Cisco Switching/Routing :: ASA And 3750x Switches - How To Get VLans Working
Jan 25, 2012
How to get vlans working properly between sub-interfaces on a ASA and a trunk port on a switch.There seems to be issue with the VLAN's being assigned to the correct VLAN and this information being properly sent to the ASA over the trunk.
We seem to be unable to ping most of the interfaces except for one on the switch. Sometimes if we are lucky we are able to ping a host on a different vlan that is on the switch. This seems sparadic at best.
Logs on the ASA show traffic does not seem to be assigned properly to the correct sub interface. We have access rules on the ASA disallowing traffic not part of the same vlan. For example you will see networkA blocked on networkB when it really should be directed through networkA's sub interface.
Any example commands for the ASA and Switch for at least the basic requirements to enable all the VLAN's to communicate properly with the ASA?
View 5 Replies
ADVERTISEMENT
Dec 11, 2012
We purchased a number of 3750X 48 and 24 port switches for the College Campus. Am finally getting around to getting them inserted on the network. Working with a WS-3750X-48PF-S and a WS-3750X-24P-L. Have them stacked with the 10Gb uplink on the 48 port switch. Have not been having fun.In the boot sequence, the switches recognize they are stacked, but as soon as they finish boot, I get the message on the 48 port switch: “Stack Port 1 Switch 1 has changed to state down.” Then “Stack Port 2 Switch1 has changed to state down.” Am noticing that I have a message preceding that: “Major version mismatch with stack neighbor.”The 48 port is running c3750e-universalk9-mz.150-1.SE3, HBOOT 12.2(53r)SE2.The 24 port is running c3750e-unversalk9-mz.122-55.SE3, HBOOT 12.2(53r)SE2Most of our 3750X and older switches are running 122-55 or 122.58 code. IP base or Universal. There is speculation that the problem is the 24 Port is Lan base, as the part number might indicate. (WS-C3750X-24-P-L.... I think that is the part number) and the 48 is IP base. Both switches are Universal, and my understanding is that they don't care about LAN or IP Base until you enable a function that falls in the IP Base domain. Then I have to call Cisco Licensing.For these switches, LAN Base is fine, based on the boot message, I feel the real problem is 122-55 versus 150-1 in the stack. So.. the question is: Do I downgrade the 48 port to match what we have in our environment, and what is on the 24 port switch. Or... Upgrade the 24 port switch to match the 48 port switch and have an installation that is not consistent with our environment? I do have two more edge closets to install with this purchase of 3750X 48 port switches.
View 2 Replies
View Related
Sep 5, 2012
Is this supported on a 3750X ?? A router has two VRFs and its lan interface is a trunk with 2 VLAN IDs, let say VLAN 10 and VLAN 20. The ip address subnet of these two vlans is the same (therefore , they are in different VRFs)
fa0/1
VLAN 10 = 10.15.4.9 (VRF A)
VLAN 20 = 10.15.4.10 (VRF B)
This router is connected on a 3750X switch. There is a firewall connected to this switch also, which is default gateway for several VLANs including VLAN 10 (10.15.4.1)
The goal is that VRF B ip can talk to 10.15.4.1 and VRF A can talk to 10.15.4.1 but VRF B can't talk to VRF A (10.15.4.9 <-> 10.15.4.10)
FW |--- TRUNK VLANs 1,2,3,4,10 ---------| SWITCH |----- TRUNK VLAN 10,20 -----| ROUTER (vlan 10 = VRF A, vlan 20 = VRF B)
I think this is not supported on the C3750, as my promiscuous port is located on a trunk.
View 1 Replies
View Related
Apr 28, 2012
How can i route internal VLANs on a 3750X , my current network its small ( about 8 -10 subnets) so i dont wnat to add overhead using maybe dynamic protocol , My scenario is my stack of 3750X ( 2 switches) will be my CORE SW, i will have 2 stack more (2960S - 4 switches ) and it will connect to the 3750X with a trunk port etherchannel each link connected to a different switch, ( i was planning to use a L3 routing in the 3750X but not sure how it will works )
My core SW 3750X it will be connect with a firewall for aVPN , by a Layer 3 interface (using a static or dynamic protocol)
View 2 Replies
View Related
Mar 18, 2013
I've got a 3750x stack set up as my core switch (only a small-ish environment) - I'm shortly going to be deploying an enterprise wireless network with Corporate and Guest SSID's. I'm going to be putting all traffic from the Guest SSID in VLAN 244, and don't want it to have access to any of the other VLANs (1 (Legacy Eqpt), 4, 8, 12, 16, 20, 24, 28, 32, 248 & 252).
IP ranges for all the main VLANs are:
1: 10.0.0.x/22
4: 10.0.4.x/22
8: 10.0.8.x/22
12: 10.0.12.x/22
16: 10.0.16.x/22 etc etc (you get the pattern)
I'll probably give Guest traffic (VLAN 248) the IP range 192.168.10.x/22 (not because I NEED that many addresses, but it's easier for everyone to remember/understand if I keep the subnet masks the same all round). However I also have a CCTV VLAN (252) which already has the range 192.168.0.x/24, which some people in other VLANs WILL need access to.
So my question is: What is the syntax for the ACL on my 3750x (IP base - 15.0.2) to prevent traffic from VLAN 244 gaining access to any of my other VLANs. I'm making a broad assumption here that a layer 3 switch is perfectly capable of supporting that function? I need ALL the syntax for setting up ACL's - I've never done it before
My gateway device by the way is 10.0.4.1, and I do have inter-VLAN routing set up on the core switch (obviously).
View 3 Replies
View Related
Jan 24, 2013
I am setting up a vm environment for a customer in my lab off site. I have two stacked 3750-x switches, a san, and threes UCS c220 M3S servers for hosts. I am trying to separate the lan traffic, san iscsi traffic, and san management traffic using vlans. The problem is i'm unable to communicate cross vlan with my current config, which I have attached to this post. The only noteworthy things in my conifg is that the ip route 0.0.0.0 0.0.0.0 192.168.83.6 is referring to a switch stack they have on site, that I will connect this stack to using the first two trunk ports on each switch, that I do not have here in the lab. I don't want to cause any confusion in why I have things set a certain way.
View 1 Replies
View Related
Mar 22, 2012
We have bought four Cisco 3750X-24 Switches with IP Base license for 2 offices (2 switches at each office). The offices are connected with 1 fiber pair and 2 CWDM units. We have 6 CWDM SFP (2x 1470nm, 2x 1490nm and 2x 1510nm). All the switches are up and running with 1 problem: the SFP's in the SFP+ position didn't work.
Only the gigabit port 1/1/1 and 1/1/3 are connected. Gigabit 1/1/2 stay disconnected. I already did some test with other SFP's and labels. Do I need to disable the ten gig ports in the configuration?
View 5 Replies
View Related
Jun 2, 2011
In change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway.Issue is while connecting specific application like team viewer in which application tried to send keepalive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
View 1 Replies
View Related
Sep 9, 2012
We have a 3750X VTP Server and the rest of the switches are clients.
Due to cabling issues, we have a switch (Switch F) that we can't connect directly to the 3750X so we have it connected through another switch. Everything is set to VTP client with the correct domain and password but this not-directly-connected switch isn't receiving any VTP VLANs.
Anything I need to do on Switch D so that Switch F can receive the VTP updates?
View 3 Replies
View Related
Aug 19, 2012
Can I implement MACsec betwen two Cisoc 3750X using the C3KX-NM-1G? 3750x (C3KX-NM-1G) -------------------MMF------------------(C3KX-NM-1G) 3750x.
View 1 Replies
View Related
Nov 12, 2012
In change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway. [code]
Issue is while connecting specific application like team viewer in which application tried to send keep alive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
View 33 Replies
View Related
Dec 27, 2012
I'm trying to get some clarity on power stacking 3750X switches. I have a new stack of 6 switches. I know I can only have 4 in a power stack and all 6 in the data stack with a max of 8. I'm trying to find the proper way to connect the power stack cables for the 4 switch power stack.
View 1 Replies
View Related
Sep 4, 2012
I need to know if is possible to do a LACP using 2 x 10GB between 3750X and 2960S (WS-C2960S-48LPD-L) switches.
View 1 Replies
View Related
Apr 9, 2013
What is the difference between IP Base and Universal for 3750X switches?
View 2 Replies
View Related
Aug 16, 2012
I'm building a wired closet to aggregate user's connections, Im planning to have 5x 3750X stacked switches and there is a need to run EIGRP, I'm thinking to order one switch with IP service image while the rest will run IP base image, is it workable scenario and what are the drawbacks of such combination of images ?
View 5 Replies
View Related
Feb 25, 2013
I have two 3750x stacked switches , both with the latest firmware on them. I enter the configuration onto one switch and it obviously copies over onto the other switch. Although in the configuration I have both a console username and password and an enable password, when I try to log onto the initial switch that I entered the configuration on, I am prompted for a username and password, which works fine, but when I try to enter enable mode i get an error stating that no password has been set. However when logging onto the other switch I am not prompted for a username or password but when I try to enter enable mode I am prompted for a password and can access it with no problems.
View 1 Replies
View Related
Mar 28, 2012
In my office we bought 7 cisco 3750X - 48PS switches. We configured Data Stacking between those switches. We also want to configure Power Stacking between those 7 devices.
I found in the Data Sheet that we can only configure 4 devices in power stacking at a time. If it is like that how to configure the rest of 3 devices. Need configuring power stacking between those devices in a better way..
power stack cable part no we have is
CAB-SPWR-30CM
View 2 Replies
View Related
May 29, 2013
I have a stack of 8 3750x switches connected via Stackwise. In addition, I have these switches configured as two Powerstacks. When I look at the Powerstacks, they are showing as being in power-sharing mode. When I look at the individual switches, they show as standalone. Right now, I have 1 switch in each powerstack that has two power supplies, and then the other three have a single power supply. Below is the output for "Show stack-power detail" as well as the Powerstack configurations.
Power Stack Stack Stack Total Rsvd Alloc Unused Num NumName Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS-------------------- ------ ------- ------ ------ ------ ------ --- ---Powerstack_1 SP-PS Ring 2145 45 570 1530 3 3Powerstack_2 SP-PS Ring 2860 60 760 2040 4 4Powerstack_1-1 SP-PS Stndaln 1430 520 190 720 1 2
Power stack name: Powerstack_1 Stack mode: Power sharing Stack topology: Ring Switch 4: Power budget: 700 Power allocated: 190 Low port priority value: 20 High port
[code].....
View 1 Replies
View Related
May 9, 2013
We have a remote site that is using 3750X switches as layer 2 switches back to our home site. The uplink port is showing dropped packets but the utilization on the link is never about 10%. We have a 100Mb circuit to this site. Our speed tests and iperf tests are not showing any issues that we can see. However the port is still droping packets. It is not dropping at a high rate but they are dropping.
switch#sh platform port-asic stats drop gi1/1/4
Interface Gi1/1/4 TxQueue Drop Statistics Queue 0 Weight 0 Frames 0 Weight 1 Frames 0 Weight 2 Frames 0 Queue 1 Weight 0 Frames 52876 Weight 1 Frames 2 Weight 2 Frames 0 Queue 2 Weight 0 Frames 0 Weight 1 Frames 0 Weight 2 Frames 0 Queue 3 Weight 0 Frames 0 Weight 1 Frames 0 Weight 2 Frames 1330874 Queue 4 Weight 0 Frames 0 Weight 1 Frames 0 Weight 2 Frames 0 Queue 5 Weight 0 Frames 0 Weight 1 Frames 0 Weight 2 Frames 0 Queue 6 Weight 0 Frames 0 Weight 1 Frames 0 Weight 2 Frames 0 Queue 7 Weight 0 Frames 0 Weight 1 Frames 0 Weight 2 Frames 0switch#
Is there a way to capture these dropped packets to see what they are? We do have VOIP phones at the site and are using Qos.
View 5 Replies
View Related
Jul 30, 2011
I'm building a wired closet to aggregate user's connections, Im planning to have 5x 3750X stacked switches and there is a need to run EIGRP, I'm thinking to order one switch with IP service image while the rest will run IP base image, is it workable scenario and what are the drawbacks of such combination of images ?
View 1 Replies
View Related
Jun 7, 2012
I have a bunch of 3750x switches that each have a 10 gig routed link back to a central 4507 (loopback = 172.30.255.255).We carved up a /24 (of course, the /24 doesn't really exist except in our address tracking spreadsheet) into a bunch of /30's for routed WAN links and /32's for loopback addresses.We started on the low end for /30 subnets (ie 172.30.255.0/30, 172.30.255.4/30, etc.).We started at the high end for the /32 loopbacks (ie 172.30.255.255/32, 172.30.255.254/32, etc.)
Well, when I try pinging 172.30.255.255 from the access layer 3750x switches, the 3750x seems to be treating it as a broadcast ping where it lists each member that responds instead of the regular !!!!! response (this makes think something is odd with the 3750x). Of course, only one member responds (the core). But even the core seems to respond with the other end of the /30 instead of the actual /32 loopback (which makes me think something is odd in the core). I could have sworn that I've setup similar topologies without problems (ie, using 10.0.0.0/32, 10.255.255.255/32, etc as loopbacks) and as long as the mask is a /32, it should work.Also, I can ping/ssh to that loopback if my laptop is on a directly connected subnet. But I can't do it from any of the 3750x switches (which are also directly connected).I've double checked for overlapping subnets, but nope. I don't see any. Routing looks fine. The actual /32 is being propagated everywhere properly.
View 3 Replies
View Related
Sep 8, 2012
What are the options avilable to add a cat3560 g switch to a stack of 3750x switches.?is there a connector avilable ?or is it possible to trunk via fiber ? cat 3560 has 4 sfps and 224 10/100/1000 ports with poe. cat 3750 stack has a 10 gb up link . What are the possible options?
View 6 Replies
View Related
Nov 12, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature?
View 1 Replies
View Related
Nov 11, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?
what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature
View 7 Replies
View Related
Jun 3, 2012
We have two Cisco switches with one 3560 and one 3750 we have created a new Vlan 4 with IP 10.1.3.x 255.255.255.0 - no shut then assigne to gi 2/0/46 on the 3560 Vlan 4 ip address 10.1.3.x 255.255.255.0 no shut then assign to FA0/45. All interfaces are up up along with the Vlan up up, we can ping the local IP address bu not able to pint the other switch.
View 2 Replies
View Related
Apr 9, 2013
I am IT teacher at a middle school in Nuremberg, Germany. We have in our school 5 VLANs, 4 Switchtes, 1 L3 switch and 1 router.
2 months ago the old L3 switch (Catalyst 3550-12T) is broken. In the short term I've borrowed a Catalyst 3750G-24, so that the network continues to function. Now a SG 300-10 switch was purchased. This should be configured the same as the 3550-12T or 3750-24G.The network looks like this (there are much more PCS than in this image):
VLAN ID
VLAN Interface
DHCP
DHCP-pool
[Code]....
The DHCP server in VLAN 30 is also a FOG server. The Fog server images all PCs in school. PCs in VLAN 10, 20 and 30 boot from PXE. The MS Server in VLAN 10 has been configured by the DHCP options 66 and 67.
The Catalyst 3750G-24 routes the multicast, but the SG 300-10 I do not have the option of using the commands ip multicast-routing distributedip pim sparse-dense-modeto work and must configure igmp. I'm having problems with the igmp-configuration on the SG 300-10. Therefore, I have uploaded the configuration of the 3750G-24 and the configuration of the SG 300-10 (without ACL).
View 2 Replies
View Related
Sep 25, 2012
I need to apply DHCP snooping on 4500 series switches working as L2 in my Network. We have external DHCL Server in another location connected with 6500 series switch.
Running EIGRP Configured Voice & Data Vlan both
DHCP Server -------- 6509 switch<----------------------------------->6509 Switch -------- 4500 switch ----------------------------------------------------------Ip Phones.
(ving Redundant) (ving Redundant)
I need to know whether the configuration which I mentioned in scenario is enough for apply DHCP snooping in my network.
View 4 Replies
View Related
Jan 20, 2013
I have a SG300-28P that is our Main VLAN Switch. Though the VLANs that I have on it are there mostly because of our Edge Router and our AP541Ns.We have the Following VLANs defined (Subnets Changed to conseal Piblic IPs) [code]
VLAN200 and VLAN201 come into Our Edge Router and out on a Single GE Port via VLAN Tagged to thje SG300.The SG 300 Splits them out to Untagged Ports and they are connected to Two Firewalls, each with a IP in the 200 and 201 Subnets. The AP510 has the VLAN200, VLAN192 and VLA101 tagged Subnets sent to it. The AP521 has three SSID, each associated with a Paticular VLAN.
This all works fine, though there are a few hidden flaws. Since all of the VLANs are present, both Internal and Public IPs, one could craft packets form one network and use the SG300 as its gateway to the other subnet and Gain Access. How can I isolate the Subnets, so that I can still use the SG300 as a Default Gateway for the 10.1.0.0/16 Network Make it so if someone from the 10.1.0.0/16 netwok accesses the 201.201.201.0/24 Subnet it uses the SG300's 0.0.0.0 0.0.0.0 default router (the Firewall IP) and not the VLAN InterfaceIf somone in the 201, 200, 192 Subnets uses the SG300 as a Gateway and tries to access a 10.1.0.0/16 address it gets blocked.
View 1 Replies
View Related
Oct 22, 2011
Prior we only had 62.5u multi mode.I've got 3750x switches and new SM SFP and yellow fiber patch cables. None of my links show connected. No lights and trunk port interfaces show down/down.
Is there a special command you have to do on a port when using SM fiber? Do you think I need cross over fibers?
Also, should I be able to see a laser signal light like MM or is SM a different frequency so it's not as visible as MM?
View 8 Replies
View Related
Oct 22, 2011
I've seen lots of posts from people having problems routing traffic between two vlans with some complicated examples. Any simple step-by-step example for an SG300 switch (in layer 3 mode) to configure two vlans and sending traffic between the two vlans without an external router?
-VLAN1 10.10.10.0
-VLAN2 10.10.20.0
I've tried to do this through the GUI and can't seem to make it work. I'm missing something in the GUI.
View 6 Replies
View Related
Oct 2, 2011
I have recently purchased 2 SG 300 switches, 1 x SG 300 52 & 1 x SG 300 10, and I am hoping getting the following set-up working.To assist I have drawn the following simple network diagram (below) which hopefully makes it a little clearer what I am trying to do:I have 2 companies occupying a single office with the requirement to share printers/devices etc... so basically I am looking to set-up 2 VLANS (say VLAN 10 & VLAN 20) with inter-vlan routing. To add a little complexity the main comms area is located in the basement of the building, this houses the 2 DSL routers and 2 Servers, one for each company. I am proposing putting the SG 300 10 port switch in here and then use the 3 uplinks I have been given to connect back to the SG 300 52 which is in a patch cabinent 2 floors up. I want to use 2 uplinks (in a LAG) for Company A and 1 uplink for Company B. FYI. DHCP is being served out by each respective router.
View 6 Replies
View Related
Apr 8, 2013
I used two sf-300 switch and create 4 vlans and intervlan routing is working fine.
Port 1 - 10 -------------> Vlan 1
Port 2 -20----------------> Vlan 2
Port 3 - 30------------------> Vlan 3
Port 4 - 40--------------------> Vlan 4
giga1 -----------------> connected to router (This router used for intervlan routing).
SF-300 Port 1 is connected to Internet Modem. This modem worked as dhcp server also for vlan 1, my problem is that when vlan 1 is not communicate to vlan2,3,4 and 2,3,4 are not communicating.
How i can communicate vlan 1 to 2,3,4 vlan.
how i can connect the modem in switch? Access port or Trunk port ( Presently available in vlan 1 Access port)Any route i need to make? sf-300 or modem or router?
View 1 Replies
View Related
Jan 17, 2013
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE)
6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt
Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4
For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
View 12 Replies
View Related
