Cisco Switching/Routing :: 6509 - Client Mode / Enable VTP Transparent?
Mar 25, 2012
My current production network is setup using VTP in Client mode, and I am looking to enable VTP Transparent so I can enable the extended VLANs. My main question would be, would enabling VTP Transparent on my 6509 affect all of the access switches it is connected to? And if so, would changing all of the access switches to VTP Transparent allow them to regain connectivity quickly with little downtime? Or is there another way that I should be handling this situation to enable the extended VLANs?
View 2 Replies
ADVERTISEMENT
Jan 14, 2013
I'm working at a company that has several 6509 switches running CatOS. They have two of the 6509's running in vtp server mode and the rest as clients. I set up a new vlan from one of the vtp servers and it propagated out. The problem comes when I try to assign a port on one of the vtp clients to this new vlan. It gives me an error that the switch must be in vtp server mode to add/delete vlans. I'm not trying to add/or delete a vlan just trying to add a port into an existing vlan. I'm hesitant to put the switch in vtp server mode. Is this a CatOS thing or is there a specific command to accomplish this?
View 5 Replies
View Related
Feb 29, 2012
After changing the VTP mode to from client to transparent, I noticed the output of 'show run' now displays the vlans. I don't have any spare 2970s to check this with at the moment. Output of 'show run' looks like this now with vlans info, this was not shown before changing the VTP mode.
vlan 2
name 16.6.16.0/27
!
[Code]......
View 3 Replies
View Related
Nov 22, 2011
On a low-end switch like a 2960 the maximum VLANs is 255, as shown in the output of VTP status:
Maximum VLANs supported locally : 255
Number of existing VLANs : 245
When the VTP mode is changed to transparent, VLANs from the extended range can be added without increasing the number of existing VLANs - e.g. if I create VLANs 3000 - 4000 the number of existing VLANs is still listed as 245.
If MST is used to cut down on the number of spanning-tree instances - and assuming propagation of VLAN configuration via VTP is not required - is there any downside to using transparent-mode VTP to increase the number of available VLANs? It does feel like I'm cheating the maximum listed in the datasheet.
View 4 Replies
View Related
May 1, 2013
We are moving a small network of 3560 and 3750X switches from VTP Server and Client to VTP Transparent. I noticed the vlan database is stored differently depending on the VTP mode.
Is there any chance of losing vlan database on a given switch when moving from Server or Client to Transparent?
View 11 Replies
View Related
Apr 26, 2011
I do have the below setup,,
1. I have 6509 switch
2. I have 2 WLC configured in Active/Active mode connected in Trunk mode (L2 Port-Channel) connected with 6509 switch
3. On switch side i have configured the port as Trunk
4. L3 SVI for wireless users are created in 6509 switch (attached the diagram).
I would like to introduce a Cisco ASA 5520 firewall with AIp-SSM module so that all wirelees traffic can be inspected.
The issue is: Without changing any configuration in the network (switch & WLC) is it possible to introduce the firewall?
View 2 Replies
View Related
Jan 14, 2012
On my 2650 Router it just has only Telnet password.It has no enable mode password set.After reboot it is goes to prompt mode BB.I am unable to go to enable mode .how can i go back to enable mode on this router?
View 13 Replies
View Related
Oct 31, 2012
My engineer onsite can't get into enable mode on his 2911 router. I've seen this before but I can't find out how I fixed it.
He gets an error saying : no password set
Here is the config:
Router#sh run
Building configuration...
Current configuration : 1784 bytes
!
[Code]....
View 3 Replies
View Related
Sep 17, 2012
I have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
View 5 Replies
View Related
Dec 16, 2012
I have 6509 E. Actually what happen it last 3-4 times it reload its self and got stuck in rommon mode, i tried to boot it with boot by connecting a console cable on supervisor 720 2b. What and where is problem and why is stuck in rommon after reload.
View 11 Replies
View Related
Feb 26, 2012
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
View 3 Replies
View Related
May 10, 2012
I have 2691 router with following config
line console 0
login local
password xty
When i remove the login local from the line console i connect to console port and press enter it shows router prompt 2691Router> but i am unable to go to enable mode.If i telnet to router then i put username and pw then it goes straight to enable mode.
vty config is
line vty 0 4
exec-timeout 600 0
logging synchronous
login local
length 500
transport input telnet ssh
escape-character 3
Any reasons why i can not go to enable mode by console?
View 3 Replies
View Related
Nov 28, 2012
We have a cisco catalyst 6509 with Supervisor Engine . After power outage, the switch always start in Rommon mode. Configuration register is 0X2102, we want to it always start in normal mode. What should i do?
View 3 Replies
View Related
Jun 11, 2012
We are facing to an annoying issue. We have a 6509 running in Catos 8.3(4) with WS-X6548-GE-TX, WS-X6348-RJ-45 and WS-X6148-RJ-45. When we configure the mode in auto negotiation, it comes up in half duplex. We need to configure the speed mode at 100Mbit/Full to make it work. But if the chassis or port restarts (not the server), the link becomes half duplex. This happens only on module in Gigabyte like WS-X6548-GE-TX.
Cable have been replaced but does not work. It is not happened on another chassis running on IOS 12.2(18)SXF17b with WS-X6548-GE-TX.
View 4 Replies
View Related
Oct 26, 2011
I'm having a problem with some new gear and can't seem to figure it out. I have a 3750X-48P-S with a C3KX-10G-NM using SFP-10G-LR transceivers and I'm trying to trunk that with a 6509 that has a X2-10G-LR transceiver over single mode fiber. This is not working. Cisco TAC says the SFP+'s that we just got brand new are both bad and we need to order new ones. I find that hard to believe but who knows.
The switch recognized the module and I tested all 4 ports in gigabit mode using GLC-SX-MM transceivers, all worked great. I have the SFP+'s in tengig1/1/1 and 1/1/2 as they should be. There are no other SFP's in the module either.
When I do a sho int tengig1/1/1 and 1/1/2 the media type doesn't show the transceiver that is installed like it does for the GLC-SX-MM ones. Maybe it's not supposed to or maybe it just doesn't recognize them and it's a hardware issue.
View 5 Replies
View Related
Oct 23, 2011
What is PIM? give me an example when I will use and not use the PIM command.
View 4 Replies
View Related
Jun 29, 2011
I am trying to get an ASA5510 working in transparent mode, multi-context. I am on revision 8.2.5, so there are no bridge groups (those are enabled in 8.4). I first set it to transparent mode, then set it to multi-context mode. I am doing trunking through the Ethernet0/0 to Ethernet0/1, and have two vlans on subinterfaces of each interface. These interfaces are in the 2nd and 3rd contexts, and all trunking between vlans is working correctly in transparent mode.
But I can't telnet or ssh to the ASA itself.
I have an IP address on the inside vlan interface in each context, and can ping tthe IP in context 2 and context 3. There is an IP also in the admin context, but I am unable to ping this. I have tried putting it in the same vlan as the 2nd context, and putting it on the management interface, but since there is a global IP only in transparent mode, I don't think the management interface is used (even though it is in the admin contexts included interfaces).
Since I can't connect to the ASA, I can't easily get the running config to post it here, even though that would likely
To summarize:
- transparent mode
- multi-context
- trunking (dot1q) through Eth0/0 and Eth0/1, so each interface has four sub-interfaces, each in its own vlan
- these VLANs are in each of the contexts except the admin context
- the IP of each conext is able to be pinged, but can't telnet or ssh to it
- telnet and ssh are setup for allowing a /16 subnet range access, in each context
- access-list is setup for permit ip any any and permit icmp any any on the inside and outside interface of each context
- all thru-traffic is passing correctly, but can't manage the ASA other than sitting at the console of it
What I'm going to try now is putting the admin context into one of the vlans in the trunk and see if I can use it that way.
View 6 Replies
View Related
Dec 19, 2012
I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.
View 5 Replies
View Related
Feb 20, 2013
Is it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using. The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?
View 1 Replies
View Related
Sep 15, 2012
I just have 1 question. I am going to be getting U Verse installed at my house and have been having a hard time finding this in the documentation. The modem I am going to be getting is the 3800HGV-B. Over on the ATT forum users are stating that the modem needs every MAC of every potential IP. I thought about using it's DMZ Plus mode but I am getting a block of 8 IP's and it doesn't seem to play nice unless it see's 5 different MAC's. Right now I have my 5505 in routed mode so I don't believe it passes the MAC of the client's through. Will the ASA pass the MAC of the client's through to the modem with the appropriate ACL's applied?
View 2 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Feb 4, 2012
Recently i have configured ASA5550 with 2 Contexts in Transparent mode. Traffic can pass through a single Firewall context but through both contexts it couldn't.
View 0 Replies
View Related
Jun 26, 2012
have a Cisco ASA that I am trying to configure in a unique way, I want it to perform a variety of tasks;
VPN SSL
VPN Tunnels
Firewall Inside to Outside via versa
But the difficult task, is creating a DMZ with devices that are assigned fully routed IP addresses from our ISP directly, these are H323 and SIP devices that cannot use NAT, and must have a fully routed IP address assigned to them.
Obviously the problem I have with the Firewall in its default routed mode, is that it wont allow me to overlap IP addresses on the outside interface with the DMZ interface.
Could the Firewall be configured for Transparent mode between Outside and DMZ, but Routed mode between Outside and Inside?
Eth0/0: 10.0.0./24 (inside)
Eth0/1: 190.0.0.0/24 (dmz)
Eth0/2: 190.0.0.0/24 (outside)
[Code]....
But could the new Cisco ASA with the latest firmware and model be ale to do this with 1 physical firewall?
View 5 Replies
View Related
Sep 19, 2012
Recently, I unable to configure the failover on bridge group in transparent mode . I have five interfaces .out of this only 3 is showing in the show run config . Whether I can config failover on on of the data interfaces.
I have the ASA 5520 with the version ASA Version 7.2(4) <context>
View 3 Replies
View Related
Dec 5, 2011
i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :
int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
http server enable
http 172.17.104.0 255.255.255.0 inside
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction
View 2 Replies
View Related
Oct 23, 2011
I've setup my Cisco ASA 5505 in transparent mode. I have a Cisco 1841 connecting to the ISP (DHCP client) and F0/0 for inside. The 1841 is the DHCP server. I have my ASA 5505 behind the 1841 in transparent mode (Vlan 1 for Outside and Vlan 1 for inside). The router config is good as when you connect a computer straight to the inside interface I get DHCP and can go to internet, no problems what so ever. But When you're trying to go through ASA isn't not working. if I add a ip any any statement to the access list it will work but having an "ip any any" in a access list is like having no firewall at all.
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(4)
!
firewall transparent
hostname ciscoasa
enable password zmQ6OnxvsOOEDNAy encrypted
[code]....
View 4 Replies
View Related
Feb 19, 2013
I have a cisco ASA5505 configured in transparent mode. This evening we attempted to plug a couple of new servers in but they simply didnt work, despite our test server working absolutely fine. The server IP's are all in a network object group (the same as the test server) and they're all using the same ACLs etc. I'm relatively new to configuring cisco equipment.
the only thing I can think of is a static route I had to add to get the managemet IP to work might be causing problems.route outside 0.0.0.0 0.0.0.0 XX.XXX.132.1 1(IP addresses obfuscated- servers are all in the same range so assume XX.XXX is the same across all IP's).
View 7 Replies
View Related
Jan 1, 2013
I'm supposed to configure this 1721 for bridged mode, taking a Level 3 T1 into the serial 0 side and passing it out the f/e 0 side. So, basically that's a T1 to ethernet conversion. I guess this customer is buying a T1 from us but they have to use a different make/model router due to the large hospital requiring that of doctors offices.Encapsulation from Level 3 is ppp static ip address, no password or anything like that.
View 3 Replies
View Related
Mar 3, 2013
I understand that in transparent mode an ASA5510 would only be able to have two interfaces, inside and outside. My question is could one of those logical interfaces be an LACP'd interface, made up of two physical interfaces. Topology below. I understand that the router and ASA5510 are SPOF here, so it is a bit of a moot point, but we're connecting already existing infrastructures together!
|-------–---| |---------|
| Switch 1 |------| |
|-----------| | ASA5510 | |----------|
| | | (transp |---------| Router |
|-------–---| | mode) | |----------|
| Switch 2 |------| |
|-----------| |---------|
View 4 Replies
View Related
Oct 9, 2012
I have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router. I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA. The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic. Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA
ISP-------->ASA-------->Router
Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other. Will this work?
View 4 Replies
View Related
Jul 30, 2012
On the ASA running the 8.4.4.1 code in transparent mode. Can I create sub interfaces in different vlans and attach them to different BVI groups?
switch---trunk---ASA---Trunk---switch
Gig0/1.1 vlan 100 bridge-gr1 Gig0/2.1 vlan 101 bridge-gr1
Gig0/1.2 vlan 200 bridge-gr2 Gig0/2.2 vlan 201 bridge-gr2
View 6 Replies
View Related
Jan 28, 2012
We have a few stacked 3750 switches with vtp transparent configured...some plugged in a fiber from another network into our stacked switches...that network/switch has vtp server configured...once that switch connected to our stack of switches, it turned that stack switch into vtp server...causing the previous vlans configured to erase thus causing management issues with the stacked switches..
View 4 Replies
View Related