Cisco Switching/Routing :: 3560 - Randomly Can't Get Access To Any Resources
Jan 16, 2013
I have a couple of users who randomly can't get access to any resources. The port they connect to doesn't have port security, the have an IP phone and PC. IP phone is fine since it's always on the same port. There PC get's an IP from DHCP (DHCP is on a windows server) but they can't ping any devices nor can I ping the PC from the switch. I checked if there were any mac access filters applied on the switch (and there aren't any). The log doesn't show any events on the ports in question so I don't know if the switch is going or there is a config issue some. Doesn't happen to all users, just 1 or 2.v
View 11 Replies
ADVERTISEMENT
Dec 14, 2012
I have an intermittent issue happening on my company's firewall, and I'm at a loss as to how to troubleshoot further.
We recently made some changes to our network, which included moving an ASA 5505 from one location to another. In moving this we also connected it to a different switch. It used to hang off a Cisco 3560, and now it hangs off a ProCurve 5406zl.
The setup is that the ASA is connected on two ports to the HP, which is simply a layer 2 device sitting between the firewall and the uplink to our ISP. One port, e0/0, is the outside interface and is set to switchport access vlan 2. The second interface, e0/1, is set for vlan 1, also access mode. It has an IP of 10.0.0.2. The HP on the other end of that has an IP of 10.0.0.1. So outside VPN connections come through the HP to the ASA on e0/0, and back out the ASA on port e0/1 to reach devices on the internal network.
What happens is that when a user connects to the VPN, they can reach internal resources intermittently. For example, I tried to ping an internal server IP address (let's say 10.0.0.23) from my laptop, while on the VPN, and pings failed. However I could ping that IP from the ASA itself. Another example is that during one VPN connection I was unable to connect to an internal web server, but once I disconnected and connected ahain I could reach the server fine.
The intermittent nature of the problem made me think that it could be an ARP issue, that somehow the traffic is getting sent back out the wrong interface sometimes, hence the lack of communication. However when I did show switch mac-address | include mac address, using the base mac of the HP, I only saw the mac address of the HP on one interface, e0/1. That makes me think that things are working as they should. Although I guess maybe it should appear on both interfaces...? I don't know. How I can most effectively troubleshoot this? It seems like the symptoms are indicative of some kind of rookie mistake, but for the life of me I can't figure out what it is.
View 4 Replies
View Related
Dec 11, 2012
I implemented access list on cisco 3560 switch but it never works. I want to block access from network B to Network A and allow from Ato B
Network A. 10.0.12.0/24
Network B 10.0.24.0/24
The configuration is
interface Vlan1
description Data VLAN
[Code].....
View 14 Replies
View Related
Nov 28, 2011
we have a class based qos scheme (see attached file) on our 4500 series access switches and we have a access 3560-48 switch runing IOS Version 12.2(44)SE3 my question is can I use the same QOS scheme for the 3560 switch?
View 3 Replies
View Related
Aug 12, 2012
I have 5 SVIs configured for VLAN Interfaces 121-125 for my vSphere environment.
All VMs can ping IPs on all the VLANs (VMs on VLAN 124 can ping VMs on VLAN121)
All VMs, except those on VLAN 124, can access the Internet or even ping my router IP.
If I change one of the VLAN 124 VMs to use a different VLAN, and update the addressing appropriately, it can access the Internet.
The problem is exhibited with Windows and Linux VMs. So, I believe something in my switch setup is the problem with VLAN 124 in particular.
If i do a show vlan brief, VLAN 124 is listed.
If I do a show ip int brief, VLAN 124 is listed as upup. I also tried to shut o shut the VLAN 124 interface.
Only one specific VLAN has connectivity problems?
My topology is Catalyst 3560 to home router to Internet.
Here is my IOS image: c3560-ipservicesk9-mz.122-55.SE6.bin
Here is my show run output:
3560_02#sh run
Building configuration...
[Code].....
View 4 Replies
View Related
Jan 2, 2013
My access switches LED is start blinking very fast suddenly,it has single up link from the Core switch.access switch is 3560.what can be the possible problem.
View 1 Replies
View Related
Aug 23, 2012
My configuration:
radius-server host 10.138.44.57 auth-port 1645 acct-port 1646 key 7 ******
!
aaa new-model
!
aaa authentication dot1x default group radius local
[code]....
View 2 Replies
View Related
Feb 23, 2012
I have configured vlans in 3560G switch but vlans notable to accessing Internet
View 6 Replies
View Related
Nov 5, 2012
Im trying to access the switch to reset the password to factory defaults (please see switch output Astrix has removed customer identifying information for security purposes.) Each time I reboot the switch and try and access the password recover mode this same output below starts and im still not able to access the recovery area of the switch
cisco WS-C3560G-48PS (PowerPC405) processor (revision F0) with 122880K/8184K bytes of memory.
Processor board ID FOC1133Y28Q
[Code].....
View 3 Replies
View Related
Mar 31, 2013
I am not sure if what I am trying to accomplish is possible. On my internal network I have the following VLANs setup (102, 104, 106) and they map one to one to a subnet (ie: 102 = 192.168.102.0/23, 104 = 192.168.104.0/24, etc).All interVLAN routing is done on a 3560 via vlan SVI. Connected to the 3560 via a routed port is a ASA 5510. The routed port has IP 192.168.100.1 and the ASA interface on the other side of that routed port has IP 192.168.100.2. I use 802.1x on the wired network to assign users (based on their department) into a specific VLAN. I want to extend this concept to Remote VPN access. Therefore I setup multiple Group Policies (policy is applied based on an LDAP attribute) where each policy defines a different DHCP scope. This has successfully allowed me to login wtih different users who get assigned to different Group policies and they obtain the correct DHCP IP address from the internal DHCP server (ie: an engineering person logins remotely and gets an IP in 192.168.102.0 range). However the issue (and as I was planning this out I knew this would come up) is that traffic can be routed out from the VPN client to its destination but there is no return path.
View 3 Replies
View Related
Jul 15, 2012
I have 3 3560 switches which are configured with trunks between them. They run vlan 10, 11 & 12. I have a 'core' switch (switch 1) of these 3 to which an MPLS router is connected on vlan12. I in addition have another switch hanging off the 'core' switch via a routed link (switch 4). I have EIGRP configured as a stub and as such the IP address on the routed link at the core switch end is of a /24 from v lan 1 on the other switch. This makes the route directly connected and therefore distributed via EIGRP stubs. Switch 1 is then exchanging routes with the MPLS router (via EIGRP).
The problem I have is that from any sub net on any switch (switch 1, 2 or 3) I can ping 192.168.13.1 (switch 4). When I try and ping switch 4 from over the MPLS I am unable to. If I trace to the switch I see it reaches the outside of the MPLS router, but is then unresponsive. The same applies if I try to ping switch 1 on 192.168.13.2. Any of the other IP addresses of switch 1 respond.
The MPLS network is a managed solution to which I have no access. I'm told that the MPLS provider is able to ping switch 1 & switch 4 on the 192.168.13.x addresses from a remote router (192.168.32.2). I have tried from a switch on the same L2 sub net (192.168.32.1) and I don't get a response.
From switch 4 I am able to ping the switch on 1 of it's interfaces (192.168.19.1), but not the interface I mentioned above 192.168.32.1. There are no access lists in place on the switches and no firewalls between the sites.
View 22 Replies
View Related
Oct 27, 2011
I've just been testing QOS on 3560 with version 15.0(1) and it seems the the default qos trust behavior on access ports has changed. By default the trust state of a port is not to trust anything, however rather than rewriting the DSCP value of the incoming packets and settign it to 0 the switch now seems to leave the DSCP value unchanged.
SW04-C3560(config)# do sh mls qos int g0/2
GigabitEthernet0/2
trust state: not trusted
trust mode: not trusted
trust enabled flag: ena
[Code]......
View 4 Replies
View Related
Oct 25, 2012
I'm new to networking and was looking for some assistance. First off im using packet tracer to diagram my senario as I will be receiving my equipment next week to deploy.
Hardware to be used:
1. 2 catalyst 3560 switches
2. all connect to a sonic wall router
I have two companies that work in the same office space. I need to keep these companies seperate on their own vlan. They will however need to share the phone system.(Packet tracer file uploaded to give those who have the time to see what I put together.) [code]
View 13 Replies
View Related
Nov 5, 2012
Im trying to access the switch to reset the password to factory defaults (please see switch output Astrix has removed customer identifying information for security purposes.) Each time I reboot the switch and try and access the password recover mode this same output below starts and im still not able to access the recovery area of the switch
cisco WS-C3560G-48PS (PowerPC405) processor (revision F0) with 122880K/8184K bytes of memory.
Processor board ID FOC1133Y28Q
Last reset from power-on
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
[code]....
View 1 Replies
View Related
Nov 24, 2012
I have a switch which is rebooting it self, we bought it a year back,its a new switch, i did not find any error on sh ver after rebooting. I am using OP manager, i did not receive any alerts. I have done all diagnostic test, all are passed, i did not find any problem..
View 2 Replies
View Related
Oct 5, 2010
I have a Cisco 881 and I want to use Easy VPN.
-VLAN 1: 192.168.4.0
-WAN: 10.0.0.0
-VPN: 192.168.8.0
VPN connects and I get an IP of 192.168.8.100 from my pool. I can ping my cisco at VLAN1 (192.168.4.1), but I cannot access my local resources. I guess I miss a NAT configuration.
View 11 Replies
View Related
Jun 12, 2011
The Linksys is connected to a cable modem and a Dell Vostro system, the Netgear is connected via Cat 5 to the Linksys and the Linksys is the DHCP provider to the Netgear.The Vostro shares hard drives, folders and printers to the networkBoth have wireless and wired users.They are each DHCP providers to their users.How must I configure each to provide users on both routers access to all network resources
View 2 Replies
View Related
Feb 9, 2011
I've set up a VPN using a fortigate 50b wifi and forticlient ipsec VPN. when I log into my office from home, I cant see anything on my network at all. I can however remote desktop into other PC's and can access stuff that way. I was under the assumption that ... one a VPN connection is made in the LAN you should be able to see other pcs and servers in the workgroup. Is this not the case or do i need to configure something?
View 2 Replies
View Related
Nov 1, 2012
My workstation(10.0.0.250) directly connected to 6509_1 switch. 6509_1 is gateway with ip 10.0.0.5/22. Sometimes routing stop working, but after 3-5 minutes all back to normal.When issue occur i can't ssh to 6509_1, but i connect to second 6509_2 (10.0.0.6) and i can ssh to 6509_1 from it.Then form 6509_1 i try to ping my workstation Wireshark on my workstation show that packet arrive. My workstation reply on it, but switch not accept it.How it possible? As I say after sometime all go back to normal without any changes. [code]
View 2 Replies
View Related
Mar 20, 2012
We have two c6509 budled in VSS. I have noticed randomly high usage of CPU, sometimes up to 99% in peaks. I have found that it can be generated by SNMP engine. So I unconfigure all SNMP things. But situation is the same. I would like to know if this state is OK or not. CPU shows are enclosed in file.
View 1 Replies
View Related
Aug 19, 2011
I have an RV042 with the PPTP server configured, which is working because I can connect with my iPad and droid phones, however, I'm unable to access resources on the RV042 side (192.168.1.X) when my local network is the same ip scheme (192.168.1.x). It works fine when I'm on a different network like 3G or someone else's Wifi network (192.168.11.X).
View 1 Replies
View Related
May 24, 2011
I have 3 networks coming from the DMZ (VPN) and only one works:10.132.24.0/24 Not working10.132.25.0/24 Not working10.132.26.0/24 Working The thing is, the one that works is on the same network as the DMZ(VPN) interface. The other two do authenticate and they get an IP from the VPN Pool. but they just cant access anything.
View 11 Replies
View Related
Apr 24, 2012
I am connected with qvpn, I can log in to the router bios remotely, but when I try to map the network drive from my remote location it does not work.I can detect the machine on the network, but it will not go further and tells me that "said IP was found but could not locate G". Does this mean it is behind a firewall on server side and that I need to create a rule to allow the incoming traffic? Or could it be something else.
View 1 Replies
View Related
Nov 26, 2012
I'm working on setting up a couple of new WAN sites with 256K frame relay circuits back to our main building. Each new site has a new PVC, and both are pointing back to a PVC on a T1 at the main building. The main site has a 2801 with a single CSU/DSU WIC, and each new site has a 1841 with a 3560 connected to fa0/1. At both sites, I'm able to get the circuit up, and the serial interfaces at both new sites show up/up, and the subinterfaces at the main site also show up/up for both sites. Routing is being done by EIGRP, and both sites are able to establish the 2801 as an EIGRP neighbor, and I'm able to ping/tracert anywhere on our network by name or IP, so routing and DNS appear to be working. I can also ping both new routers from the main site. However, that's about all I can do. I'm not able to access any resources on our network (email/shares/internet/intranet/etc) from the two new sites. I can ping the new routers/switches from the main site, but can't ssh to them. I can ssh to them locally. There are no firewalls in the equation, and I don't think there are any ACL's in the picture either.
Can ping and tracert just fine anywhere on our network (from both the 1841, a PC plugged into the 3560, or a PC plugged directly into the fa0/1 port on the 1841), including out to the internet, by name or ip.Can ssh to local router, but not to anything that isn't localDNS is workingDHCP not working using ip helper pointing to DHCP scope on server at main site, have to use static IPCan't rdp to anythingCan't get emailCan't browse windows sharesCan't get to any websites, external or intranet. IE says "Website found, waiting for reply..." but eventually times out.
I did some testing for communication over certain port numbers using telnet and nmap, and found the following:
Can telnet to url.. and local intranet webserver on port 80 (http)Can telnet to two of our Exchange Servers on port 25 (SMTP)If I run an nmap scan on url...com, or our intranet webserver, it confirms that 80 and 443 are open, but the pages will not load. I am able to telnet (port 23) to a state mainframe via the internet that some of our employees use, and I do get the expected login screen. I tried erasing the config one of the new routers, and just added back the bare minimum config to get the circuits up (serial/ethernet interface configs, eigrp), but saw the same symptoms.
One other thing to note: the 2801 at the main site has three other frame relay sites connected to it on the same WIC as the new sites, all of which are working fine.
I just don't understand why I can ping everywhere I need to be able to ping, and port scans show that communication is open over needed ports, but the applications don't work.
View 1 Replies
View Related
Feb 24, 2011
I am having an issue with my Cisco VPN Client. I am new to VPN setup, so this is probably something easy I am missing. I have a 2611XM router acting as my internet gateway for my local lan, and my VPN Server. I am doing all my testing from a company laptop with a mobile broadband card. The VPN will connect, but anytime I ping anything within the inside network, it comes back with the public IP of the outside interface. I have NAT overload configured so everything on the inside network can access the internet, which it looks like might be causing my problem.
When i remove the nat overload on my fa0/1 interface, the vpn will connect to any resource on the inside.
View 9 Replies
View Related
Jan 24, 2012
I have two places that I work out of. One is in Romania and one in Bulgaria. In Romania, I have a small office/home network set up. It has at least 8 computers (including the three that I have with me currently - some wireless and some towers) and a couple of android phones and Ipods. I have no trouble accessing any of the computers shared folders or them accessing mine. There are a varity of operating systems used there from XP, Windows 7 and Mac.Everything works great. All the computers can access each other shared resources. All the computers are set to get IP automatically from my DLink DIR - 600 router. I have brought my three computers to Bulgaria (tower and two laptops). They are all set the same- no changes in settings. However, in Bulgaria, All three computers CAN access the internet but NOT each other.
[code]...
View 14 Replies
View Related
Apr 19, 2012
Cisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies
View Related
Dec 8, 2011
The last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
View 4 Replies
View Related
May 8, 2012
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
View 9 Replies
View Related
Apr 17, 2012
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
View 16 Replies
View Related
Jun 4, 2013
I am trying to get my workstation to talk to a workstation on a different sub-net through a Cisco 3560 switch. The switch is running the following IOS version: [code]
My primary network is 172.16.0.0 and I am trying to connect to a device on a 192.168.111.0 sub-net. [code]
What would be the best way to get the two workstations talking via the switch?
View 3 Replies
View Related
Apr 28, 2012
We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing. We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.
View 17 Replies
View Related
Nov 5, 2012
I have having two Cisco 6509 both working are my main Core Switches with which I have all my Layer 2 VLANs configured and then distributed thru the trunks links to all the Access Switches. I have L3- Vlans also configured on them with which one switch in primary and the other is secondary. All of sudden last night I got this message on my core switch 2 this for VLAN 1 which is my users LAN, how can I check as to what would have caused the core switch 2 HSRP to be active and then in standby
*Nov 5 23:33:29.296: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Standby -> Active
*Nov 5 23:33:29.796: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Standby -> Active
*Nov 5 23:33:29.804: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Active -> Speak
*Nov 5 23:33:29.920: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Active -> Speak
*Nov 5 23:33:40.144: %HSRP-5-STATECHANGE: Vlan1 Grp 5 state Speak -> Standby
*Nov 5 23:33:41.280: %HSRP-5-STATECHANGE: Vlan1 Grp 49 state Speak -> Standby
Also last night i got call from office saying that we are getting huge delay in pinging the default gateway of the user LAN which is the same vlan as the above and it was just for few minutes and then it was back to normal and now when I came to office and check there were no logs in both the core switches. When I checked the cpu utlization it was showing me high on both the switches how can I check as to what would have caused the CPU utilisation to go high all of suddedn?
INPMHCORS01#$ sh processes cpu his
11111 11111 11111 1111111111
8885555588888666669999922222666665555511111777773333300000
100
90
80
[code]....
View 1 Replies
View Related
