We have over 30 Cisco 3560 switches and over 10 VLANs on our network. In our example, VLAN 10 on switch IP 10.0.20.150 works fine and VLAN 10 on switch IP 10.0.20.24 doesn’t work. The below are both switches show vlan. url....I can’t tell what causes the problem and how to fix it. VLAN 10 on Switch 10.0.20 24 doesn’t work. [code]
View 8 RepliesI have a 3560 switch with 1 VLAN (VLAN 10) where I need to make ports:
1-10 as isolated (can't contact each other)
11-20 as community (need to contact each other like a normal VLAN)
23 as promiscuous (server that ports 1-20 need to get to)
24 as promiscuous (WAN router where ports 1-20 need to get to and the remote servers).
[Code]...
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
provide a sample Voice Vlan configuration for the Cisco 2960 POE switch to work with the Non-Cisco IP Phones?
Will these commands work? Vlan 2 is the new voice vlan, Vlan 1 is the data vlan.
mls qos
interface fastethernet 0/1mls qos trust cos switchport nonegotiateswitchport mode trunkswitchport trunk encapsulation dot1qswitchport voice vlan 2priority−queue outspanning-tree portfastspanning−tree bpduguard enable
vlan 2name voice
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies View RelatedIs there any way to check if this VLAN is used by somedevice?
Cisco3560#sh ip int b
Vlan55 unassigned YES NVRAM administratively down down
Cisco3560#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
55 Print active Fa0/5, Fa0/6, Fa0/7, Fa0/8
I have 4 vlan and all has conectivity/access with all (VLAN10,VLAN20,VLAN30 and VLAN40, I use a 3560 Switch for this propose, I need to modificate one vlan (VLAN40) that has access to the rest of the VLAN's BUT the rest of the VLAN's dont have access to VLAN40. I know that it is a problem of access-list BUT I can't undertand how to obtain the result that I like
View 1 Replies View RelatedI have 2 locations, at a distance of 600KM.These two locations are well connected by Point to Point L2 VLAN with a speed of 2 MBPS and supported by CISCO 3560G switches.Location A has a VLAN to communicate to the other VLAN at Location B. Location B has also got 3 VLANS which are inter connected with Location A.Now the hardware in one of VLANs in Location B has moved to Location A for obvious reasons.
For further refernce am giving the VLAN IP address here....
Location A
VLAN1 for communicatng to Location B
IP Range 172.20.44.210
Subnet Mask 255.255.255.0
Default Gateway 172.20.44.210
VLAN2 for the desktops in Location A
IP Range 192.193.194.1-255
Subnet Mask 255.255.255.0
Default Gateway 192.193.194.1
[code]....
We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing. We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.
View 17 Replies View RelatedI have switch Cisco 3560 and I would like to filter multicast traffic. Short explanation. This are multicast addresses from provider on VLAN 888 :
I expect that streams from acl Streamfrom888 will be dropped and the rest of streams will be forwarded. Unfortunately traffic from all streams passs through.how to configure VACL or where in my configuration is mistake?
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
Topology: 3560 <-access-mode-link-> ASA5510 - Internet,3560 has 3 VLANs and 3 corresponding SVIs (default-gateways for VLANs),Just configured RAS VPN on ASA5510 and successfully made connection,Now, from RAS VPN (IPSEC) client workstation CLI, can ping all 3560 SVIs,CANNOT PING host devices plugged into switchports.
View 1 Replies View RelatedIn my lab setup i configured Cisco 3560 switch.
-VLAN 20 and VLAN 30 i configured.
-VLAN 20 interface IP : 192.168.20.1/24
-VLAN 30 interface IP : 192.168.30.1/24.
Inter-vlan communication is happening fine. For testing for purpose i configured extended ACLs.i want stop communication from VLAN 30 to VLAN 20 but not vice-versa. If i ping from one of the IP VLAN 20 to one of the ip of VLAN 30, i was gettng Requested time out. And if i ping from one of the IP VLAN 20 to VLAN 30 interface IP, i was able get pinging.From VLAN 30 to VLAN 20, i was getting destination host unreachable from VLAN 30 ip( Its fine as its my requirement)So, solution needed to communicate from VLAN 20 to VLAN 30.
I have a 3560 switch with the following ports config [code] I would like to use theses ports on a different vlan to connect 4 pc's to them. Can I just remove them from the vlan, remove the trunk switchport and set up on the vlan i want them on with no trunking?
View 5 Replies View RelatedProbably an easy fix but something's weird in my config. I am setting up a new network, so this is not production, Routed environment, down to the access layer using 3560-x l3 switches.
vlan 10: data
vlan 20: wifi
vlan 30: wifi guests
vlan 40: voip
My objective is to allow all traffic OUTBOUND to certain subnets (10.10.0.0/24, 10.10.100.0/24, 10.10.110.0/24 10.10.120.0/24) and block any other 10.0.0.0/8 networks. By doing it this way, after blocking all other internal traffic, I allow everything else to ensure internet traffic can go out.
Extended IP access list VLAN10_TRAFFIC_FLOW 10 permit ip any 10.10.0.0 0.0.0.255 20 permit ip any 10.10.100.0 0.0.0.255 30 permit ip any 10.10.110.0 0.0.0.255 40 permit ip any 10.10.120.0 0.0.0.255 50 deny ip any 10.0.0.0 0.255.255.255 (5 matches) 60 deny ip any 172.16.0.0 0.0.255.255 70 permit ip any any!interface Vlan10description DATAip address 10.104.10.1 255.255.255.0ip access-group VLAN10_TRAFFIC_FLOW outendThe problem is, from the above info, when I ping 10.10.0.5 from a workstation in VLAN 10, it should match rule 10, but instead if matches rule 50 (as shown by the 5 matches)
When did this wonderful feature get introduced? Is it going to moved down to the 3560s/2960s type switches?
View 0 Replies View RelatedI faced the ( receive discard vlan 20 of Cisco switch 3560 ) on my Solarwinds Server .
View 1 Replies View RelatedI have enabled IP DHCP snooping on a 24 port 3560 switch (v small office) and let the database fill up, now I have added dynamic arp inspection on the single vlan and I amd getting these errors.
Apr 23 16:15:34: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/5, vlan 1.([5835.d9b0.b9d1/172.30.5.2/0000.0000.0000/172.30.5.3/16:15:33 BST Tue Apr 23 2013])
Apr 23 16:15:39: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:39 BST Tue Apr 23 2013])
Apr 23 16:15:40: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:40 BST Tue Apr 23 2013])
[Code] .....
I'm configuring two etherchannel groups (2 ports in each) on a 3560 switch. I need to trunk multiple vlans over each channel group.
I created the vlan trunks and allowed vlans on each physical interface. I notice that I can also configure the vlan trunks on the port-channel interfaces that were created. Should I configure them under those interfaces, or leave them on the physical interfaces? Relevant config is below:
interface Port-channel1
!
interface Port-channel2
[Code].....
We have two Cisco switches with one 3560 and one 3750 we have created a new Vlan 4 with IP 10.1.3.x 255.255.255.0 - no shut then assigne to gi 2/0/46 on the 3560 Vlan 4 ip address 10.1.3.x 255.255.255.0 no shut then assign to FA0/45. All interfaces are up up along with the Vlan up up, we can ping the local IP address bu not able to pint the other switch.
View 2 Replies View RelatedI have a HP Procurve 5406 connected to a Cisco 3560 on a temporary cat5e connection and I have Mitel IP phones needing to go on the Cisco switch.Ive configured the HP Procurve port to TAGGING both VLAN 10 (data) and VLAN 20 (Voice). NO is selected for default VLAN 1.The Cisco is configured on the port with switchport encap dot1q and switchport mode trunk.
Ive configured an IP for interface VLAN 10 and i cannot ping it from across the network. The interfaces are up and happy. I have tried changing the VTP status from transparent to server (VTP pruning is off) ive tried setting allowed vlans 10,20. Still not a think. The worse thing is that i have a working Cisco switch with the HP procurve that i checked the config on and its the same! The only difference is that the media type is SX over SFP in that case.
p.s not that im at this stage yet but i initially configure the FastE ports as trunks with native vlans because i was using non-cisco phones. On a spare port i convigured the voice vlan 20 and i say on the mitel phone that it was looking on vlan20! I didnt expect that, i thought the Voice VLAN ID was carried on CDP enabled devices only.
For many years we've had the following vlan and port security config on our 3560s: [code] This has worked great on 12.2(37)SE1, 12.2(40)SE and 12.2(46)SE. However since 12.2(50)SE, and I've tried all the versions since then, we have a problem with 7900 phones and ATA186s taking upwards of 20 minutes before they can get a valid IP number.The problem on the newer IOSes seems to be related to the inactivity aging.On the older IOS versions the mac address of the voice device appears on the voice vlan straight away.
On the newer IOS versions the mac address of the voice device appears on the DATA vlan and seems to be stuck there until the inactivity aging removes it. It then gets re-learned, sometimes on the voice vlan, and sometimes on the data vlan. If you're unlucky and it gets re-learned on the data vlan you've got to wait until the inactivity time ages the address out again. Repeat until the mac address eventually gets learned on the voice vlan. I don't want to be stuck on 12.2(46)SE forever.
I've set up my 3560 to do routing. Now, I'm looking for a way to apply acl restrictions to the vlan interface ip address itself.
View 1 Replies View RelatedI need to implement the shaping VLAN only on the trunk link between the 6500 and 3560. [code]
View 8 Replies View RelatedAny way to test in a lab what would happen if a tech mistakingly added "switchport voice vlan XX" to a trunk port? I am try to do some RCA on an issue and this has been identified as a possible cause by one of my techs.
The config is Switch1------Switch2--------Switch3 Each interswitch connection is configured as a dot1q trunk with all vlans allowed. The link between switch2 and 3 is where switchport voice vlan 10 was added. Switch1 is a 3750 and 2/3 are 3560's.
I've got a 3560-X that passes POST according to console, but there are issues nonetheless...USB console doesn't work. RJ45 works just fine. No status lights turn on at any point (e.g. syst, xps...). 10g network module is installed with a 10g LRM SFP. All lights on the module are amber. However, it passes according to POST. Switch passes traffic, obeys config, etc. Link lights on RJ45 ports work fine. This was brand new out of the box. Thinking about trying IOS reload..
View 6 Replies View RelatedI have issue with 3560 switch QoS configuration . I checked in cisco site about mentioned model QoS configuration.once we mark the frame and map the CoS to DSCP and once it enters into switch and it processes according to LAN QoS configured on interface
we have configured both the commands shape and share.
once it leaves the switch and enters into Edge router and if we do not have configured QoS in router which is normally MQC , how does it process each packet ?Do we need to have end to end QoS configured in LAN ?
I'm new to networking and was looking for some assistance. First off im using packet tracer to diagram my senario as I will be receiving my equipment next week to deploy.
Hardware to be used:
1. 2 catalyst 3560 switches
2. all connect to a sonic wall router
I have two companies that work in the same office space. I need to keep these companies seperate on their own vlan. They will however need to share the phone system.(Packet tracer file uploaded to give those who have the time to see what I put together.) [code]
The last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
I am trying to get my workstation to talk to a workstation on a different sub-net through a Cisco 3560 switch. The switch is running the following IOS version: [code]
My primary network is 172.16.0.0 and I am trying to connect to a device on a 192.168.111.0 sub-net. [code]
What would be the best way to get the two workstations talking via the switch?
how to take the event log of Cisco switch 3560, its argent.
View 1 Replies View RelatedI have a 3560-48 switch running Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE3 and i need to implement basic QOS commands to the fast Ethernet interfaces as well as the gig interfaces and Also I need to create port channels on the switch and need what the port channel syntax are as well for that particular IOS version?
I have only read only access and i can't see what the QOS and Port channels syntax should be for that IOS version.
I'm in the process of configuring QOS on a 3560 routing switch in a GOLD, SILVER, BRONZE priority type scenario.
Firstly, I understand that this config will add a tag of "precedence 5" to a packet if it matches the "ACL_QOS_GOLD_In" access list. Question is does the router see this "precedence 5" tag and then sets the priority, or am I missing something in my config where at present it just sees the "precedence 5" and doesn’t act on it ?
Secondly, Since the "precedence 5" tag has already been added to the packets, do downstream routers see this tag and act accordingly or so I need to configure those is well ? [code]