Cisco Switching/Routing :: 3750 - Internet Access Through MPLS Cloud
Sep 11, 2012
I need to confirm internet access from remote network through MPLS cloud to another site. Let me explain. We have a MPLS network with Wind stream as listed in the visio drawing; site 1 has internet access through the Time-Warner cloud for all users. Site2 has internet access through the Wind stream MPLS router. Site three has no internet access, and only has LAN access layer2 through Windstream routers to Site1 for networks 192.168.0.0/24, 10.1.1.x/24. My question is can we give everyone at Site 3 internet access through the MPLS network down into Site 1 using the Time-Warner ISP cloud.
I placed routes on the Site 3 3750 stack IP route 192.168.50.x 255.255.255.0 to the interface of the MPLS router at site3, then at site 1 we have IP route 192.168.50.x 255.255.255.0 to the MPLS interface, and able to ping all anything on the 192.168.50.0 network. I added the IP route 0.0.0.0 0.0.0.0 192.168.50.x the MPLS router interface, we do not have internet access at Site 3 using Site 1 network.
I confirmed at Site 1 from the Cisco 3750 switch we can ping 4.2.2.2 = Google. How to confirm this will work and what’s required to complete this connection to give everyone at site 3 internet access through Site 1 Time-Warner.
View 5 Replies
ADVERTISEMENT
Feb 8, 2011
We have about 200 spokes (2811 routers), each one connected to two hubs(7206VXR with NPE-G2) via a separate DMVPN. DMVPN is over MPLS cloud provided by the local operator. On the hubs we get very frequently these type of messages
.Feb 9 16:00:10.402: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.X.X.X (Tunnel3) is down: Interface Goodbye received.Feb 9 16:00:11.658: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.X.X.X (Tunnel3) is up: new adjacency
On the spoke
Feb 9 13:36:48: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.X.X.X (Tunnel0) is down: holding time expiredFeb 9 13:36:51: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.X.X.X (Tunnel0) is up: new adjacency
I think the default eigrp hello and holding timers (5,15) are not suitable since these are wan links.
View 1 Replies
View Related
Mar 19, 2013
We have a Cisco 3750 stack connecting to the MPLS router, able to ping 8.8.8.8 - [URL], the internal users on their own Vlan can ping the default gateway the 3750 switch but no further, trace route from the PC/Servers stops at the 3750 stack.We have the switch configured to ip route 0.0.0.0 0.0.0.0 to the public interface in the MPLS router, from the switch I'm able to ping the internet.
View 17 Replies
View Related
Sep 7, 2011
What are my best options to secure branch office connection to HQ over Provider MPLS cloud. Our existing Setup
<<HeadQuarter>> :: DataCenter hosting Email, ERP, Intranet, Voice Services 10mb link to Service Provider over MPLS CloudMPLS is terminated on a 3825 Router running advance Services
<<BrancOffice>>::Total 10 In Country Branch Offices2mb Link to Service Provider over MPLS CloudTotal users in each branch : 20 MPLS is terminated on a 2811 Router running advance Services
View 1 Replies
View Related
Mar 29, 2012
We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers. We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain, the point to point links alone just to get one additional VRF on each floor required far too many Vlans.As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
View 2 Replies
View Related
Sep 13, 2011
We recently switched two of our branches to point-to-point fiber connections to our corporate office. Previously they were using MPLS connections. For branch A, the ethernet handoff of the fiber is connected directly to a Catalyst 3750 gigabit port. That port has no configuration on it. The other end of that fiber is connected to a gigabit port on the 3750 switch at our corporate office. That port is configured with an IP address that is within the subnet of branch A, and is operating at layer 3 due to the no switchport command.
Branch B currently has a Cisco Express 500 ethernet port (with no configuration on it) connected to the fiber hand off there. At first we setup a port on the 3750 at our corporate office that is connected to Branch B via the fiber in the same manner. This resulted in us receiving DCHP leases at Branch B from Branch A. Obviously not desired. Now we have the port on the corporate 3750 that is connected to Branch B's fiber configured with switchport vlan 64. I also configured interface vlan 64 on that switch at corporate with an IP address from the branch B subnet. We then set that IP address as the default IP address for devices at Branch B.
We are having trouble with both an ATM and a phone system not communicating properly at Branch B. At Branch A we are experiencing the same oddity with the phone system, but the ATM is able to communicate fully. At branch B, when configuring a Windows Vista or Windows 7 laptop with a static IP address that is known to be available, you get transit failures when trying to ping. Essentially everything seems to be able to route fine, but some traffic even after a full tcp hand shake seems to not transmit properly.
When you configure a point-to-point fiber connection from a layer 2 switch at a location without a router to a location with a Cisco Catalyst 3750 switch as the endpoint, what is the best way to configure both sides?
Currently we only have vlan 64 configured on the port mentioned on our switch at corporate, and then the switch at Branch B is essentially operating as an unmanaged switch at the moment with all ports in vlan 1.
View 4 Replies
View Related
Jun 14, 2012
I have a requirement to monitor all traffic going from the internal LAN to the cloud. The LAN is a layer 2 VLAN which spans multiple Cisco 4507 switched and other smaller switches.
The VLAN has an IP address which the hosts use as the default gateway.
The exit port is on a Cisco 3600X switch connecrted to 4507 #1 via a 10G fiber link. 4507 #1 connects the rest of the LAN. Those switches interconnect via 10G fiber and 1G copper links.
Currently the monitor host is connected to a 1G copper port, configured as a monitor port, on one of the backside 4507s The switch manager says he has the switches configured so that I can see all traffic on the VLAN.
View 1 Replies
View Related
Jul 30, 2012
I am facing issue with http login after IOS upgrade on 3750 switches. I upgrade IOS from c3750-ipbase-mz.122-35.SE5.bin to c3750-ipbase-mz.122-53.SE2. bin Any other command I have to run.
View 1 Replies
View Related
Jan 15, 2012
i have one Cisco 3750, am using it as Core Switch where i have 6 more access switches are connected deirectly, and we are using VLANs in our network with the IP reange of 172.16.0.0 , now we had a new Internet connection which is dedicated to Exchange Server only.So we have TWO internet connection One for internet access to all users and another one for only Exchange Server.internet connection for the users is termiated at a Cisco 1700 Series Router and Internet for Exchage Server is terminated at a Cisco ASA Firewall.Now the problem is how can i write an access list, which says that all packets from Exchange server should be routed to ASA Firewall , and all other packets shoulde route to Cisco Router.IP address os Exchange server is 172.16.2.1, 172.16.2.2.
View 13 Replies
View Related
Oct 16, 2012
Today when we run one applcation to access a target server with IP address 10.2.2.13, the application cannot run through and appearing error message related networking.The target server has two network ports whereby another one with IP 10.2.2.14 is running OK with the same application. All these two connections are connected to the same Cisco switch 3750, after the switch then go to Cisco ASA firewall which has no access control rule for this 10.2.2.13 and its subnet, and then the firewall connect directly to the application server.We can ping, remote desktop access and telent port for the application to the target server by using 10.2.2.13.We swapped the cable connection of the ports from one another and try the application again, the IP with 10.2.2.13 is still fail and IP with 10.2.2.14 is OK.We then change the IP from 10.2.2.13 to 10.2.2.12 or 10.2.2.155, all are OK. We changed back to 10.2.2.13, it is failed again.The switch is in running real time production and so we cannot power cycle or reload the switch.
View 9 Replies
View Related
Apr 23, 2013
Can the new Cat 3850 run MPLS ?
View 4 Replies
View Related
Mar 20, 2012
We have a 3750 at the center of one of our offices. This office has two internet connections, and applications that we want to use the seperate Internet connections, but not both. Currently we have an ip route statement on the 3750 sending Internet traffic to one of the Internet routers. Whats the easiest way to send speciffic applications to the other using the 3750?
View 1 Replies
View Related
Aug 14, 2012
I've got a bunch of 3750-X switches all running IP Base and acting as a routed access layer. They run OSPF in a totally stubby area with the distribution layer (Nexus 7K) as the ABR. We also have a physically separate management network into which the fa0 management interface of the 3750-X is connected. The management network itself runs OSPF and has multiple subnets and external access.
On the 3750-X, I'd ideally like to be able to run some sort of separate OSPF process for the management network or at the very least have a static default route for management traffic pointing out the fa0 interface, but clearly not have it interfere with the main default route for data traffic coming from the N7K ABR. Normally I'd just create a management VRF, sling the fa0 interface into it and run a separate OSPF process in that VRF. The problem is you can't create VRFs in IP Base! Surely there must be a way to do this? Cisco don't really expect customers to upgrade to IP Services just to have a working OOB Management network, do they?!
View 4 Replies
View Related
Apr 9, 2012
My colleague and I have been having a discussion about using rapid spanning tree in the access layer. Most of our infrastructure has been migrated to a routed access layer with 3750s.
The idea was brought up to configure the switches with rapid PVST. On the surface, it seems like a better idea, faster convergence, in the event that spanning tree ends up being used for some reason. My colleague prefers sticking with standard PVST. His argument is that, in the event of a layer 2 loop, some consumer-level switches filter out BPDUs and if the control plane is overwhelmed, the shorter timers of rapid PVST just puts that much more of a burden on the CPU trying to regain control, whereas with standard PVST it will have around 20 seconds before it starts to engage. (It may still be overwhelmed, but the longer timer delays the additional burden.) He says he's seen this problem with rapid PVST and that his opinion is backed up by our Cisco rep. (I haven't spoken to him yet.)
In our model, it should be very rare -- pretty much never -- that we would layer 2 span another switch off of our access stack.
One suggestion I saw is to use BPDU Guard, which is a good suggestion as well.
But we have had experiences with overloading the control plane on a 3750. I believe that concern is valid. If the CPU can't service spanning tree. But I'm interested in hearing about other experiences people have had in terms of rapid spanning tree in the access layer, end users plugging in unauthorized devices and creating loops, and the effects when using rapid spanning tree vs standard spanning tree.
View 6 Replies
View Related
Dec 3, 2012
I have two Motorola MC9090's that will no longer connect through my MPLS back to coperate. They both stopped working at the exact same time yesterday.
They connect to a Cisco WAP321 that is connected to a Catylist 3750 that is connected to a Cisco 1921.
Each device can ping anything on that network. Both the switch and the router can ping the devices.
But if I try to ping a device on the coperate network the devices timeout.
The PC's connected to the switch via CAT5 have no issues connecting back to coperate (RDP to server)
View 6 Replies
View Related
Apr 21, 2010
I'm going to start the evaluation of implementing the virtualization of our campus LAN using MPLS.We'll get many inter-VLAN routing domains per VRF on the same LAN infrastructure.The LAN infrastructure is based on C6500 implementing VSS.Do you have experience with this kind of setup?Any known/faced issue that might prevent the setup of MPLS on VSS enabled C6500?
View 4 Replies
View Related
Oct 29, 2011
Does 2650 and 2620 support MPLS ? If yes what IOS version should i download?
View 10 Replies
View Related
Jan 1, 2012
I have a 2921 router and want to use mpls feature. Right Now we are using c2900-universalk9-mz.SPA.151-4.M1 image but mpls static cross connect” is not working with this image. And will this image(c2900-universalk9-mz.SSA) be worked?
View 2 Replies
View Related
Sep 29, 2012
I configure 3750 stack switch as core and 2960 stack switches as access layer switches.I connected my laptop to one of my core stack in VLAN 10 and I am pinging to one of my server in VLAN 1. What will be the minimum latency at the time of inter VALN routing
View 2 Replies
View Related
Apr 30, 2012
I've studied and labeled out MPLS and MPLS VPNs several times. The situation I'm presented with is a little different from most of the case studies I've seen in my MPLS books. I've attached a diagram.
We have a IPsec site to site tunnel from our main HQ router to a Cisco ASA 5510 in the core network in the colo. This allows our HQ office to reach the private sub nets in our core without using a Cisco VPN client. The problem we are running into is that this seems to be putting undue strain on the Cisco 2811. I feel like the 2811 should be able to handle it but doing any kind of upload or download through the tunnel spikes the CPU/Interrupts and makes the router CLI basically stop responding until the traffic transfer is stopped or completed. During this time, certain Cisco SCCP phones on our Broad works platform cycle while the SIP phones on the same platform are OK. We are trying to alleviate the load on the 2811 by setting up a VRF from the HQ network to the private VRF used in the Core for private sub net communication. The problem I'm having is the the HQ also has some public traffic that I do not want to include in the VRFs and would like to have it travel through the P2P circuit we have and access the internet or other public devices through the core public IP Internet routing table.
The flow would be this:
-going to a public address use the public internet routing table
-going to private address in the 10.x.x.x or 172.x.x.x - use VRF to core Private network.
This is a little different of a set up from most of the VRF VPN examples I've seen. Most of those the CE devices is completely private. This is not the case at our HQ.
View 6 Replies
View Related
Dec 27, 2011
We have the problem that MPLS labeled packets are not being processed on EHWIC-1GE-SFP-CU if L3PDU + Shim-Header exceeds 1500 bytes.When we move the config exactly to the on-board Interface Gi0/0 it works with put any problems. [code]
View 1 Replies
View Related
Mar 19, 2012
we using Linksys router for Internet for different vlans now we take 3750 as core switch for another different vlans 10,20 we create v Lans 20,20 also create cpd servers and we need Internet for vlans 10,20 through linksys router how should we configure?
View 5 Replies
View Related
Apr 16, 2013
I thought I saw a post/question in regards to "how to" configure a Broadband backup for a MPLS circuit.. What I am trying to do is use a cable/dsl/ broadband (secondary) connection as a backup to a MPLS circuit (primary). I have EIGRP and BGP configured on both the branch endpoint and the tunnel headend. The tunnel is used by the interface that connects to the secondary circuit. The branch location router is a 1841 and the "headend" tunnel router is a 3825. I am wondering about the configuration/syntax of a "weight" or static route that can be used to have data flow over the tunnel when the MPLS circuit goes down - and then switch back to the MPLS circuit when it comes back on line.
View 1 Replies
View Related
Jun 30, 2012
Do I need the Universal image to perform stftp on a 3750 or 3750-X?
View 8 Replies
View Related
Jul 1, 2012
I just purchased an EA3500 because I absolutely need guest access. I set everything up through the Cisco Connect application on the CD and all was well. I figured it's time to get into the whole cloud connect app thing, as this is why I chose this router over another but after creating the account and activating through email, I constantly get the message that I need to associate my router with my account.The PC I am using is directly connected to the router through a cable. I'm not sure what else I am to do at this point. The content of the entire message basically is telling me to head to [URL] with the PC connected to the router that I want associated and to follow the directions.
1. There are no directions... I get that message every time.
2. I've tried rebooting the router and then logging in to the website - that gives me a message saying there's no router detected, meaning that somehow the site IS detecting the router, I just somehow haven't associated it.
View 1 Replies
View Related
Mar 15, 2012
I have 2 cisco 1941/K9 vpn router. I have configured both with LAN ip address given by our vpn provider which is 172.10.10.1 and the other is 172.10.20.1. Both IP addresses are configured to GigabitEthernet port 0/0 on both routers.
1. Is it possible to configure our own set of ip address like 10.71.10.1 and 10.71.50.1 on the GE 0/0 port?
2. Or can we configure our own set of ip addresses (10.71.10.1 and 10.71.50.1) to GigabitEthernet port 0/1 and maintain the other ip addresses on port 0/0?
The first purpose is to have our own set of ip addresses for LAN connection and I will be able to connect or telnet whichever ip address or port is up.
View 0 Replies
View Related
Jul 11, 2012
I have P router (7206VXR) and I need to export netflow from its MPLS interfaces to the netflow software.
View 2 Replies
View Related
Oct 10, 2011
I'm looking at adding a Cisco 3750-X switch running c3750e-universalk9-mz.122-55.SE1 (IP base license) into a stack of 3750-G switches running c3750-ipbasek9-mz.122-55.SE1.bin Given that the version and feature sets are the same I don't forsee any compatibility issues. Would there be any reason why a universal image wouldn't stack correctly with other switches running the single .bin file?
View 9 Replies
View Related
Nov 14, 2011
this is my confguration on cisco 881 . but i am not ablle to access internet from lan.
!version 15.1
no service pad
service timestamps debug datetime msec
[Code].....
View 1 Replies
View Related
May 21, 2012
We have a stack of switches that is at the max number of members allowed in the stack. Problem is we are running out of port density and need to add more ports. So instead of adding a whole new stack I would rather replace 2 of the 24-port swicthes with 48-port switches.
If the two 24-port swicthes we are removing are stack members and neither of them are the stack master, I should be able to replace the 24-port switches with the 48-port switches without bringing the master offline? If the new 48-port switches are running the same IOS version as the current 24-port swicthes, they should add themselves to the stack?Would I have to tell the new 48-port swicthes what switch numbers they are replacing in order for them to be added to the stack since we are at the max number of members?Also since the 48-port swicthes are replacing 24-port switches will the master give the 48-port switches the configuration for only the 24-ports?
View 11 Replies
View Related
Jul 30, 2012
We have recently leased an internet connection in our office which comes from the service provider as radio link and BW is 2M. I have clients more than 60 that will share the connection and access internet. I have configured a Cisco 2600 router as below:
Building configuration...
Current configuration : 988 bytes
!
version 12.2
no service single-slot-reload-enable
no service timestamps debug uptime
no service timestamps log uptime
[code].....
So far I have read regard NAT it degrades performance as it need to translate every data packet comes from the source and goes to internet. So a question comes in my mind is there any other way how I can share this connection among users with private ip address? Or NAT is the only method to share internet connection among users with private ip addresses?
View 2 Replies
View Related
Feb 7, 2012
I have a Cisco 3620 router and I am trying to get internet access. My isp is comcast. All modem lights seem to be operational. But I do not have internet access. I can ping anything other then the router and I am on a home network.
View 47 Replies
View Related
Mar 2, 2012
I have a Cisoc 2610 connected to my network, 1 Ethernet port and a WIC-2T card. I have ther serial connection to the main router and the ethernet going to the switch. I can ping all device throught the network...but the 2610 can't ping any outside address (no internet connection). I have the internet connection going through my 3745 (which the 2610 is connected to via serial cable). I put a default route into the 2610 but still no luck.
Here are the running configs:
2610:
version 12.3
service timestamps debug uptime
service timestamps log uptime
[Code].....
View 11 Replies
View Related