Cisco Switching/Routing :: 3750 To Squid Routing Not Working
Nov 23, 2011
I am using a cisco 3750 in my network as a gateway, and above it I use a squid machine for caching my internet. My network is like this:
Basically I have two VLANs on my network which are VLAN10 and VLAN100, VLAN10 is the cooperate network of my office. VLAN100 is the management VLAN which i use for the switches. I keep the squid as well the client in VLAN10.
squid (192.168.1.50)---->cisco 3750(192.168.1.123)---->Distribution Switch(cisco 2960)---->client PC (192.168.1.5)
I have done nating on squid and internet is working pretty fine when I use the client gateway as the squid, but when I use the cisco 3750 as my gateway after adding route maps for forwarding the internet traffic coming to the cisco 3750 to squid it disconnects me from internet as well I cannot even reach the switches from the corporate network. These are the only Lines I used for the routing:
!
route-map proxy-redirect permit 10
match ip address 110
Basically I have 3 VLAN’s. Office VLAN (for cooperative usage) which is VLAN 999 which has a defined IP address of 192.168.1.123 and Guest VLAN (for the guests who visits our hotel, most of it are wifi AP’s) VLAN 20 which has an IP address of 10.172.4.1. All these SVI are defined on the core switch.
Is there any way I can introduce a new VLAN lets say VLAN 40 and use PBR to route the packets going to VLAN 40 in the IP range 192.168.1.x to VLAN 999 and 10.172.4.1 to VLAN 20? I have tried this already and it is not working. Here are the configurations I have used.
Access-list 110 permit ip 10.172.4.0 0.0.0.255 any access-list 120 permit ip 192.168.1.0 0.0.0.255 any route-map INT_RVLAN permit 10 match ip address 120 110 set ip next-hop 192.168.1.123 10.172.4.1 interface VLAN 40 ip policy route-map INT_RVLAN
I have been tasked to setup a Transparent Squid proxy and do redirection on a Cisco 6513 Switch.I don't have access to the SQUID but think that my config below should be OK. We have setup a TEST user Vlan 13 . Any traffic from this destined for the we on 80 or 443 should be redirected. Vlan 10 is where the Squid proxy is sitting. [code]
I want to police the traffic coming from host 10.0.0.10 that is connected to another switch via port-channel interface the port-channel have interfaces G2/049 and G2/0/50 , i have applied below config to the SVI 112 but this is not working, as the host is still able to go beyond the policed rate also in the "sh policy-map interface vlan 112" command everything is showing 0(zero).
class-map match-all CM_FTP_PORT_49 match input-interface GigabitEthernet2/0/49 class-map match-all CM_FTP_PORT_50
I have applied below script and i can see the script successfuly exceuted but i cant see the file which should store on the flash.Below is script, event snmp oid 1.3.6.1.4.1.9.2.1.56 get-type next entry-op ge entry-val 60 exit-time 10 poll-interval 1
action 1.1 syslog msg "CPU Utilization is high" action 1.2 cli command "en" action 1.3 cli command "show proc cpu sorted | append flash:abc.txt" action 1.4 cli command "show proc cpu history | append flash:cpu2info.txt" action 1.5 cli command "show ip inter bri | append flash:cpu3info.txt" action 1.5 syslog msg "cpu commands verification"
When I do show flash i cnat see the files in the flash.
We plan to implement multicasting on our network where the sourec and destination are going to be in different vlans.I have a test 3750 switch, Layer two multicast works fine, when I place the source and destiantion in different VLan it fails. [code]
I am facing issue with http login after IOS upgrade on 3750 switches. I upgrade IOS from c3750-ipbase-mz.122-35.SE5.bin to c3750-ipbase-mz.122-53.SE2. bin Any other command I have to run.
I have a couple 3750 switches that I am trying to run VTP Version 3 on.one as primary and the other as "server" which implies secondary from my research. [code]Additionally, running a show VTP devices yields a "No VTP3 devices found" on both devices. Despite ensuring that the domainname and password match.I have a patch cable from Gi1/0/1 on switch one runnning to Gi1/0/1 which from what I read is acceptable on GigE.
I have two switches, WS-3750-24PS-S connected in two cabs via fiber. Patch panels at both ends with patch leads. Used tester to confirm end to end fiber connectivity. When plugged in, one switch lights up the other does nothing.
same at both ends. Tried both GI ports same result. swapped transceivers over and the same result, (one switch lit one not - the same switch in both cases). put both transceiver in each switch, (gi0/1-0/2 in a single switch). on the one that lights up in the original scenario we get link on both ports and they come up, on the other nothing happens. shut down both ports on the malfunctioning switch and no shut them, no change.
Show transceivers doesn't show transceivers on the malfunctioning switch, and no attempt is made to bring the ports up if the fiber is removed and replaced.
it is almost as though the two gb ports are kaput. Anything else I can try?
In my Cisco 3750 get rebooted and now the SFP module is not working.
It showing the following error message.
05:13:22: %PHY-4-CHECK_SUM_FAILED: SFP EEPROM data check sum failed for SFP inte rface Gi1/0/26 05:13:22: %GBIC_SECURITY_CRYPT-4-ID_MISMATCH: Identification check failed for GB IC in port Gi1/0/26
What is the error message indicating and what is the solution for this.
I have a Catalyst 3750 switch configured in a network. I would like an additional 3750 switch as a "hot" standby. A 2nd 3750 switch was purchased, and the same configuration was entered in to the new switch, so I have 2 switches with the exact same configuration.
When I move the connections to the new switch, I have a few VLANs that do not come up. One VLAN does come up and work normally. The VLANs in question show down, protocol down, and a show ip route reveals routes to the networks on these VLANs are not there When I put everything back on the original switch, everything works normally.
Why would the new switch not work with the exact same configuration?
Unable to limit traffic on catalyst 3750 gigabit ports it has fiber modules,
I want to limit traffic 2mb per port
I have tried srr-queue and policier but it is not working and there is no ratelimit command under any interface, Applying policy to output is not supported of the interface
policy-map rate-limit class class-default police 2000000 8000 exceed-action drop int gi1/0/3 service-policy input rate-limit
I have configured Squid on my system having Windows 7. I didn't missed any steps. In Services it is showing Squid running.But my internet is running directly without any proxy settings. And when i change to proxy settings at port 3128, internet stops working. I had installed earlier and it was working fine. but now I am also using ICS to share internet connection from a broadband to a lan through my system.
I'm testing WCCP in a lab environment (Another checkbox on my way to CCIE).The setup- a WS-C3560-8PC switch running IOS 15.0(1), IP Services with crypto.- Two client computers connected by wire to the switch, running Windows 7.- A virtual machine in bridged mode running on one of the machines, running OpenBSD 5.0 with Squid 2.7 installed and running.- Everything in the same subnet: 192.168.163.0/24, the OpenBSD is at .5, the switch at .3 and functions as the default-gateway for the computers with no ICMP redirects (the real gateway is at .1 but the switch forwards everything).Squid seems to work, albeit inefficient, but that's not the issue.illing in the IP of the OpenBSD in the browser as proxy with the proper port works.Since the 3560 does only support WCCP over layer 2 adjacencies and masks, not hash buckets, I've configured these options on both the Squid and the 3560.
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
Is a 3750 sw capable of handling full routing tables and what can you recommend in a small mutihomed BGP router or switch capable of handling full routing tables?
I have a network with several catalyst 2960 switches and one catalyst 3750. I have created two VLAN and set up the proper routing and everything is working fine there. I have a client/server application that used multicast in the initial start up for the client to determine available servers, the issue is one of my clients is on a different VLAN then the server. I am able to route the multicast using MVR as long as both the server and the client are plugged into the 3750 by creating a static route, making the server a source port and the client a receive port. Unfortunately I need the client and the server plugged in to different 2960s. My question is how do I establish multicast routing between the two and perferably do it dynamically (always route multicast traffic from one VLAN to another).
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]
I have the task of replicating the router config on a 3825 router on a 3750 switch. Reason is we are taking out the router and replacing it with the switch to make use of the router for other functions.
Below is main part of the router config:
! ip source-route ip cef ! ! multilink bundle-name authenticated ! license udi pid CISCO3825 sn FCZxxxxxxx ! vlan internal allocation policy ascending
[code].....
The 3750 switch I have runs C3750E-UNIVERSALK9-M, Version 12.2(55)SE3 on a LAN BASE license.
The first thing I have done is to order for a license upgrade to IP BASE which would give the support for OSPF routing.I do not see much of an issue with the Interface configs, however, I am not too sure about replicating the routing config on the switch.
My question is can I run the commands as shown for the OSPF routing on the switch? If not, can I get suggestions on how best to set this up on the switch?
In 3750 switch,I have configured intervlan routing.I have three vlans Vlan 10,vlan 20,Vlan 30 and I have assigned IP address for that Vlan.In vlan 10,I have connected one systen gigabitethernet 0/1 interface.From my system I am able to ping vlan 10 ip address but I can't able to ping other vlan ip address (vlan 20,vlan 30).Is it possible to up the protocol for all that time.
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
I have a simple design with 3750. I configured a route-map which define a next hop. I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR? I think of CEF .
In our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.
Created access list to identify traffic:
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
Created policy:
route-map TestASA permit 10 match ip address 10 set ip next-hop 10.2.0.3
Assigned policy to the user vlan3:
ip policy route-map TestASA
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net. My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20,I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2),my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to,go out to the internet.
I have a simple design with 3750.I configured a route-map which define a next hop.I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR?
I'm running into what seems a basic ip routing config problem with a Catalyst 3750 (IP Base) switch. I have several VLANS configured on the switch with IP routing enabled, and the switch is connected to the inside interace of a new ASA 5520 as follows:
ASA5520 IP (Default gateway): 192.168.1.1Switchport Gi1/0/1 is configured as a routed port, IP address 192.168.1.3 255.255.255.0Example VLAN is VLAN 100, IP address 192.168.100.1 255.255.252.0 From the switch CLI, I can ping all VLAN addresses, as well as the ASA5520, and the client laptop I'm testing with from VLAN 100.
From the client laptop on VLAN 100, I can ping all switch interface and VLAN addresses (inter-VLAN routing is working), including 192.168.1.3, but I CANNOT ping the default gateway at 192.168.1.1.
Here is the relevant configuration information on the 3750:
! no aaa new-model switch 1 provision ws-c3750x-24 system mtu routing 1500
I have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
I have 2 ISP connected to Router A and Router B.Both the routers are connected to the core 3750 switch.. I want to send the traffic from the switch that goes to router A to router B..[code]
