Cisco Switching/Routing :: 3750E / Applying ACLs When Routing Between SVI And Routed Interface?
Mar 12, 2013
Quick question here. Using 3750E series switches with multiple VLANS configured. These switches serve as our 'core'. I have SVIs configured for the different VLANs and add inbound ACLs in each of the SVIs to control traffic between VLANS. This switch also terminates a P2P Ethernet link which connects to our Colo facility. The port used for this is configured as an L3 port. I noticed today that I was able to send traffic across this L3 link that I thought should have been blocked by an ACL I had in place but it wasn't. So the traffic flowed from a port in say VLAN 20 across this L3 link (assigned with an IP address). Would this traffic flow not cause traffic to be checked against an ACL applied in the inbound direction on the SVI of VLAN 20 (int vlan 20)? Traffic does get checked when routing between SVIs. Why would it not get checked when routing between SVI and L3 interface?
View 2 Replies
ADVERTISEMENT
Feb 9, 2012
We have 20+ VLANs on our main network, we have an offsite connected by metro GIG fiber ethernet. Right now, we have a layer 2 connection to there with the core at the main site as the gateway. We have had problems occationaly with the metro ethernet's spanning tree which then we would see our own network and cause an outage, not only for the offsite, but since the VLAN would see itself (not on our equipment but the metro ethernet carrier's) it would effect the main network as well.
What I was going to do to resolve this was change the connection to a routed network, however I need to still send some VLANs over the routed network (there are some applications that require to be on the same subnet as the server). Is there a way to Map the Vlan 10, and 11 at the main site to a vlan 10, and 11 at the remote site using a routed network? I noticed there is something about bridging, would I bridge the VLAN accross the routed MAN connection? Then would I bridge back the other way as well?
Main site has a 6506E
and offsite has a 3750E
View 3 Replies
View Related
Mar 14, 2012
We are looking for a solution that to use Sub-interface on a routed port on 6509, instead of using a SVI on it.Are there any different when using Sub-interface?
View 3 Replies
View Related
Feb 21, 2012
On a router I can use IP Accounting or Netflow to see what kind of traffic is moving over an interface. Are there any tools on a 3750 switch with a routed interface which would tell you who is hogging the bandwidth on that interface?
View 2 Replies
View Related
Apr 18, 2012
I have a collapsed core design with routed ports between all components. Access layer switches, data center switches, core/aggregation. All routed (no spanning-tree at all).Now...I have to add an IBM BladeCenter with a BNT layer 3 switch to my topology. However, those nasties don't seem to support routed ports.How can I have a routed port on my cisco switch and a standard access port on the BNT and still establish an adjacency with an SVI? I am running OSPF, but I am labbing this in my home lab with 2 x 3550s and EIGRP.
On SW2:
*Mar 1 00:57:00.711: EIGRP: Received HELLO on Vlan100 nbr 10.1.1.1
*Mar 1 00:57:00.711: AS 999, Flags 0x0, Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
*Mar 1 00:57:02.303: EIGRP: Sending UPDATE on Vlan100 nbr 10.1.1.1, retry 9, RTO 5000 tid 0
*Mar 1 00:57:02.303: AS 999, Flags 0x1, Seq 17/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
[code].....
View 10 Replies
View Related
May 12, 2013
We have two L3 3560's. One 3560 has an upstream MPLS router. The other 3560 has an upstream backup VPN router. Both of these 3560's are L3 switches with IP routing enabled. I created a PBR on both so that specific traffic routes through the MPLS router, while other traffic routes over the backup VPN router. I'm trying to apply the PBR to the SVI's, on each switch. However, when I do a "sh run", the PBR does not appear under either SVI. I've enabled the SDM Routing template, made sure that ip routing was enabled, and even verified that the IOS has the capability. Not sure what else to check for.
View 8 Replies
View Related
Dec 8, 2012
I need to use cisco 3750E switch on core. I want to know whether BGP is supported on this model or not?Currently i have c3750e-universalk9-mz.150-2.SE/c3750e-universalk9-mz.150-2.SE.bin" preinstalled. and i checked BGP is not supported on this IOS image.
View 7 Replies
View Related
Jan 31, 2013
I am in the process of upgrading our network switches and wondering if the .lic file will work with the new software or if I have to rehost for the move to 15.0. Its a remote site and I would like to get some solid info before I pull the trigger.
Also which IOS should I be upgrading to?
c3750e-ipbasek9-mz.150-2.SE.bin
or
c3750e-universalk9-mz.150-2.SE.bin
[Code].....
View 2 Replies
View Related
Apr 7, 2013
This isn't a big deal as the rest of the ACL works fine, but this is an annoynace since the web auth redirects to our company website (internal for now) after successful login.We have a Cisco WLC that provides access to our production and guest wireless environments. The guest environment of course is in a separate vlan (10.10.50.0/24). So I created this ACL:
access-list 107 permit udp any host 10.10.2.13 eq bootpc <----internal DHCP server
access-list 107 permit udp any host 10.10.2.13 eq bootps
access-list 107 deny ip any 10.10.0.0 0.0.255.255 <---all internal networks
access-list 107 deny ip any 172.28.16.0 0.0.0.255 <----DR Network
access-list 107 permit ip any any
int vlan 50
Desc "Guest wireless network"
ip access-group 107 in
This ACL basically gives the wireless guests access to an internal DHCP server and full access to the internet. For the 10.10.50.0/24 scope, the DHCP server assigns Internet DNS servers and my rationale is that wireless clients would access it via the external IP address but I suppose it doesn't work quite like that with the website being behind the same router as the client machines.
View 1 Replies
View Related
Nov 20, 2012
have 2 3750's one is an 3750E the other one is a G... Since they are 2 different versions Do I need to correct ios for each for example my 3750E switch i would have
IP BASE
c3750e-ipbasek9-mz.122-53.SE2.bin and for my 3750G switch should i use
IP BASE
c3750-ipbasek9-mz.122-53.SE2.bin
Which would be 2 separate images
View 4 Replies
View Related
Nov 13, 2011
Can I get a stack cable longer then 3m?
View 1 Replies
View Related
Sep 17, 2012
I am trying to create an ACL that walls off a VLAN and only allows it to the internet. This is on a 3750G, currently the 3750G I am attempting this on is in a stack. I have another 3750G that is a standalone.
The first way I attempted this was to create two access-lists: access-list 101 permit tcp 10.249.1.0 0.0.0.255 any eq 80 access-list 102 permit tcp any 10.249.1.0 0.0.0.255 established
Let's call the 10.249.1.0 VLAN 2. I applied this to the VLAN2 interface, 101 out, 102 in. It didn't work. If I place a deny statement with nothing else, that works.
The second attempt was this: access-list 101 deny ip 10.249.1.0 0.0.0.255 any access-list 101 permit ip any any
I applied this to a VLAN I wanted to block VLAN2's traffic from reaching, let's call that one VLAN 3.
This lets all traffic from any VLAN (including the one I'm trying to block). If I remove the "permit ip any any", then all VLANs are denied. Which I understand is correct due to the implied deny all. What I don't understand is why it isn't applying the ACL to the specific VLAN.
View 3 Replies
View Related
Apr 16, 2013
We are configuring ACLs for a dhcp pool on Sw3750
ip access-list extended Test
permit ip any 192.168.1.0 0.0.0.31
permit ip any host 172.16.1.1
And, here is dhcp pool:
ip dhcp excluded 192.168.1.1 192.168.1.3
ip dhcp pool Name
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
But when a PC try to obtain IP automatically, it doesn't work.
View 3 Replies
View Related
Feb 4, 2012
I have a situation where two of my CGS-2520-16S-8PC switches are not applying POE power to the copper ports, but showing power inline, two ports are showing power applied. Shutting down the port and re-enabling it will return the port to normal and the phone will connect.
I'm running cgs2520-lanbasek9-mz.122-58.EY2 after using 122-58-se1. Happening on both, but i have more switches running EY2 with no issues at the moment. Using DC power supply averaging around 53v.
View 9 Replies
View Related
Apr 4, 2011
We're seeing "OutDiscard" error on a LAN switch connected to newly migrated Cisco IP phones. All the other error counters are clean except for the OutDiscard. (please see attached "show int count err" output.) [URL].
According to the link above, the common cause of such discards can be to free up buffer space.(Am I seeing a switch buffer issue?) How to identify/resolve the cause of the OutDiscard.The switch is 3750-E running c3750e-universalk9-mz.122-44.SE6.bin
View 1 Replies
View Related
Feb 5, 2013
Any one know when object-group ACLs will be supported in cat4500 IOS-XE ?? Doesnt seem to be supported now.
View 1 Replies
View Related
Apr 16, 2012
I am seeing on my 3750E series switches (WS-C3750E-48TD). I have multiple VLANs configured on here, one which is used as a 'workstation' VLAN. I have an inbound ACL applied to the VLAN interface *(int vlan 50 to be exact). This list is admittedly long at roughly 6000 ACE's. Now I just recently installed these switches as they replaced some 4507R switches which we moved to our new centralized DC. Here is the issue I am having. This same ACL was applied to the same VLAN interface on the 4507s when they were doing the work of the 3750s. What I used to be able to do was actually edit the ACL by removing it with no ip access-list extended WS-In and then followed up by the ip access-list extended WS-In ......and the lines I wanted in the ACL. I know I could use the line numbers to edit the ACL but this worked OK for me. When I would do this on the 4507R, the ACL was still applied to the interface but traffic never seemed affected by the removal and re-adding of the ACL. I did this by copying and pasting the ACL into a terminal window. It seemed as though on the 4507 the ACL was not compiled until the entire thing was in loaded in and therefore traffic was not processed by the ACL until the load was done
View 3 Replies
View Related
Oct 30, 2011
I have a 3750E stackable swtch and I need to configure neflow on it. Are there any IOS versions that support netflow on the 3750E? Is there any possible to configure netflow on a 3750E? I do not see any netflow commands available on the switch?
View 2 Replies
View Related
Apr 11, 2012
what is difference between Cisco catalyst 3750e 48 and SF300-48p.
View 3 Replies
View Related
Oct 3, 2012
can I make the stacking of these two switches WS-C3750E-48PD-SF and WS-C3750X-48PF-L. Both have universal IOS.
View 11 Replies
View Related
Dec 6, 2011
I have 3750E swiches with IOS v. 12.2(55)SE3. Couple servers connect to ths switch, after ping of IP this servers I can see mac addresses in mac address table.
For instance:
sw1#show mac address-table vlan 20
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports(code)
---- ----------- -------- -----
When ip generate traffic to this server this mac address appear in table again on shot time (less than 10 seconds).
View 4 Replies
View Related
Nov 30, 2011
I had a lot of problems with TCAM table in the past and made changes in SDM ended whit that. But now want to be proactive and anticipate the problems in my TCAM table.
If the my template is "default desktop" they support a number of indirect IPv4 routes of 2k. I wanna know automatically by my management tools if this number reaches 1.9k.
That way I can take corrective actions before the problems starts on my network.
View 5 Replies
View Related
Jan 4, 2012
I have a RVS4000 connected to my cable modem which I use as my gateway, the IP address of the RVS is 192.168.3.254
I have a 2811 with 3 subinterfaces of which I can ping all of them from my PC which at the minute is in VLAN 1, the only network that can connect to the outside world is VLAN 1, how can I enable the other 2 vlans to connect to the internet?
My set-up details are
Router
interface FastEthernet0/0.1
description *** Data Network***
encapsulation dot1Q 1 native
[Code]....
View 1 Replies
View Related
Mar 10, 2008
After I added the 3rd 3750E to my stack on Sunday I can no longer save my configs with 'copy run start' or 'write mem':
#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
nv_done: unable to open "flash:/config.text.new"
nv_done: unable to open "flash:/private-config.text.new"
nv_done: unable to open "flash:/multiple-fs.new"[OK]
[code]....
my flash seems to have plenty of space:
57409536 bytes total (24203776 bytes free)
View 4 Replies
View Related
Apr 22, 2012
We tested a QoS in a Cisco 3750E, IOS: 12.2(58)SE2.Voice traffice in the correct Q without any problem, but all the others traffic the Defualt Q (0), tried to capture the traffic and tcp/udp port are correct.Any thing wrong with my ACL or DSCP - CoS?? ( that ACL works fin on 4500 and 6500) [code]
View 3 Replies
View Related
Feb 3, 2013
We are migrating from Catalyst 6509 IOS platforms to Nexus 7009. There's the normal differences in commands which is well doucumented. We do have some quite large files containing ACLs varying from 10's of lines to several 1000's of lines. Our normal upload would be done using tftp and then issuing the command 'conf net' on the the 6509. This is no longer the way to do this on NX-OS. I've tried copy ftp: running-config which works fine for small files but for big ones it takes a long time, in some cases I've see it takes 20-30 minutes. The initilal tftp uplaod to the 7009 seems OK but the copy into the running-config is the bit that takes time and initially I thought I'd killed the 7009!! It did finally come back to the prompt. Are the 7009's simply not designed for large ACLs? I did try the configure session (Session Manager) but I couldn't see a way of uploading a file. I tried creating a new session and then exiting it, copying in a file of the same format and then commiting it but it didn't seem to acknowledge the file (checksum?).
View 10 Replies
View Related
May 3, 2013
I am not able to find the exact bug for Cisco 3750E stack - Debug Exception (Could be NULL pointer dereference) Exception (0x2000) error. Closest i can find is CSCsa72400 which only affects ver 12.2(20)SE4.All the stacks (3 switches) are running 12.2(50)SE3, It appears that the switch 1 crashed and reloaded. My hunch is its software but i cant find any related bugs. It could be hardware issue as well ?
View 4 Replies
View Related
May 30, 2012
I have a device which will be sending voice and data packets and is able to mark the packets with DSCP values. Voice, 18 and Data 42.If this was a straight through network, I'd be clear on how to handle this, but.....I will be putting this traffic into a VLAN to isolate it from some other traffic on the network. What is the best way to prioritize this traffic inside the VLAN? Will the Cisco switch look at and respect the DSCP values inside the VLAN and prioritize accordingly inside the VLAN? Or, do I need to do some sort of DSCP to 802.1p mapping? Another option I would be fine with would be mapping the DSCP values for voice and data to two different VLANs and then giving the voice VLAN priority over the data VLAN .... I'm using 3750E switches.
View 7 Replies
View Related
Oct 25, 2011
What is meaning backup on HSRP statas?There are 5 vlans.The other four vlans aren't backup status.Only one of five vlans display messeages. When I reload Catalyst3750E-1,debug log. [code]
View 6 Replies
View Related
Apr 22, 2012
Can we stack a 3750G-12S-S switch with a 3750-E-24TD-S switch?
View 4 Replies
View Related
Nov 7, 2012
9x3750E stacked switch (WS-C3750E-48PD-SF0) (15.0(1)SE2
C3750E-UNIVERSALK9-M)
2x10Gbe uplinks from EMC NAS
At a basic level, we have found that the 10Gbe uplinks have slow read performance with or without a port-channel configured (2-3 minutes for a 700MB file to desktop from the NAS) We switched back to testing a 1Gbe and the read speed is normal. Another anomaly is Win7 / 2008 machines read speed is fine from the NAS while the 10Gbe uplinks are in production?!
Write speed is great on 10Gbe. Only read speed is affected!! the switch is not reporting anything abnormal. We looked at SMB/SMB2 as another possible cause...
mls qos is enabled on the switch but not sure if this is affecting performance.
Is the ANY config that I need to carry out on the interfaces to get the read speed working as it should for both Win7 and WinXP. (MTU is 1500 throughout the enterprise, NAS included).
View 1 Replies
View Related
Oct 16, 2011
I have installed and configured 2 new WS-3750E-24TD in the last 30 days, that have software version 12.5(50)SE2-universalk9, on our flat Development LAN (currently 7 existing WS-3750E-24TD with 12.5(35)SE2-universal)The new switches have shutdown, 1 has shutdown twice and I just had the other one shutdown on the weekend, all the status lights on the left are lit up but no port lights are on, I am not able to console in to the switch all I can do is cycle power. I am planning on upgrading all switches to the latest software release universalk9-mz.150-1SE
could this problem be a version incompatibillity between the switches?
View 8 Replies
View Related
Jun 13, 2012
We have many 3750E's and need to use Finisar X2 modules FTLX8541E2. After 15.0(1) IOS upgrade the 3750's now recognize the Cisco part X2-10GB-LRM's, but will not recognize our Finisar modules.
View 1 Replies
View Related
