Cisco Switching/Routing :: 5510 Isolating Switch Ports For A Separate Network
Feb 2, 2012
I have to configure failover Active/Standby on my ASA 5510.I am wondering how i could do for the outside interface, i mean, actually the ASA1 outside interface is linked directly to our Internet router.So now if i have to add ASA2 connecting to that router i will need a switch between them.I have already a switch for DMZ & LAN.The thing is that i will have to allow 3 switchs ports to communicate with each others.
- 1 for ASA1--outside
- 1 for ASA2--outside
- 1 for Internet router
How could i isolate these 3 ports to make them communicate alone ? Should i use VLAN for that ?And if i use VLAN, will this require to make any change of configuration on my firewalls (ASA1 & ASA2) outside interface ?I am a bit lost with this, if i am correct i will not have to do some "vlan tagging" on the firewall itself ?
View 1 Replies
ADVERTISEMENT
Feb 12, 2013
I was given a task of creating a vlan and isolating one pc to access an internal website (192.168.90.15) on a specific port (port 8080)The pc is connected in the following manner:
PC--> HP Switch --> Cisco Small Business SG200 switch --> 3550 Catalyst 1, 3550 Catalyst 2 and 3550 Catalyst 3.
I have created a vlan 110 on the Main 3550 Catalyst switch and successfully added the pc to that vlan.However, that PC must be able to access the internet and an internal website on port 8080.I have placed an access-list on the main 3550 catalyst switch which is connected to our router as below:
Client ip address: 192.168.100.2
VLAN 110: 192.168.100.3
access-list 110 permit tcp host 192.168.100.2 host 192.168.90.15 eq 8080access-list 110 permit icmp host 192.168.100.2 anyaccess-list 110 deny ip 192.168.100.0 0.0.0.255 ? I was unable to access the webserver even after many attempts.
View 2 Replies
View Related
Oct 1, 2012
I have a pair of Core VSS 6509E SUP 2T. Two different LANs, two diff. Subnets. larger LAN has been connected to the VSS pair usng normal SVI and Post-Channles (has lots of closets 3750 stacks) and no problem. Second LAN, two closets, stacked and connected to each other via Port channel and trunk + SVI interfaces. Now, I have SVI interfaces for both LANs on teh VSS pair and that is causing traffic from one LAN to jump over to the other VLAN and rightly so because the VSS pair see both subnets as directly connected subnets. I was wondring if I delete the SVI for the second LAN and only keep the L2 VLAN this will be resolved> The reason for the second LAN to connect to the VSs pair is only that It has to go through the VSS pair to get to the WAN router (both LANs will go out through this Same WAN router) but WAN router is not my concern at this time. I need to isolate these two LANs/subnets traffic so no one VLAM traffic jumps over the other.I have also thought about VRF but at this point I am not sure if teh 3750 stacks supports VRF and if it does how to implement VRF on the second and samller LAN to just allow it go through the VSS pair in order to get to the WAn router.
View 13 Replies
View Related
Sep 26, 2012
How do I configuring Private Class A [10.206.90.0/24] and Private Class C [192.168.1.0/24] Network on Cisco 3550-12G Switch.
View 3 Replies
View Related
Sep 30, 2012
I've just started out playing with a Cisco 1800 router to gain some knowledge of Cisco devices before taking a CCNA. I also have a 2950 switch but will start with the router.
I'm using an Android phone as a wireless Internet access point. This issues IP addresses by DHCP in the 192.168.43.x range with 255.255.255.0 subnet.
Also I have a Linksys WRT54G router running DD-WRT firmware acting as a wireless bridge to the Android phone, and it has 4 LAN ports.
This bridge is up and running and I have successfully connected my laptop to the Linksys for testing and can use the Internet provided by the phone.
Connected to the Linksys is a Cisco 1800 router. Connected to the router is my Citrix XenServer PC and a NAS box.
The XenServer and NAS are on another network 07.05.19.x range with 255.0.0.0 subnet using their own static IPs. One of the virtual clients on the XenServer will be a DHCP server to service other virtual clients. All still in the 07.05.19.x range.
Basically I want the devices on the 07.05.19.x IP range to be able to use the Internet gateway at 192.168.43.1 to access the Internet.
How would I set up my 1800 to achieve this?
Also, am I right in understanding that the 1800 will ignore DHCP leases from the Android phone due to it being a Layer 3 device.
View 4 Replies
View Related
Feb 13, 2012
Currently we have an Ava ya IP Office switch running on the same network as our PC clients. I would like to seperate the two network into 2 V LAN's.
We have a mixture of Catalyst 3750 switches and some older 3500 models.Where do I start? Should I leave the PC's and servers on the default V LAN and just move the IP handsets?
View 6 Replies
View Related
Nov 9, 2011
I like the SG-300 switches for SMB and I'd like use them in our network. Design is quite simple just 6 SG-300 switches connected to one central switch using SFP ports (using 2 port trunks) so I need 12 SFP ports and this is my question. Could you recomend me switch with more then 12 SFP ports from Cisco for this SMB network ? I don't know all the Cisco product lines and I can't find it.
View 2 Replies
View Related
Apr 18, 2012
indicate why my ethernet ports are in suspended state for some reason, i need an indication why this may be and what i can do to fix this issue. configuration below. I have a 7010 which i'm using to connect to two 5510's. I have one vPC connecting the two 5510's to the 7010. I have a vPC domain configured between the 5510's. and no issues at all. My Nexus 7010 port channel members are suspended for some reason.
Nexus 7010
vpc domain 100
role priority 100
peer-keepalive destination 192.168.1.2 source 192.168.1.1 vrf vpc-keepalive
!
interface Ethernet 3/1
[code]....
View 14 Replies
View Related
Jul 13, 2012
The default Gateway and DHCP server is connected to port 1 of the switch. I have various other devices on the network plugged into other ports on the switch.I want port 1 to communicate with every port on the switch, but don't want the other ports to be able to see eachother unless I specifically allow them to. For example, port 5 should see port 1, and 7, but nothing else.Everything needs to be in the same subnet. With the older Dlink switches I am used to this feature is called "Port Segmentation" but I see no such option in this switch. I have been playing with the VLAN settings but so far I have not been able to achieve this.
View 7 Replies
View Related
Feb 5, 2013
I have a statck of 4 2960s switches, with POE powered access points on 2 of them. All of the access points appear to be functioning normally. For some reason, on 3 interfaces connected to access points, I get the following when issuing show interfaces status:
Gi3/0/9 connected: T 7 a-full a-1000 10/100/1000BaseTX
^
My question is regarding the "T" in the status field. I can't find any documentation on this.
View 5 Replies
View Related
Feb 20, 2013
I was viewing the 3560x switch datasheet and i need network module C3KX-NM-10G. I have dark fiber with over 12 km distance to i guess i will be needing SFP EX for single mode.
View 3 Replies
View Related
Feb 19, 2013
My SG200-50P Switch Log appears as follows with Random ports going up and down. I am trying to find out if this links to another problem I'm having with a Client Server software locking up on the client end. The hardware, thin clients and desktops, are working and have checked all sleep and power settings. All items in working order, now I'm wondering about the switch
2147483369 2013-Feb-20 15:12:07 Warning %STP-W-PORTSTATUS: gi19: STP status Forwarding
2147483370 2013-Feb-20 15:12:02 Informational %LINK-I-Up: gi19
2147483371 2013-Feb-20 15:12:00 Warning %LINK-W-Down: gi19
2147483377 2013-Feb-20 14:51:31 Informational %LINK-I-Up: gi45
2147483378 2013-Feb-20 14:51:28 Warning %LINK-W-Down: gi45
[code]....
View 1 Replies
View Related
Jan 22, 2012
I've a 7206VXR (NPE-G1) router. I would like to purchase a PA-GE port adaptor where I've to use a GBIC connector.
1. Is it possible to have a connection between PA-GE and a 3560G switch (4 SFP ports)? If yes, what type of cables & connectors are to be used?
2. Is there any GigabitEthernet port adaptors / modules for 7206vxr where I can connect RJ45 (cat 5) or SFP modules?
View 4 Replies
View Related
Feb 1, 2013
I have been reading the postings on this site trying to retrieve the MAC address for the client devices (computers, printers) attached to our switches. We have approximately 500 switches and I need to map the mac address to the switch. It appears the OID information is for SNMP v2. We are restricted to using only SNMP v3. I have tried using the Cisco SNMP Object Navigator without any success.
View 2 Replies
View Related
Feb 24, 2013
I have a Cisco 4500. Recently some of the ports seem to have "died"/ will not supply Poe to phones. Some work for data only. Other do not work at all. The switch has been restarted, this made no difference.
View 2 Replies
View Related
Feb 4, 2013
I have a 2960 switch and every then and now the ports are flapping, while i was on console i saw ports going down and coming up...when the ping to machine ip addresses timed out the port status on switch was still up...no errors collisions seen on sw port. Below is sh int when the port was flapping
[code]...
View 1 Replies
View Related
Jul 24, 2012
I have a got a requirement where a 24 Port Switch should have 4 SFP's and all 4 should be used at a time, So I've chosen " WS-C2960S-24TS-L"
The transeiver should be GLC-LH-SM, so kindly let me no whether I would be able to use all 4 ports at a time or not.
View 2 Replies
View Related
Jan 31, 2012
I work at a hospital and we have 3750X-48P switches in stacks in various locations throughout the hospital. We have noticed that when an EKG machine is plugged into one of the ports on some of these switches and the EKG machines are set manually to 100/Full, the ports are no longer usable until the switch is restarted. The switch is configured for auto. If the EKG machine is set to auto, it will work and not cause problems. The link on the interface will show up/up and there will be output packets increasing. However, there will be no inputs on the link and the port is unusable. Unfortunately, even when the device is removed, the port becomes unusable for any device. Is there any way to fix this problem without rebooting the switch?
View 5 Replies
View Related
Feb 29, 2012
In my environment we have 3750x switches running ios 15.0 (1) SE2. We have port security mac address sticky configured on all our switch ports. I noticed that we have several interfaces (on different switches) that are up but have not captured the MAC address from the workstation. Here is one example:
interface GigabitEthernet2/0/11
switchport mode access
switchport port-security
[Code].....
View 21 Replies
View Related
Apr 24, 2012
I was checking some things on my Cisco 4500 and spot checking some of the ports. Using CNA it says it is at 10. The web browser to the switch says Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000-TX on port 6i/18 The CNA says, so what would cause the difference?
View 3 Replies
View Related
Jun 5, 2012
I have a Cisco 3750G-48PS Running IOS 12.2(40) and was wondering how many physical ports are supported in an LACP Configuration. Is it 4 or 8 ports in a single switch.
If I have a dual 3750 stacked together, and I want to configure (8) port LACP, Can I take (4) ports from each switch in the stack and LACP together.
View 4 Replies
View Related
Sep 6, 2012
Have our public IP address space masked on /24 at our Internet Router. The router portion of 3845 connects to Internet, while the internal switch connects to my internal network and seeds it with the public address space. The switch had a port configured no switchport (L3) with an ip address with /24 (ie 67.63.145.1 /24) this connects to internal IPS/IDS then to Firewall which NATs to internal, then packet shaper, web filter etc etc etc. I need to test my ISP speed so I need to "break in" to the link between the switch and the IPS/IDS. I figured I could configure another port on the switch on the 3845 but my problem is the port to my network is routed and is masked on entire /24. I tried to configure a port on VLAN 1 and give myself an available address in the L3 address space and this did not work (figured it would not but gave it a try)
Any way to get two ports configured to use the same subnet while one is a L3 routed port and the other is just part of that layer 3 routed network?
View 1 Replies
View Related
Dec 11, 2011
i recently deployed cat4507e switch along with 3 nos of WS-X4748-RJ45V+E - 48 port gigabit PoE modules. I am using polycom IP560 phones.
I am facing issue of some switch ports (randomly) stops supplying power to phone at random time. So far there are about 4 incident and i have been plugging those connection to different - usused ports. I am planning to RESET the switch module during weekend and i think it might fix issues with those ports.
But what would be quick and easy way to fix this issue when the issue is faced? How/what to check on switch port interface wrt to power? If switch module is falling short of overall power requirement, is there a way to boost the power?
View 17 Replies
View Related
Dec 19, 2011
Is there a switch that handle its 24/48 ports at 10 Gbps with copper?. I have checked 3750 X but just handle 2 SFP with 10 Gbps.The requirement is to use this switch as CORE and connect 12 switches (access) using its uplinks at 10 Gbps with copper ( in this case 3750 X can be used).using copper at 10 Gbps the distance is still 100 m?
View 9 Replies
View Related
Jan 10, 2012
My network generally runs older routers (2600 series) with 16 port switch modules (NM-ESW-16). This has always worked great since I can configure the router and the switch ports on the fly, making changes to either as necessary. Well I am upgrading to 2811 routers, and we wanted to get gigabit ethernet ports on our switch modules. I think I made an error when I purchased a few of these switch modules: NME-16ES-1G.
The first problem, is that the switch ports don't even show up on the router config, I have to establish a session into the switch, (And I can't seem to get back to the router unless I manually switch off power and restart). I don't like this type of switch module, it's like I'm running a completely separate device, and while having a layer 3 switch is cool, It doesn't let me setup routing protocols so I don't like doing it this way. I want to go back to using a switch module that simply adds a ton of ports to my router like the NM-ESW-16. (Note: The NM-ESW-16 does actually work in the 2811 and would be perfect if it were Gigabit speed.)
The seconds problem is that the NME-16ES-1G isn't actually a Gigabit switch. It has a single gigabit port, but the 16 ports are all Fastethernet, and not gigabitethernet. So ideally, I am looking for a switch module that I can fully configure from the router interface that has 16 gigabitethernet ports, and works with a 2811. IE I want to do this. [code]
View 4 Replies
View Related
Oct 26, 2011
I am working on a request to clean up alot of excess cabling in one of our IDF's. I noticed that many of the connections have no lights on them and probably haven't been used in a long while. I would like to know if there is a CLI command I can run on the Cisco 3750 switch will allow me to bring up a list of ports which have not seen any activity for a period of time - for example, 30, 60, or 90 days.
View 3 Replies
View Related
Feb 14, 2013
Can i configure access ports into port channel on Nexus 7K switch.If possible then provide the complete configuration.....
View 2 Replies
View Related
Oct 8, 2012
I have 4 cisco 2960 switches to which many users are connected. No vlans are the only default vlan 1 is there. Now I want to make ether channel on switch 1 whcih has 24 fast etherenet ports. Can I make port 1- 8 as one ether channel which are connected to users or i can only make ethere channel of ports that are connectd to other switchs. If I can, how the other switchs will comnicate with the switch ports bundalled in the ether channel in switch 1.
View 6 Replies
View Related
Sep 17, 2012
I have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
View 5 Replies
View Related
Apr 27, 2012
My home network is up to now all hard-wired, nothing shared etc.I just got an ipad though, so do want to have wireless available now. I would like the ipad wireless router to be isolated so that the desktops run no risk from getting a virus via the ipad wireless connection.So, I was going to buy another router - would I be able to plug that into the wired router, and the desktop also plugged into the wired router, would that keep every part of the network isolated from the others?
View 8 Replies
View Related
Jul 1, 2012
Can you configure a Cisco 1941 to use an 8 port EHWic module and the 2 onboard GE ports in a single LAN?
I've discovered you can't have the on GE ports associated with a VLan, and I'm when I've previously researched for a solution, bridging was mentioned but I cannot seem to get it to work (or completely understand it)The reason I would like to use all 10 ports on for the LAN is becuase I have 10 devices I need to connect to the 1941?
View 2 Replies
View Related
Feb 27, 2013
I have two Cisco ASA 5510s that I would like to configure in an active passive failover setup. The ASAs are at the top of our rack and handle all our routing. We have been only using one ASA unit with one line from our ISP connected to the WAN/outside interface of the ASA. We recently had our ISP setup two lines into our rack using HSRP. I do not know what equipment they are running upstream of our ASAs but it is HSRP so it should be a set of Cisco routers/switches. Originally I thought I could just connect the 2nd new line to our 2nd ASAs WAN/outside port and setup failover using a crossover cable between the ASAs. After doing this config I had problems accessing some of our IPs in the subnet that the HSRP is part of. If I disconnected the 2nd ASAs WAN/outside line everything was fine. After talking with my ISP they explained that I need to connect both of my lines into our L2 network and then from there into the ASAs. Currently below the ASAs I have two Catalyst 3560-X switches. They are connected together with an ISL trunk and ASA-1s inside network connects to switch-1 and ASA-2 to switch-2. One idea was to connect each of the HSRP lines to each of my current switches and then from the switches to the ASA's WAN/outside interface. Finally back down from the ASA's to the switches via the inside interface that we have currently. This kind of seems messy and a poor choice. The other idea is to get two switches that would sit above the ASAs and connect the HSRP lines to them with the switches connected together. They would then connect to the ASAs. I like this idea better but I don't like having to buy two more full switches for this. These switches would only use a couple of ports and only handle just the HSRP ISP lines to the ASAs. Putting in two more 3560-Xs would be a big waste of money and space for this. So I was thinking of using two Cisco SG200-08, 8 port gigabit basic managed switches for this.
View 5 Replies
View Related
Sep 3, 2012
How to Enable IP Accounting in Cre switch 4000 Running cat OS and Cisc ASA 5510 (8.2 )
View 1 Replies
View Related
