- Second question is about EIGRP, when I configure EIGRP on the main switch that is AVG with the following commands, will I also have to run the same commands on the second 4948 E too?
I have been asked to look at designing a network internally. I have no control of the upstream network besides requesting changes.Essentially I'm confused as to the best way to approach configuring the following and wondered if you could share any experiences. It's stretching the limits of a CCNA IMHO, although I understand a lot about networking this is one area where I'm a little sketchy.
- I have 3 subnets in total, a /29 for routing and two larger subnets routed to the /29
What I'm trying to do:
1) Have some hosts protected by the ASA 5545 firewalls, probably in routed mode (that's the confusing part). I cannot use NAT so the inside interface/VLAN would need public IP's.
2) Have some hosts not protected by the ASA, therefore straight out onto the public Internet with no firewall whatsoever, they connect directly to the L3 or to the L3 via a L2 switch.
3) Have the ASA 5520 take an IP from the public (non-protected range), as this will be a VPN endpoint too and will also need to have NAT enabled. This should be easy as it just takes an IP from a public subnet, the ASA 5545's are the tricky part as they cannot use NAT at all. I've also been advised not to use Transparent mode either.
4) L3 switches are essentially external switches, doing the routing for our subnets, before upstream.
5) Upstream provider provides gateway with HSRP, we're looking at using HSRP and a routing protocol on our side over two 4948 switches. Any recommendations on this?
6) Further to point 5, we do not currently have any ability to do BGP or anything. That would be done by a separate team, upstream.
Note: I've also got to justify the use of each IP to the network management team, they are quite stingy so I have to be careful that I don't waste too many IP's for core network. So what I'm thinking is I have to create subnetworks of my main subnets to break them up into smaller pieces, and then add some onto the inside interface of the ASA and others will be on the L3 switch. Then of course route the networks to the ASA outside IP. Saying that, I'm not clear if I should create a /29 or /30 to route to the outside of the ASA or grab one from the larger subnet as it were? The final outcome is that we can connect a machine directly to the Internet or behind a firewall, depending on the requirements for that individual device. All devices will have public IPs.
Using a 4948E switch with FastEthernet1 as the management interface which uses the VRF mgmtVrf. I cannot get DNS resolution to work for some reason.
I am using code enterprise 15.1-2.SG and here are the relevant config snippets:
ip domain-lookup source-interface FastEthernet1 ip domain-name domain.com ip name-server 4.2.2.1
[Code].....
I read online there are some commands in a different code that support specifying the VRF along with the name servers, but I don't have those options. All I can do is set the source-interface on the domain-lookup command.
I want to understand - if 10G ports of 4948E (4 x 10Gb) they are block or non-blocks? I want to connect this switches with 20 GB (lag) to my BB switches and i need to prepare my infrastructure to 17.5GB troughput of video traffic.
COMPACTFLASHNOTREADY: Compact flash is not ready Feb 24 00:28:22.338 UTC: %C4K_FLASH-4-COMPACTFLASHNOTREADY: Compact flash is not ready COMPACTFLASHNOTREADY: Compact flash is not readyFeb 24 00:28:22.338 UTC: %C4K_FLASH-4-COMPACTFLASHNOTREADY: Compact flash is not ready
Checked the data sheet and is not supported. Why we get this log from the switch? is it cosmetic?
Trying to configure the Cisco 4948e switch gigabit ethernet port with "switch port trunk encapsulation dot1q", but didn't get the option. Please find below the options got after "swith port trunk"............
SW(config-if)#switch port trunk ? allowed Set allowed V LAN characteristics when interface is in trunking mode native Set trunking native characteristics when interface is in trunking mode pruning Set pruning V LAN characteristics when interface is in trunking mode
SW(config-if)#switch port trunk. Please find below the version of the SW............
SW#sh ver Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-LANBASE-M), Versi on 12.2(54)SG1, RELEASE SOFTWARE (fc1) Technical Support: {URL} ROM: 12.2(44r)SG11 Hobgoblin Revision 21, Fortooine Revision 1.22 [code]...
So, whether the command is not supporting on this Cisco switch ? But we have Cisco 4948 Cisco sw where that command is working fine.
I have 2*3825 routers configured with GLBP, but traffic is moving only with one router it only fallback on other router when the 1st router is isolated.
diagram: LAN=======>ASA(Routed mode with active-standby)======>one Cisco L2 switch========>2 *3825 Router
When trace route from LAN PC show that traffic is only taking via single router. LAN gateway is defined as ASA inside address and in ASA a default route pointed to GLBP address.
RTR1 config: ========== int g0/0 ip address 1.1.1.2 255.255.255.0 glbp 1 ip 1.1.1.1 glbp 1 preemt
RTR2 config: ========== int g0/0 ip address 1.1.1.3 255.255.255.0 glbp 1 ip 1.1.1.1 glbp 1 preemt
So I have 2 routers (cisco 3640) that each go to their own ISP and then back to the same switch. I have setup ospf and glbp, and now have pretty good redundancy. If either internet connection or routers go down everything is still golden.
So I was thinking that if an interface went down then the router would not be load balanced with glbp which got me thinking whats the best way to get interface redundancy (and I was going to add a 2nd switch with the second interface).
1) Setup BVI on the 2 interfaces. 2) Setup a 2nd interfaces (on each router), I would have to split the subnet, for instance: [code]then the machines could be on the subnet 192.168.0. 0/23 and setup glbp for 1 ip across all 4 interfaces (I'm not even sure if you can do this but think it would work). 3) Is there a way to utilize etherchannel or anything like this
A negative to option 2 would be that if 1 of the interfaces went down, all the sudden 2/3 (or so) of your traffic would be going through 1 router.
I have a network with four 6509s in a ring with 10Gb links. Two adjacent switches are at the home office, the other two at the DR site. The switches at each location are physically similar to each other with respect to what blades are in them. We went through an upgrade from SUP-720's to VS-SUP-720's recently, only at the DR site - basically a practice, with the home office conversion hopefully taking place next weekend.
We initially just brought up the two chassis separately, in non-VSS formation (stand-alone). So far, so good - everything was connected, all traffic was passiing, all links were up, everything was reachable: EVERYTHING worked. Then we made the conversion: step-by-step from the cisco.com page; create a virtual domain, make one switch switch 1, the other switch 2, create differently numbered port-channels on each 6509, add the SUP 10Gb links to the port-channel, do the conversion.
Here's where the trouble started. First of all, the two 10Gb links back to home office created a spanning-tree loop and we had to shut down one of the links. (Is there something that needs to be configured on those links to turn spanning tree on? Does VSS conversion turn stp off?) Secondly, though it worked while in stand-alone mode, the copper blade in the standby 6509 stopped passing traffic - it would take config, the links would come up, but you could not ping across those links. Interestingly enough, there was an access switch with links to each of the copper blades, and having them both up also caused a spanning-tree loop. adding a new port-channel and putting both links in it did nothing to alleviate the loop. This leads me to believe that stp is not working properly. I reiterate, that even though the loop occurred, nothing else plugged into that blade was pingable.
I have two routers at our core data center, a 3845 and a 3640. These are configured with GLBP. There are 4 remote sites:
Site #1: One T1 link to the 3825 Site #2: One T1 link to the 3825, and One T1 link to the 3640 Site #3: One T1 link to the 3825, and One T1 link to the 3640 Site #4: One fractional T1 link to the 3825, and One T1 link to the 3640.
My question regards site #4. If i understand correctly, GLBP works on the premise of "host" balancing, and not true "load" balancing. The reason I ask is that the large majority of our WAN traffic is from our Exchange server to our remote sites. In the case of site #4, our exchange server is sending traffic on the fractional T1. Is there any way with GLBP to either split this traffic from a particular host across two links in a round-robin fashion, but leave other hosts to travel wherever the router sends them, or, to force at least our exchange server to use the full T1, rather than the fractional?
I've read up on the weighting mechanism, and it appears that tracking an interface has nothing to do with bandwidth use. If I understand correctly, if I were to track the Site #4 PPP to the 3640, and give a weight of 10 to glbp on there, it would really only take affect if the interface is down. It will have nothing to do with host AVF election.For the record, exchange traffic is constant to this site, so there is no chance for the host connection to reset and potentially elect to use the larger pipe. I would like to "tweak" this to make better use of available bandwidth.
I'm looking to try and implement ipv6 HSRP on a series of IOS-XR Routers running 4.2.1 following on from successfully setting up IPv6 HSRP on a few cat6509s on VLAN Interfaces in other parts of the network. I have entered the "router hsrp" configuration menu and gone into the interface in question that I'm looking to setup with IPv6 HSRP. Unfortunately, there version 2 or address-family ipv6 commands are not available.
We are going to be expanding our Shoretel phone system in our HQ and I need to get QoS configured correctly. All of our offices are connected via MPLS and I need to make sure that we are sending QoS tagged traffic to our provider. The phones are tagged by the director, but there is other traffic for call control that needs to be tagged. I don't have access to our CPE router as it is managed by Sprint. The Sprint router is connected to our internal network. We have our data network running on (4) 3750x switches running 12.2(55) with IP feature set.
The problem is that many of these commands don't work on the 3750 (priority, bandwidth, match protocol, etc...) and the configuration assumes you are applying this to an outbound queue which is not supported on the 3750. I think I have to do this with policing, but I'm not sure what interfaces need to have this applied.
I am planning an implementation of VSS on our two 6509 switches, and would like some feedback on things to look out for, and any issues encountered by others that have done this already.
We have the 10Gig port installed on the Management blades, but not configured yet.
Main questions would be:
1: What kind of "down time" am I looking at for the migration? (Reboots, configuration reloads, etc.)
2: I will be saving the configurations on both devices before-hand, but how does the VSS migration "merge" the configurations of both devices?
3: L2 VLANS - we have some on one switch, others on the second switch. Will these be combined, or would this be a manual process?
Any other things of note that I should know about before planning this migration?
I need to implement LACP HP servers mostly DL 380 g7 with Intel based dual port with two types of Cisco equipment first scenario server connected to 3750x stack of 4 switch's .second scenario same server type connected to two Cisco Nexsus 5596 . My question regarding two type of connection.Is it possible to do active active ?Would it give fault tolerance ?With HP LACP implementation is there known issue or should i expect latency with such configuration?What is the maximal lag- channel group that is possible per type?
I m planning to implement VSS in core but want some inputs on IOS as i have FWSM as a service module Core :- Ii am running 12.2(33)SXH2a on my Core 6509 and i checkd cisco sites and Fwsm release notes but it states only I-Train of IOS while mine is H-Train so can I directly upgrade to I-Train or I was thinking of SXH8b IOS.
We have small which I'm looking to implement and have built this on GNS3.
We have:
Router A in site 1 Router B in site 2 Router C in site 3
Router A and B are connection via a point to point 100M link and from Router C we have a 2 point to point one of which is 5Mpbs and going to Router A and Router B.
For Router C to reach Router A network it will go via Router B and these are 100M connection. When the link between Router A and B goes down. Router C should update and start using the 5m route.
For some reson, the routes are not updating. I have to do 'clea ip eigrp ne' for the routes to update and if I reload the routers all works well, it seems the problem is intermittent.
Does 800 series routers support OSPF or EIGRP? Command for EIGRP is available but when you try to run it, you get that "protocol is not available in the image". Is there a specific image that I can get that will support either of these two on a Cisco 851 or 861?
I am having two small issues....First on my 3745 i get the following message:
*Mar 2 12:13:13.615: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 192.168.3.1 not on common subnet for FastEthernet0/1
*Mar 2 12:13:25.811: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 192.168.2.1 not on common subnet for FastEthernet0/1
Second problem is that I have my internet connection going to the 3640 on FE0/0 and it works just fine....I want to change over and have the 3745 be the internet router, but when I configure it, I get no connection.
3745 - Current configuration : 1624 bytes ! version 12.4 service timestamps debug datetime msec LD version 0x10 GIO ASIC version 0x127 [Code]...
We recently perchaced 4503 switch with Sub Engine 7L. It has universal IOS. We are unable to run EIGRP and HSRP protocol and the switch came with temporal license.how to proceed further to get EIGRP and HSRP enabled on the 4503 switch.
I am trying to configure EIGRP on my ASA DMZ Interface - topology as follows: [code] The ASA is currently configured for EIGRP with the inside 3560x switch and passing routing updates properly.However, the ASA will not send/receive routing updates to/from the DMZ 3560x switch - the two devices do establish eigrp neighbor relationship. [code]
Is there a command available on the 6500 that I can use to see what prefixes it is advertising directly to a neighbor?
The diagram is detailed and complex, but the simplest problem statement is that it doesn't look like my 6500 distribution switches are advertising certain prefixes to one of the 6500 access switches. I don't know whether this is an issue of the distribution switches not sending the prefixes down to the access layer (they should be; the route originates on a different set of access switches) or my access switch is dropping the prefixes. I don't see them in the topology table at all.
If the prefix isn't being advertised, I need to troubleshoot the distribution. If it is and it's being ignored, I need to troubleshoot the access. There are no obvious conditions that would prevent the access switch from getting the prefixes -- interfaces aren't passive, no distribute lists at work, everthing in the same AS, I have neighbor relationships (and I am getting other prefixes over these links, and these prefixes are being advertised to other access switches), auto-summarization is off, split horizon is still on . . .
I have a very detailed diagram of all of the metrics and links and I don't see any reason why my access switch shouldn't be getting the prefixes. 6509 chassis, dual sup 720 3B, 12.2(33)SXI4a advanced enterprise services IOS.
We have, for nearly 4 years, used EIGRP on our 6513 to make use of two unequal links to our branch offices. This worked because we could use the variance command and cause EIGRP to insert two routes into the table, one from each carrier. Thus it was we could balance the load to each one with a ratio similar to the ratio of the bandwidth of Link A to Link B.
We just purchased 2 Nexus 7010's to replace our single 6513 core.After much consternation we have found from our Ciscio SE that the Nexus 6.0.2 software rendition of EIGRP does not support variance.
Why would Cisco take their own propriatary protocol and then gut it by removing features? I'm quite ready to send these Nexus boxes back in favor of a newer 6500 series. MEC doesn't work like it is supposed to and the show-tech runs for over 24 hours without ever finishing (and this we can repeat on both boxes, multiple times).
We've opened a tac case but I just wondered for any work around for the 'variance' command?
I have a hub and spoke WAN that conisits of one core location with with a 6500 and nine other buildings using 4006 Catalyst that conenct back to the core via dual gig fiber. We are using EIGRP at each location as well as the core. I was tesing something at one of our buildings decided to hang a 3750 off the 4006 and enable the same eigrp process on the 3750 that is enabled on the 4006 and 6500 (EIGRP 1).
1. All the routes that the 6500 knows about are advertised out to each of the nine locations. 2. The 4006's are all advertising thier directly conencted routes to the 6500.
Onto the location I was testing at:
The 4006 where I was testing at has four vlan interfaces enabled and they are in an UP/UP state. The ip routes from the 4006's directly conencted vlan interfaces propogate to the 6500 at our core location and the 6500 sucsefully propgates these learned routes to all the other 4006's.
This past Friday I configured a 3750x with two /22 vlan interfces and one physical gi port with an IP address and also configured on Ethernet port on the 4006 with an IP address in the same network block as the 3750x gi interface (a /30 netowrk block). I saw both interfaces come up and EIGRP sucesfully established a neighbor adjecency between the 3750x and the 4006.
I noticed that the 3750 advertised out all of it's directly conencted routes to the 4006 and the 4006 advertised it's directly conencted routes to the 3750. However, the 4006 did not advertise any of the routes it had learned from the 3750x to the 6500 and nor did the 4006 advertise any of the routes it had learned from the 6500 to the 4006. My suspicion is that the "eigrp stub connected summary" statement is enabled on both the 4006 and 3750 thus prevenintg them form advertising out any routes other than thier directly conencted routes. Can any of you verify that I'm either correct or inccorect about this?
here are the eigrp statemnets from the 6500 and 4006:
Four 6500 connected to each other to form a full mesh. Switches 4 and 7 is running eigrp. A question came up, why didnt it have eigrp on SW 2 & 3 ? Will it still be redundant if link between SW3 and SW4 is removed? If redundancy is working, SW3 should be able to find its way to SW4 via SW7 or SW2, yes?
Recently, the eigrp was configured to SW 2 and SW 3 as well, it included the “redistribute static” statement. The route for SW2 and SW3 now has the VLANs, 51 or so. Sent ping from a PC to VLAN1 IP of SW3, then link between SW3 and SW4 was disconnected, network connectivity went down for about 20secs, and ping came right back. Thought it was a success. All of a sudden, outside connectivity was lost. Ping within the LAN was successful, but no internet connection.
The eigrp on SW2 and SW3 was removed, and the internet connection came back up. The initial concern was that although there is physical redundancy in place, the other routes may not be known. Hence, eigrp configuration has been attempted for SW2 and SW3. Perhaps the “redistribute static” should have never been configured on SW2 and SW3, SW7 does not have the “redistribute static” statement anyway.
Without eigrp running on SW2 and SW3, does it still have redundancy? For what it’s worth, SW4 and SW7 are both VTP servers. With the current configs, does it still have redundancy? Link redundancy was never tested; it always has been assumed that it works. Later today, with it’s current config, the link redundancy will be tested.
I have a 3750 at a branch running EIGRP connected to two routers that both have configured:
access-list 1 deny 0.0.0.0 access-list 1 permit any access-list 2 permit 0.0.0.0 access-list 2 deny any
router eigrp 1distribute-list 1 out FastEthernet0/0distribute-list 2 in FastEthernet0/0
Due to this recently applied config the switch become unreachable from the outside and cannot ping anything. Everything connected to it works fine. I was able to remote into it from a switch behind it and noticed that the 3750 has no default route in the routing table. I do see a default route in the eigrp topology table. How to make the switch learn a default route maintaining the existing configuration on the routers.
I'm trying to create a route-map for an EIGRP Distribute list on a N7K, the goal is to not advertise a 10.0.0.0/8 and 172.31.30.20/32 networks out a link to a remote site while permitting all other traffic to the internet (default). I configured the ACL/route-maps below and applied them outbound on the N7K interface but no subnets at all are being received on the remote site router.
ip access-list DENY_10.0.0.0 10 permit ip any 10.244.244.20/30 <<--WAN interface network 20 deny ip any 10.0.0.0/8 25 deny ip any 172.31.30.20/32 30 permit ip any any
I'm attempting to redistribute a static route into EIGRP on a 3750 switch and pass it to an upstream router, sadly however this isn't working, or at least the route isn't being recieved on the upstream router. [code]
