Cisco Switching/Routing :: ASA 5520 / Can Reserve Some More Bandwidth For One Vlan Than Other Vlans
Jan 23, 2012
Currently, we have a Cisco router (28xx), ASA 5520, and a core switch 4500. We have different vlans. We also have Auto QoS running for our Cisco IP Phones.My manager just asked me to see if I can either reserve some certain bandwidth for one vlan, or give that vlan higher priority on internet traffic than the others.
1.) Anyway we can reserve some more bandwidth for one vlan than other vlans?
2.) If #1 cannot be done, how can we provide higher priority on the internet traffic to one vlan than the others?
3.) Is #1 or #2 the same config? If not, which one would be easier (without changing our current QoS settings)?
4.) If 1 or 2 can be done, which device I should config the settings on?
5.) This question may be duplicate, but do we need to reset our current QoS to achieve the goal?
View 6 Replies
ADVERTISEMENT
Nov 20, 2012
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
View 2 Replies
View Related
Oct 9, 2012
This is existing network diagram and find attached file for configuration of Router and L3 Switch:ISP provided 6 Mbps internet access link with ethernet Handoff which is terminated over Cisco 1841.ISP also provided pool of 30 Public ip's 125.63.74.33 /27 , range from 125.63.74.34 to 125.63.74.62.In my current setup, all Inside to ouside traffic going out through 125.63.74.34 public ip because this public-ip NAT overload with Router F0/1 interface.
1) I want to divide 6 Mbps link physically into three parts 2Mbps, 2Mbps, 2Mbps for three VLANs.
2) I want to also configure each vlan IN/OUT traffic with different Public ip. is it possible or not ?
Vlan2 = 172.25.162.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.40
Vlan3 = 172.25.163.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.41
Vlan4 = 172.25 164.0 /24 => Inside to outside / Outside to inside traffic through 125.63.74.42
How can i configure above desired setup with CBWFQ
View 23 Replies
View Related
Mar 31, 2011
I have a Cisco 877 on an ADSL connection. QoS isn't doing the trick -- I need to reserve 200 meg or so of my outbound (upstream) bandwidth for VoIP to end complaints about voice quality. Any example of how to classify SIP, RTP, IAX, and Skype traffic and put a rate limit on anything that doesn't fall into that category? The VoIP phones also are in their own IP range on the LAN side if that would make things easier...or I could even connect them into a specific port on the internal switch in the router.
View 9 Replies
View Related
Apr 29, 2012
I have a Cisco 3560X 48 port Ip base switch with v lan configured and ip routing. Ports 1 and 2 are in ether channel and routed ports to ASA and have their own network of 192.168.22.49/30. The ASA is configured with the same config for ports 1 and 2. The channel group ip address on the 3560X is 192.168.22.49/30 while the other end of the up link is the ASA and its configured with .50/30.
I have 6 v lans plus the one native v lan. They are all configured with ip addresses. Each V lan should be able to talk to one another other than DMZ v lan which is trunk and routed directly in the ASA. On the switch I can ping the IP address on the ASAs up link .50/30 but I cannot ping the ASA from any host on any of the V lans. My switch config file is posted below. The ASA seems to be able to ping any host in the VL ANS due to static routes that are in place. Why I'm not able to communicate to other v lans or even ping the ASA?
Config for 3560X
L3Switch#sh run
Building configuration...
Current configuration : 8056 bytes
! Last configuration change at 00:45:43 UTC Mon Mar 8 1993
version 15.0
no service pad
[code]....
View 2 Replies
View Related
Mar 18, 2013
I've got a 3750x stack set up as my core switch (only a small-ish environment) - I'm shortly going to be deploying an enterprise wireless network with Corporate and Guest SSID's. I'm going to be putting all traffic from the Guest SSID in VLAN 244, and don't want it to have access to any of the other VLANs (1 (Legacy Eqpt), 4, 8, 12, 16, 20, 24, 28, 32, 248 & 252).
IP ranges for all the main VLANs are:
1: 10.0.0.x/22
4: 10.0.4.x/22
8: 10.0.8.x/22
12: 10.0.12.x/22
16: 10.0.16.x/22 etc etc (you get the pattern)
I'll probably give Guest traffic (VLAN 248) the IP range 192.168.10.x/22 (not because I NEED that many addresses, but it's easier for everyone to remember/understand if I keep the subnet masks the same all round). However I also have a CCTV VLAN (252) which already has the range 192.168.0.x/24, which some people in other VLANs WILL need access to.
So my question is: What is the syntax for the ACL on my 3750x (IP base - 15.0.2) to prevent traffic from VLAN 244 gaining access to any of my other VLANs. I'm making a broad assumption here that a layer 3 switch is perfectly capable of supporting that function? I need ALL the syntax for setting up ACL's - I've never done it before
My gateway device by the way is 10.0.4.1, and I do have inter-VLAN routing set up on the core switch (obviously).
View 3 Replies
View Related
May 22, 2012
I have a LAN with 6 vlans and a 2821 router. By default, intervlan routing is enabled for all vlans, however, I want specific vlans to be denied access to others, though all should still be able to use the Internet being served from GE/0.
View 6 Replies
View Related
Oct 20, 2012
i have a small network with Polycom phones connected to the sf300 switch and have the pc's daisy chained via the second switch port on each phone. i have the pc traffic running on the default vlan 1 and the voice traffic running on the voice vlan 100. can i do bandwidth management on a vlan/port basis or is that not necessary. i want to ensure that the voice traffic is never impacted by the pc traffic on the same cable.
View 2 Replies
View Related
Jan 17, 2012
I have a 2900 router at branch office. This router has a 4 port switch card and two gigabyte ports. The gigabyte port is use for wan connection and the 4 port switch card is use for lan connection. I have two separate networks on my lan side. (network 1 and network 2)
I have assigned port 0,1 of the switch card to vlan1 for network 1 Ports 2,3 of the switch card is assigned vlan 20 for network 2
My problem is I would like to applied a bandwidth restriction for all data coming out from vlan20 capping same to 384 kb.
Note I do not want use QOS because this will only kickin when saturation occurs,
View 8 Replies
View Related
Feb 12, 2012
I have a Cisco SG200 26 Port Switch, 2 Cisco WAP4410N Access points, and a VLAN aware Router. I have created 4 VLAN's. For the sake of this conversation lets call them.
98 - Intel Vpro
99 - Management
100 - General
101 - Guest
The Access points are capable of doing V LAN tagging so I plan on having them tag a guest network as V LAN 101. That can get sent to the V LAN aware router and out. No problem. I have some devices, or management pages that I don't want accessible from the general network. (Intel V pro KVM, Remote Management Cards, AP Config Menus, Switch config menu...) . I need to be able to take a V LAN unaware device, plug it into port 1, and have it communicate with V LAN 98, 99 and 100.
View 1 Replies
View Related
Oct 2, 2012
I know that the 6500 with a Sup 720 reserves power for a redundant 720. If there is no plan to install that redundant Sup, is there a means of releasing that reserved power? I know that one approach would be to insert a card into that slot to cut the reserve down, but I need to reclaim all of that power.
View 10 Replies
View Related
Jul 7, 2012
How to configure traffic flow between computers inside VLANs and a routed port? Here is the setup details:
1. Switch 3750-X
2. VLAN 100 - ( SVI IP address 192.168.100.1 /24)
3. VLAN 200 - ( SVI IP address 192.168.200.1 /24)
4. routed port gi1/0/48 (IP address 192.168.150.1 /24). Note: this port is directly connected to a firewall ASA 5520 port IP 192.168.150.100 /24
Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port gi1/0/48 from any computer connected in the VLAN 100 or 200. For example computer with IP 192.168.100.25 can ping the routed port 192.168.150.1. Switch can ping firewall port 192.168.150.100 and the 'sh ip route' command shows the network 192.168.150.0 /24 as directly connected network.
any computer in the two VLANs CANNOT ping firewall ASA port 192.168.150.100 Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.The goal is I am trying to set the ASA port as an internet gateway for VLANs.
View 4 Replies
View Related
Mar 28, 2013
I am working for a large campus network. The network has more than 70 VLANS in a Layer 3 Switch(Catalyst 4503). Customer wants to stop intervlan routing between all vlans except 2 vlans. How will i do that? I have also a Firewall (ASA 5520) & a Router (2811) in up of the switch. Besides this, I have run HSRP in Layer 3 Switches for redundancy.how will i stop intervlan routing between VLANS except 2, with ACL or any other process has?
View 10 Replies
View Related
May 30, 2012
I have an ASA that houses 11 VLANs, and I am trying to add a 12th.One of the VLANs is for PCs that have internet only access.The new VLAN will be similar, but for multifunction printers only.VLAN 99 is for internet only and works fine, I can ping the gateway of 10.99.3.33 from any PC in that VLAN.I am creating VLAN 98, modeling it after VLAN 99, and I cannot get a PC in the vlan to ping the gateway of10.98.3.17.Both switch and ASA show the new VLAN 98 as UP, switchport is UP/UP.I have deleted and recreated VLAN 98 a few times, but I cannot get a PC VLAN 98 connectivity.Once it is working on the core switch, I will add it to the trunk to the IDS switches. VTP is not in use, everything is manual. [code]
View 4 Replies
View Related
May 27, 2013
I have a multiple Offices in my location , all my external users are connecting my site using Cisco Client to site VPN and accessing my 2 sites , All users are able to access my 2nd office servers which are in 10.10.0.x pool , I have a different vlan in that same location with 10.10.35.x series and users are not able to access this pool servers , I am not much familiar with Routing . i am using ASA 5520 firewall .
View 11 Replies
View Related
Sep 29, 2011
I have no router inplace that can do trunking (5505 basic license )I have 2 VLANS 10 Data 20 voice I have given both VALNs IPs lets say
-VLAN10 192.168.1.1
-VLAN20 192.168.2.1
Enabled IP routing and set the router as the gateway of last resort.Now becuase the L3 switchis doing the routing I have had to set the default gateway as the VLAN IPs. So PCs on VLAN10 get a gateway of 192.168.1.1 and phones on VLAN20 get a gateway of 192.168.2.1
Any real downside to having the 3560 doing the VLAN routing, is this the "correct "way to do things in the event I don't have a trunkable router?
View 8 Replies
View Related
Oct 2, 2011
I have recently purchased 2 SG 300 switches, 1 x SG 300 52 & 1 x SG 300 10, and I am hoping getting the following set-up working.To assist I have drawn the following simple network diagram (below) which hopefully makes it a little clearer what I am trying to do:I have 2 companies occupying a single office with the requirement to share printers/devices etc... so basically I am looking to set-up 2 VLANS (say VLAN 10 & VLAN 20) with inter-vlan routing. To add a little complexity the main comms area is located in the basement of the building, this houses the 2 DSL routers and 2 Servers, one for each company. I am proposing putting the SG 300 10 port switch in here and then use the 3 uplinks I have been given to connect back to the SG 300 52 which is in a patch cabinent 2 floors up. I want to use 2 uplinks (in a LAG) for Company A and 1 uplink for Company B. FYI. DHCP is being served out by each respective router.
View 6 Replies
View Related
Apr 8, 2013
I used two sf-300 switch and create 4 vlans and intervlan routing is working fine.
Port 1 - 10 -------------> Vlan 1
Port 2 -20----------------> Vlan 2
Port 3 - 30------------------> Vlan 3
Port 4 - 40--------------------> Vlan 4
giga1 -----------------> connected to router (This router used for intervlan routing).
SF-300 Port 1 is connected to Internet Modem. This modem worked as dhcp server also for vlan 1, my problem is that when vlan 1 is not communicate to vlan2,3,4 and 2,3,4 are not communicating.
How i can communicate vlan 1 to 2,3,4 vlan.
how i can connect the modem in switch? Access port or Trunk port ( Presently available in vlan 1 Access port)Any route i need to make? sf-300 or modem or router?
View 1 Replies
View Related
Sep 21, 2012
Before going further let me tell you I hate QoS..the policies that I applied. I am trying to create reserve traffic for a CE but when I try to download or upload the traffic goes from 2MB which is where it should stay to up to 6MB?completly losted, I will not move to ccnp sp like this.
View 2 Replies
View Related
Jan 23, 2013
I've been given the task to clean-up our network config, and have walked into a disaster zone.We have a 4510R on site with everyone using the default VLAN, VLAN 1.I have created 4 new VLANS, VLAN100, VLAN150, VLAN200, VLAN250 I have assigned interface addresses to each VLAN and configured Inter VLAN routing.I can route to and from each new vlan with no problem, i.e VLAN250>VLAN100 VlAN100>VLAN200 etc but I can't route to VLAN 1(Default VLAN) from any of them, I can ping the interface on VLAN 1 from any VLAN , but any hosts are unreachable. On the flip side , from VLAN 1 I can route to all of the VLANS.
View 3 Replies
View Related
Jul 31, 2011
We use Cisco Any connect with a Cisco ASA 5520 firewall. Today I changed the inside interface of the firewall's IP because i needed to do some inter vlan routing and needed to move the inside interface from the lan vlan to a routed port on our 3750.
Now people can vpn and authenticate to the MS radius inside but cannot access any network resources nor ping anything inside.
View 1 Replies
View Related
Jul 26, 2010
I am a complete novice at networking, but I was tasked to have an ASA 5520 do inter VLAN routing (since my shop doesn't have a layer 3 router).As a basic setup, I am trying to have three workstations on three different VLANs communicate with each other. The attached screenshot shows the topology. I am unable to ping from a PC to the ASA...therefore I can't ping to other VLANs.
ROUTER CONFIG:
ciscoasa#ciscoasa# show run: Saved:ASA Version 8.3(1)!hostname ciscoasadomain-name nullenable password ###### encryptedpasswd ###### encryptednamesdns-guard!interface GigabitEthernet0/0no nameifno security-levelno ip address!interface GigabitEthernet0/1no nameifsecurity-level 100ip address 10.10.1.1 255.255.255.0!interface GigabitEthernet0/1.10vlan 10nameif vlan10security-level 100ip address 10.10.10.1 255.255.255.0!interface GigabitEthernet0/1.20vlan 20nameif vlan20security-level 100ip address 10.10.20.1 255.255.255.0!interface GigabitEthernet0/1.30vlan 30nameif vlan30security-level 100ip address 10.10.30.1 255.255.255.0!interface GigabitEthernet0/2shutdownno nameifno security-levelno ip address!interface
[code]....
View 30 Replies
View Related
Nov 24, 2011
I have ASA 5520 and SSM-10 module. During copy between vlans, connected to gigabit port of asa the speed is up to 6,5 Mbyte/sec. Network cards and trunked switch are gigabit. I've temporarily disabled SSM but it didn't work. Here is my config. Also I found out, that putting SSM into bypass mode solves the problem. But I don't send any traffic to IPS. [code]
View 2 Replies
View Related
Jan 10, 2012
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies
View Related
Jan 10, 2013
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
View 4 Replies
View Related
Mar 31, 2013
i need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
View 4 Replies
View Related
Sep 16, 2012
I have a 3750G switch in my production network that only has VLAN 1 on it. All ports are in a default state and VLAN 1 is disabled. The switch is passing traffic but shouldn't having the default VLAN shut down cause the ports not to pass traffic? If I start to create VLANs will that cause the switch to stop passing traffic?
View 4 Replies
View Related
Jun 13, 2011
I am trying to setup a L2tpv3 VLAN-to-VLAN tunnel.My setup has two Cisco 890 router with Cisco IOS Software version 15.0(1) M4. These routers are connected directly on FastEthernet port 8.
One linux machine is connected on FastEthernet port 0 on each router. The two linux machines are on same vlan. I am trying to establish a vlan-to-vlan tunnel between the routers and send traffic between the linux machines.
I followed the case study 11.4 from [URL] and configured the l2tp-class and pseudowire-class. However, the vlan interface configuration is different on 890 router.
I configured a vlan interface as follows.
(config)#vlan 200
(config)# interface FastEthernet 0
#shutdown
#switchport access vlan 200
(config)# interface vlan 200
I don't see the 'xconnect' command in this context. What's wrong with my configuration?
View 3 Replies
View Related
May 1, 2012
I have a cisco Swtich SGH 300-20 Gigabit switch i configure 2 vlan one is default and one is vlan 10
Vlan 1 ip range 172.16.0.0/23
Vlan 10 ip range 172.16.2.0/24
Client on Vlan getting Proper IP from DHCP Server all i need is to distribute internet bandwidth we have 6/3 mb and i want to give 4/2 mb to vlan 1 and 2/1 mb to Vlan 10
Int Gi16 on switch is configured as trunk port and is connected to cisco 2811 router
what are the command used to distribute bandwidth between these 2 vlans
View 3 Replies
View Related
Jul 4, 2012
upgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies
View Related
Jan 23, 2013
I have the following config using a Cisco 1921. I am trying to get devices on the the native VLAN to get internet access via the gateway x.x.x.73.Any thing being routed from the other Vlans 15/20/30 can get access, but nothing from an internal IP address. Is there something I am missing.
The Xs replace the same 3 octets for each interface.I am trying to route from VLANs 15/20/30 to see VLAN 5. I have tried a few things, in terms of adding extra ip routes, but can't get anything to work. Each of those Vlans have another router on the other side of them, which I have also tried adding ip routes too, but nothing. One of the routers (Vlan15 is a Draytek 2830). [code]
View 5 Replies
View Related
Mar 27, 2012
I have purchased these two switches from ebay as a test lab, I plan to connect them up via a gigastack modulecable and enable ip routing on the c3550 and vlans to talk to each other.
I'm very much a procurve person and really need to get into the cisco switching.I will want to trunklacp between the switches - whats the process is setting that up on cisco switches?
View 1 Replies
View Related
Feb 19, 2012
I have a 3560E with 2 vlans that I want to route between. one device with 2 vlans and route between.Interfaces are configured as such:
int g0/11
switchport mode access
switchport access vlan 10
int g0/12
switchport mode access
switchport access vlan 11
[code]...
Laptops on each port with 10.10.10.2 and 10.10.11.2 configured on them. I can ping from 10.10.10.2 to 10.10.11.1, but not to 10.10.11.2.What do I have to configure to be able to get the 2 laptops to talk to each other?
View 9 Replies
View Related
