Cisco Switching/Routing :: 3750 - Local Subnet To Edge Router Two Networks
May 13, 2012
I need to make some changes on our network. We currently have two sites 150 miles apart we join both by way of fiber and on each side we have Cisco 3750 stack switches, configure trunking for all V lans on one port in site one then through the the long haul fiber to site two with site one using 10.1.1.30 and site two using 10.1.1.40 as their default gateway, with static routing all V lan sub nets to the other sites default gateway life is good.
My question - seeing how we have sites using the same sub net 10.1.1.x to trunk all data to each site through switches; we need to now change the network and add each site to the MPLS network, site one switch 1 IP address 10.1.1.30 going to MPLS router one with FA0/0/0 using IP 10.1.1.31, site two having switch 1 IP address 10.1.1.40 going to MPLS router one with FA0/0/0 using 10.1.1.41. I need to know will this work.
We have the same sub net in each site 10.1.1.x to the MPLS routers then the external router interface connecting each site to local switches, will this cause any problems by using the same local sub net for each site?
View 1 Replies
ADVERTISEMENT
Jan 10, 2013
I've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
View 4 Replies
View Related
Feb 14, 2012
we have some devices on the network which cannot be secured and we need to isolate from the rest of the subnet.Our switches are Cisco 2960.Is it possible to via an ACL local a specifric port down to only allow traffic from specific MAC addresses? I've had a go at this myself but not been able to make any progress. The traffic type is TCP/IP.
View 10 Replies
View Related
Dec 18, 2011
Lets say I have the following topology.
DataCenter<---Etherchannel(2)-->BuildingB<---Etherchannel(2)--->BuildingA
There arer 3 stacks of 3750 at each building. The core switch/router in our network is at location B. The way it was originally setupis every L3 device has an ip address for each lan. So let's say we have VLAN 200 withnetwork 192.168.200.0/24. The DataCenter would be assigned (192.168.200.3), Building B would be assigned (192.168.200.1), and Building A would be assigned (192.168.200.2). I'm configuring the DC and BA to be L2 only and Building B to be the only real router in the network besides a few ASAs. When I ran a 'no ip address' on the vlan interface on Building A, the internet connectivity for 192.168.200.0 dies, but local connectivity is fine. After doing some research and troubleshooting, I found out that if I set the next hop on the ASA for the local networks for an IP address on building B everything works perfectly.
The way the routes on the ASA are setup for local networks are as follows.
All local networks have ip route localnetwork mask x.110.215.17. This address is the IP address of the inside interface on the ASA. Now, when I kill the IP address on the vlan interface on Building A internet connectivity goes down, while the next hop is still pointed to this address, BUT if I give it a next hop of the vlan interface ip address on B everything works fine. Now, I can easily fix this, I was just wondering why this is happening?
View 1 Replies
View Related
Mar 29, 2011
I have a very basic networking question If I have, say, 3750's (or any L3 switch, capable of routing) at the edge and a 4500 at the core, where should I route? At the edge? At the Core? Both?
View 4 Replies
View Related
Dec 10, 2012
I am trying to set up a vrf for guest networks and am having issues on one of the switches.A quick overview (since I dont really know what i am doing ) we have two sites that are connected via lanex. each site has a 3750. The only internet connectivity is the remote site (so all the users at the local site route out through the remote site to get to the internet)I need to make a guest network at the local site using our current infrastructure but it cannot have any access to our network resources.
I have created a vlan here (vl166) and on the remote switch
ip vrf TRAINING
didnt do any route distribution
then added "ip vrf forwarding TRAINTING" and readded the ip to the vlan interface
gave it an ip address of 172.16.166.1
did the exact same thing on the remote switch but with interface address of .2
enabled ospf on both switches.... router ospf 3 vrf TRAINING
I cant ping from one interface to the other... when I try pinging from the remote switch I get :
CISCO3750MCI-1#ping vrf TRAINING 172.16.166.1
% VRF does not have a usable source address
CISCO3750MCI-1#show ip vrf interfaces TRAINING
Interface IP-Address VRF Protocol
Vl16 172.16.16.2 TRAINING down
I cant see why the interface is down. Nothing in the logs (even when I do no shut... it just accepts the command but doesnt come up)
View 8 Replies
View Related
Nov 13, 2011
We have a remote office with a Cisco 3750-X switch with the IP-Services feature set connected via dark-fiber to a 6509-E at the corporate office. We plan on migrating the remote office to a new network (new acquisition) to subnet 10.10.10.0 on VLAN 20 which has an existing subnet of 192.168.100.0 and we would like to run both in parallel using their existing switches (Dell) and the new 3750-X.
I’m curious as to the best way to keep the traffic local between the two subnets using the 3750-X and if necessary put the 192.168.100.0 network on a VLAN. I thought about routing between the two networks via IP routing on the 3750-X but the new workstations default gateway is the 6509-E and existing workstations is a SonicWALL within the remote office. The default gateway for the new workstations can be moved from the 6509-E as a last resort.
View 5 Replies
View Related
Jun 11, 2013
We created some local account for this switch but we unable to login when the TACACS Server down.
3750 Switch
aaa group server tacacs+ ACS
server x.x.x.x
server x.x.x.x
ip vrf forwarding Mgmt
ip tacacs source-interface GigabitEthernet0
[code]....
View 2 Replies
View Related
Mar 7, 2012
Two networks. NetA: IP subnetID 10.101.x.x subnet 255.255.0.0. Devices have static-assigned IP's. Only DHCP runs on wireless AP for wireless client connection. IP addressing scheme set by hardware vendor, so not under my control. NetB: IP subnet 10.x.x.x subnet 255.0.0.0. Campus LAN and also not under my control. DHCP supplied addressing. how to get NetA devices to route to NetB?I would like to be able to provide Internet access (via NetB)to NetA devices.
View 7 Replies
View Related
Jan 18, 2013
From My Router that connects to Cable modem i am unable to ping website 4.2.2.2I am able to ping all other websites fines.Same website i can ping from my pc and all other switches fine.Router has only 1 ACL thats for NAT.
View 25 Replies
View Related
Apr 24, 2012
I am looking to implement 25 Cisco 3750 switches with IPBASE image at the edge, across many cabinets. I understand I am limited to EIGRP Stub on the 3750 switches (with IPBase) and cannot acheive funding to upgrade to IPServices. Though I am not fully aware on the limitations, in terms of what I am trying to acheive.
Broadly speaking I want to install 2 x 3750 switches at the edge, with point-to-point links to two 6500 core switches (at the data centre) and then have HSRP interfaces on the 3750's, tracking the up links to the core switches. I am presuming this will be the best solution to ensure reliability.My 6500 switches run EIGRP and have many VLANs and other L3 networks advertised, which will need advertising to the 3750 switches. I would be looking to advertise two or three HSRP networks on the 3750 switches, up to the core switches.At the moment, the entire network is Layer 2 (VLANS + STP).
how to configure EIGRP across the 3750 switches and 6500 switches to allow for the 3750's to see the whole network and also advertise back up it's directly connected (HSRP) networks to the core. At the moment, after configuration, none of the switches see each other as EIGRP neighbours but can ping the L3 addresses on each end.
View 1 Replies
View Related
Sep 4, 2012
i have a problem with a cisco cat. 4507 edge switch as when i have a login ssh session to the switch the supervisor engine restart and the redundant Sup. engine becomes the active and so on this problem mainly happen when i have multible SSH session to the switch and it happened very rarely with a single ssh login
the ios version i use is cat4500-entservicesk9-mz.122-54.SG which im using on all my edge switch and they are all working fine excpt this one
View 1 Replies
View Related
Dec 29, 2011
Today I'm going to be re-organzing my network, kind of and I just wanted to get a second opinon. Right now I have an ASA 5510 and a Cisco 2911 and a Cisco 2960 (and I have two more 2911s and 2960s that handles our phone network).
Router 2911 is on the edge Gi0/0 has the public IP and Gi0/1 is not used and then I have 5 individual VLANs (Gi0/1.100, 1.200, 1.300, 1.400, 1.500) VLAN 100 is our internal network 10.10.18.1/24 (router is 10.10.18.1)And the 2960 is used for swichport access, the ASA is on the side and only used as a VPN.
What I want to do is put the ASA on the edge so I can dump all the access-lists and everything then 2911 will only be used to route the traffic. Now I know I will have to reconfigure the VPN, which isn't a problem. My question is when putting the ASA on the edge do I just put the public IP on the ASA's e0/0 and then plug the 2911 into the e0/1 of the ASA and give the Gi0/0 of the 2911 the ip address of 10.10.18.1 or do I just shut it down? The reason behind this is because I would actually like to use the ASA for more than just the VPN passthrough.
View 6 Replies
View Related
Jul 31, 2012
I am trying to upgrade my 2960 edge switch through tftpd...i have configured vlan 1 with IP address 172.16.10.1 and tftpd as 172.16.10.2 I am trying to ping tftpd, but I couldn't, but when I try to ping vlan 1 from tftpd, i can?
View 6 Replies
View Related
Mar 25, 2013
i have 2 no of 3560G in our core, now my requirement is to establish the redunent network like for the edge 2960G using stack or some other way ...
View 6 Replies
View Related
Mar 22, 2013
I have 2 nics in my win7 system, NIC 1 connect to leased line and NIC2 is connected to organization LAN for internet. Both the ip add are in same subnet. when both the cables are plugged in to nics, leased line link connected to nic1 goes down. It wouldn't come up untill the cable from nic 2 is plugged out.Basically i wish to be connected to both the networks simultaneously.
View 1 Replies
View Related
Jun 30, 2012
Do I need the Universal image to perform stftp on a 3750 or 3750-X?
View 8 Replies
View Related
Feb 7, 2013
I wounder if there is any way to ping the local deviceses connected to a network hosted by a Cisco 1921 router? I wan't to be able to ping the device(computer name) but currently cant do that.
View 1 Replies
View Related
May 24, 2012
Got a shiny new SG 200 26P which seems to work fine operationally.owever, when I am trying to access the web interface from a different IP subnet, the web brower just times out.If I put my PC on the same IP subnet, it works just fine. From the other subnet, I can ping the switch fine. The default gateway is set on the switch, and from the web interface I can ping and dns resolve other hosts and on the internet. I've tried to create a management profile to 'allow all from everywhere' basically, but still no luck.I'm completely stumped. I've tried to reset to firmware defaults, and I'm now runinng the latest firmware. I woudl suppose that the switch would allow itself to be managed via the web interface from all subnets by default. Any thoughts? The fact that the switch can ping internet hosts makes be believe it's own default gateway and IP are all ok and working.. (and I can ping it from anywhere in my network).
View 4 Replies
View Related
Jul 16, 2012
Getting a lot of the following errors on our 5508 form the same subnet: 10.20.0.1 255.255.248.0 . I tried researching and not getting much.
broffu_SocketReceive: Jul 17 10:11:10.068: %DATAPLANE-3-DP_MSG: broffu_fp_dapi_cmd.c:2891 FP0.09:(7089389)[cmdAddIpv4:2921]failed to find ipv4 10.20.6.58
[code]....
View 2 Replies
View Related
Feb 28, 2012
Within our small lan we have a core 3750, that handles our intervlan routing and is the core of the network. I recently looked into multicasting and set up a lab test with a 3550 with an EMI image and got the config to multicast to all vlans from one vlan, ready to go, at which point I found that our 3750 is IPBASE and doesn’t support multicasting. Currently upgrading the switch or image is not an option due to funding. My question is would it be possible and advisable to install our lab 3550 as a leg off the core, and in some way route multicasting traffic through that?I just cant get my head around the concept of having a core switch essentially routing all vlans, and then having another switch route the same vlan traffic again for multicasting to all the vlans again.
View 1 Replies
View Related
Jan 13, 2013
I've created a scenario using a 3750 cisco as core switch ad other 6 switch model 2900 in access level.my problem is this, the router is not a cisco router, and this router is not able to make NAT on more than one subnet.Into the core switch I've created 4 VLAN and I must to give internet access to 3 of them, 192.168.0.0/24 (vlan1), 172.16.0.0/24 (vlan2), 172.17.0.0/24 (vlan3).I've connected the switch to router via gigabit ethernet 0/1 and I've assigned to this interface ip address 192.168.10.2, the router ip address is 192.168.10.1, Switch ip default-gateway is router ip address 192.168.10.1, ip default route is 0.0.0.0 0.0.0.0 192.168.10.1 I've enabled ip routing feature and I've set no switchport feature to interface gigabit ethernet 0/1.From core switch I can ping router ip address but I can't make it from all other user, and the users not able to have internet access.
Below the switch configuration (only necessary strings)
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
[code].....
View 6 Replies
View Related
Feb 20, 2012
I’ve configured a small WLAN for a school that wants to have wireless network access for their staff as well as for guests doing presentations. They want the staff to have access to everything on the 192.168.1.0 /24 network as well as the Internet. They want the guests to only have access to the Internet. I have attached a picture which shows how the network has been configured with 4 Cisco AP1242G AP’s attached to a Cisco SF302-08MP PoE switch and then to a Symantec Security Gateway to the Internet.
I can authenticate wirelessly to the STAFF SSID and ping anything on the 192.168.1.0 /24 network and access the Internet.I can authenticate wirelessly to the GUEST SSID and ping anything on the 172.16.1.0 /24 network, but not anything on the 192.168.1.0 /24 network (which is what we want). However, when on the GUEST network you can’t access the Internet. I added a default route to the Cisco 302-08MP switch to 192.168.1.1 (Symantec firewall) thinking that would forward the traffic from 172.16.1.0 /24 to the Symantec firewall out to the Internet, but that isn’t working.How would I go about getting the traffic from 172.16.1.0 /24 to hit the Symantec firewall and the Internet, without hitting anything else on 192.168.1.0 /24? Do I need to put the Symantec firewall in a different subnet like 192.168.2.0 /24? Am I missing anything else?I’ve worked with Extreme Networks & HP / 3Com CLI in the past, but never with Cisco and never with web based management
View 1 Replies
View Related
Feb 9, 2012
I have Catalyst C3750G switch
with configured route to subnet 192.168.201.0/24
ip routing
ip route 192.168.201.0 255.255.255.0 192.168.160.13
192.168.160.13 is accessible
[Code].....
View 5 Replies
View Related
Jan 14, 2013
We have two switches; a WS-C3550-48 and a WS-C3548-XL connected via fiber uplink ports. Both switches are on the same subnet 192.168.1.0 /24. I would like to change the subnet of the second switch, WS-C3548-XL, to be on 192.168.2.0 /24. Would it be possible to assign 192.168.2.x IP addresses to both uplink ports to achive this?
Or would I need to create a separate VLAN and assign both GigabitEthernet0/1 uplink ports to this VLAN?
View 5 Replies
View Related
Feb 5, 2013
I have an issue with the device in subject. I need that some server, listed as service on CSS, can contact a content VIP on the same subnet. To allow that traffic I configured grouping on CSS (group 1) with vip address and an ACL that allow traffic from subnet 10.1.1.0/24 toward same subnet 10.1.1.0/24 and I have bound this ACL with sourcegroup 1. The nat and portmap works but never at first attempt, instead since second attempts it works. Seem like a CSS require to much time to create nat entry.
View 4 Replies
View Related
Oct 7, 2012
I have a customer who has an ASA 5505 that is handling the routing for their internal network. They are running out of available IP addresses on their subnet 192.168.1.0/24. They have dumb switches that don't suppport multiple vlans or trunking & they are only able to connect to one switchport on the ASA. He doesn't not want to purchase any new equipment or rearrange their existing equipment at this time. The customer would like to statically assign IP addesses for 192.168.1.x & 192.168.2.x and have the ASA hand out DHCP addresses for 192.168.3.x addresses. The customer suggested configuring a super subnet. A 192.168.0.0/22 address scheme would provide an ip range 192.168.0.0 - 192.168.3.255 on a single VLAN. I know this is an unconventional way to setup an internal network & I will definitely advise the customer that this should only be considered as a temporary solution until they get more appropriate network equipment.
View 3 Replies
View Related
May 14, 2012
I am new to this and have ran into some problems. I butilt up my router I was able from the rom> prompt to get my router to boot from SLOT0:xxxxx
Then I did the copy command copy slot0:xxxxxxx bootflash:xxxxxxxMy router starts up fine. I did all my configurations and did my copy run start when I was done. As this is what I do on my 3750s.
My router lost power and rebooted and I lost everything it did not boot up to my last configuration.How do I save my configurations when I am done ? How do I get it to boot from that configuration every time?
View 1 Replies
View Related
Mar 15, 2013
I have forgot this technology name, but, I remember it can achive on between Nexus 7000s in two location, and also between two catalyst 6500.Can I ask if it can be done between one nexus and one catalyst 6500?
View 8 Replies
View Related
Dec 13, 2011
We have 10 ADSL lines and 5 of them goes in the load balancer (One gateway) and the rests are used as default gateways for internet access. We use ADSL routers as access points for internet, but those routers should be part of our network and should be given an address in order for them to act as default gateways for internet access. I'm facing a real prob with the ADSL routers Linksys WAG54G2 because they doesn't support a subnet mask 255.255.0.0 Any recommendation for an ADSL router model that support a netmask 255.255.0.0 ?
My cisco 2811 router interface configuration ip address: 172.20.0.1 255.255.254.0.Load balancer output lan ip address: 172.20.0.5.My ADSL routers will be in the following range : 172.20.0.6 - 172.20.0.10
View 1 Replies
View Related
Jan 25, 2012
I recently bought SG-300 28P to create the VLAN. My network hs 3 subnet 192.168.1.0, 192.168.2.0 and 192.168.3.0.My main net work is 192.168.1.0. I want to divide it to VLAN to eliminate the boardcast storm; especially from the domain 192.168.3.0
But I want all the devices from 192.168.1.0 to access other subnet.
View 4 Replies
View Related
Jun 28, 2012
I need to configure the C3560-24TS, QoS control by IP or subnet.i tried to study books and videos many times but still feel i am not well known about QOs...
View 1 Replies
View Related
Nov 27, 2012
how to know if my bgp neighbour advertised my network from his side or not ???
here is my config :
Gateway7600#sh ip bgp
BGP table version is 8, local router ID is 192.168.40.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
[code]....
View 5 Replies
View Related
