Cisco Switching/Routing :: 3560 - Servers Updated When Gateway MAC Address Changes?
Feb 7, 2012
We have a server connected to a 3560 switch which in turn connects to 6500s. The gateway interface is on the 6500. We will be changing the 6500s so the mac address for the gateway will change, however the IP address will remain the same. As we change out the 6500s the uplink connections to the 3560 will go down. This will flush the old mac address from the 3560.When the 3560 removes a MAC address does it update servers so they have to relearn the correct MAC address?
I start configuring Cisco 2821 router for multicast . First short description and attached sheme explanation. Let we say I have small network with 100 users. One router and Cisco switch 3560. Two VLAN’s, one for data another for multicast. Data from internet works fine but now I want to connect multicast servers (or source of more multicast streams) from another subnet. Router have three interfaces.I expect there should be no problems with multicast configuration, but unfortunately it is not like I expect. What I did ?
I have 5 linux and 3 Microsoft 2008 Servers, each connected to 2 Cisco 3560 Switches. The 2 Cisco 3560 switches are connected to 2 different Cisco 515e Pix. Is it possible that if i enable Port SPAN in any of the switchport and send a copy of traffic to any of the windows 2008 server, will i be able to monitor the bandwidth of the servers (Here I am only looking for traffic going from servers to PIX and then to internet, also vice versa).
Also will wireshark be able to differentiate specify the bandwidth of each servers seperately ?
Client is having 1 file server running small business windows server 2003. Server is not configured with domain, it is working only on workgroup. We have around 15 users who are using that server as file server only. Now my main question is do i need to configure DNS server in that server?we also have internet connection running (have problem in that also, will explain next time) with wireless router to connected with switch. So do I need to setup dns in server also or just put static ip (I prefer static then dhcp) & dns server from ip will be ok? If I put dns which I got from ISP, so will it create any problem with using those file from server?the second question is..
What IP address, Default gateway and dns address I should use for Server & also client pc. router ip - 192.168.1.1 server ip - 192.168.1.10 Currently no DNS setupcurrent configuration - Server IP - 192.168.1.10 subnet- 255.255.255.0 gateway - 192.168.1.1 dns - 213.42.20.20 (from ISP) dns2 - xxx.xx.xx.xx (from ISP)current configuration - Client IP - 192168.1.111(to 115) subnet - 255.255.255.0 gateway - 192.168.1.1 dns 1 - 192.168.1.10 (File Server) dns 2 - 213.42.20.20 (from ISP)
i'm using some catalysts 3560 with 10 VLANs and inter vlan routing. we use a windows deployment services server to install our workstations. the pxe boot works fine. the image is loading, and when the windows 7 PE is booting, the dhcp request failes. when i use a small not manageable switch between the computers and the catalysts, it works fine.all other things work fine.
Problem is that at some C65K I have directly connected Unix servers and the don't show MAC address at port, and same has happened at 3560 switched where I have too Unix based equipments connected. When use show mac-address interface XXXX, nothis appears at port and tested them with other equipments that worked fine.
we have a 3560 switch configured with EIGRP with dhcp. We have a user that we cannot ping, however the interface show up / up and no errors on interface. the ip address is 10.2.0.199 - however we have dhcp configured to exclude the range from dhcp ip dhcp excluded-address 10.22.0.1 10.22.0.200 how can this work station get a dhcp address if we have that ip range excluded from the dhcp pool?
The user is off a different switch that is a uplink to this distribution switch. Traceroutes shows that the problem is with the distribution switch.
I have Cisco 3560x layer 3, but there is one problem with MAC ACL. Here is sample scenario:
I have two V LANS 2 & 3. There is one device (D1) on V LAN 2 and three (D2,D3,D4) devices on V LAN 3. D1 can talk only to D2 and D3. D4 can talk only to D2 and D3. D1 and D4 cannot talk at all. I got the IP access list all set, but I was asked to get the MAC ACL on it. The problem is that as soon as packet is routed, its MAC addresses will change, correct? Is there way of preventing device with same IP but different MAC from talking to device it should not to, keeping in mind that the packet will be routed?
In mucking around with my 4500 I accidently deleted the ip address that I use to get into it with telnet and CNA. I have a console cable hooked up to and I'm in that way but the commands I got off the internet did not work. Those commands were set interface sc0 10.x.x.x/xx and set interface me1 10.x.x.x/xx. It didn't like interface and I notices when I did a set ?
I have some Ethernet-connected cameras that all have the same Ethernet MAC address FF:FF:FF:0A:0A:0A. They were originally designed to directly connect to a Windows PC, but they can also connect through a simple unmanaged switch.A Catalyst 3560 switch won't forward packets to or from anything with that MAC address, at least not by default. Is there a way to convince the switch to do so?
It was my hope to replace the dedicated connections we have for these cameras with a separate VLAN for each camera, and switch them through our existing switch network. Given that all of the cameras use the same MAC address, putting them on the same network is out of the question, but different VLANs, where the only two devices on each VLAN were the camera and the PC that uses it, would be fine.
The switches run IOS 12.2(55) SE through SE3. I learned the camera MAC address from the PC's ARP table while the camera software runs; it turns out the cameras don't have a full IP stack either and don't even do ICMP.
I have 2 3560 switches that are running 12.2(25)SEE2. Port security is enabled on some of the ports. Whenever there is a power failure, when power is restored, 1 port on each switch goes to err-disabled. The mac address that causes this is a valid address for that port. Below is the configuration on one of the ports.
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1 ----------------------------------- | 4500 | ----------------------------------- interface Vlan1 ip address 10.10.0.2 255.255.0.0 ip helper-address 10.10.0.1 standby 1 ip 10.10.0.1
I have one Cisco 3560, and it is connected to Firewall...I already turn on the ip routing, which is able to do interVLAN..In 3560, the static route is 0.0.0.0 0.0.0.0 192.168.2.2
After not seeming to be able to save any configurations in 12.2(25)FX, I thought an upgrade would work since it said it didn't recognize my browser or OS but let me continue. I was able to see everything just couldn't save changes.
I updated to 15.0(1)SE3 and everything seemed to be going well. Tried to log back in HTTP (have not set n IP yet since it is still at my house... DHCP seems to be working) and I get a user/password screen that says level_15_access and it won't let me in.
Attempts to log in terminal have been unsuccessful. I can log in my dell switch which I am replacing and my APC units terminal just fine using USB to serial and Ubuntu.
I tried cisco as a password, user and password, admin, administrator no luck.
What is the best way to resolve this, is there a sure fire windows serial program or settings I should use in linux (currently 9600,8,N,1) to connect? I have looked through manuals till I am blue in the face.
when I was using image 1.0.0.27, I was able to move the management VLAN from 1 to which ever VLAN I wanted. For some reason, after switching the image to 1.1.1.8, I no longer have that function.
how do i change a default gateway? the current gateway 170.130.110.254 needs to be changed to 170.130.110.2 so my two devices at separate locations can communicate with each other
The last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2 Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3 Route-map pbr1 permit 10 Match ip address 100 Set ip next-hop verify-availability 1.1.1.2 1 track 11 interface fasthethernet 0/1 ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11 Match ip address 101 Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
I am trying to get my workstation to talk to a workstation on a different sub-net through a Cisco 3560 switch. The switch is running the following IOS version: [code]
My primary network is 172.16.0.0 and I am trying to connect to a device on a 192.168.111.0 sub-net. [code]
What would be the best way to get the two workstations talking via the switch?
I implemented access list on cisco 3560 switch but it never works. I want to block access from network B to Network A and allow from Ato B Network A. 10.0.12.0/24 Network B 10.0.24.0/24
The configuration is interface Vlan1 description Data VLAN
We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing. We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.
I have a 2504 WLC connected to a Catalyst 3560 which has multiple vlans and is connected to a 2800 series router. I know the catalyst is L3 but I am needing nat functions to get outside to the internet. From my 2800 series router I am able to ping out to the internet, also I am able to ping the vlan interfaces on the catalyst switch. Problem is from the catalyst switch I can ping the inside and outside address of the 2800 but I cannot get any further then that. I cannot ping the 2800 router gateway. Not sure what I am doing wrong as far as routing.
We have two Cisco 3560E layer 3 switches at the core of our network. The switches are configured as an HSRP pair and the clients on our network point to the HSRP address as their default gateway. So if CORE-A dies, then CORE-B will pick up the address and the default route for the clients will continue to be available.We also need to specify a few static routes on the core switch to allow us to get to specific networks. Is there a way to do this so that the routes failover in the same way that the default gateway does?
I have two ISPs. Each is on it's own subnet connected to the 6509 MSFC/Switch. FW1 is on 100.1.100.0/30 and FW2 is on 200.1.200.0/30 subnet. My goal is route all traffice going to the Internet from subnet 10.133.3.0/24 to FW1 and all other subnets across the organization to FW2. I am not sure if I need to use ACL / Static route combo, or just a static routes or ACLS?
I'm running into what seems a basic ip routing config problem with a Catalyst 3750 (IP Base) switch. I have several VLANS configured on the switch with IP routing enabled, and the switch is connected to the inside interace of a new ASA 5520 as follows:
ASA5520 IP (Default gateway): 192.168.1.1Switchport Gi1/0/1 is configured as a routed port, IP address 192.168.1.3 255.255.255.0Example VLAN is VLAN 100, IP address 192.168.100.1 255.255.252.0 From the switch CLI, I can ping all VLAN addresses, as well as the ASA5520, and the client laptop I'm testing with from VLAN 100.
From the client laptop on VLAN 100, I can ping all switch interface and VLAN addresses (inter-VLAN routing is working), including 192.168.1.3, but I CANNOT ping the default gateway at 192.168.1.1.
Here is the relevant configuration information on the 3750:
! no aaa new-model switch 1 provision ws-c3750x-24 system mtu routing 1500
I'm setting up an ACE 4710 in our test lab before deploying in production. Do the test web servers I am using need to use the ACE as their default gateway? The are currently configured to use a multilayer switch on their vlan as their gateway but I'm guessing the ACE needs to see the return traffic for load balancing to work correctly?
