Cisco Switching/Routing :: 4948E DNS Resolution Not Working Using MgmtVrf
Jan 30, 2013
Using a 4948E switch with FastEthernet1 as the management interface which uses the VRF mgmtVrf. I cannot get DNS resolution to work for some reason.
I am using code enterprise 15.1-2.SG and here are the relevant config snippets:
ip domain-lookup source-interface FastEthernet1
ip domain-name domain.com
ip name-server 4.2.2.1
[Code].....
I read online there are some commands in a different code that support specifying the VRF along with the name servers, but I don't have those options. All I can do is set the source-interface on the domain-lookup command.
View 3 Replies
ADVERTISEMENT
Dec 5, 2012
I have been asked to look at designing a network internally. I have no control of the upstream network besides requesting changes.Essentially I'm confused as to the best way to approach configuring the following and wondered if you could share any experiences. It's stretching the limits of a CCNA IMHO, although I understand a lot about networking this is one area where I'm a little sketchy.
Kit list:
4948-E-S or E-E switches.
Cisco ASA 5545 firewalls
Cisco ASA 5520 firewall
& Multiple L2 switches
- I have 3 subnets in total, a /29 for routing and two larger subnets routed to the /29
What I'm trying to do:
1) Have some hosts protected by the ASA 5545 firewalls, probably in routed mode (that's the confusing part). I cannot use NAT so the inside interface/VLAN would need public IP's.
2) Have some hosts not protected by the ASA, therefore straight out onto the public Internet with no firewall whatsoever, they connect directly to the L3 or to the L3 via a L2 switch.
3) Have the ASA 5520 take an IP from the public (non-protected range), as this will be a VPN endpoint too and will also need to have NAT enabled. This should be easy as it just takes an IP from a public subnet, the ASA 5545's are the tricky part as they cannot use NAT at all. I've also been advised not to use Transparent mode either.
4) L3 switches are essentially external switches, doing the routing for our subnets, before upstream.
5) Upstream provider provides gateway with HSRP, we're looking at using HSRP and a routing protocol on our side over two 4948 switches. Any recommendations on this?
6) Further to point 5, we do not currently have any ability to do BGP or anything. That would be done by a separate team, upstream.
Note: I've also got to justify the use of each IP to the network management team, they are quite stingy so I have to be careful that I don't waste too many IP's for core network. So what I'm thinking is I have to create subnetworks of my main subnets to break them up into smaller pieces, and then add some onto the inside interface of the ASA and others will be on the L3 switch. Then of course route the networks to the ASA outside IP. Saying that, I'm not clear if I should create a /29 or /30 to route to the outside of the ASA or grab one from the larger subnet as it were? The final outcome is that we can connect a machine directly to the Internet or behind a firewall, depending on the requirements for that individual device. All devices will have public IPs.
View 10 Replies
View Related
Sep 3, 2012
I am trying to setup SNMP v3 on a 4948E switch here is what I have done so far:
snmp-server location "location"
snmp-server contact IT Admins
snmp-server group SNMPgrp v3 priv read SNMP-ro write SNMP-rw access 80
snmp-server user snmp_user SNMPgrp v3 auth sha xxxxxxxxx priv aes 128 xxxxxxxx access 80
What else am I missing and how can I confirm that it is configured correctly?
View 2 Replies
View Related
Sep 4, 2012
I'm in the process to install two 4948E switches. I will be configuring GLBP and wanted to get some guidelines on configuring GLBP and EIGRP:
- First question is like HSRP I'm configuring it on both swithches like this:
Switch 1:
interface vlan 5
ip address 10.1.5.249 255.255.255.0
glbp 5 ip 10.1.5.1
glbp 5 priority 110
glbp 5 preempt
glbp 5 authentication md5 key-string xxxxxx
[code]....
- Second question is about EIGRP, when I configure EIGRP on the main switch that is AVG with the following commands, will I also have to run the same commands on the second 4948 E too?
router eigrp 10
network 10.1.5.0 255.255.255.0
View 2 Replies
View Related
Jan 14, 2012
I want to understand - if 10G ports of 4948E (4 x 10Gb) they are block or non-blocks? I want to connect this switches with 20 GB (lag) to my BB switches and i need to prepare my infrastructure to 17.5GB troughput of video traffic.
View 9 Replies
View Related
Feb 22, 2012
Cisco c4948e switch log is showing :
COMPACTFLASHNOTREADY: Compact flash is not ready
Feb 24 00:28:22.338 UTC: %C4K_FLASH-4-COMPACTFLASHNOTREADY: Compact flash is not ready
COMPACTFLASHNOTREADY: Compact flash is not readyFeb 24 00:28:22.338 UTC: %C4K_FLASH-4-COMPACTFLASHNOTREADY: Compact flash is not ready
Checked the data sheet and is not supported. Why we get this log from the switch? is it cosmetic?
AME: "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45), 10GE (SFP+) Supervisor with 48 10/100/1000BASET ports and 4 10GE SFP+ port"PID: WS-C4948E , VID: V01 , SN: CAT1425S0NZ
NAME: "TenGigabitEthernet1/49", DESCR: "SFP-10Gbase-SR"PID: SFP-10G-SR , VID: V02 , SN: AGD132134ER
NAME: "TenGigabitEthernet1/50", DESCR: "1000BaseLH"PID: Unspecified , VID: , SN: FNS141203YF
[code]...
View 3 Replies
View Related
Sep 11, 2012
Trying to configure the Cisco 4948e switch gigabit ethernet port with "switch port trunk encapsulation dot1q", but didn't get the option. Please find below the options got after "swith port trunk"............
SW(config-if)#switch port trunk ?
allowed Set allowed V LAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking mode
pruning Set pruning V LAN characteristics when interface is in trunking mode
SW(config-if)#switch port trunk. Please find below the version of the SW............
SW#sh ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Versi
on 12.2(54)SG1, RELEASE SOFTWARE (fc1)
Technical Support: {URL}
ROM: 12.2(44r)SG11
Hobgoblin Revision 21, Fortooine Revision 1.22
[code]...
So, whether the command is not supporting on this Cisco switch ? But we have Cisco 4948 Cisco sw where that command is working fine.
View 8 Replies
View Related
Sep 23, 2011
My RV220w has a problem with DNS. I have configured the device for my network, but it seems as though DNS is not working correctly. For a background, I have a primarily Windows environment in my network, W7 PCs. I use homegroup to share files/printers amongst them. I like that I can type "\<server-name> in the Windows search box, and up comes the other computer's files. This functionality is still there with the RV220w, so that's not my issue. My problem arises when attempting to type "<server-name>" into the Remote Desktop Connection dialog box. I can no longer RDP to my other computers by name. Attempting by IP does get me there.
View 11 Replies
View Related
Sep 11, 2011
I'm running a Windows Server 2008 R2 connected via cable to my RV220. The server is hosting several websites running in separate virtual machines. These websites are accessible through a reverse proxy set up on the 2008 R2. In addition the 2008 R2 provides access to storage over Windows file sharing (client backup, file sharing ...). Most of the clients are connected via wireless.My problem is that after some time (~24h) I lose the connection to the services provided by the 2008 R2 server as a result of (host) name resolution has stopped working. This only happens for wireless clients. Wired clients are not affected.To give more details: Network clients connected via wireless can't see clients connected via Ethernet and the network shares are not accessible anymore (even by putting in manually "\hostnameshare", but "\[IP address]share" still works). Being connected via Ethernet the communication between client and server works flawlessly - the server appears immediately on the network device list. The other way around is also not possible: the server can’t see clients connected via wireless. The reverse proxy is still accessible through wireless connection by putting in the IP address, e.g. "http://192.168.1.123/homepage" but "http://hostname/homepage" won't work.A restart of the router will fix things but only for the next couple of hours.
View 4 Replies
View Related
May 21, 2013
I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
View 1 Replies
View Related
Nov 23, 2011
I am using a cisco 3750 in my network as a gateway, and above it I use a squid machine for caching my internet. My network is like this:
Basically I have two VLANs on my network which are VLAN10 and VLAN100, VLAN10 is the cooperate network of my office. VLAN100 is the management VLAN which i use for the switches. I keep the squid as well the client in VLAN10.
squid (192.168.1.50)---->cisco 3750(192.168.1.123)---->Distribution Switch(cisco 2960)---->client PC (192.168.1.5)
I have done nating on squid and internet is working pretty fine when I use the client gateway as the squid, but when I use the cisco 3750 as my gateway after adding route maps for forwarding the internet traffic coming to the cisco 3750 to squid it disconnects me from internet as well I cannot even reach the switches from the corporate network. These are the only Lines I used for the routing:
!
route-map proxy-redirect permit 10
match ip address 110
[Code]......
View 6 Replies
View Related
May 14, 2011
Installed new Router. Web site resolve takes ~ 10 seconds. We are running domain. The local DNS is on 192.168.6.2. When the dns is resolved browsing the website is fast. But after few min it gets slow again.
Running ping from Local PC
Pinging google.com [209.85.229.104] with 32 bytes of data:
Request timed out.
[code].....
View 5 Replies
View Related
Jan 3, 2012
My network is like this:
Cisco 3750 (Core Switch)-----> Cisco 2960 (Distribution Switch)-----> Client (PC, Laps, Printers…etc)
Basically I have 3 VLAN’s. Office VLAN (for cooperative usage) which is VLAN 999 which has a defined IP address of 192.168.1.123 and Guest VLAN (for the guests who visits our hotel, most of it are wifi AP’s) VLAN 20 which has an IP address of 10.172.4.1. All these SVI are defined on the core switch.
Is there any way I can introduce a new VLAN lets say VLAN 40 and use PBR to route the packets going to VLAN 40 in the IP range 192.168.1.x to VLAN 999 and 10.172.4.1 to VLAN 20? I have tried this already and it is not working. Here are the configurations I have used.
Access-list 110 permit ip 10.172.4.0 0.0.0.255 any
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
route-map INT_RVLAN permit 10
match ip address 120 110
set ip next-hop 192.168.1.123 10.172.4.1
interface VLAN 40
ip policy route-map INT_RVLAN
Where have I gone wrong?
View 8 Replies
View Related
Jun 4, 2013
With my current setup on the 5508 controller, I don't have the ability to see any name resolution for wireless clients. I'm wondering if there is some way that I can enable this.
The reason I think this should be pretty easy is because if I enable the access point feature of a smart phone (Android or iPhone), when a client connects, it shows the client name on the smartphone. What's different about how a smartphone sees the wireless client and how WLC/WCS sees it?
View 10 Replies
View Related
May 19, 2011
How to feel about having network devices resolve names? Do you typically do it? No? Why or why not?I feel like I haven't seen it set up a lot, but it could certainly be good for specifying logging hosts and things like that.
View 7 Replies
View Related
May 20, 2012
I'm having with my VPN Server on my Cisco 2621xm.
I started by creating a VPN - everything worked great. I assigned the DNS Servers, Domain name, WINS Server so when I connect I'm able to resolve local hostnames on the network with no problem, however I couldn't connect to the internet. I then set up a split tunnel access list. Since I've set that up, I'm now able to ping internet based addresses (www.google.ca), but no longer able to resolve internal host names. I can ping the ip addresses, just name resolution no longer works.
View 1 Replies
View Related
Apr 27, 2011
Searched through conference and still have no resolution.Switch: Cisco SGE 2000..Layer3 mode enabled through console. [code]
View 3 Replies
View Related
Feb 11, 2011
I have been trying to get my 851W to work with DDNS for a long while now. In fact I walked away from the problem in frustration and loaded DD Client on a Linux box until I had time to re-visit this. The folks at Zone Edit were not able to offer much with CLI problems.
When I debug DDHS updates I get to a point where the the router tries to resolve the DDNS update address and fails.So I have a number of questions:
a) Is this error the result of lack of DNS server names written to the config?
b) My WAN interface is a DHCP client to my modem. If the DDNS updater does need to resolve a name, shouldn't the DNS server info be provided by the DHCP process for the WAN interface? How do I ensure that name servers are automatically assigned for the DDNS updater to use?
[Code] ........
View 1 Replies
View Related
Mar 30, 2011
I like the ASA 5505 for SMB and Home Offices very much, but I'm missing sadly a DNS Server or at least the ability of the DHCP Server to use static addresses for certain MAC's. In SOHO's the ASA is the only thing always powerded on and often even a Server where a DNS Server could be installed is missing.So is there a chance to see such a feature (DNS Server and/or static DHCP) in the next SW Release? how name resolution in a small LAN can be done without a local DNS Server?
View 3 Replies
View Related
Jun 27, 2011
I have set up a remote access ipsec vpn on an asa 5520. I can connect, and ping internal ip addresses, however I cannot ping back out to the internet, nor can the internal network ping the vpn clients and dns resolution internal or external does not work. I am seeing nothing blocked in the logs on the asa.
View 3 Replies
View Related
May 2, 2012
I want to police the traffic coming from host 10.0.0.10 that is connected to another switch via port-channel interface the port-channel have interfaces G2/049 and G2/0/50 , i have applied below config to the SVI 112 but this is not working, as the host is still able to go beyond the policed rate also in the "sh policy-map interface vlan 112" command everything is showing 0(zero).
class-map match-all CM_FTP_PORT_49
match input-interface GigabitEthernet2/0/49
class-map match-all CM_FTP_PORT_50
[Code]......
View 4 Replies
View Related
Mar 10, 2013
We bought a 3560 PoE switch to replace tons of PoE-injectors but when connecting the devices our logs were flooded with
Mar 11 15:09:20.725: %ILPOWER-7-DETECT: Interface Fa0/7: Power Device detected: IEEE PD
Mar 11 15:09:20.725: %ILPOWER-5-INVALID_IEEE_CLASS: Interface Fa0/7: has detected invalid IEEE class: 7 device. Power denied
Mar 11 15:09:20.968: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down
Mar 11 15:09:20.985: %ILPOWER-7-DETECT: Interface Fa0/7: Power Device detected: IEEE PD
Mar 11 15:09:20.985: %ILPOWER-5-INVALID_IEEE_CLASS: Interface Fa0/7: has detected invalid IEEE class: 7 device. Power denied
While the message seems quite clear im wondering if there's any workaround on the problem?
View 13 Replies
View Related
Jul 16, 2012
We are setup like a hotel style workers camp. We have wings full of rooms and residents with 3750 stacks in them. Those switches connect back to our core 6500's. The network is mostly all Layer 3, interfaces are routed with IPs.
When it was built before my time they included an ACL for each wing so that residents couldn't access internal devices (IE SSH to 6500) but I've come to notice it's not working.
I see hits on the ACL for accepts but nothing is hitting the deny rule at the top.Here is the configuration below:
mls qos aggregate-policer INTERNET1 24000000 80000 80000 conform-action transmit exceed-action drop
mls qos aggregate-policer INTERNET2 24000000 80000 80000 conform-action transmit exceed-action drop
mls qos aggregate-policer INTERNET 24000000 80000 80000 conform-action transmit exceed-action drop
[Code] ....
View 5 Replies
View Related
Jun 7, 2013
My network card do not work i am sending you the output.
View 7 Replies
View Related
Mar 14, 2013
I have created a PBR in 3650 switch to route traffic from a specific IP address to a specific next hop or IP address(Router)
ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
SW1 uptime is 6 weeks, 2 days, 16 minutes
System returned to ROM by power-on
[Code]....
View 6 Replies
View Related
Jun 4, 2012
I have an switch 2960 and i have made an SSH connection . But the problem is that whenever i try to open with my teraterm or putty it ask for username and after that password but does take the password. It shows an error of password what should be the problem.
Commands that i entered to make SSH
config# username admin password pankaj
config# ip domain-name home.local
config# crypto key generate rsa
config# 1024
config# ip ssh version 2
View 6 Replies
View Related
Jun 4, 2012
I have an switch 2960 and i have made an SSH connection . But the problem is that whenever i try to open with my teraterm or putty it ask for username and after that password but does take the password. It shows an error of password what should be the problem.
View 1 Replies
View Related
Sep 28, 2011
Am not finding the resolution to my infrastucture and getting output drops. Sw1 is connected Sw2 as below stated
Please find the conf:
Sw 2 3750 conf:
interface GigabitEthernet1/0/46
no switchport
ip address 172.16.100.81 255.255.255.248(code )
View 5 Replies
View Related
Sep 17, 2012
I have an out of the box configured RV220W and was wondering if it supports local DNS resoltuion for DHCP addresses it issues. I have a few reservations and a custon search domain configured ('local') but it will not resolve a name fromt the terminal using the search domain (see below):
It resolves freenas but not freenas.local.
macbookair:~ brantwinter$ dig freenas
; <<>> DiG 9.8.1-P1 <<>> freenas
;; global options: +cmd
[Code]...
View 3 Replies
View Related
May 1, 2013
I have a 3945 router with two interfaces connected to my firewall, one to the management interface and another to my dmz. I'm running eigrp between all my network devices. The problem I'm running into is when I try to ssh to the management interface of the 3945 the traffice hits the firewall, then goes right to the management interface as it should, but the return traffic is trying to use the dmz interface since that is how the router knows to get back to my computers network. I created 2 route-maps to try and address this issue. [code] I've applied the MANAGE_IN route-map to all interfaces that might have inbound traffic destined for the management network and applied the MANAGE_OUT route-map to the management interface. The MANAGE_IN policy appears to be functioning correctly, the MANAGE_OUT doesn't appear to be functioning correctly. When I look at traffic from my host going to the management interface I see it still trying to return through the dmz interface.
View 11 Replies
View Related
Oct 8, 2012
I am having a switch 3750G (WS-C3750G-24TS-S) running a software version (c3750-ipservicesk9-mz.122-55.SE6.bin) and using the PBR with IP SLA.While, i am applying it on interface, it says not supported....
route-map TO-CAS-E0 permit 10
match ip address 125
set ip next-hop verify-availability 10.116.199.200 10 track 100 (if i change this command to set ip next-hop 10.116.199.200, it works)
!
WAN-L3-3750SW01(config-route-map)#interface GigabitEthernet1/0/11
[code].....
View 2 Replies
View Related
Jul 22, 2012
6509 - Not working
1 6 Firewall Module
2 8 Intrusion Detection System
3 1 Application Control Engine Module
[Code].....
The Policy applied to the interface is just completely ignoring the configuration.
I am sure it is related to the 6500 architecture in some way. Same config is fine on the switch with the higher version on the sup card.
View 3 Replies
View Related
Apr 28, 2013
I'm using 3640 router running on c3640-js-mz.124-25d.bin IOS. I'm using NM-1A-OC3SML= (ATM OC3, long reach single mode) interface card. Now my pc is connected an fast ethernet interface of the router. Need to know the ATM configuration on this cisco 3640 router in order to achieve the ATM over ethernet traffic get success. As of now i've confugred as below but it's not working it seems.
interface ATM2/0
bandwidth 120000
ip address 10.2.2.1 255.255.255.0
no atm ilmi-keepalive
pvc 0/36
protocol ip 10.2.2.10 broadcast
cbr 70000
encapsulation aal5mux ip
let me know the correct encapsulation type for the connectivity.
View 2 Replies
View Related
