We have our network setup as displayed in the attached. We have 2 HQ offices and 1 branch office. The branch office needs to connect to resources located at both HQs but taking the most effecient path. We have ethernet circuits connecting from each HQ to 2 x Cisco 3560 switches in the branch. HSRP has been configured on the 3560 switches with SW1 as active and SW2 as standby. OSFP has been configured in a single area 0 and the path cost on the link between HQs has been increase to allow 3560 SW1 to route to HQ1 directly and HQ2 via 3560 SW2.The 3560s are connected with a trunk with a L3 SVI for OSPF. This seems to work ok but I have noticed that the branch could become transit if the HQ1 to HQ2 link breaks. How can this be avoided? I realise that if we configure the branch subnets and SW1 to SW2 link in a stub area (area1) then all traffic will route from SW1 to HQ1 and will never share over SW2. I'm assuming that this is because OSPF chooses inter-area routes over intra-area.
We have 2 sites, each with 2 x 4506 switches which will be connected togther using an etherchannel. The switches will provide access ports for client devices and will be configured with HSRP to provide gateway redundancy. SW1 will be HSRP active.2 metro ethernet links will be installed in each site which will connect back to our HQ sites. OSPF will be used over the backbone to provide resiliency and to allow shortest path routing to each HQ and to prevent traffic over the HQ to HQ link.
The 4506 will be trunked togther with an SVI for providing OSFP adjacency.For the traffic flow from SW2 to HQ2, traffic will hit SW1 and then route back to SW2 and then to HQ2. Is this the best way to do this? Should a second link be connected between switches just for routing or should something like GLBP be used?
I am beginning to implement OSPF into the network I work on. I have a network which consists of multiple 4500, 6500 series routers and 3560s. Each switch has its own set of VLANs. In other words VLAN X on one switch is not the same as VLAN X on another switch. I had envisioned connecting each switch via trunk links and then routing via the loopback addresses on each device. That didn't work. Then I created a VLAN 100 on each switch. Each one was configured with an IP in the same subnet range (10.3.0.1 and 10.3.0.2). I added these addresses to the OSPF process in area 0. It worked. However, this is not desired. I have not seen many examples of 4500 layer 3 switches configured with OSPF. The examples I have seen show the interfaces configured with IPs.
OSPF normally only comes with IPservices image and not IP Base image. The 3560-C series data sheet says that it only suport IP Base image, yet it mentions that support for OSPF in included. Are there any restictions in the OSPF support?.
I have a network with static routes witch I need to convert to OSPF.Never used OSPF, and do not have much experience in routing in general.The netvork is connected via some fiber links, but moastly wireless bridges.I have attached a drawing of how the network is.Routers are 3550, 3560 and 3750s.Each router is on a different physical site.
I believe the answer is yes, but incorperating more layer 3 features of our 3750's, I want to know if they fully support EIGRP or OSPF?
Also for a small business of 4 locations, each with a 10mbps fiber and a 1.5mbps mpls... wouldn't you say EIGRP would be easier? Want to look at making the failover automatic if the 10mbps fiber goes down between a site, then the network fails over to 1.5mbps mpls. When the fiber returns in service then the network automatically preferr the fiber again.
Currently we use static routes and if there is a provider outage we have to manually edit the config to flip flop the routes.
I'm working on a new network design for my company. We're expanding and opening some more offices and satalite sites. We're a UK based company but opening some US sites.We have a main UK office (Office A on the diagram) a call centre (Office B) and then two buildings on another site (Office C). The USA offices will be very small and only require a couple of computers, hence the small IP allocation. I have marked the IP addresses of the links on the diagram, I intend to use 3560 switches for all the switches marked and all links will be layer 3 to route multiple VLANs from each site to each site (where permitted). question is this: How do I achieve this in the switches? I'm thinking that OSPF is the way forward, is this right? I want to do as little configuration on the switches as possible to allow for dynamic updates of the network (i.e. I don't want to add static routes for everything).
I recently ran into some problems concerning the use of a Cisco layer 3 switch (3560) as an Internet edge device to perform a simple static route between the customers network and the ISP POP router. Although this device can perform the routing at the edge for Internet traffic, I am concerned that this device has limitations when it comes to functions such as traffic shaping to the subscribed bandwidth of the Metro Ethernet access to the Internet. Since the 3560 could not conform to the 20 Mbps of subscribed bandwidth, any traffic beyond 20 Mbps was dropped causing performance issues with applications that use TCP. I am trying to find design documents or white papers that would either support or not support using a layer 3 switch as an Internet perimeter device instead of a router. I would like to know if Cisco has a specific perspective on this subject and whether or not they would ever recommend actually using a layer 3 switch model that is a 37XX or below?
I have a typical LAN environment that spans across a large warehouse. I have done a lot of redesigning of the environment to satisfy the need for a disaster recover plan. I now have created a LAN with multiple v lans and must also connect all the access layer switches back to the core switch where the servers are.
I was thinking of something simple such as Port channel of 2 Gbps across the backbone and simple floating static routes . I have then moved my wan access link to a 3750 and implemented routing a CEF at each of the 3 core switches (blue). My question is more of design.
We have remote office where we have 2921 router with 6 layer 2 switches. We have few servers which need to be in specific vlan.
2921 router does not have switching engine we are using this to support VOIP.
So on 2921 router i created 6 sub interfaces for each vlan and assign them to their specfic vlans. Then I have trunk connection to switch 1. Now switch 1 connects to all other switches in the network. As our company design all layer 2 switches should be transparent mode. i tested them i can ping from one switch to all other switches.
Router vtp mode i set to transparent mode and from all switches i can ping the router sub interfaces.
if the above design is acceptable how does the routers know which one is active and which one is standby ? if we need a direct connection between two routers they have to be on a seperate subnet and routers dont allow broadcasts - so how will hsrp work on routers ?
We are designing a LAN Network for ourselves.The proposed design is as follows:
4 x 2960S switches in a Stack Access-Stack-I 4 x 2960S-PoE switches in a second Stack Access-Stack-II
2 x 3750X switches in a Stack Core-Stack
Now I would like to connect it in the following manner ?First,I would like to use EtherChannel using the 10Gig LinksSecondly, I would like to use Cross-Stack EtherChanel too.I have given a graphical illustration of the connectivity Now my Qs: a) Will the 2960S supports EtherChannel using the 10G links and the 3750X too... b) Does the proposed solution will work... or It will have any problems.
QoS design problem that I have. I have a client that is deploying new 4507 series switches with SUP6Es. The client will be running lots of voice, streaming video, and video conferencing over the LAN and want to base QoS on Cisco Media net recommendations.
I need to design a new QoS policy with focus on the above media services with basic queuing for critical data services. I have read the Media net design guide and the suggested 12-class model will be too complex to start with but I have seen references to start with a 8-class model with the ability to easily migrate to 12-class in the future. The 8-class model meets all of our requirements but I need to understand how this will work with the 4507 queuing model? [URL]
I've been tasked to come up with a design to segment our internal network to reduce broadcast domain size. In addition, we are running out of DHCP available DHCP addresses. I need to have a solution that will give me more available IP's, but reduce our broadcast domain.
We are Cisco VoIP shop. Our current environment consists of dual 6509 chassis in a VSS config. We have 10 access switches that are model 3750's. Each 3750 has dual 1Gb fiber links to the VSS Core in an etherchannel configuration. We have 2 VLANS (data and voice) that spread throughout every switch. Both VLAN's have their own DHCP scope.
Our current broadcast domain is a 255.255.248.0, so we have over 2000 potential broadcast devices. Cisco recommends not having larger than 512. So my research has brought me to a design as follows:
MY DESIGN: > Have individual voice and data VLANs for each closet switch. > We have 10 closet switches so this would require 20 new vlans > With every separate VLAN we would need a different DHCP scope. > Configure 20 new DHCP scopes for the 20 new VLANs. > Each DHCP scope would have a 512 available addresses. > Enable IP Routing and configure EIGRP on the VSS Core and 3750's. > I'm tossing around the idea of have each 3750 be an EIGRP Stub. Not sure yet.
QUESTIONS: 1. How to verify what I described in my design? 2. Any alternative solution that might be less complicated than configuring Layer 3 on all my access switches? 3. Any thoughts on configuring EIGRP Stub vs. having the VSS Core do all the work? 4: Any template that I could base my 3750 config from?
Small datacenter design. My requirements and setup will be as follows Dell PowerEdge M1000E Blade Chassis (initially one full chassis)Dell Powerconnect 10GbE Blade SwitchesDell Compellent Storage Array 10Gb iSCSI with redundant controllersDell Powerconnect 7024 dedicated external storage Virtual host blade servers 2 x Cisco ASA for firewall (5525-X or similar in active-active configuration)2 x redundant routers or switches as gateway to public internet I am looking to be able to segregate customers (approximately 100) into seperate VLANs at the access layer and route them up to the Cisco ASA firewalls using Dot1Q trunking for segregation. The Cisco ASA's will perform NAT functionality and route to the redundant gateways. I then need to police each customers traffic at the gateway to limit bandwidth and perform specific traffic marking along with simply routing out to the internet.
Budget is somewhat restrictive so I am looking for the most "cost effective" devices I can use at the gateway to perform the traffic policing/marking/routing for each customer.
I'm looking for feedback and constructive criticism on our network redesign project for our company.We are currently on a 192.168.1.x/24 and running out of addresses. We are looking to move to the following design and implement VLANs as well for segregation and security. We are probably going to use a few SG300s for switches. [code]
On occasion employees are downloading large files for business purposes, at very fast speeds. This has the potential to overwhelming our Internet circuits which causes our Customers problems accessing our Web Hosting services.
Our network is comprised mostly of 2960S switches for the employees. Webservers are connected to other 2960(nonS) switches and directly into the 6509 VSS.
Customer’s traffic comes in through one pair of ASA’s. Employee’s traffic is handled by another pair of ASA’s.
Employee traffic flows from the 2960’s, past an L3 SVI on the 6509, then through the Employee ASA’s, then to the ASR’s, then out to the ISP#1 or ISP#2
Web Server traffic flows from the 2960’s or 6509, to the Customer ASA, then to the ASR’s then out to ISP#1 or ISP#2. Web server traffic does not flow through an L3 SVI.
The goal is to allow employees the ability to have the most bandwidth they can, however customer traffic always has to be preferred in the event of a ISP circuit approaching its limit.
This past networkers I was at the Cisco booth discussing how the 2248 can connect to the 5548 and have server connectivity. It was told to me that now, as of a fairly recent NX-OS release, you can have the 2248 going dual-homed to both 5548 via VPC and then have a server connected to both 2248 and be in active-active mode. Is this correct?
When we first deployed our 5548 and 2248 we had to put the 2248 in a straight pin mode, where it only had connections to one 5548 and then the server would dual connect to the 2248's and be in active-active mode. I was told that this changed with an NX-OS release however documentation still seems to be fragmented on what exactly is the case.
I have been recently asked to design a network. What I have for equipment is four 2960G's and one 1941 router. One switch is a root switch and the other three will have end devices on them.I have decided on three V lans to go with: VLAN20 Data, VLAN30 ISCSI, and VLAN99 Management each with seperate trunk links and redundancy (see picture below).
I have a seperate trunks for each V lan using the switch port trunk allowed. With exception to the Data V lan.My design has the Data V lan as the native because it is going to be receiving untagged traffic from the external network. I have set up inter v lan routing on the 1941 via sub-interfaces to allow them to talk to each other (or because of allowed they cannot?). I have one port coming from my router to my switch via Ethernet cable which is my bridge out. I have my external port doing a NAT translation for my inside addresses and a Default route set up ip route 0.0.0.0 0.0.0.0 gig0/0. I am using rapid- PVST to prevent loops and provide my zero downtime convergence when a link goes down. As it stands right now I cannot talk out of my network or inside of my network.
You can see it is highly redundant and I do not want to change it. This network is going to be deployed but there will never be anybody physically there to manage it which is why I made it as redundant as humanly possible.
We are setting up a test lab in our DMZ. The path to the internet is basically like this. Anything past the firewall is irrelevant. For this lab lets assume it is vlan 300.
LAB SW ---> DMZ-SW ---> ASA FW ---> INTERNET LAB IP Range = 172.16.300.0 /24 GW = 172.16.300.1 (On FW int) Trunked all the way through.
I have an int vlan set up on the LAB SW. It is being trunked to DMZ SW. DMZ trunks it to ASA FW where there is a failover with a redundant switch.On the ASA the interface 0/2 is a subinterface 0/2.300 being used as the default gateway.
I have DHCP running in a specific range on the LAB SW and do get an ip address when plugged in. I cannot ping the default gateway on the ASA FW.The GW is defined using default-router command for 172.16.300.1 i.e. default-router 172.16.300.1?
We are running ospf on the firewall. There appears to be a pattern with ospf and a similar subnet setup elsewhere. I was wondering based off of this info would configuring ospf for 172.16.300.0/24 allow me to ping the GW from a client on the LAB SW.Secondly. I trunked 300 on the DMZ SW but I didnt add the vlan to the configuration. i.e. conf t <enter> vlan 300 <enter> Does this really matter? Or is having the vlan in the configuration only pertain to access mode on interfaces?
I am attempting to filter a specific host(s) from my OSPF routiing table on a ASA 5550 (ABR) using LSA prefix lists. However, when I look at the other routers in that area, I notice that ALL LSA type-3's are being removed (10 hosts are now missing from the routing table). I have verified the filter is working on the ABR, but I can't figure why ALL hosts/routes that were coming into the area are now being filtered instead of the specific one that I want to filter out.
Here is the config on the ABR:
prefix-list pdm_pl_000 seq 10 permit 206.253.180.137/32 ! ! router ospf 1 network 10.0.0.0 255.255.255.0 area 0 network 10.150.10.0 255.255.255.0 area 10 network 10.150.252.0 255.255.255.224 area 10
[code]....
The 206.253.180.137 host is actually coming from Area '3'. Am I doing something that is removing all type-3 LSA's?
I would like to do the following architecture with the same C3750 : network X,Y,Z connected to 3750 in VRF D the 3750 uses a routed interface on subnet E for the default route in VRF D on this routed interface a BYPASS EQUIPMENT the other BYPASS EQUIPMENT interface is connected also to another routed interface on subnet E "also" this routed interface is in another VRF C with other network A and B.do you know if it will work because of 2 routed interfaces on the same IP subnet or is there a way to do that ? the only goal for me is to catch traffic from network X,Y,Z on SYN and ACK.
remote location on MPLS circuit terminated on a Cisco router that has Internet connectivity through Central Site router. We are installing a cable modem at the remote location that is to be used as the Primary Internet Connection but still be able to use Internet through MPLS if the cable Internet goes down. We want the failover/fallback to be handled automatically.
We have an ASA5505 for the cable Internet which then feeds into the ISPs modem.
At first I was thinking about getting a module for the remote router so the cable Internet could be terminated on the remote router as well but that introduces a single point of failure. I would also like to firewall both the MPLS and the cable Internet but if I do so on the ASA there is another single point of failure.
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
Does 800 series routers support OSPF or EIGRP? Command for EIGRP is available but when you try to run it, you get that "protocol is not available in the image". Is there a specific image that I can get that will support either of these two on a Cisco 851 or 861?
I'm working designing a switch system for our core/data center.
We have 5 esx hosts, 2 sans with 3 nodes each. We have voice servers, a couple of routers and a few odds and ends. There are 7 other locations aggregating into this data center via 1-2gbps fiber connections. The bandwidth usage on these links is minimal, but there is a total of about 3000 devices aggregating into the system. My main concern right now is the 3560G's are seeing many output drops, due to the small buffer size on those switches. I have been looking at couple of options to resolve this issue, including the 4948E, 4507E, and 3750X switches.
Budget being the biggest factor, I am finding that the 4507 might be out of the price range. So I was leaning towards the 4948E switches for connecting the servers and iscsi san's as the 3750X is not recommended for iscsi. Redundancy is important so I would like to have two. The second concern is that I need to aggregate the fiber connections and for that I was looking at the ME-3600X or possibly the WS-C3750X-12S-E. I'm running eigrp, so this switch would need to have full routing, as it would also serve as the core switch for the 4948E's.
So in the end I was thinking that two 4948E switches up linked to the ME-3600X which would do full routing for the fiber aggregation and any routing needed for the servers and sans.
Servers and Sans_________4948E________ME-3600X_________7 fiber connections |____________4948E_____________|
I would look at a second ME-3600X in the future for redundancy. This is the lowest cost biggest buffer solution that I could find.
I am just browsing and looking for a solution to converge my multi-vendor switched network and bring some redundancy to it as recently we managed to get a redundant links. I have a need to change core switch to Cat3750G, which has Per-V LAN-RSTP+ on board, but tests have shown that it won't be compatible with some other proprietary per-V LAN RSTP solution other vendor's switches use currently.
So, I thought maybe standard-based MSTP design might do the trick. I've made some tests and got some weird and unstable switching result. I have two topology rings with a core switch in the center. Every ring has about 10 switches, so practically network diameter may vary from 5 switches (when spanning-tree converges in the center and I have a blocking port somewhere int the middle of the ring) to about 10-11 switches (if a I have link failure on any of ports right at the core switch). I disconnected one port from core switch to eliminate a possible switching loop while I will be configuring new MSTP design. Then I started enabling MSTP on all the switches staring from core Cat3750G to MSTP, one by one, placing all switches to the same MSTP region, and placing all V LAN's to default MSTI0(CIST) cause I don't need to organize any separate MSTP instances for every V LAN or for group of V LAN s. When I turned MSTP on on 7th or 8th switch in the chain (cause I had a physical chain when I disconnected one port out of redundant ring) I got all switches "flapping", storming and flooding the network with broadcasts. Even when I had one redundant port disabled.
I have no idea what I am doing wrong. I noticed that Cat3750G has an option that defines a possible network diameter which actually automatically changes some hello, max age etc. attributes according to diameter specified. When I defined a maximum network diameter of 7, if didn't change anything: I still have hello timer of 2 sec etc. I've been wondering if the maximum network diameter has something more than just a "variable" to fine tune hello timers etc? Maybe I won't be able to use MSTP in my network which might have diameter more that 7 switches. Or maybe it was a mistake of placing all the switches to the same region and all the v LAN s to the default MSTI0 (CIST) and I should configure one MSTI per V LAN or per some group of V LANs and subdivide my switches to few MSTP regions?
If i look at the Feature Navigator , it says that IP Base Supports OSPF and EIGRP. But if i look at the Cisco Link it contradicts the Cisco Feature Navigator.
[URL]
if I have 6509-E with VSS-SUP720-10G and want to run OSPF and BGP on the Switch. What is the IOS i require? WIll IP Base Suffice or i need to take Advance or Enterprise Image.
I am in a doubt if the 3560-12-PC-S supports OSPF. Datasheet says we need IP Services image. But 3560-12PC doesn’t have the option with IP Services. Then I havigate to [URL] how?
So, any clues whether or not this box can run OSPF?
We have an existing network with a core 6500 as a VSS connecting 4 buildings with 4500 chassis under which number of L2 switches are connected. Currunlty we are using RSTP in ring for redundancy but we want to use OSPF in LAN for faster conversion.All the VLAN's are created on 6500.
I have 2 Nexus 5596UPs with a layer 3 cards that are exhibiting some very peculiar behavior. The systems are running 5.1(3)N1(1).I have configured 2 VRF contexts each running their own OSPF process. There is a static gateway of last resort configured on each VRF, which is to an upstream pair of 5585X's in Active/Active. Each OSPF process has the "default-information originate always" command configured, however, backbone neighbors are not recieving a gateway of last resort from the 5596UPs. The applicable configurations are show below. All other routing information is passing correctly between devices in the network. This network is not production, it is a proof of concept for a larger implementation.
I have a 867VAE-K9. On feature navigator it is listed as supporting OSPF. However when I go into config mode and type "router ?" BGP is there, but OSPF is not. Also, under my tunnel interfaces there is no support for any OSPF commands such as "ip ospf cost" etc. I'm in the process of raising a TAC. I have tried five or six different versions of IOS code that is available for this device, in each, we never see OSPF listed but sometimes see "router odr" or "router lisp"...
