Cisco Switching/Routing :: 3750 - Cannot Enable PBR On A VLAN WCCP Enabled
Jan 3, 2012
I would like to apply a policy-based route on one of our L3 switches (Cisco 3750) to change the next-hop of a couple of servers only. The VLAN where those servers reside got WCCP enabled on it. When I want to apply the route-policy to that VLAN interface it doesn't let me. When I try to apply the same policy to a VLAN interface without WCCP it does work. Is there any Cisco IOS limitations that would prevent me from doing that?
Configuration:
route policy config:
access-list 70 permit ip host x.x.x.x (server IP)
route-map PBR1 permit 10
[Code].....
View 1 Replies
ADVERTISEMENT
Nov 21, 2011
I'm setting up a web cache using the wccp protocol on a Catalyst 3750 stack.
Probably missing something real simple here but when I from the global configuration mode are trying to enter the ip wccp command it just says "invalid input" from wccp. There is no such command.. should be supported on my device from IOS 12.2(37)
View 1 Replies
View Related
Mar 13, 2012
Today, my customer have 1 project that have to deploy Cisco 3750 to redirect wccpv2 to Websense Security Gateway.However, i can't excute "ip wccp redirect out" on Cisco Catalyst 3750.
View 5 Replies
View Related
Jan 19, 2013
I have a power conncet 6224 with routing enabled with several VLANs setup.VLAN Database: 6,8,10,90-254VLAN 6 is our management vlan10 is for our core network services (DNS, Domain, Exchange etc)90-254 are isolated vlans.What I need to accomplish is to prevent vlans 90-254 from communicating with each other and only allow communication to VLAN 10 and the internet. All internet firewall work will be handled by our Sonicwall. [code]
View 1 Replies
View Related
Nov 14, 2012
We have a 3750 acting as the core. By default IGMP snooping is enabled on cisco 3750 from the documents.but, when we see the ip mroute table on the switch, it doesnt show any output.
View 40 Replies
View Related
Jan 10, 2013
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
View 4 Replies
View Related
Nov 20, 2012
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
View 2 Replies
View Related
Mar 17, 2013
I have a 370 with C3KX-NM-10G module & i want to enable NetFlow on it did the specified configs
Step 1 Flexible NetFlow Flow Recordsflow record miketestmatch datalink source-vlan-idmatch datalink dot1q prioritymatch datalink mac source-addressmatch datalink mac destination-addressmatch ipv4 versionmatch ipv4 tosmatch ipv4 ttlmatch ipv4 protocolmatch ipv4 source addressmatch ipv4 destination addressmatch transport source-portmatch transport destination-portmatch interface input physical snmpcollect interface output snmpcollect counter flowscollect counter bytescollect counter packetscollect timestamp sys-uptime firstcollect timestamp sys-uptime last flow record miketestegressmatch datalink destination-vlan-id match datalink dot1q priority match datalink mac source-address match datalink mac destination-address match ipv4 version match ipv4 tos match ipv4 ttl match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface output physical snmp collect interface input snmp collect counter flows collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last Step 2 Flexible NetFlow Flow ExporterFlow exporter export-to-samplicatorDestination 10.1.1.8source Vlan1Transport udp 2055option interface-table timeout 60 Step 3 Flexible NetFlow Flow Monitors# Tie the Flow Monitor to the Flow Recordflow monitor mikektestrecord miketestexporter export-to-samplicatorcache timeout active 60flow monitor mikektestegressrecord miketestegressexporter export-to-samplicatorcache timeout active 60
& Applied it to g1/1/1 but without any luck , if netflow works on the
TenGigabitEthernet1/1/1 &
TenGigabitEthernet1/1/2
Only i have four switches stacked and nothing plugged to the
C3KX-NM-10G module
View 1 Replies
View Related
Nov 7, 2011
I am trying to configure a 3750 48 port switch and having trouble with getting it to see the sfp. I just want to set up the router with a pretty basic set up since I am using it for a ping test between 2 buildings, via fiber. How I can enable the sfp port?
View 3 Replies
View Related
Dec 26, 2011
I want to enable SNMP and track the status/ of the interfaces in switches.
We have Two- cat 3750 (L3 switch) and Nine-cat 2960 (L2)
How to configure the SNMP. any Links provides the required info with an example of configuring snmp will be really useful.
we have OPEN NMS, SPLUNK, MYSQL monitoring tools.
View 1 Replies
View Related
Sep 23, 2012
I have a hub and spoke WAN that conisits of one core location with with a 6500 and nine other buildings using 4006 Catalyst that conenct back to the core via dual gig fiber. We are using EIGRP at each location as well as the core. I was tesing something at one of our buildings decided to hang a 3750 off the 4006 and enable the same eigrp process on the 3750 that is enabled on the 4006 and 6500 (EIGRP 1).
1. All the routes that the 6500 knows about are advertised out to each of the nine locations.
2. The 4006's are all advertising thier directly conencted routes to the 6500.
Onto the location I was testing at:
The 4006 where I was testing at has four vlan interfaces enabled and they are in an UP/UP state. The ip routes from the 4006's directly conencted vlan interfaces propogate to the 6500 at our core location and the 6500 sucsefully propgates these learned routes to all the other 4006's.
This past Friday I configured a 3750x with two /22 vlan interfces and one physical gi port with an IP address and also configured on Ethernet port on the 4006 with an IP address in the same network block as the 3750x gi interface (a /30 netowrk block). I saw both interfaces come up and EIGRP sucesfully established a neighbor adjecency between the 3750x and the 4006.
I noticed that the 3750 advertised out all of it's directly conencted routes to the 4006 and the 4006 advertised it's directly conencted routes to the 3750. However, the 4006 did not advertise any of the routes it had learned from the 3750x to the 6500 and nor did the 4006 advertise any of the routes it had learned from the 6500 to the 4006. My suspicion is that the "eigrp stub connected summary" statement is enabled on both the 4006 and 3750 thus prevenintg them form advertising out any routes other than thier directly conencted routes. Can any of you verify that I'm either correct or inccorect about this?
here are the eigrp statemnets from the 6500 and 4006:
6500:
router eigrp 1
redistribute static
network 10.0.0.0
network 172.16.0.0
network 172.17.0.0(code)
View 2 Replies
View Related
Feb 19, 2013
In my ongoing project i need to monitor cisco 3750-X port status (uplink/downlink) i.e. whenever there is some problem at a specific port. I need to monitor it through an OPC server and right now what i am doing is as follows: i am using Kepserver and i have added SNMP driver in it for that purpose i am not a networking expert but what i have learnt till now is that SNMP agent (that resides in switch) delivers the status of MIBs to SNMP manager ( which in my case is kepserver (opc server)) for the above purpose i am adding IF-MIB to monitor OID 1.3.6.1.2.1.2.2.1.8 (which shows port statuses) but when i add that in OPC server then it indicated that this OID is not available in the Switch ( it might be disabled) so i need to ask if there is any way to enable OID's in a switch,
View 0 Replies
View Related
May 2, 2013
I have lost the "ENABLE" password on my 3750 switch.
View 5 Replies
View Related
Aug 22, 2012
As I understand Cisco Catalyst 3750-x supports stackwise and stackpower technology.Do I need to purchase a seperate module to enable stackwise and stackpower? Or are stackwise and stackpower modules included be default on the switch already?
View 4 Replies
View Related
Sep 17, 2012
We are currently using two Nexus 5548UP's as our Datacenter Network Core. I have a pretty simple objective: I would like to enable Jumbo Frames on a single VLAN only(VLAN 65). This VLAN is used strictly for backups. I do not want to enable Jumbo Frames on the other VLANs(VLANs 1-10). Im not sure what the best way to do this is.....or if it is even possible but I am hoping to get some configuration examples.
View 7 Replies
View Related
Sep 17, 2012
I have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
View 5 Replies
View Related
Oct 24, 2012
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
View 2 Replies
View Related
Oct 28, 2012
I have a network with several catalyst 2960 switches and one catalyst 3750. I have created two VLAN and set up the proper routing and everything is working fine there. I have a client/server application that used multicast in the initial start up for the client to determine available servers, the issue is one of my clients is on a different VLAN then the server. I am able to route the multicast using MVR as long as both the server and the client are plugged into the 3750 by creating a static route, making the server a source port and the client a receive port. Unfortunately I need the client and the server plugged in to different 2960s. My question is how do I establish multicast routing between the two and perferably do it dynamically (always route multicast traffic from one VLAN to another).
View 2 Replies
View Related
Dec 17, 2011
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]
View 4 Replies
View Related
Mar 24, 2013
In 3750 switch,I have configured intervlan routing.I have three vlans Vlan 10,vlan 20,Vlan 30 and I have assigned IP address for that Vlan.In vlan 10,I have connected one systen gigabitethernet 0/1 interface.From my system I am able to ping vlan 10 ip address but I can't able to ping other vlan ip address (vlan 20,vlan 30).Is it possible to up the protocol for all that time.
View 2 Replies
View Related
Jan 1, 2012
I have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
View 2 Replies
View Related
Dec 8, 2011
I have a quick query which i need ratified before proceeding. I have the following scenario -
Two Cisco 3750v2 switches with stackwiseISP allocated block of /26 (64 addresses)8 customers each with a VLAN and SVIInternet facing VLAN and SVIDefault route to ISP router Lets say the ISP has given me the network range 10.10.10.0/26 (we'll assume this is routable on the internet for the purposes of this example) and a default gateway to the internet of 10.10.10.1 within this range. I have configured a public facing VLAN as follows -
VLAN 300
name PUBLIC
int VLAN 300
IP Address 10.10.10.2 255.255.255.252
I have then created a default route as follows -
ip route 0.0.0.0 0.0.0.0 10.10.10.1
With this configured, the switch can successfully route upstream to the internet with no problems. I have then moved onto the customers and depending on what service they have purchased, I have subnetted the 10.10.10.0/26 range into smaller subnets. See as follows -
Customer A - 10.10.10.4/30
Gateway IP - 10.10.10.5
Useable IPs - 10.10.10.6
Customer B - 10.10.10.8/29
Gateway IP - 10.10.10.9
Useable IPs - 10.10.10.10 - 10.10.10.14
This continues for each customer depending on how many IP's the have purchased. I have then assigned these IP ranges to a customer VLAN and SVI as follows -
Customer A
VLAN 10
name CUST-A-VLAN
int VLAN 10
ip address 10.10.10.5 255.255.255.252
[code].....
It is then up to the customer as to what equipment they use and how they NAT or firewall their internal networks.
View 5 Replies
View Related
Oct 10, 2012
Have a quick question regarding inter-vlan routing on a 3750. Overview of network is ISP --> ASA --> 3750 (acting as my core and default gw). I have 5 vlan interfaces on my 3750, all w/ 192.192.x.x subnets, a 6th w/ 192.168.100.x, and a 7th w/ 192.168.200.x. I have enabled "ip routing" on the switch and can successfully ping from subnet A to subnet B as long as both devices are using the correct DG for their vlan, which is the switch. I have a few ports that are trunked as well that go to ESX hosts which break out the vlans according to the subnet the vm should be attached to. The ASA is set to nat internal traffic for all the vlans.
Now my question: short of applying an ACL to each vlan interface to block traffic from other 192.192.x.x subnets is there a better way to accomplish this? I want my 192.168.10.x subnet to be able to reach all the subnets, but don't want 192.192.10.x to be able to talk to 192.192.20.x for example. I was thinking to create an acl like this:
access-list 120 permit ip 192.192.10.0 0.0.0.255 access-list 120 deny ip 192.192.0.0 0.0.255.255 192.192.10.0 0.0.0.255access-list 120 permit ip any 192.168.100.0 0.0.0.255 192.192.10.0 0.0.0.255
and then applying this to the interface for the appropriate vlan.
View 4 Replies
View Related
Jan 18, 2012
I have one VLAN on a 3750 where I do not see any MAC addresses even though it is in use. This is an unrouted VLAN between a WLC on a port- channel /LAG and an access port to an ASA for guest traffic. When I do a show MAC add I get nothing for VLAN 60 (guest DMZ) but all other VLANs seem to be OK. Spanning tree is not showing TC counters incrementing either.
I also was told when put a port on this VLAN the laptop did not get a DHCP address form the ASA, but the wireless guest clients are working fine. I can see the DHCP leases and ARP entries in the ASA and the ASA ARP in the WLC so some traffic is passing fine. I'm not onsite right now so troubleshooting is all remote which limits some options.
View 4 Replies
View Related
Jul 1, 2012
I have setup both Vlans on 3com and cisco. but it seems they cant talk to each other.ive setup both on trunking mode?
View 6 Replies
View Related
Feb 29, 2012
I have a 3750 switch which has the command 'spanning-tree vlan **'. I am struggling to remove this command, as this particular VLAN is one I want to distribute across our network.I have so far, set the switch to VTP Transparent mode and removed the VLAN from the database, this removes the command. If I then put the switch back to VTP client mode (or manually add the VLAN, while in in VTP transparent mode) then the command comes back. Submitting the command 'spanning-tree vlan **' command has no affect.
View 1 Replies
View Related
Nov 8, 2012
I have 3 VLANs here that need to be on the same network segment. They are going to be used by our Wi-Fi network (with Aironet APs), bound to 3 different SSIDs (as Aironet APs doesnt allow multiple SSID per VLAN), each one with a different authentication method and server.Is there a way to bridge those VLANs together with a Catalyst 3750 switch? I tryed configuring an IP address on one of the VLAN interfaces, then configuring a bridge with the vlan-bridge protocol (Catalyst 3750 doesnt have the "ieee" bridge protocol type) and put all 3 VLAN interfaces on the same bridge-group, but it didnt work (even with "bridge x route ip").I also tryed configuring IRB bridging, with the 3 VLAN interfaces on the same bridge-group and an IP address on the BVI interface (the way I used to do with old 2600 routers). Same result.(actually, I didint test to see if the interfaces are actually being "bridged", but I see neither of them can reach the router)
View 1 Replies
View Related
Apr 24, 2011
One of my VLANS on my 3750 gives a status of act/lshut. I've tried no shut commands on the interface to no avail. From my reading it seems like this means the VLAN is active but shut down locally.
View 8 Replies
View Related
Dec 12, 2012
Cannot set route map on interface vlan. which in non default vrf on Cisco 3750.IOS c3750-ipservicesk9-mz.122-55.SE.bin sdm prefer route in enable ip vrf users rd 200:0 route-target export 200:0 route-target import 200:0 interface Vlan201 description Users 1 ip vrf forwarding users ip address 10.31.76.1 255.255.252.0 ip helper-address 10.31.4.57 route-map fromuser permit 10 match ip address fromuser set ip next-hop 10.31.128.155 When I enter "ip policy route-map fromuser" to interface Vlan 201 I heve the message:
% Remove VRF configuration from interface Vlan201 first
View 5 Replies
View Related
Apr 14, 2013
I have installed a Catalyst 2960-S and a 3750-X-12S and I am trying to setup a VLAN 51 for some VoIP phones. I have added the VLAN as an interface on both switches, but the 3750 is not showing VLAN 51 as active when i do a show vlan. Also, it omitts showing Gi1/0/1 & Gi1/0/3 which are uplinks to 2960-S switches plugged in and working on VLAN1.
Catalyst3750SFP#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/4, Gi1/0/5
[Code].....
View 2 Replies
View Related
Jun 25, 2012
I have 3750 series with GIBICs ports I want to create 10 vlans with its sub-net and enable all vlans to access internet.
View 4 Replies
View Related
Feb 16, 2013
I config vlans 21-23 on 3750 A and B switches.I config B switch to be Root Bridge for all vlansspanning-tree vlan 1,21-23, priority 4096 sh span tree on B switch 3750B# sh spanning-tree.
View 18 Replies
View Related
Mar 24, 2012
I have a network with the following structure
internet ---- cisco2911 ----cisco3750 --- internal lan
I have two email servers on different vlan
192.168.0.1 ----- 1.1.1.2 (public ip)
10.1.1.65 ---- 1.1.1.3 (public ip)
Before these servers were directly connected to the internet with two nics (Nightmare, I know). The Public IP on internet facing NIC and private ip on LAN facing nic. I'm in the process of changing this.I'm able to access internet from my vlans and also able to send emails but cannot receive emails on these servers.
My router congif is as follows:
Building configuration...
Current configuration : 6234 bytes
!
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
[code]....
View 1 Replies
View Related
