Cisco Switching/Routing :: 6509 - 802.1x And Voice VLAN / Enable Dot1x On User's Ports On The Switch
Sep 17, 2012
I have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
View 5 Replies
ADVERTISEMENT
Dec 4, 2011
I'm using CISCO 3524 switch as access switch and trying to enable voice vlan in fast eth ports as below.
L3 vlans are created in core switches which is cisco 6509
vlan 1 - data vlan
vlan 2 - voice vlan
in cisco 3524
[code]....
if i use the above configs, the phone which is connected to interface fa0/1 is not taking ip from dhcp server. even it didn't work with static configs.while troubelshooting, i have configured as below and it's started working..
int fa0/1
switchport acces vlan 2
speed 100
duplex full.
in this case i can't use this port for data connectivity where as it's required for data too.
View 2 Replies
View Related
Nov 14, 2011
Is there away to disable the mulicasting of eigrp and hsrp to the end user ports on a 6509?
View 2 Replies
View Related
Jun 4, 2013
If we configure a Voice and Data VLAn on a switch. And connect EX90 on voice VLAN and PCwith EX90 terminals. Than can we able to share a presentation or data with EX90 or not?
View 3 Replies
View Related
Apr 12, 2012
provide a sample Voice Vlan configuration for the Cisco 2960 POE switch to work with the Non-Cisco IP Phones?
Will these commands work? Vlan 2 is the new voice vlan, Vlan 1 is the data vlan.
mls qos
interface fastethernet 0/1mls qos trust cos switchport nonegotiateswitchport mode trunkswitchport trunk encapsulation dot1qswitchport voice vlan 2priority−queue outspanning-tree portfastspanning−tree bpduguard enable
vlan 2name voice
View 2 Replies
View Related
Mar 16, 2013
I am getting very slow window file transfer speed (4 Mbps per second) between two connecting servers in Cisco 6509 switch. I have connect the two laptops in 6509 switch in same module using the same vlan and try to copy the files from one laptop to another and vice versa and got the same speed on 4 to 5 Mbps per second. Switch utilization is not more than 10% and both the laptops are connected in 1 Gbps full duplex.
I have checked by removing the gateway in both laptop but the output is same.
View 7 Replies
View Related
Sep 13, 2011
Why aren't the fa ports that i assign to a voice vlan showing up when i issue show vlan?
View 2 Replies
View Related
Apr 9, 2012
I have CME on Router 2800 series, and switch 2960 PoE connected to this router.On 2960 switch, there is existing 7945 IP Phone that already work properly and get IP 14.x.x.x from voice vlan 2.
Problem is when I add cisco 6921 IP Phone connect to 2960 switch, it get data vlan 10.x.x.x, not voice Vlan 14.x.x.x I have check CDP and it use CDP v2
Config on 2960:
interface GigabitEthernet1/0/34 <--- this is connected to IP Phone 7945
switchport mode access
switchport voice vlan 2
spanning-tree portfast
[code]....
With same config and condition on port 2960, why the IP Phone 6921 can't get voice vlan 14.x.x.x, whereas IP Phone 7945 can get voice vlan 14.x.x.x
View 2 Replies
View Related
Nov 10, 2012
I have encountered a different issue. When I configure " switchport voice vlan 2" under f0/2 connected to ip phone, it does not have any effect.
Below is my set up:
Sw is cisco cat 3524 XL.
ip phone-------f0/2( vlan1)-----SW----f0/1---trunk------f0/0-CME-router+dhcp
|
f0/3( vlan2)
tftp server ( 201.201.201.3)
switch has two vlans:
vlan1 (data) 200.200.200.0/24
vlan 2 (voice) 201.201.201.0/24
Switch management int vlan 1 : 200.200.200.3
router
f0/0.1 200.200.200.1
f0/0.2 201.201.201.1
The trunk is working correctly. (code)
View 7 Replies
View Related
Nov 9, 2011
i am facing a strange issue on cisco 2950 .IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA9, RELEASE SOFTWARE (fc1) suddenly my phone stopped working for DTMF tone, i mean when i dial a conference bridge lets say 6565 and then it ask for conference bridge code lets say 12345, it doesnt recognize the code and says code is invalid, SIP Proxy is Asterisk in this case.Currently my cisco switch port is configured for dual data + voice vlan, where DTMF dont work, sample config below [code]
View 2 Replies
View Related
May 16, 2013
im working in a new enviroment and want to makes some design changes to the environment. I wanted to bounce my ideas some of you folks to see if my thinking is on the right path or maybe i could do things better.
Setup:
Currently the setup that i manage includes and Sonic Wall (also dishes out dhcp), HP 1810 "Core Switch" and 3 SG 300-28P cisco managed switches. (all cisco switches tie back into the HP) The router is managed by the isp. There is only one vlan with all traffic going across it.
Obviously the glaring issue here is that voice and data all reside on the same vlan. Correct me if i am thinking incorrectly but the first step would be to create a separate vlan for the phones with its own IP scheme. currently phones are issued addresses from the 150-200 range and everything else is left for pc's, printers etc. To my knowledge the HP switch does layer 3 but i do not know much about it. There are vpn tunnels to remote offices that are used for sharepoint, email and to access other services. Trying to wrap my mind around the environment as a whole so i may be missing something obvious i could do design wise to improve.
View 2 Replies
View Related
May 20, 2010
For many years we've had the following vlan and port security config on our 3560s: [code] This has worked great on 12.2(37)SE1, 12.2(40)SE and 12.2(46)SE. However since 12.2(50)SE, and I've tried all the versions since then, we have a problem with 7900 phones and ATA186s taking upwards of 20 minutes before they can get a valid IP number.The problem on the newer IOSes seems to be related to the inactivity aging.On the older IOS versions the mac address of the voice device appears on the voice vlan straight away.
On the newer IOS versions the mac address of the voice device appears on the DATA vlan and seems to be stuck there until the inactivity aging removes it. It then gets re-learned, sometimes on the voice vlan, and sometimes on the data vlan. If you're unlucky and it gets re-learned on the data vlan you've got to wait until the inactivity time ages the address out again. Repeat until the mac address eventually gets learned on the voice vlan. I don't want to be stuck on 12.2(46)SE forever.
View 11 Replies
View Related
May 14, 2012
I am trying to write an extended ACL for the voice vlan.My scenario is the following:I have two PBXs with two Catalyst 4505 L3 switches.The C4505 are connected trough a trunk link.I have a VTP domain configured.
Voice VLANs are Vlan 100 and Vlan 101 with networks 10.2.0.0/16 and 10.4.0.0/16 Voip telephones are communicating between them self and everything is working fine.I want to secure both voice VLANs with an ACL to allow only couple of IPs to administer the phones.The PCs are connected trough a integrated switch via VOIP telephone.Here is the sample configuration of the dhcp pool for the PC VLAN:
ip dhcp pool PCs
network 10.1.0.0 255.255.0.0
default-router 10.1.1.1
dns-server 10.10.10.1
option 43 hex 010a.5369.656d.656e.7300.0000.0204.0000.0064.0000.0000.00ff
I had to implement the 43 hex option because the PCs did not get the ip from the DHCP because of the vendor specific information.The thing that worries me is will the DHCP forward the ACKs for the PCs if I implement this test ACL:
ip access-list extended VLAN100
permit ip 10.2.0.0 0.0.255.255 10.4.0.0 0.0.255.255
permit ip 10.4.0.0 0.0.255.255 10.2.0.0 0.0.255.255
permit ip 192.168.2.0 0.0.0.255 10.2.0.0 0.0.255.255
permit ip 192.168.2.0 0.0.0.255 10.4.0.0 0.0.255.255
permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps (this I am not sure do I need)
permit udp host 255.255.255.255 eq bootps host 0.0.0.0 eq bootpc (also this)
deny ip any any
I only want to allow the network 192.168.2.0/24 and maybe some other hosts to access the web based http gui to adiminister the IP phones.All PCs are connected trough the VOIP terminals. I do not want to deny the traffic to PCs.
View 8 Replies
View Related
Oct 11, 2010
Any way to test in a lab what would happen if a tech mistakingly added "switchport voice vlan XX" to a trunk port? I am try to do some RCA on an issue and this has been identified as a possible cause by one of my techs.
The config is Switch1------Switch2--------Switch3 Each interswitch connection is configured as a dot1q trunk with all vlans allowed. The link between switch2 and 3 is where switchport voice vlan 10 was added. Switch1 is a 3750 and 2/3 are 3560's.
View 8 Replies
View Related
Feb 12, 2013
I am configuring DHCP pool for voice vlan on cisco 2921 router.
Here is the setup.
2921 router -> 3750 -> 2960 PoE -> 7942 IP Phone
Router Config
ip dhcp excluded-address 10.146.54.1 10.146.89.50
!
ip dhcp pool VoiceVlan
network 10.146.54.0 255.255.255.0
subnet prefix-length 24
dns-server 10.144.68.32 10.144.68.33
option 150 ip 10.146.68.36
default-router 10.146.54.1
netbios-name-server 10.144.68.32 10.144.68.33
netbios-node-type h-node
[code]....
View 1 Replies
View Related
Mar 25, 2012
My current production network is setup using VTP in Client mode, and I am looking to enable VTP Transparent so I can enable the extended VLANs. My main question would be, would enabling VTP Transparent on my 6509 affect all of the access switches it is connected to? And if so, would changing all of the access switches to VTP Transparent allow them to regain connectivity quickly with little downtime? Or is there another way that I should be handling this situation to enable the extended VLANs?
View 2 Replies
View Related
May 21, 2013
what the usb ports are used for on the supervisor cards?
I want to back up my file system, can I use a USB stick in the USB port to do this ? or are they for console use ?
View 4 Replies
View Related
Dec 13, 2011
I am hoping you can provide me with some opinions, feedback, thoughts on the following. We have some Cisco 6509 switches in our environment currently hitting around 60% usage on the Router overall statistics.
Now we are looking at implementing an intrusion detection system but by being as least invasive as possible to the network. Our thoughts are to utilize a SPAN port on the switches to send traffic to the NIDS device but we have concerns of the following. The limitations of SPAN sessions on 6509's . The overhead on the switch of turning a SPAN session on and leaving it on permanently.
View 1 Replies
View Related
Sep 8, 2012
I want to give limited access to our first level support so that they can execute certain basic commands like, port vlan change, access port shut/no-shut on Cisco 6509 and 3750E switches IOS based. I want to restrict them to only few options so they can not make changes to uplink (TenGig) ports and can not issue reload command etc. We do not have TACACS. What is the best way to achieve this?
View 2 Replies
View Related
Dec 7, 2011
How do I enable ports 3 and 4 on this supervisor module? I can only get ports 1 and 2 to work by default. I have a standby Supervisor in SSO mode. I'm running IOS 15.0.2SG
View 2 Replies
View Related
Nov 14, 2011
We have Cisco 6509 switch, in which DHCP is enabled and now we have WDS(Windows Deployment server) that needs option 60 to be enabled on DHCP scope for deplyoing OS remotley to PC's. Where to get sample configuration to enable the option 60.
View 1 Replies
View Related
Feb 5, 2013
We backup the running config on the 6509 does it also backup the vlan.dat as well?I tried command dir/all and just dir but did not see the vlan.dat listed
View 6 Replies
View Related
Nov 1, 2011
I have a Cisco 6509 connected (gig3/17) to a Cisco 3560 G switch (Gig 0/28). The 3560 switch Gig 0/26)is connected to a distribution switch on another network. The ip address on my 6500 is 10.120.11.244 255.255.252.0 and the ip address on my 3560 is 10.120.11.211. The ip address given to me by the other network is 10.162.20.10 255.255.255.252. How do I configure the new vlan in this situation and the ip address given to me.
View 4 Replies
View Related
Jan 10, 2013
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
View 4 Replies
View Related
Sep 11, 2012
recently i just connected a non cisco ip phone(from panasonic) to Cisco 2960 POE switch at site A. The PABX system is located at site B,Site A and site B are connected using MetroE Point to point.I would like to apply QoS for voice vlan. I want to assign 2MB to the point to point connection for voice vlan.
View 3 Replies
View Related
May 7, 2013
One of our customer , where there 2 6509 switch , one is Core_sw1 and other is Core_sw2 , catering about 32 Vlan , and HSRP in running for all Vlans , till here no problem , now there internet Router which having one Internet link , which connected and configured on Core_sw1 in a way that one interface of Core_sw1 is given Public IP and there is vlan 85 which internet vlan and vlan 85 ip are natted with that public IP with one simple static route given toward internet router , this is how internet is working ok.
Now i have configured vlan 85 in hsrp as all other are , how can give redundancy to vlan 85 user , that if Core_sw1 get down , internet traffic can get out through Core_sw2.using same internet router with single internet link .i am not talking of ISP redundancy , but Vlan 85 in Core_sw1 goes down , other Core_sw2 will server internet.
View 1 Replies
View Related
Nov 8, 2012
I would like to ask you if it's possibile to block routing between some Vlan for just once of them.
Maybe I can explain better:
I've got a Cisco 6509 with 4 configured vlan interfaces
Int Vlan 10 10.10.1.0/24
Int Vlan 20 10.10.2.0/24
Int Vlan 30 10.10.3.0/24
Int Vlan 40 10.10.4.0/24
Vlan "10" is the phone voip Vlan and it must not talk with the others Vlan. The others Vlan can comunicate normally except with Vlan "10".
Pratically Vlan "10" needs to be isolated from the others.
This equirement comes becouse Vlan 10 is wireless and has the WEP key encryption (very weak protocol). Some Phone couldn't support the WPA2 key and I need to avoid an unauthorized external client, cracking the WEP key and connecting to this WiFi, could have free access to the others Vlan.
View 5 Replies
View Related
Jan 3, 2012
I would like to apply a policy-based route on one of our L3 switches (Cisco 3750) to change the next-hop of a couple of servers only. The VLAN where those servers reside got WCCP enabled on it. When I want to apply the route-policy to that VLAN interface it doesn't let me. When I try to apply the same policy to a VLAN interface without WCCP it does work. Is there any Cisco IOS limitations that would prevent me from doing that?
Configuration:
route policy config:
access-list 70 permit ip host x.x.x.x (server IP)
route-map PBR1 permit 10
[Code].....
View 1 Replies
View Related
Jun 17, 2012
After a abrupt power cylce of 6509 switch, vlan configuration got missing. Switch has not crashed.
View 4 Replies
View Related
Aug 15, 2012
we have an heterogeneous network with Cisco devices (6509-E, 3750G and 3560) and Alcatel 6850 devices. We have to enable a PTP Wifi line as a backup for the fiber line between two buildings. For this purpose, we have connected a wifi device to GigabitEthernet 0/47 of SWIHGJ1 and configured it as: [code]
View 2 Replies
View Related
Apr 2, 2013
We are having Cisco router 1002 ASR and 2841 switch. Some times perticular VLAN user will not be able to access the network but from the same switch others VLAN users can able to access. We were getting ARP entries in router but we cannot ping the IP's. Even we clear the ARP entries. Once we restart the switch users can access the network. We have changed vlan ports, uplink too. but problem not solved. and we observed CPU utilization will be going 70-80% some times and at same time switch hangs.
View 3 Replies
View Related
Mar 10, 2012
We have a pair Cisco 6509 switch in which 2 * 48 Port 1G line cards and 1 * 16 Port 10G line Card, FWSM and Sup 720 are installed.We have Cisco UCS and HP Blade servers.Cisco UCS servers are connected to Cisco 6509 switch using Fabric Interconnect, and HP Servers are directly connected to core switches.Recently the team made many changes in the network. Upgraded the IOS in Cisco 6509 switch, Configured Port profiling , MAC Pinning , HBA Cards to UCS / Nexus 1000V Infrastructure. After this change they lost the connectivity to UCS and HP Serers. Every tower is checking at their end.
The Network Team has reverted back the core switch with old IOS , but still the problem persisit.I could only see the following error log in the core switch. There are two port-channels one between core 1 and core 2. The other is between core switch and FWSM module. [code]
View 2 Replies
View Related
Oct 25, 2011
I need to setup a vlan between the 6509 and 2621 router. This needs to be a VLAN (200) the runs between the devices that uses DOT1Q trunking. The end result is all the networks (vlans) on the 6509 can talk to the LAN on the 2600 (10.133.22.0 / 23) and visa versa.
Device 1
6509 with CatOS / IOS
Config I did on the MSFC:
Interface Vlan 200
ip address 10.10.10.1 255.255.255.248
[code]....
View 13 Replies
View Related
