Cisco Switching/Routing :: 3750G-12S Policies Based Routing Configuration
Mar 4, 2012
I've one Cisco 3750G-12S with ip routing enable, the swtich is with IP Service firmware, with PRR support.Currently set my default static route 0.0.0.0 0.0.0.0 10.1.18.71 to my Firewall A Currently all of the VLAN for will be routed to 10.1.18.71
I've created a new VLAN 2 for my 10.1.2.0/24 network with the VLAN interface 2 ip address 10.1.2.10, my intention is to route 10.1.2.0/24 traffic to my 10.1.2.1 by creating the access list and route-map.
I've configure my test pc with a static ip and my gateway pointing to 10.1.2.10 (VLAN 2 gateway) , i'm not able to route to 10.1.2.1.
View 7 Replies
ADVERTISEMENT
Jan 2, 2013
I have one switch 3750G12S I joined the company new, I found that they want to replace it with Alcatel stack switches. I didnt configure this Cisco switch before. how to configure it. I have 4 other new cisco switches in the topology which is not created yet. the 4 switches are all 2960.
View 17 Replies
View Related
Mar 7, 2013
I am having an issue bypassing a switch 3750G series. How i can bypass the old configuration in the switch.i have tried the CTRL+BREAK at startup but it wont work.
View 2 Replies
View Related
Jul 5, 2010
I have a WCCP Configuration on a Catalyst 3750G and a IronPort Webappliance. I have configured this situation many times before with cisco asa and ironport wsa, but with a switch, this is my first time.
VLAN 147 is a transportation vlan between the cisco switch and a hp coreswitch with the clients and servers behind the hp coreswitch.
VLAN 147 IP Address of the Catalyst is 172.30.47.1
IP of the IronPort Appliance is 172.30.47.10
IP of the HP Coreswitch is 172.30.47.2
Plan is to redirect the webtraffic coming from clients and servers from the 10.0.0.0/8 net behind the hp switch to the ironport wsa. In have configured these settings.
ip wccp web-cache group-list 15 password 7 091D1C5Aip wccp 80 redirect-list 16 group-list 15 password 7 14464058
interface GigabitEthernet1/0/22 description IRONPORT P1 BUWOG switchport access vlan 147 switchport mode access
interface Vlan115 ip address 172.30.15.2 255.255.255.0 standby 10 ip 172.30.15.1 standby 10 priority 90 standby 10 preempt standby 10 track Vlan115!interface Vlan147 ip address 172.30.47.1 255.255.255.0 ip wccp web-cache redirect in ip wccp 80 redirect in
[code]....
View 6 Replies
View Related
Feb 12, 2012
I was unable to configure vlan-based qos on Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1) Seems to me my configuration is not working. Here is the output of the interface:
sh int G1/6 | i rate
Queueing strategy: fifo
30 second input rate 25231000 bits/sec, 4282 packets/sec
30 second output rate 46940000 bits/sec, 9257 packets/sec
And here is my configuration:
interface Vlan3
ip address 192.168.1.1 255.255.252.0
service-policy input TEST_IN_PMAP
service-policy output TEST_OUT_PMAP
[code]....
Why I can't see matches in ACLs? I've double checked the direction and seems to me it is correct. I can't see matches even I configure something like this:
10 permit ip host 192.168.1.168 any
20 permit ip any host 192.168.1.168
Why my output rate is higher than 30M? Is it bacause there is no matching traffic here in ACLs? I'm absolutely shure that this host with such ip connected to this interface:
#sh arp | i 192.168.1.168
Internet 192.168.1.168 0 feed.beef.f00d ARPA Vlan3
#sh mac address-table | i feed.beef.f00d
* 3 feed.beef.f00d dynamic Yes 0 Gi1/6
View 9 Replies
View Related
Jan 15, 2012
Has any come across show ver memory details on 3750G-48PS as below, One of our Catalyst 3750G running software 12.2(44)SE2 shows unexpected DRAM as below:
cisco WS-C3750G-48PS (PowerPC405) processor (revision F0) with 0K/12280K bytes of memory. This would equate to around 11MB memory which does not seem right... Is it a known IOS bug?
View 1 Replies
View Related
Jun 7, 2012
I've got a requirement to do Inter-VRF routing (need MP-BGP) using a private AS Number on a stack of 7 x 3750G's, my question ultimately is the performance overhead of doing such a change.
The stack will have no more than 300-400 routes even with the duplicates invoked from doing VRF leaking so I can't see much of an issue myself, we already have 2 VRF's and OSPF running in each VRF just don't have MP-BGP to do the VRF leaking.
Ultimately there will be about 4-5 VRF's (I know there's a Software limit of 26 VRF's on a 3750G).
View 3 Replies
View Related
Jun 27, 2012
I am looking for a way to create different routing policies for vlans on a 3750 table.
My set up is
Clients----------- 3750 -------------- ASA ---------------Servers
|
|
|
Internet Routers
What i am trying to do is on the 3750 to route private networks to my ASA on different subintefaces and all internet to my internet routers . Each VLAN has a different GW for the internet. On some case i have the ASA as a default gateway. ASA default default route is 3750 where i need the internet traffic to be spllited on the proper Boarder router.
View 1 Replies
View Related
Sep 10, 2012
I've been testing some QoS policies, and I have not been able to make a type QoS policy work in the outbound direction. Simple example:
ip access-list QOS-VOICE
10 permit ip any 10.120.11.0/24
20 permit ip 10.120.11.0/24 any
class-map type qos match-any IN-VOICE
description Voice/VoIP/IPT
[code]....
The 7Ks are running NX-OS 5.2(4). Just wondering - has any one got an outbound qos policy to work on a N7K?
View 2 Replies
View Related
Jul 18, 2011
I need to configure Policy Based Routing. There are two WAN Links from two Different ISP : Campus NW has one CORE switch - Cisco Catalyst 6506. [code]
View 3 Replies
View Related
Apr 19, 2012
Cisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies
View Related
Feb 26, 2012
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
View 3 Replies
View Related
Jun 24, 2012
I have a 1941 router configured for Policy based routing with two ISPs.Two static default routes configured to point the gateways of respoective ISPs with same metric.But the problem is, packets are going throug the one ISP only while doing traceroute.
N/W connectivity:
ISP1-----> <----------------------> LAN1
| Router |
ISP-------> <----------------------> LAN 2
Below is my configuration :
Current configuration : 5958 bytes
!
! Last configuration change at 05:18:56 UTC Mon Jun 25 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[code]....
View 26 Replies
View Related
Oct 17, 2011
I have a simple design with 3750. I configured a route-map which define a next hop. I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR? I think of CEF .
View 5 Replies
View Related
Jan 28, 2013
In our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.
Created access list to identify traffic:
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
Created policy:
route-map TestASA permit 10
match ip address 10
set ip next-hop 10.2.0.3
Assigned policy to the user vlan3:
ip policy route-map TestASA
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.
View 16 Replies
View Related
Apr 17, 2012
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2
Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3
Route-map pbr1 permit 10
Match ip address 100
Set ip next-hop verify-availability 1.1.1.2 1 track 11
interface fasthethernet 0/1
ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11
Match ip address 101
Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
View 16 Replies
View Related
Sep 5, 2012
I have a simple design with 3750.I configured a route-map which define a next hop.I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR?
View 10 Replies
View Related
May 10, 2012
I have problem while implementing policy based routing with a firewall. Let me explain in detail.
I have 2 remote site(Site A-small , Site B - Big) , Site B is connected with HQ with Tunnels 1 and 2 , Site B and Site A is connected with Tunnel 9941.
What I want is: Scenirio for Communication :
1)Site A--------->VPN Router Site B-----------> FW-------------->VPN Router Site B------------------>Central Site
2)Central Site--------->VPN Router Site B-----------> FW---------->VPN Router Site B-------------->Site A
3)Site B--------->FW-------------------->VPN Router Site B------>Central Site
4)Central Site--------->VPN Router Site B-------------------->FW------>Site B
5)Site A--------->VPN Router Site B-----------> Site B(no firewall)
6)Site B--------->VPN Router Site B-----------> Site A(no firewall)
Tunnel 1: 10.13.199.1-2
Tunnel 2: 10.13.199.1-2
Tunnel9941: 172.22.99.1-2
Site A LAN- 10.99.41.0/24
Site B LAN- 10.99.0.0/16
Central LAN - 10.18.0.0/16
View 4 Replies
View Related
Mar 11, 2012
I am having a problem with PBR done on a 7604-S router - It seems like it is not done in harware. I have an Iperf client and an Iperf server, and would like to test the performance of 7600 router for PBR, supervisor is RSP720-3C-G and used interface card is 7600-ES20-GE3C ESM20G.
I have read numerous discussions about PBR that is supposed to happen in hardware when you use it with matching access-list and set ip next-hop.Although, when I start the iperf, the 7600 cpu is hitting the 80-90 % boundary, and transfer bandwidth can't go over 120-130 Mbit/s.The IP Policy is applied on an interface part of vrf ONE maybe this is casing the problem... ?
The diagram and configuration follows:
Configuration:
c7604#sh run
boot system flash disk0:c7600rsp72043-advipservicesk9-mz.122-33.SRE2.bin
!
ip vrf one
[Code]...
View 8 Replies
View Related
Jan 8, 2012
I've been implementing a setup where a remote office has a Cisco 1900 router. There are 2 GRE/ IP SEC tunnels to the headquarters, 1 over public internet, 1 over a private cloud. Because of some MTU issues we have to clear the DF bit for some of the traffic, but we also want to use PBR to send https traffic over the "public internet" tunnel and the rest of the traffic over the "private cloud" tunnel. I'm able to clear the DF bit and to do the PBR with route-maps, but I'm not able to implement both functionality at the same time.
View 1 Replies
View Related
May 29, 2012
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies
View Related
Dec 2, 2012
I have 2 ISP connected to Router A and Router B.Both the routers are connected to the core 3750 switch.. I want to send the traffic from the switch that goes to router A to router B..[code]
View 10 Replies
View Related
Mar 6, 2012
I need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
View 26 Replies
View Related
Nov 8, 2012
I have a couple of 3750G-24T-E switches running IOS 12.2 I would like to upgrade to IOS 15.x. Is this possible? Where do I find some information on the required licenses and costs? I must admit that the cisco search function did come up with a few pages but i was not able to extract the required information. I have not used the new software activation features yet.
View 1 Replies
View Related
Mar 21, 2012
I got Two Distribution Switches of Cisco 3750G. Each Distribution have two 3750G switches stacked. I also have one Cisco 3750V2 Access Switch connected to both Distribution. When I am checking for redundancy, I can only get redundancy test pass for one link not atall for other. If I have a link up with Distribution 1 only then its fine; but disappointment with Distribution 2 link. I can see that the switch priorities of Dist 2 is not correct ie. Master's priority is 10 and Member's is 15.
My question is that due to misconfigured priorities on Distribution 2 stack switches I am failing with redundancy if ONLY Dist 2 is up and Dist 1 is down.
View 4 Replies
View Related
Oct 2, 2012
I am trying to stack the following -
3750G 12S - 12.2.53(SE2 IP Services) Running EIGRP & OSPF
with
3x 3750X 48P-S - 12.2.53(SE2 IP Base License)
Doing some research, the IP Base does EIGRP on the 3750X, does it do OSPF?
If not I will have to get licence for the 3750X?
View 3 Replies
View Related
Oct 8, 2012
I am having a switch 3750G (WS-C3750G-24TS-S) running a software version (c3750-ipservicesk9-mz.122-55.SE6.bin) and using the PBR with IP SLA.While, i am applying it on interface, it says not supported....
route-map TO-CAS-E0 permit 10
match ip address 125
set ip next-hop verify-availability 10.116.199.200 10 track 100 (if i change this command to set ip next-hop 10.116.199.200, it works)
!
WAN-L3-3750SW01(config-route-map)#interface GigabitEthernet1/0/11
[code].....
View 2 Replies
View Related
Nov 20, 2012
have 2 3750's one is an 3750E the other one is a G... Since they are 2 different versions Do I need to correct ios for each for example my 3750E switch i would have
IP BASE
c3750e-ipbasek9-mz.122-53.SE2.bin and for my 3750G switch should i use
IP BASE
c3750-ipbasek9-mz.122-53.SE2.bin
Which would be 2 separate images
View 4 Replies
View Related
May 26, 2011
I have a 3750G and bought a new 3750X. It possible to stack these two together?
View 5 Replies
View Related
Nov 18, 2008
I have a 3750g on which I am trying to configure the ip policy route-map command on each of the vlan interfaces. However after entering the command it does not appear. I'm not sure what to do at this point. I have changed the SDM template to routing and I am running the IPServices image.
View 2 Replies
View Related
Jan 23, 2013
I have just received a new Cisco 3750G Switch from my parent company. When attempting to install the switch, I discovered that it will not boot to CLI, only to the bootloader. After using the command boot, the switch attempts to boot the most current IOS version, but fails, stating "error loading XXXXXXXXXX.bin".
Obviously, I just need to get a functional version of the IOS onto the switch to boot, but the problem is exactly how can I do that? All (or most) the commands with which I am familiar are unavailable in the bootloader, so all methods known to me fail. Is there a simple way (maybe using the copy command?) to put the .tar or .bin file onto the flash?
View 2 Replies
View Related
Sep 17, 2012
I am trying to create an ACL that walls off a VLAN and only allows it to the internet. This is on a 3750G, currently the 3750G I am attempting this on is in a stack. I have another 3750G that is a standalone.
The first way I attempted this was to create two access-lists: access-list 101 permit tcp 10.249.1.0 0.0.0.255 any eq 80 access-list 102 permit tcp any 10.249.1.0 0.0.0.255 established
Let's call the 10.249.1.0 VLAN 2. I applied this to the VLAN2 interface, 101 out, 102 in. It didn't work. If I place a deny statement with nothing else, that works.
The second attempt was this: access-list 101 deny ip 10.249.1.0 0.0.0.255 any access-list 101 permit ip any any
I applied this to a VLAN I wanted to block VLAN2's traffic from reaching, let's call that one VLAN 3.
This lets all traffic from any VLAN (including the one I'm trying to block). If I remove the "permit ip any any", then all VLANs are denied. Which I understand is correct due to the implied deny all. What I don't understand is why it isn't applying the ACL to the specific VLAN.
View 3 Replies
View Related
Jun 2, 2013
I have a 3750G that used to be a Stack Master of a stack comprised of 2 identical switches. Since then, we have removed the stack from production, and I factory defaulted the stack MEMBER and that went fine. I just held the "Mode" button on the front until the lights all lit up and then issued the reload command and the switch came back with no configuration OTHER than the vlan database I issued the "del vlan.dat" command to no avail. I just manually removed all the vlans.
The stack MASTER on the other hand will NOT go back to factory defaults, and will also NOT erase the vlan database. Everything I try will NOT work. I've tried the following
1) Hold mode button & issue a reload after the lights start flashing
2) issue "Write Erase" then issue "reload"
3) issue "Write Erase", then issue "Write", then issue "reload"
4) issue "erase start" then issue "reload" (just in case the "write erase" command is being depriciated or something weird)
5) issue "erase start" then issue "copy run start" then issue "reload"
Is there a special way to reset a StackMaster back to factory defaults?
View 6 Replies
View Related
