Currently we have an Ava ya IP Office switch running on the same network as our PC clients. I would like to seperate the two network into 2 V LAN's.
We have a mixture of Catalyst 3750 switches and some older 3500 models.Where do I start? Should I leave the PC's and servers on the default V LAN and just move the IP handsets?
As I understand Cisco Catalyst 3750-x supports stackwise and stackpower technology.Do I need to purchase a seperate module to enable stackwise and stackpower? Or are stackwise and stackpower modules included be default on the switch already?
View 4 Replies View RelatedI have an issue with a Cisco 3750 switch stack which is connected to two seperate upstream Cisco 3750's which are administered by an ISP. The ISP is experiencing MAC address flapping from one of my VLAN SVI's i am using to route traffic upstream
[code]...
As you can see I utilise a VLAN SVI to route traffic to the upstream 1.1.1.2 (illustration only) IP. As per the diagram of the topology attached, the ISP is receiving a MAC address flapping error confirming the SVI MAC address from my switch stack is being learnt on the trunk port connecting switch 1 and switch 2, and also the port (Gi1/0/48) directly connected to my switch stack. As these are all Layer 2 links essentially being passed upstream and then connected between the two ISP switches, we have a 3 way triangular loop formed.
If I was to remove the port channel configuration from the two ports associated with the VLAN SVI, am i right in suggesting this would still form a layer 2 loop? The two ports would still be a member of the SVI VLAN, and it is the VLAN MAC address which is being learnt by the two ISP switches on different interfaces.
Is is correct that vlan's exceeding 128 runs without spanning-tree.?
View 7 Replies View RelatedI have a stacked Cisco Catalyst 3750 configuration that currently has one V LAN configured. VLAN 192 - 10.192.0.0/16
The Catalyst has an ip on this range of 10.192.0.1. I would like to configured a few more V LAN's to be able to run some more network ranges through this device. Would it be a case of just adding the V LAN's to the master and then configuring an IP for each V LAN within the inter-v lan routing section? Some V LAN's will require access to each other but not all.
I have to put an ACL Firewall in front of a public IP range.There's no routing so I want to do it with a transparent layer 2 Firewall. I found this document which descibes exactly that feature I need: [URL]
It seems to be a feature introduced in IOS 12.3.
My Questions:
1.) is it possible use this transparent firewall feature with the 3750 Switch instead of a "normal" IOS-Based router?
2.) I've seen there is no IOS 12.3 for the 3750 but rather 12.2 (currently installed) or 15.0.1. Is this Feature included in 15.0.1?
If the feature described above is not available, is there any other way to achieve my goal?
I'm trying to setup a port on a catalyst 3750 so it will pass traffic for 2 vlans. It connects to a (watchguard) firewall which I've configured with a primary IP (for vlan 27) and a secondary IP (for vlan 29).
However I can't seem to find the correct commands to enter on the cisco switch port (I've tried a variety).
FYI the current configuration is...
interface FastEthernet1/0/38
description ## Connection to WG vlan27 and vlan 29 ##
switchport trunk encapsulation dot1q
[Code].....
I am looking for a way to create different routing policies for vlans on a 3750 table.
My set up is
Clients----------- 3750 -------------- ASA ---------------Servers
|
|
|
Internet Routers
What i am trying to do is on the 3750 to route private networks to my ASA on different subintefaces and all internet to my internet routers . Each VLAN has a different GW for the internet. On some case i have the ASA as a default gateway. ASA default default route is 3750 where i need the internet traffic to be spllited on the proper Boarder router.
I would like to configure a 3750 switch port to be able to use two vlans. I know you can do this with a voice and data vlan, but what about two data vlans ? Say I have two devices, one on a 10 subnet and the other on a 172 subnet, but i only have one wall jack for both devices to plug into. So I use a mini switch to connect both devices and connect the switch to the wall jack; and of course this all leads back to one switch port. When I go to enter the switchport access vlan 172 cmd, how would I also make it so the device on the 10 subnet could route out ?
View 9 Replies View RelatedI am trying to configure router on a stick with 2811 and 3750, but I just cannot get it to work - vlans are not getting propagated from 3750 to 2811: 3750:
Code...
I need to configure two VLANs in my home network to separate a server 1 with VM from another part of network with server 2 and wifi clients. Is it possible to keep DHCP server and internet access on E2500 enabled for both vlans? If so, how should I configure ports tagging (variant shown on screen shoot below doesn't work).
View 5 Replies View RelatedHow do I configuring Private Class A [10.206.90.0/24] and Private Class C [192.168.1.0/24] Network on Cisco 3550-12G Switch.
View 3 Replies View RelatedI've just started out playing with a Cisco 1800 router to gain some knowledge of Cisco devices before taking a CCNA. I also have a 2950 switch but will start with the router.
I'm using an Android phone as a wireless Internet access point. This issues IP addresses by DHCP in the 192.168.43.x range with 255.255.255.0 subnet.
Also I have a Linksys WRT54G router running DD-WRT firmware acting as a wireless bridge to the Android phone, and it has 4 LAN ports.
This bridge is up and running and I have successfully connected my laptop to the Linksys for testing and can use the Internet provided by the phone.
Connected to the Linksys is a Cisco 1800 router. Connected to the router is my Citrix XenServer PC and a NAS box.
The XenServer and NAS are on another network 07.05.19.x range with 255.0.0.0 subnet using their own static IPs. One of the virtual clients on the XenServer will be a DHCP server to service other virtual clients. All still in the 07.05.19.x range.
Basically I want the devices on the 07.05.19.x IP range to be able to use the Internet gateway at 192.168.43.1 to access the Internet.
How would I set up my 1800 to achieve this?
Also, am I right in understanding that the 1800 will ignore DHCP leases from the Android phone due to it being a Layer 3 device.
I have to configure failover Active/Standby on my ASA 5510.I am wondering how i could do for the outside interface, i mean, actually the ASA1 outside interface is linked directly to our Internet router.So now if i have to add ASA2 connecting to that router i will need a switch between them.I have already a switch for DMZ & LAN.The thing is that i will have to allow 3 switchs ports to communicate with each others.
- 1 for ASA1--outside
- 1 for ASA2--outside
- 1 for Internet router
How could i isolate these 3 ports to make them communicate alone ? Should i use VLAN for that ?And if i use VLAN, will this require to make any change of configuration on my firewalls (ASA1 & ASA2) outside interface ?I am a bit lost with this, if i am correct i will not have to do some "vlan tagging" on the firewall itself ?
I have spent several days tearing my hair out trying to properly configure our small business switch (SG300-10p) for voice. The phones are a relatively new addition and will replace old POTS phones.Our network consists of a 1941 ISR router, the SG300-10P switch, a mac server (handing DHCP, DNS, AFP), 4 client desktops and 4 SGA525G2 IP phones. The router, server, desktops and phones all have their own connection to the switch and the second data ports on the back of the IP phones are not used. We do not have any unified comms devices for voice. Our VOIP solution is hosted by a local SIP provider, and each phone independently registers with the provider's SIP proxy over the internet.
Left almost to it’s own devices (or presumably flat, default settings on VLAN 1), this whole setup works just great. We can TFTP files, make and receive calls, and do all the usual XML stuff. Calls are crystal clear. Even the localisation and directory works. However, I’ve been told several times that to ensure good quality on VOIP calls during periods of busy traffic, I should set up some form of QoS. A Voice VLAN on the switch, I was told, is the best way to do this as it automagically gives priority to the whole voice VLAN over the normal data VLAN.
I have followed instructions in numerous manuals, articles and guides, and have managed to create the Voice VLAN, both manually and automatically (I can watch Smartport detect the phones and see the Auto Voice VLAN add the ports to the VLAN as I connect them). The trouble is, as soon as this happens, the phones lose connectivity with the rest of the network, including the DNS server and the router, and therefore the internet, causing them to lose registration with the SIP service.
I tried adding the server and router ports to the Voice VLAN and tweaking every possible combination of tagged, untagged, excluded, trunk, access, general and PVID settings I can think of (by the way, I have no idea what any of those mean). The switch is in Layer 2 mode, but adding the port connected to the router to all the VLANs does not result in internet connectivity to the phones. I have told the phones to tag frames with the VLAN ID and told them not to. I have tried upgrading firmware and I have rebooted the switch so many times I'm tired of those wretched little flashing lights.
Nothing seems to work. And so I am stuck with everything on VLAN 1. My most recent thought is that the 1941 needs to know about the Voice VLAN (I checked CDP and it knows about the switch), but I’m reluctant to start messing with the router config when this is our production network, at least without knowing what I'm doing. I don’t even know if QoS applies when a Voice VLAN is not set up and we're on VLAN 1, some articles say yes, others say no. And when it is set up right, how does that priority transfer to the router? I’ve looked in the router manual and config options and found something called 802.1Q, but I have no idea what it is, how it works or even if it applies to our situation. Can I forgo VLANs altogether and use QoS some other way, perhaps?I have googled enough to cobble together our setup in IOS up until now. Ideally, I would still like to be able to ssh or https into each device (as I do now) for management, and I’ve read about setting up a another VLAN for config, monitoring etc, but I guess that would mean routing between VLANs in Layer 3.
I have a network set up between two buildings. Each building has its own internet connection and DHCP server, building A using an RV180W router and building B using a linksys product. A WDS bridge has been set up between the two buildings using two wireless access points.The goal here is to allow clients in either building to be assigned an IP from their respective DHCP server (and thereby use that building's internet connection), yet still access network resources (eg file storage, printer, etc.) in the other building should the need arise.I have tried to set this up by having the RV180 assign IP's in the range 192.168.0.xxx to its clients in building A, and the linksys to assign IP's in the range 192.168.1.xxx in building B. I have enabled Vlan 1 and Vlan 2 on the RV180 - vlan 1 runs a DHCP server for building A. Vlan 2 runs no DHCP server and is directly connected to the WDS bridge to building B. Inter Vlan routing is enabled on both Vlan 1 and Vlan 2.On the WDS bridge modules, ive assigned both static IP's in the 192.168.1.xxx range (vlan 2 range). I've specified their dns and default gateway as 192.168.1.2 which is the static address for the RV180 in vlan 2.From a PC in vlan 1, I can ping and access the webgui for the WDS bridge modules which are in Vlan 2. However, i cannot ping any other computer in Vlan 2 which is set to accept a dynamic IP from the DHCP server operating in Building B. I assume this is because the WDS modules point to the RV180 as their default gateway and dns server, while the clients that have accepted a dynamic IP from the building B DHCP point to that device as their default gateway and DNS.I am considering trying changing the DNS and default gateway on the building B side of the WDS bridge to the building B values to see if that works, but am concerned i would lose all connectivity to the webgui from building A if i do that.
View 7 Replies View RelatedI have two cabinets in a datacenter with four available cross connect cables. I would like to set up two LAGs between the two switches each of which will carry one vlan across to the other. My default vlan contains all of my servers on it (10.0.0.0/8), and my backup vlan (192.168.200.0/24) will only be used for iscsi traffic and data backups. At the moment, I have one cable connecting the two switches and it works fine for the default vlan. When I add in a second cable and set it to vlan 200, no matter what settings I try it just doesn't pass traffic. I've made several attempts to get the second connection working, tagged, untagged, trunk, access, etc.
View 13 Replies View RelatedI have a Cisco 5508 setup an running with Cisco 3502 AP. with same SSID
however i need segment the network using 3-Diff VLANS:
1. vlan 1-----students
2. vlan2----- Visitors
3.vlan3------ Staff
the students and visitor are not ment to login to the corporate network, however the staff are to be login using their Active Directory User name and Password how to i achieve this ?
We have 2xASA5510. I have 2 Inside interfaces as INS_STAFF and INS_QUEST and two Outside interface OUT_STAFF and OUT_QUEST which is in sapareta ISP's. All interfaces is assinged to different vlans. now i want to nat INS_STAFF to OUT_STAFF and INS_QUEST to OUT_QUEST,because I'm having two default routes it gets impossible to do. Plus I want to make failover with my ASA's. I know that i can solve this problem with PBR on router.but I haven't it . make context's and separate each Inside and Outside alone?
View 1 Replies View RelatedI'm setting up a Cisco 3750 layer 3 switch with several vlans. I thought enabling routing would route between the vlans, but no such luck.What I want is to share the internet access of vlan 100 with the other vlans/ip-nets.How can I do that?
View 2 Replies View RelatedI am trying to find out what the most upto date IOS I can put in my Cisco Catalyst 3500 XL switch, and I'm not sure if this the newest software. I have a lab setup at my house to study for the CCNP certs and this IOS doesn't have all the commands I need, well it might but all depracated commands.
View 5 Replies View RelatedCreated 2 separate VLANs on SGE2010P switch. Neither in Native VLAN 1.
For example;
-Port g01 in VLAN 56
-Port g25 in VLAN 56
-Port g10 in VLAN 10
-Port g37 in VLAN 10
All appears to work well within the respective VLAN (i.e. DHCP, ARP, etc. no IPs from other VLANs)STP - Spanning Tree is Globally disabled.
However; when I feed a n new network (which has STP enabled) into VLAN 10; I then plug a laptop with wireshark running into VLAN 56 - cannot see any other traffic/packet...except STP packets coming from a CISCO device on VLAN 10 while I am plugged into VLAN 56.
This demonstrates to me the network is not truely seperated. I know this because last night I crossed two networks and caused havoc; ouch.I configed a D-Link switch with the same scenario and no issue.
I am connecting two catalyst 3500 XL switches via fiber fx ports for layer 2 connectivity. Do I need to configure anything in the IOS or do I just plug in the fiber?
What needs to be configured?
I have an ASA 5505 with the security plus software and I'm trying to find out how to assign 2 public IPs to the outside interface and have each IP routed to a separate internal VLAN. For example, IP 1 = X.X.X.1 routed to 192.168.1.0 and IP 2 X.X.X.2 routed to 192.168.2.0. I was told this was possible and I've been trying to find configuration examples, but I can't seem to get anywhere and now I'm getting desperate because I'm scheduled to install it this weekend.
View 1 Replies View RelatedI have a 3500 XL switch with the following default gate IP address that i need to clear from the switch but not quite shore how to remove it.
I've removed the customer original Ip for security reason as this is an open discussion forum and just replaced with 1.1.1.1
switch#show ru
Building configuration...
Current configuration:
!
[Code].....
I am considering running stacked 3750 L3 switches as the edge of the network, which will connect to the ISP. The ISP would hand off two lines with one to each switch and two lines to each client zone. Does running HSRP, running port channels, or running routing protocols seem like the best option for redundancy?
Lastly, will the 3750 provide all the QoS I should need for restricting each client zone's bandwidth both up and down? Could I get away with a lower model and still get these features?
we have three separated network segments going to one Cisco 3750 switch all is L2 .. from this switch is 100 mbit uplink.we need to apply some Qos mechanism not to saturate line by traffic from one network.. Configuration from various reason CANNOT be done on switch where 100Mbit line is terminated.. so all must be done on SW1,2,3..Correct me if iam wrond but as switches doesnt see traffic from other network iam affraid only think we can do is limit bandwidth on links going into SW1,2,3 to 33 Mbit.I found commad srr-queue bandwidth limit.But links going to SWs are 1Gbit so if i force bandwidth to 10% (minimum what command allows) its 100 Mbit..If I force speed on those links to 100Mbit and than apply srr-queue bandwidth limit to 30% doest it work.??. Will srr-queue bandwidth limit speed to 30Mbit?? Or srr-queue bandwidth limit is calculated from maxim speed of interface?
View 1 Replies View RelatedFor the c3kx-nm-1g network module it looks like it will take the standard sfp's for fiber but I need copper rj45 connections, is there a copper sfp for this?
View 1 Replies View RelatedI am working at a client site today on a routing issue. I am currently working on an issue where a 3750 switch running EIGRP will not update its neighbor router when a network statement is added to the eigrp instance.The neighbor is a 3825 router.
Both the switch and the router have a common network which is 192.168.36.0/24.
Both the switch and the router are in a neighbor adjacency.
Both boxes have "no auto-summ" in the routing configuration instance.
I can run debugs on both routers (debug eigrp packets) and then I can watch queries and updates when I issue "auto-summ" or "no auto-summ". Also I see a "graceful restart" for the peers when this is done.I had an expectation that when I added the network (this is just an arbitrary network for testing, which is 172.16.69.0/24). I wanted to watch this network being sent in an update to the neighbor router.When I add the above mentioned network, there are no updates packets sent from the 3750 to the 3845. I have not had success to this point trying to resolve. I have followed the Cisco document "Troubleshooting EIGRP Flow Chart", but have exhausted all it has to offer and now it is at the point where it is telling me to contact TAC.
I am just browsing and looking for a solution to converge my multi-vendor switched network and bring some redundancy to it as recently
we managed to get a redundant links. I have a need to change core switch to Cat3750G, which has Per-V LAN-RSTP+ on board, but tests have shown that it won't be compatible with some other proprietary per-V LAN RSTP solution other vendor's switches use currently.
So, I thought maybe standard-based MSTP design might do the trick. I've made some tests and got some weird and unstable switching result. I have two topology rings with a core switch in the center. Every ring has about 10 switches, so practically network diameter may vary from 5 switches (when spanning-tree converges in the center and I have a blocking port somewhere int the middle of the ring) to about 10-11 switches (if a I have link failure on any of ports right at the core switch). I disconnected one port from core switch to eliminate a possible switching loop while I will be configuring new MSTP design. Then I started enabling MSTP on all the switches staring from core Cat3750G to MSTP, one by one, placing all switches to the same MSTP region, and placing all V LAN's to default MSTI0(CIST) cause I don't need to organize any separate MSTP instances for every V LAN or for group of V LAN s. When I turned MSTP on on 7th or 8th switch in the chain (cause I had a physical chain when I disconnected one port out of redundant ring) I got all switches "flapping", storming and flooding the network with broadcasts. Even when I had one redundant port disabled.
I have no idea what I am doing wrong. I noticed that Cat3750G has an option that defines a possible network diameter which actually automatically changes some hello, max age etc. attributes according to diameter specified. When I defined a maximum network diameter of 7, if didn't change anything: I still have hello timer of 2 sec etc. I've been wondering if the maximum network diameter has something more than just a "variable" to fine tune hello timers etc? Maybe I won't be able to use MSTP in my network which might have diameter more that 7 switches. Or maybe it was a mistake of placing all the switches to the same region and all the v LAN s to the default MSTI0 (CIST) and I should configure one MSTI per V LAN or per some group of V LANs and subdivide my switches to few MSTP regions?
My topology briefly looks like this:
+--SW1----SW2----SW3---CORE---SW4---SW5--SW6---+
| | | |
+---SWxx---SWxx-----------+ +------SWxx-----SWxx----+
As I said, each "ring" has about 10 switches connected side by side.
We are thinking of following classic design, would Nexus 5K can have 2 seperate connections to each VDC? Nexus 7K w/ different VDC (Internal / DMZ ) Can Nexus 5K have a VPC connection to Nexus 7K to Internal VDC as well as DMZ VDC, and seperate traffic?
View 3 Replies View RelatedI have made a seperate VRF for management.But have a strange problem with a Cisco 3750 and a Cisco 3550.When I added these to the VRF, I can not reach them on tools like Network Assistant and web interface.Telnet works, no problems there.And there is no ACLs on the device restricting this.
View 6 Replies View RelatedI am planning to upgrade the current core switch(3750) to 6509 series switch. Since we have a production network running we have to plan for an online core switch upgrade.
View 7 Replies View Related
