View Related i am not sure if this is something with my DHCP setup or not, but it certainly seems to be the culprit. I am running a 3560G and using it as DHCP and to do V LAN routing (Geiger protocol). I have 10 pools configured with a few static addresses per pool. Now to get down to the problem. I have a computer (and this problem seems to be a gremlin as it changes what computer is affected quite often) that will connect, get its IP, immediately disconnect, then send out a DHCP req again. The computer has a static assignment in the pool, and for the brief second that it connects, it gets the right address. If i move the computer to another v lan, all works right. If i delete the static entry it will get an address in the right v lan no problem. The command i have been using to add static entries is:
address xxx.xxx.xxx.xxx client-id 01xx.xxxx.xxxx.xx
That seems to have been working on all my static routes except for a bank of computers in vlan3. I have went as far as to delete the pool and recreate it, heck i even recreated the v lan and i am still having issues. Below are some snippets of the running config for review.
The DHCP Pool for the affected LAN:
ip dhcp pool Dev3
network 192.168.3.0 255.255.255.0
boot file bootx86wdsnbp.com
next-server 192.168.1.78
dns- server 192.168.1.8 192.168.1.78
[Code] .....
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
pxe server ip address is 10.10.10.20 which is connected to switch port fa0/9 and client is connected to switchport fa0/7.i have only 3 devices altogether. below is running config of switch. wen i boot the client from the server, it display error message as: "proxy dhcp were offered. none dhcp were received. exiting broadcom pxe."
Switch#sh run
Building configuration...
Current configuration : 2710 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption[code].....
I want to replace an existing 3560 Switch with another switch of the same exact model and IOS. However, this switch that needs to be replaced is the VTP Server of my LAN at this location. When I replace the switch I will just use the same exact running config but I'm concerned about the vlan.dat file. Do I need to copy that file over to the new replacement switch and if so, what is the best way to do that?
View 5 Replies View RelatedMy configuration:
radius-server host 10.138.44.57 auth-port 1645 acct-port 1646 key 7 ******
!
aaa new-model
!
aaa authentication dot1x default group radius local
[code]....
I'm attempting to configure a Catalyst 3560-X Switch to act as a DHCP Server. There is documentation that supports this feature. Below is my config procedure however after the completed procedue no IPs are handed out to clients. [code]
View 1 Replies View RelatedI'm trying to connect Switch 3560 to NTP Server based on Linux, the NTP is working fine but the switch is sync with the Server:
address ref clock st when poll reach delay offset disp
*~10.0.0.70 208.53.158.34 3 42 64 377 1.7 -2.49 0.1
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
Clock is synchronized, stratum 4, reference is 10.0.0.70
nominal freq is 119.2092 Hz, actual freq is 119.2093 Hz, precision is 2**18
[code].....
But server has on time and the Switch another. I test this NTP with CUCM and is working fine, the issue is with ther server?
I have installed a switch (3560) that was from another site and changed all it's config and hostname etc and it is now live, however the syslog messages still see the old hostname, what could be causing this?
View 3 Replies View RelatedWe're attempting to SSH from a Cisco 2960S to an SRX240, and are having some issues. The error we're seeing on the switch is: ops-switch1#ssh -l root 10.10.10.1. Any way to work around this on either the server or client side?
View 1 Replies View RelatedWe had core(4503), distribution(3750), and access switches(2960) in our environment. Currently we configured the clock manually in each switch, but a reboot of the switch resets the clock also. We are planning to make a single switch as a NTP servers and others are clients to synchronise the correct time even after a reboot of the access switches.
View 6 Replies View RelatedI have an 1811 with several subnets connected to it.I recently installed a 3750x plant and want to bring my interior routing back to it.
All the routing is handled by the 1811 via secondary interfaces on vlan1?
I have 192 ports, and subnets show up on almost all of them. None of the ports are assigned to any specific vlans. Most ports have several subnets on them.
What is the best approach to getting the 3750x to handle the routing?
Today, we have a server running SNA that connects to router via the following. Vitrual Server --> Nexus 1000v ---->Nexus 7010 ---->2800 series router.We are trying to move server to new environment where it is Virtual Server ----> Nexus 1000v ----- Fabric Interconnect-----Nexus 55xx-----Nexus 7010-----2800 router.
View 2 Replies View RelatedWe need to move some line cards around on our 4510. The top slots have a 24Gbps backplane while the lower slots are limited to 6Gbps. Poor planning on our part has left us with installing a 10Gb line card in one of the bottom slots. I'd like to move a couple of the cards up top, to the bottom.
My question is simply will the switch magically preserve the configuration for those cards and change the slot number for me or will I need to reconfigure the interfaces for those cards I move?
I would like to know if it's possible to change a master in a 3750 stack without rebooting it?I searched in Cisco documentation, in the forum, and I googled it but I didn't find anything.
View 3 Replies View RelatedCustomer has ordered the following routers, which will go in three separate locations.
1. 3945 W/SPE150, IP Base Image
2. 3945 Voice Bundle, includes PVDM3-64 and (1) 2-port T1 MFT
3. 2911 IP Base Image.
If the customer wants to move the Voice image from the existing 3945 to the 3945/WSPE150, would he just need to contact Cisco Licensing, or would the customer have to pay for a software upgrade on the 3945/WSPE150?
Same scenario, except moving the Voice Image to the 2911 router.
I am trying to configure interface vlan1 to get an ip address from dhcp by entering the commnad ip address dhcp ios rejects the dhcp portion of my command as not recognised although it is referred to in Cisco manuals.my IOS version is c2950-i6k2l2q4-mz.121-22.EA14.bin.I get the same problem when I try to configure ip http secure-server on the switch. Is this a known bug or whether I have the correct IOS version for these commands?
View 6 Replies View RelatedI have a Cisco 6513 switches connected to HP VC Flex 10 Module. The (2) 10Gb ports on a Cisco Switch connected to VC Flex-10 in LACP mode.
I need to move those (2) 10Gb ports on Cisco Switch 10Gb Module to a different 10Gb module on a same Switch without bringing the ports down since it is a live environment.
What I would do is to configure a same port channel ID on a new 10Gb module and then move port one by one. unplug one port and connect to the new port on a module. While I will be unplugging the first port the other active port will keep sending traffic and as soon as I plug in on another port, both ports will be active.
Haveing issue with DHCP server handing out IP addresses to client connected to VLAN5 interface.ISP Router>Firewall -(WatchGuard Drop-in mode) I have several 3750 switches and one acting as a L3 switch. The L3 is configured as follow: [code]
If I connect a laptop to int fa1/0/10 I DO NOT get an IP address from the 10.100.0.8 scope. If I connect to another interface within the VLAN 1, I get an address from the 10.100.0.0 range.
We have a few stacked 3750 switches with vtp transparent configured...some plugged in a fiber from another network into our stacked switches...that network/switch has vtp server configured...once that switch connected to our stack of switches, it turned that stack switch into vtp server...causing the previous vlans configured to erase thus causing management issues with the stacked switches..
View 4 Replies View RelatedI have to put an ACL Firewall in front of a public IP range.There's no routing so I want to do it with a transparent layer 2 Firewall. I found this document which descibes exactly that feature I need: [URL]
It seems to be a feature introduced in IOS 12.3.
My Questions:
1.) is it possible use this transparent firewall feature with the 3750 Switch instead of a "normal" IOS-Based router?
2.) I've seen there is no IOS 12.3 for the 3750 but rather 12.2 (currently installed) or 15.0.1. Is this Feature included in 15.0.1?
If the feature described above is not available, is there any other way to achieve my goal?
On a low-end switch like a 2960 the maximum VLANs is 255, as shown in the output of VTP status:
Maximum VLANs supported locally : 255
Number of existing VLANs : 245
When the VTP mode is changed to transparent, VLANs from the extended range can be added without increasing the number of existing VLANs - e.g. if I create VLANs 3000 - 4000 the number of existing VLANs is still listed as 245.
If MST is used to cut down on the number of spanning-tree instances - and assuming propagation of VLAN configuration via VTP is not required - is there any downside to using transparent-mode VTP to increase the number of available VLANs? It does feel like I'm cheating the maximum listed in the datasheet.
I have a 2 cisco switches that are at different sites one is a Cisco CAT4500 and other 3560. The connection between the switches is a layer 2 fibre link. CAT4500 and 3560 both have VLAN interface ip addresses in order for me to connect to the switches.
I have PC A connected to CAT4500 and PC B connecting to 3560. All these devices are the same VLAN and in the same subnet. I do have trunk links all the way though allowing this vlan as we run vlans. From PC A, I can ping CAT4500, 3560 and even PC B. This tells me everything is fine regarding Layer 2 & 3.
As soon as I move PC B and connect it to the other switch CAT4500 or move the other PC vice versa (this happens in both directions). Both switches learn that the mac address has moved locations and updates its mac address table accordingly. So when I do a show mac address table and show arp, everything has learned and moved fine. However when I try to ping any other device from PC B I cannot. So the 3560 switch PC B was originally connected to, I can no longer ping, the switch cannot see the pc also. It is as if PC B has not learned anything from the switch and cannot respond or reply to any icmp. I have tried this with different end devices, same thing. I am now thinking it has something to do with the switch.
I am moving a Windows Server to a new location. We currently have static IPs but are not using any of them so at the new location I requested no new static IPs. With that being said is there anything I need to worry about when I move? From what I have heard it should be a turn it on and go type of move.
View 1 Replies View RelatedI want make a workgoup network with my friend by VPN.we are connected throw internet to make the VPN connection.I configed a VPN server with incoming connection. client connected to server succesfully.but sever and client havent any data send or recieve. the server dont set an ip for client.this is connection propertice: as you see there is no data sending or dara recieving..Im using ADSL Modem(tp-link 8811) and have two lan networks with Modem and another computer.
View 1 Replies View RelatedI would like to connect devices to my network so that their traffic passes through a proxy running on my computer. I figured the best way to do this is by setting the proxy on my router to the one I am running, but then I would need to have another connection to the computer running the proxy or else there would be an infinite loop ?? something like that. so:
Internet -> router (1) -> my proxy on comp A -> router (2) -> computer B
Cisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies View RelatedThe last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.