ARP broadcasts not reaching all VLAN ports on 3550
Cisco 3550, interface Vlan9
ip address 1.1.1.1 255.255.255.240 secondary
ip address 3.3.3.3 255.255.255.240
[Code].....
I have a test switch (Cisco 3550) that I want to set up with 6 Vlans and 2 trunk ports. I want to be able to access a virtual server conected to the trunk ports from the switch ports. Ports Fa0/1 to 8 are in a vlan port fa0/9 to 16 another vlan etc. Ports Fa0/47 and 48 are the trunk ports. This is a lab environment so the the switch is the only device being used.
View 4 Replies View RelatedIs there a way to configure a switch (3550, 3560,3750) to disable a switch port if it has not been used for a specified time period such as weeks or months. Say you want the switch to disable switch ports that have been "abandoned".
View 8 Replies View RelatedWhy aren't the fa ports that i assign to a voice vlan showing up when i issue show vlan?
View 2 Replies View RelatedDoes Catalyst 3550 switch support inter vlan routing ?
View 12 Replies View RelatedWe are trying to replace the CSS between our firewall and DMZ with a BigIP. Among it's other functions, it will act as the router between the firewall and the DMZ. To make this work, I need to assign vlan tags values for the vlans I create on the BigIP box and these must match the tags on the cisco switches (3550's) How do I find this information on the switch?
View 2 Replies View RelatedI'm having some problems setting up vlans to talk to each other on a 3550-12T switch. Its quite a simple setup I have, but I need to split my network up.
Currently I have a network of 192.168.25.0 255.255.255.0 I want to create a new vlan network of 192.168.30.0 255.255.255.0 So I have configured my vlan1 (default vlan) to have an ip of 192.168.25.250 for getting to the management page
I have created a vlan2 of 192.168.30.1 255.255.255.0 ?I have a port 10 linked to one of my 3560G's?In port 9 which is on vlan2 I have my pc plugged in with a static ip of 192.168.30.50 from the router I can ping any device on 192.168.25.x.
I can not ping 192.168.30.1 (which is my vlan2) nor can i ping the PC.
I have enabled ip routing But I dont have a default route, this is becase we don't have a router on the network.
I am having trouble after creating a management vlan (99) on a 3550 switch.I have configured the vlan (99) and given it an IP (192.168.1.100) and a default gateway (my router address - 192.168.1.99).I can ping to the switch from a PC and vice versa. The management VLAN IP is fine but now I cannot ping to the router from either the PC or the switch.It seems that just by adding VLAN 99 with it's own IP address has now prevented pings from the switch/ PC to the router ?Due to the fact that I have created a new switch management VLAN with an IP, does this mean I have set up the router as a 'router on a stick' scenario ? [code]
View 4 Replies View RelatedI am attempting to create a mass upgrade server for some of our more standardized equipment since our vender cannot upgrade them pre-shipping for us, we've got to do them on our own. This means using a terribly organized wizard written in what appears to be Java...
I have an aversion to Windows and felt that I could accomplish the same thing using expect scripts and a Gentoo Linux server; now all I need is to set my Cisco 3550 (c3550-ipservicesk9-mz.122-44.SE6.bin) to have each port on it's own VLAN, except for fa0/1 which will be a trunk port to communicate with all ports as well as the server.
I was given a task of creating a vlan and isolating one pc to access an internal website (192.168.90.15) on a specific port (port 8080)The pc is connected in the following manner:
PC--> HP Switch --> Cisco Small Business SG200 switch --> 3550 Catalyst 1, 3550 Catalyst 2 and 3550 Catalyst 3.
I have created a vlan 110 on the Main 3550 Catalyst switch and successfully added the pc to that vlan.However, that PC must be able to access the internet and an internal website on port 8080.I have placed an access-list on the main 3550 catalyst switch which is connected to our router as below:
Client ip address: 192.168.100.2
VLAN 110: 192.168.100.3
access-list 110 permit tcp host 192.168.100.2 host 192.168.90.15 eq 8080access-list 110 permit icmp host 192.168.100.2 anyaccess-list 110 deny ip 192.168.100.0 0.0.0.255 ? I was unable to access the webserver even after many attempts.
New to Cisco and want to know if I can segment a port. I have two v lans. I have one internet connection at the opposite end of the building. Can the port the internet is connected to serve both V lans?
View 6 Replies View RelatedWe are using the SG300 series switches, and have come across an issue where we need to block ARP broadcasts based on IP.
we have multiple computers, each with only one ethernet adapter, each adapter has two IPs configured, 10.10.10.x and 192.168.0.100.All machines have the same 192.168.0.100 address (Used for applications/hardware running locally to that machine and this IP cannot be changed).
When the machines are connected to the network, ARP is advertising BOTH the 10.10.10.x address and the 192.168.0.100 address.
As all machines have the same 192 address we receive IP conflict notifications on each machine.
How can the ARP broadcasts for the 192 address range be blocked?
I have two questions for a Cisco 2960 (WS-C2960-24TC-L)
1. I am working to setup a few Cisco 2960 switches for HP iLO access to our servers. We are going to segregate the iLO network (VLAN 40) from the data network (VLAN 10) by using a different VLAN. All of the HP servers will be configured with static addresses. My question is, how do I set all the ports to VLAN 40 so that untagged devices will automatically go onto VLAN 40? I don't want to have to configure the VLAN on each iLO port on the server. I tried to set the port to: "switchport trunk native vlan 40", but that didn't work.
2. Also, how do you access the web GUI for these switches? I get a login box, but putting in the enable password doesn't work. I have the following commands in the config: [code]
I’m working with a managed switch that has three V LANs setup on it. Recently the domain changed and the wireless V LAN can no longer access the internal website. I found access rules, in the switch that allowed the wireless V LAN to use the DNS server on the private/staff V LAN. Their DHCP scope is on the switch and DNS is set there. The Website is also on the V LAN with the DNS server. This configuration totally cuts out external DNS usage. It stopped working though. It is as if when things switched on the Domain the wireless users were denied DNS requests. The switch was not touched at that time. I’m looking at it though and it seems that I may have conflicting rules.
The version is 12.2. I believe its a Catalyst 2600~
DHCP scopes: ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.6 192.168.1.4 domain-name saline.lib.mi.us
ip dhcp pool WIRELESS
network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 192.168.1.6 192.168.1.4
Here is the V LAN Setup:
Interface Vlan1
ip address 192.168.1.1 255.255.255.0
[code]...
Here are two access lists that should be allowing the traffic from 172.16.0.0 into the list IPs/Ports. These do no work.
ip access-list extended WIRELESS-PRINT
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 30044
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 21326
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 6987
[code]...
During my testing I removed the Deny rule and everything worked. deny ip 172.16.0.0 0.0.0.255 192.168.1.0 0.0.0.255
However, the “ permit ip any any “ rule, makes all the port rules pointless because when this rule is in place solo, I can ping and access everything on the 192.168.1.0 network. Is there a way to deny everything, except what I permit? Because when I remove the ip any any, then they cant even get out. Perhaps there a better way to say, the wireless users can get out but only get into the sub net over specific ports? I have a feeling it may have not be thought out entirely when initially created. However, the big mystery is that it worked before secondary domain controller failed.
CBWFQ kicks in when the interface becomes congested and there is no available space in the queue but I need to find a solution to the scenario below:Im using a Gigabit interface on the 3945 Router that connects to the ISP. The ISP limits bandwidth to 60Mb so I need to make sure when I reach the limit of the 60Mb the router starts using the BW percentages defined in the policy-map using classes. any kind of traffic go out as it wants but as soon as the 60Mb limit is reached, the priorities defined by the traffic classes will kick in just as if the interface ran out of queues (as CBWFQ usually works).
View 7 Replies View RelatedI have 2 3550's connected across a wireless link. [code] However, from Switch A, I cannot reach 10.1.3.9Can this 3550 not route traffic between 2 routed ports?
View 8 Replies View RelatedIs it possible to assign 2 ports to a vlan on this switch and have the 2 machines connected to those ports be able to see each other without having to go off of the switch? If so, how would it need to be setup on the switch?
View 4 Replies View RelatedAt present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.
View 1 Replies View RelatedWe had a core switch (Cisco 4503), distribution switches(Cisco 3750) and access switches in our network and consists of many vlans. Almost all vlans uses DHCP Pools. But for few vlans DHCP is not yet configured due to initial design poblems. Recently one of the rogue user in vlan 1 connected to one of the access switch send rogue arp packets to the network (suspecting arp packet with interface vlan 1 ip of core switch with wrong mac-address (gateway ip of vlan 1)) and resulted in a prolonged network outage for the vlan 1. Any way we are going to seggregate vlan 1 into different vlans, but before that we need a temporary plan to block such kinds of attack like enabling DAI in the switch. I have checked the DAI implemenation feasibility with my knowledge and found that it is not possible to configure to the access switches(Cisco 2960) in which the user directly connected. But found that Distribution switch connected to that particular access switch seems to be able to configure since DAI commands are available to configure in switch.
Is it possible to block ARP packets with the interface vlan 1 IP Address with rogue mac-address by configuring DAI in the above mentioned Distribution switch and the port connected to the mentioned access switch?
I have FWSM v4.0 installed on Cisco 7609 router and when I want to configure FWSM services on it, VLAN traffic is not passing through the FWSM or not Reaching upto fwsm
View 1 Replies View RelatedI have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
I have a collapsed core design with routed ports between all components. Access layer switches, data center switches, core/aggregation. All routed (no spanning-tree at all).Now...I have to add an IBM BladeCenter with a BNT layer 3 switch to my topology. However, those nasties don't seem to support routed ports.How can I have a routed port on my cisco switch and a standard access port on the BNT and still establish an adjacency with an SVI? I am running OSPF, but I am labbing this in my home lab with 2 x 3550s and EIGRP.
On SW2:
*Mar 1 00:57:00.711: EIGRP: Received HELLO on Vlan100 nbr 10.1.1.1
*Mar 1 00:57:00.711: AS 999, Flags 0x0, Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
*Mar 1 00:57:02.303: EIGRP: Sending UPDATE on Vlan100 nbr 10.1.1.1, retry 9, RTO 5000 tid 0
*Mar 1 00:57:02.303: AS 999, Flags 0x1, Seq 17/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
[code].....
Is L3 ip routing on by default in 3550s? If so is the "ip routing" command visible in the config file? If no - I assume that one would enable L3 routing with that config command.In general terms are there any IOS devices where ip routing is enabled and one would not see the "ip routing" command in config. I.E. if that command is not visible in the config could you assume there is no L3 capablity in that device?
View 1 Replies View RelatedThe layer 2 switches are connected to layer 3 Switch via trunks, and routing between layer 2 switch ports with configured SVI's on 3550. All working fine. Now I'm trying to configure routing between 2800 and 3550, I tried connecting both Straight Throught and Crossover cables to the 2800 Fa0/0 and Fa0/1 ports as well as the switchports on 3550
No switchport commands are configured however, the lights do not go on for both straight through or crossover cables. I tried connecting 1750 routers but same result. My goal is to have all the VLANS routed to the internet with configuring NAT translation the router.
I have a 3550 l3 switch configured as follows:
vlan 10 ports 1-10
vlan 21 ports 11-20
vlan 30 port 21-30
vlan 40 ports 31-40
default vlan should be vlan 21
I have the servers, switch and router connected to vlan 21. Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19
[code]
Building configuration...
Current configuration : 4833 bytes
!
version 12.2
no service pad
[code]....
I've been working with these two Cisco devices in my home off and on for several months now but I just can't take it anymore, I'm about to throw them away and go back to Linksys router.
I have a Cisco 2600 Router with only one Ethernet card in it so I have to trunk from my 3550 Switch to that device. I'd like to have my ISP and all users plug into switch and all trunk back to the router's sub interfaces. Currently, I have started over...again, and am unable to simply get the router and switch to ping each other if I put sub-interfaces on the router. See my configs:
2600 ROUTER:
Router#sho run
Building configuration...
Current configuration : 555 bytes
[code]......
3550 SWITCH:
Switch#sho run
Building configuration...
Current configuration : 2302 bytes
!
version 12.2
[code]..........
Port F0/24 is in VLAN 1, as are all ports but Port F0/1 which is my desktop PC. I mocked it up in Packet Tracer and it works just fine. This is just a simple setup and I'm making sure I can ping between switch and router before I move to each next step.
The situation include 2 cisco routers an 2 switch 3550
so we have Router A in Vlan x access ----->Sw1----Trunk----Sw2<------Vlan y Access Router B I 've to enable rip1 on guys A and B ONLY !!! Avoiding any kind of tunnel I though it was all around fallBAck bridging ... but after days of tries ...
We're looking at implementing a new phone system which will use voice over ip. Currently we have a mixture of Cisco 3750 and Cisco 3550 switches which don't support power over ethernet. Its been suggested we could continue using the current switches and power the new phones using power adapters.
Int terms of implementing qos (we don't have any at the moment) for the voice will a Cisco 3550 be OK and will having a mixture of different models using 3550 and 3750 pose any challenges with the qos policy for the voice. I believe there are differences in that the Cisco 3550 doesn't support srr-queues but having little experience with qos I'm not sure what impact this will have if any?
I am having issues working on my QOS between 4510 and 3550 switch connecting on layer 3 through a service provider. I have class maps and policy map setup on both sides and then policy map attached to interfaces however i dont see any traffic matching in policy map on 3550 switch, i do see some traffic matching on 4510 but the speed with which its increasing has my doubts about it. When i make voip calls ( VOIP switches are sitting behind 3550 and are mainly 3550 pwr 24 port switches with phone ports configured for auto qos voip cisco-phone and trusting cos) i rarely see the RTP matching in class under policy map.
View 5 Replies View Relatedim trying to install a ios 12.2v on my switch. when the screen prompt it does not show me the user move symbol " SW1> ". all i see is " SW:" and from there i can not enter the commands to download from tftp server !
View 7 Replies View RelatedI have two 1252s on ports 1 and 2 off a Catalyst 3550. No other device on the switch except the fiber uplink.
Initially 1252 #2 (on port 2) resets for no reason at no specific time. We did not have a problem with 1252 #1.
The show ver on #2 does indicate that equipment resets due to power. I figured the 3550 is having problems powering two 1252s so had this AP on PWRINJ4 (validated its not drawing power via show power inline).
Today, #2 does not reset. However, now #1, which is the only device using inline power is now resetting. Same thing, reset due to power. Same weird behavior, at no particular time.
I've also have "no cdp enable" out off each port as i understand CDP sometime cause device to not boot up (15w versus 15.4w issue).
Both AP btw are Standalone IOS.
I am replacing an old Catalyst 3550 (that has 2 Gig ports) with a 3750 (that has 4)- I used the exact same configuration in the new switch. When I plugged in the new 3750, the trunk ports started blinking from green to amber. I dont know why this is occuring- it SEEMS to be fine, but we havent thrown a whole bunch of traffic over it.
View 4 Replies View RelatedI would like to know how to stack 2 switch cisco 3550 that IOS C3550-ipservicesk9-mz.122-44.SE6
View 3 Replies View Related