Cisco Switching/Routing :: 4506 Resilient Routing Design With OSPF
Aug 27, 2012
We have 2 sites, each with 2 x 4506 switches which will be connected togther using an etherchannel. The switches will provide access ports for client devices and will be configured with HSRP to provide gateway redundancy. SW1 will be HSRP active.2 metro ethernet links will be installed in each site which will connect back to our HQ sites. OSPF will be used over the backbone to provide resiliency and to allow shortest path routing to each HQ and to prevent traffic over the HQ to HQ link.
The 4506 will be trunked togther with an SVI for providing OSFP adjacency.For the traffic flow from SW2 to HQ2, traffic will hit SW1 and then route back to SW2 and then to HQ2. Is this the best way to do this? Should a second link be connected between switches just for routing or should something like GLBP be used?
View 6 Replies
ADVERTISEMENT
Sep 16, 2012
We have our network setup as displayed in the attached. We have 2 HQ offices and 1 branch office. The branch office needs to connect to resources located at both HQs but taking the most effecient path. We have ethernet circuits connecting from each HQ to 2 x Cisco 3560 switches in the branch. HSRP has been configured on the 3560 switches with SW1 as active and SW2 as standby. OSFP has been configured in a single area 0 and the path cost on the link between HQs has been increase to allow 3560 SW1 to route to HQ1 directly and HQ2 via 3560 SW2.The 3560s are connected with a trunk with a L3 SVI for OSPF. This seems to work ok but I have noticed that the branch could become transit if the HQ1 to HQ2 link breaks. How can this be avoided? I realise that if we configure the branch subnets and SW1 to SW2 link in a stub area (area1) then all traffic will route from SW1 to HQ1 and will never share over SW2. I'm assuming that this is because OSPF chooses inter-area routes over intra-area.
View 4 Replies
View Related
Jan 31, 2013
I have a customer with a unique configuration. They have two point to point connections - one using a laser link between buildings, and a backup fiber connection running ospf. Issue is when the laser link goes down, there is loss/no forwarding during the reconvergence, causing issues with transffering video feeds.
View 7 Replies
View Related
Jun 10, 2013
Will Resilient Ethernet Protocol (REP) run on all Cisco switches (2960S and 3010) or is it only available on Service Provider switches like the ME3400E?
View 2 Replies
View Related
Dec 19, 2011
I am implementing a guest wireless network to work alongside my internal network. The guest network will use the existing switching network and will be separated by VLANs. I have the ASA set so that traffic can get to it and out to the Internet. I can set up a workstation on the same VLAN as my guest network and can route inside my network (strictly doing this for testing purposes). Where I am having problems is with the Catalyst 4506 switches and the ip routing. I had two separate "ip route" statements defined on my switches.
ip route 10.200.2.0 255.255.255.0 10.200.2.254
ip route 0.0.0.0 0.0.0.0 10.100.100.254
I have discovered that the traffic is always following the default route despite the fact that my IP address on my test workstation falls in the 10.200.2.x network. I was looking at documentation and found that it is possible to set up policy-based routing on the core switches. Can you have two "ip route" statements defined like this to segreate traffic or do I have to use PBR for routing (or a combination) in this case? If I define PBR then how does that impact my existing routing? I need to make sure that I can still route the existing traffic while I'm configuring this change.
View 9 Replies
View Related
Aug 31, 2012
CiscoSwitch1(4506) has 3 VLANs(12,13,14) and Switch2(4948) has 3 different VLANs(22,23,24) and IP routing has been enabled in both switches with SVI interfaces for each vlan. intervlan routing is works fine.Now there is a requirement to connect these switches together. Vlan 12 on the Cisco switch 4506 has to be made available from vlan 22 from Switch2(4948). basically Vlan 12 is having a multicast source (225.0.0.0 & 226.0.0.0) which should be accessabile from vlan 22 of cisco switch 4948.I got 2 ideas
1) Create a trunk between these switches and configure L2 vlan(12) in cisco 4948...i know theoritically it should work but what my concern is Ip routing enabled in both switches will it create any issues? is it a gud solution to this requirement?
2) Create a separate IP network on the ports connecting to both switches and set up routes to the networks.ex- console(config)#ip route 192.168.10.10 255.255.255.0 192.168.20.1.
View 8 Replies
View Related
Mar 8, 2013
I am configuring multicast in a environment where I have a 4506 at each site (4 total) and a 6506 as the core. Each 4506 is connected via layer 3 to the 6506. I have a mix of 3560s, 3548s, and 2960s connected to the 4506s and the 6506 via layer 2 trunk
I have multiple multicast sources and hosts communicating at a time (multiple cameras sending video / multiple computers receiving video). So this is not a scenario where there is 1 sender and many receivers. This would be many senders (~50) and some receivers (~10)
Sample Diagram:
->3560
|
6506 --> 4506 --> 3548
| |
| --> 2960
|
4506 --> 2960
|
-->3548
I configured ip multicast-routing on each of the 4506s and on the 6506. IGMP snooping is on by default on the 3560 and 2960 switches. CGMP is on by default on the 3548 switches.
I set up PIM sparse-dense mode and IGMP version 3 on each of the layer 3 interfaces for the 4506s and 6506 where they connect and on each VLAN that is sending or receiving multicast. Multicast is working throughout the network, however I am looking to verify the configuration as I scale this out to more clients on the network.
#1 - Is it correct to us sparse-dense mode in this configuration?
#2 - Do I need to configure a rendezvous points using AUTO-RP? (ip pim send-rp-announce INTERFACE scope TTL). Not sure here if I need to designate this and what to choose. Right now I do not have this and it is working, but documentation seems to infer that I need to designate this.
#3 - Is there any other configuration settings I should be considering? I hard to find real world configurations of multicast as examples or people that know multicast routing well.
View 3 Replies
View Related
May 22, 2013
I am attempting to filter a specific host(s) from my OSPF routiing table on a ASA 5550 (ABR) using LSA prefix lists. However, when I look at the other routers in that area, I notice that ALL LSA type-3's are being removed (10 hosts are now missing from the routing table). I have verified the filter is working on the ABR, but I can't figure why ALL hosts/routes that were coming into the area are now being filtered instead of the specific one that I want to filter out.
Here is the config on the ABR:
prefix-list pdm_pl_000 seq 10 permit 206.253.180.137/32
!
!
router ospf 1
network 10.0.0.0 255.255.255.0 area 0
network 10.150.10.0 255.255.255.0 area 10
network 10.150.252.0 255.255.255.224 area 10
[code]....
The 206.253.180.137 host is actually coming from Area '3'. Am I doing something that is removing all type-3 LSA's?
View 3 Replies
View Related
Mar 25, 2012
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
View 2 Replies
View Related
Jan 17, 2013
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE)
6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt
Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4
For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
View 12 Replies
View Related
Jun 22, 2012
We have remote office where we have 2921 router with 6 layer 2 switches. We have few servers which need to be in specific vlan.
2921 router does not have switching engine we are using this to support VOIP.
So on 2921 router i created 6 sub interfaces for each vlan and assign them to their specfic vlans. Then I have trunk connection to switch 1. Now switch 1 connects to all other switches in the network. As our company design all layer 2 switches should be transparent mode. i tested them i can ping from one switch to all other switches.
Router vtp mode i set to transparent mode and from all switches i can ping the router sub interfaces.
View 4 Replies
View Related
Jan 4, 2013
I am currently running a 4506 with a sup V engine. I have purchased a sup 7 engine. Is there a guide on how to perform this task. I am sure I need to do an IOS update as well.
View 2 Replies
View Related
Dec 6, 2012
We have sup engine 6L(WS-X45-SUP6L-E) on two 4506 switch. both switches connected in LAN (HSRP primary and Secondary).
We are going to replace it with Sup7LE. What is the best procedure to get this done with minimal outage?Any other important thing to be noted ? Note : We have Lincence for SUP 7LE
View 2 Replies
View Related
Jun 11, 2012
We are attempting to PXE boot from clients obtaining their DHCP lease information from DHCP pools configured on our 4506. The PXE server, and the client are configured in separate VLANs. We have configured option 66 to point to the PXE server IP address, and the bootfile option to point to the PXE boot configuration filename. On the client side SVI, we also have configured the ip helper-address command to point to the PXE server (which also acts as another DHCP server for redundancy).
The PXE boot continuously fails stating it is unable to find the configuration file. If we remove the DHCP pool from the 4506, and allow the client to receive their DHCP lease info from the secondary server (Windows 2k8 - same server as PXE server), they PXE boot with no issues.
We have no problem obtaining DHCP info, just completion of the PXE process.
View 6 Replies
View Related
Mar 19, 2013
Does SUP 7E is comatible with IOS? It came with IOS-XE preloaded and there are no IOS software listed under downloads.
View 3 Replies
View Related
Apr 7, 2012
Yesterday I've faced a Problem that is not letting me boot with the new IOS.
Actually I'm planning upgrade IOS which supports SSH. As part of plan I've downloaded the new IOS image and uploaded via TFTP server to the switch.
After uploading to the switch. I've verified image and MD5 hash also. Everthing is fine. Then after I set the boot variable for the newly uploaded Image.
When I'm rebooting the Device it is not taking the new IOS. It's booting with the OLD image. Even It's not showing any error message while rebooting (ACTIVITY FILE ATTACHED FOR YOUR REFERENCE) I can't take risk by deleting the old IOS.
View 1 Replies
View Related
May 8, 2013
I have 4506 with below sup, my requirement is to enable netfolw , but as i came to know that it is not supported in this sup, is there any additional option which can be explored to get the netflow working without replacing sup.
Card Type Model
-------------------------------------------------------------+-----------------------
Sup 6-E 10GE (X2), 1000BaseX (SFP) WS-X45-SUP6-E
View 4 Replies
View Related
Apr 17, 2012
is it possible to run hsrp on two routers (not l3 switch) connected to a l2 switch ? if so does the two routers need a back to back connection ?
i know if use two l3 switches (instead of routers) and connect to a LAN switch then we need a back to back connection between the L3 switches
also can we use hsrp on vss on 6500?
design
1800 router 1800 ROuter
| |
| |
|---------- L2 switch-------------------------------|
if the above design is acceptable how does the routers know which one is active and which one is standby ? if we need a direct connection between two routers they have to be on a seperate subnet and routers dont allow broadcasts - so how will hsrp work on routers ?
L3 switch --------------------------l3 switch
| |
| |
|---------------L2 switch---------------|
View 8 Replies
View Related
May 11, 2011
We are designing a LAN Network for ourselves.The proposed design is as follows:
4 x 2960S switches in a Stack Access-Stack-I 4 x 2960S-PoE switches in a second Stack Access-Stack-II
2 x 3750X switches in a Stack Core-Stack
Now I would like to connect it in the following manner ?First,I would like to use EtherChannel using the 10Gig LinksSecondly, I would like to use Cross-Stack EtherChanel too.I have given a graphical illustration of the connectivity Now my Qs: a) Will the 2960S supports EtherChannel using the 10G links and the 3750X too... b) Does the proposed solution will work... or It will have any problems.
View 4 Replies
View Related
Aug 25, 2012
QoS design problem that I have. I have a client that is deploying new 4507 series switches with SUP6Es. The client will be running lots of voice, streaming video, and video conferencing over the LAN and want to base QoS on Cisco Media net recommendations.
I need to design a new QoS policy with focus on the above media services with basic queuing for critical data services. I have read the Media net design guide and the suggested 12-class model will be too complex to start with but I have seen references to start with a 8-class model with the ability to easily migrate to 12-class in the future. The 8-class model meets all of our requirements but I need to understand how this will work with the 4507 queuing model? [URL]
View 1 Replies
View Related
Apr 25, 2012
I've been tasked to come up with a design to segment our internal network to reduce broadcast domain size. In addition, we are running out of DHCP available DHCP addresses. I need to have a solution that will give me more available IP's, but reduce our broadcast domain.
We are Cisco VoIP shop. Our current environment consists of dual 6509 chassis in a VSS config. We have 10 access switches that are model 3750's. Each 3750 has dual 1Gb fiber links to the VSS Core in an etherchannel configuration. We have 2 VLANS (data and voice) that spread throughout every switch. Both VLAN's have their own DHCP scope.
Our current broadcast domain is a 255.255.248.0, so we have over 2000 potential broadcast devices. Cisco recommends not having larger than 512. So my research has brought me to a design as follows:
MY DESIGN:
> Have individual voice and data VLANs for each closet switch.
> We have 10 closet switches so this would require 20 new vlans
> With every separate VLAN we would need a different DHCP scope.
> Configure 20 new DHCP scopes for the 20 new VLANs.
> Each DHCP scope would have a 512 available addresses.
> Enable IP Routing and configure EIGRP on the VSS Core and 3750's.
> I'm tossing around the idea of have each 3750 be an EIGRP Stub. Not sure yet.
QUESTIONS:
1. How to verify what I described in my design?
2. Any alternative solution that might be less complicated than configuring Layer 3 on all my access switches?
3. Any thoughts on configuring EIGRP Stub vs. having the VSS Core do all the work?
4: Any template that I could base my 3750 config from?
View 6 Replies
View Related
Oct 24, 2010
We have just purchased and installed a 4506-E chassis. It contains a supervisor, two POE blades and 3 non-poe blades. Version is 12.2(53)SG1. Anyhoo, one of the ports isn't providing power to an IP phone. We can plug the phone into any of the other POE ports and it works fine. Is there a way to test an idividual port for POE problems? What could the problem be? The port works for normal data but will not provide power.
View 12 Replies
View Related
Dec 4, 2011
We ordered the wrong part number for a Cisco 4506 non-E chassis, the part number is: WS-X4624-SFP-E and the device is showing "Unsupported module"; What would the part number be for the non-E? WS-X4448-GB-SFP,Catalyst 4500 48-Port 1000Base-X (SFPs Optional) ?
View 1 Replies
View Related
Mar 14, 2013
i'm desperately trying to get LACP working over a dot1q Tunnel. The "Service Provider" Switches are two 4506-E Switches with SUP7-E connected via a 10G Link, running on cat4500e-universalk9.SPA.03.03.00.SG.151-1.SG
sample config:
dot1q tag vlan native
interface GigabitEthernet3/1
switchport access vlan 2001
[Code].....
View 4 Replies
View Related
Jun 8, 2012
a 6509 and a 4506 with 2, 1gb interfaces in a portchannel. Bring it up and everything is fine. Save the config and reload either switch and the interfaces stay in Not Connected state. Either doing a No Shut or a physical unplug the SFP and plug it back in will bring it up with no issues. Interfaces do not go into Err Disabled state they stay in Not Connected like there is no fiber plugged into it. No error mesages in the log. The Just the Interface is now up.Both are running very new code,
6509 - s2t54-ipservicesk9-mz.SPA.150-1.SY1.bin ( 15.0.(1)SY1 )
4506 - Version 03.02.00.XO
View 1 Replies
View Related
Aug 12, 2012
I have "inherited" a Catalyst 4506 with IOS version 12.2(20)EWA1 and Supervisor IV already installed. We recently purchased a second Supervisor IV and I am looking to install this second supervisor for redundancy. Is there anything special with installing a second supervisor or so I just physically install the new supervisor and the IOS will automatically set everything up?
View 3 Replies
View Related
Dec 18, 2012
I have a setup with two Cat 4506E working as a HA,I used a bundle 4Gb interfaces working as ether-channel,I'm facing a problem with DHCP pools on the both SW's,There is no problem if I use the pools on one sw,But when I but the pool on both sw's then I faced a lot of conflict IP in the DHCP pools,How can setup a real DHCP redundancy on both SW's,
View 6 Replies
View Related
Mar 25, 2013
My inherited network has a Cisco Catalyst 4506 with a WS-X4124FX–MT fiber card that connects to twelve Cisco 2950 switches over 62.5 micron multimode fiber at 100 Mbps. I do not know my run lengths (or even where the conduits run), but the furthest switches are well over a thousand feet from the server room. Any appropriate test equipment to provide this information soon.
We are looking at upgrading the main switch to a Catalyst WS-C4507+E with two WS-X4712-SFP+E cards and the closets to Cisco 2960S-48TD-L switches. Assuming this is a reasonable move, my question is about choosing the appropriate SFP’s for our current and future needs.
I am aware that 62.5 micron multimode fiber is the least favorable for extended lengths, but I will not be in a position to replace it for at least a year. If I purchase 10 Gbps modules, like the SFP-10G-SR or SFP-10G-LRM, can they “throttle down”, either automatically or by setting a parameter, to communicate at slower speeds over distances that exceed their 10 Gbps maximum link lengths on multimode fiber?
View 1 Replies
View Related
May 14, 2013
We want to permit certain mac addresses on the cat 4506 switch wherein only those mac addresses will get access to network.
Configuration Planned: For testing purpose we have created mac access list on cat 4506 and deny laptop mac address in this access list. The mac access group is applied to the port where the laptop is connected to cat 4506.Even after applying the mac access group on the port, the laptop is able to ping the vlan ip of cat 4506 [code]
laptop with ip address 192.168.10.2/24 connected to port 2/1 is able to ping 192.168.10.1 even after applying the mac access-group
Note-we have tested same configuration on cat 3560 and its working fine. We apply the mac access-group command on interface and clear the arp-cache and we are not able to ping vlan interface ip. The moment we remove the mac access-group,ping starts again.
View 4 Replies
View Related
Nov 30, 2011
I have three 4506 switches with vlan 4 set as the management vlan. Switch 1 is connected to switch 2 and switch 3.
I can access switch 1 and 2 using telnet from the management vlan and both switches reply to pings. But from switch 1 or 2 I cannot ping or telnet switch 3. If I plug into switch 3 and I can ping and telnet switch 3 but not switches 1 or 2.
It is as if the management vlan 4 is not being passed to/from switch 1 and 3. The configs for the uplinks from switch 1 to 2 and 3 are the same. And the configs for switches 2 and 3 look the same apart from the port settings.
I have over 40 vlans running all that work fine between all the switches.
View 28 Replies
View Related
Nov 14, 2011
I have one computer connected to the 4506 that management does not want this PC to have access to anything on our network except our DHCP server and the one printer that resides on our network. I created an extended access list as follows. Our network is the 10.10.x.x and the external addresses the PC needs to access is 11.1.x.x. Once this PC is rebooted, it is unable to access DHCP to get the needed IP address it bounces back to a 169.x.x.x address and stops working.
Extended IP access list 2000
permit tcp host 10.10.200.242 host 11.1.200.1 (gateway)
permit tcp host 10.10.200.242 host 11.1.2.151 eq smtp (access from the pc to external server for smtp)
permit tcp host 10.10.200.242 host 11.1.2.149 eq 5721 (access from the pc to external server for remote access)
[ code]...
Then I applied the access-group 2000 on the interface the PC is connected to. What am I missing for DHCP to work and for this PC to always get the ip address that is reserved?
View 3 Replies
View Related
Nov 17, 2011
I have a typical LAN environment that spans across a large warehouse. I have done a lot of redesigning of the environment to satisfy the need for a disaster recover plan. I now have created a LAN with multiple v lans and must also connect all the access layer switches back to the core switch where the servers are.
I was thinking of something simple such as Port channel of 2 Gbps across the backbone and simple floating static routes . I have then moved my wan access link to a 3750 and implemented routing a CEF at each of the 3 core switches (blue). My question is more of design.
View 1 Replies
View Related
Apr 19, 2012
Small datacenter design. My requirements and setup will be as follows Dell PowerEdge M1000E Blade Chassis (initially one full chassis)Dell Powerconnect 10GbE Blade SwitchesDell Compellent Storage Array 10Gb iSCSI with redundant controllersDell Powerconnect 7024 dedicated external storage Virtual host blade servers 2 x Cisco ASA for firewall (5525-X or similar in active-active configuration)2 x redundant routers or switches as gateway to public internet I am looking to be able to segregate customers (approximately 100) into seperate VLANs at the access layer and route them up to the Cisco ASA firewalls using Dot1Q trunking for segregation. The Cisco ASA's will perform NAT functionality and route to the redundant gateways. I then need to police each customers traffic at the gateway to limit bandwidth and perform specific traffic marking along with simply routing out to the internet.
Budget is somewhat restrictive so I am looking for the most "cost effective" devices I can use at the gateway to perform the traffic policing/marking/routing for each customer.
View 1 Replies
View Related
