I have 2 ASA5510's acting as routers/firewalls, setup on a LAN, each one pointing to a different gateway (different ISPs), and the exact same VLANs set up as sub-interfaces on each of these. Both act as DHCP relays to a Windows Server 2008 DHCP server. All the Trunking has been setup and works. When I Untag a switch port, and point it to whichever gateway?
View 2 RepliesHere is what I have. Windows Domain Controller running DHCP with configured scopes.I have one ASA5510 And 4 HP Procurve switches with VLANS preconfigure from vender.
Here are my DHCP scopes/VLANS:
VLAN1 -Default 10.2.x.x/17
VLAN201 -DHCP 10.2.201.x/24
VLAN202 - WLAN EMP 10.2.202.x/24
VLAN203 - WLAN Guest 10.2.203.x/24
VLAN 252 - MGMT 10.2.254.x/24
Here is how I configured the DHCP Scopes:
Changes needed to make to the DHCP Server (AUSPDC) in order to get things working with the new switches.
1) Configure 3 new DHCP scopes on your DHCP server.
a) scope for 10.2.201.x/24 to serve LAN employees and give them a gateway address of 10.2.201.254.
b) a scope for 10.2.202.x/24 to serve WLAN employees and give them a gateway address of 10.2.202.254.
c) a scope for 10.2.203.x/24 to serve WLAN Guests and give them a gateway address of 10.2.203.254.
I just upgraded and decided to go with the VLAN configuration. None of my VLANS can get out to the internet or each other due to I think My ignorance in configuring the firewall.The PC's are getting proper IP address but they cannot get out or to the other VLANs. I tried to duplicate what is working for VLAN1 but it is not working.
Here is my config.
Result of the command: "show running-config"
: Saved
:
ASA Version 8.2(3)
!
hostname CiscoASA
domain-name hand.local
enable password 1FVULuGal5s1/ADt encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
[code].....
We have bought four identical 3750X switches with identical SW-images: 12.2(55)SE3 C3750E-UNIVERSALK9-M
We initially connected two switches, this resulted in forming a stack.With the other two switches we wanted to do the same thing. However, we received the following message:
%STACKMGR-5-MAJOR_VERSION_MISMATCH: Major Version Mismatch (Local 1 - Received 6) with neighbor-1
Both switches will not see each other and the output of show switch stack-ports shows only one switch and both stack ports as being Down.
I did some digging using the show platform stack-manager all command to find out that three of the 3750X's have the stack version number 1.45 and one has 6.45. This would obviously indicate the reason behind the mismatch, but the SW-versions on all new switches are identical!
Checking the CISCO site explains that mismatching of Major version is critical:
Major Version Number Incompatibility Among Switches
Switches with different major Cisco IOS software versions usually have different stack protocol versions. Switches with different major version numbers are incompatible and cannot exist in the same switch stack.
That's all I could find. Nothing about changing the major version number, so all I can suspect is that IOS version needs to be the same.
Can I configure two voice vlans on the same physical port?
View 2 Replies View RelatedI was assigned a task to configure an SG300-28P to have 3 different vlans.Now on VLAN1 their will be only one device configured with static IP 192.168.0.230,On the other 2 VLANS there will be a separate router connected on each one of them and will also act as a DHCP server.
View 4 Replies View RelatedVirgin media superhub was swapped for a new identical one as some users were unable to connect, but my connection was fine. When i booted my system up after it was configured by virgin I could see all connections but clicking on any "connect" button doesn't yield any form of output from the computer. Password problem? I dont get a response whenever I click "connect" on any of the other 20 wireless connections that i'm picking up, none of them being mine. When trying to add a new network from "network and sharing centre" via "set up a new connection or network" button on the mainpage or "add" button on the "manage wireless networks" tab yields the same, absolutely no reaction from the system.Now, I only add this info for science of deduction purposes, because it is truly baffling me right now, but when i first discovered the problem and went into "devices and printers" in contr panel and "add a device" my computer paused and then BSOD'd.
Things I have tried:
Updated the network card drivers Ran start up recovery - no problems detected after 20x running Logged onto the superhub through another users system and added my mac address to allowed lists, reserved i.p. address - both on and off, all combinations Pressed the wireless card button on the back of my system on and off, repeatedly Disabled/enabled network adapters in device manager Run winsock and dns flushes, ip release and renewals (e.g. things like "netsh int ip reset; netsh winsock reset; ipconfig release;renew)
Each and every troubleshooter All the usual power issues, from setting maximum performance on the network card to unplugging and socketing the router main repeatedly Administrative tools-services-dhcp client-start&auto Tcp/IP protocols-ip and dns configured automatically?
*Haven't tried (last resorts)* Reinstall windows Remove, inspect and possibly replace or just refit network card and factory reset
Give Richard Branson a slap Observations/Details Everyone, EVERYONE else can connect to the network, no problem I have full strength signal to the connection I know the password and it certainly hasnt changed All we did was swap identical routers! Logged into my other windows on a partition (original user account, messy so partitioned and made a clean install, but this was long ago and no network issues ever existed) and have the old exclamation mark over signal bars - troubleshooting it causes nothing, but at least the adding network functions yields results and it says im technically connected to the router - ive tried all noted fixes above on this windows install also.
*ipconfig*
network adapter "connection specific DNS suffix:<blank>"
"ipv4address: 192.168.0.4(preferred)"
"subnet mask 255.255.255.0"
"default gateway: 192.268.0.1"
"dhcp server: 192.168.0.1"
"dns servers: 194.168.4.100, 194.168.8.100"
All other adapters are "media disconnected"
Pc specs
Win7 x64
Intel Q6600
Atheros ar922x wireless card
I have the D-link dir-655 wireless router connected at my cable modem and i HAD a d'link switch patched in about 40 feet away. The switch died after 45 days.To solve the problem and extend my network I purchased an identicaldir-655 router to replace the switch. My thought was that i would configure both routers the same and be able to use the same network settings to access the network throughout my house.It didn't work.I even tried changing the IP address on the second router but it did something to the modem. After resetting everything, the original router works again. D'link support says what i am trying cannot be done, but i know it can.
View 1 Replies View Relatedwhat is the best configuration betwen vmware ESX server with 10 Physical NIC card and cisco 6500 , This ESX Server host 12 vm with VLAN 100,150.200
View 10 Replies View RelatedI have a pair of router Cisco 2800 running in HSRP, now I want to configure one sub interface with another sub net, Will my current IP on physical interface work or do I need to create two Sub interfaces for each network. Do i must need encapsulation on sub interface
Current Config:-
Router 1:-
interface FastEthernet0/1description Connect to LAN_SW1 Gi1/0/1ip address 192.168.1.13 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 90standby 1 preempt
Router 2:-
interface FastEthernet0/1description Connect to LAN_SW2 Gi1/0/1ip address 192.168.1.3 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 110standby 1 preempt
For second network I do not require HSRP
Router 1:-
interface FastEthernet0/0description Connect to LAN_SW1 Gi1/0/1no ip addressduplex fullspeed 100
[ code]...
Router 2:-
interface FastEthernet0/0description Connect to LAN_SW2 Gi1/0/1no ip addressduplex fullspeed 100
[Code]...
Firewall: ASA 5510
Switch: Linksys SRW2048
Physical topology: PC - > VLAN99 - > SRW2048 - trunk - > ASA5510
Switch Setup:
I've been tasked with breaking up a network that has run out of IP's, and have decided to use VLANs to accomplish this. I have to use an ASA5510 to accomplish all the routing between hosts in different VLANs.Port 48 is trunked to the ASA eth0/0 interface, with VLAN 99 and VLAN 20 tagging packets, VLAN 1 Untagged. Hosts hooked up to appropriate ports on Switch.
Are there any physical characteristic differences between the 6509 and 6509-E chassis?
View 4 Replies View RelatedI am using cisco c3660 to act as Terminal Server for the communication of production machines in my company, recently there is a communication lost issue happen and its due to physical cable unplug from the machine. to troubleshoot for this issues i have to physically go inside my production area to check on it, as i understand from vendor we can check on the physical machine to see whether the LED light on the module is green or not, but in case of need to troubleshoot at night time, its time consuming as i need to travel back to company. is there any command that i can issue in the router c3660 to check on the physical connection between c3660 router and the production machine? the IOS version is IOS (tm) 3600 Software (C3660-I-M), Version 12.1(4)
View 3 Replies View Relatedvlan interface and physical interface (that is serving for this vlan ) have different input/output counters, there is only one physical interface in this vlan .
sh int vlan 64
30 second input rate 9000 bits/sec, 9 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
[Code]....
WE got our ESXi servers recently moved from a 6513 to nexus 2000 FEXs uplinked to a nexus 5000s basically we have enhanced vPC and nics goin to 2 different FEXs and they uplink to 2 nexus 5000.
the Vswitch for VMs is setup in a VPC. Question is do the traffic from each vm going in/out of these nics in a vpc actually use both physical links? How can i tell from the switch?
We have recently upgraded oor LAN and we are using couple of Nexus5548UP switches in the core with 2960 stacks as access switches. Each access switches stack is connnected to both core switches with link being port-chanels and VPCs. All is working fine, but our SolarWinds management platform (NPM) is being flooded with "Physical Address changed" events. Here is an example of messages:
NSW_Core_2 - Ethernet1/7 Physical Address changed from 000000003811 to 73616D653811
NSW_Core_2 - Ethernet1/7 Physical Address changed from 200B82B43811 to 000000003811
For each interface I have messages like these repeating.I am not sure what those messages means or if there is actually anything wrong. Performance of the network is good, there are no errors on any interfaces and I do not see anything related in the switch loggs.
how to configure this. I did it in the past but kind of forgot how I did it.I have a stacked 3750 (two physical switches) connecting to a 2960.
I am creating trunk ports with limited access to VLAN 300, 600, and 700.
There is two interfaces connected from the 3750's(one on each physical stack member) to the 2960.I have the physical interfaces configured exactly the same.
3750 Config:
interface Port-channel2
!
interface FastEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1, 300,600,700
switchport mode trunk
speed 100
[code]....
Should I keep the configuration on the physical ports and not configure the Port-Channel Interfaces? Do I need to configure port-channel load balancing? Is the channel-group mode sufficient? Goal is to basically create 2 links to the 2960 to double the bandwidth and provide redundancy.
What the different between using hsrp on vlan interface and on physical port (routed port) on Cisco 3750 Switch? Wha the benefits?
View 3 Replies View RelatedI've Nexus 7010 switch installed in my DC. I've conncected Cisco router to one of the Ports. On the same port I'm getting following error message and hence, unable to form EIGRP neighborship.
DR-CORE-SW-S01-NEXUS7K %MODULE-2-MOD_SOMEPORTS_FAILED:
Module 1 (serial: JAF*******NGK) reported failure on ports 1/2-1/2 (Ethernet) due
to R2D2 : Speed patch failed - no frames transmitted in device 143 (error 0xc8f0
1273)
We have 2xASA5510. I have 2 Inside interfaces as INS_STAFF and INS_QUEST and two Outside interface OUT_STAFF and OUT_QUEST which is in sapareta ISP's. All interfaces is assinged to different vlans. now i want to nat INS_STAFF to OUT_STAFF and INS_QUEST to OUT_QUEST,because I'm having two default routes it gets impossible to do. Plus I want to make failover with my ASA's. I know that i can solve this problem with PBR on router.but I haven't it . make context's and separate each Inside and Outside alone?
View 1 Replies View RelatedI'm using an ASA5510 with AP1130 and attempting to set up a public and a corporate WiFi-network. The corporate one should allow users to authenticate with Radius running on MS ISA for access.
VLAN70 security level 1 (IP-range 10.10.70.0/24) for open guest WiFi.
VLAN71 security level 100 (IP-range 10.10.71.0/24) for corporate users WiFi.
VLAN100 security level 100 (IP-range 10.10.100.0/24) server network (only wired servers).
ASA is gateway at 10.10.70.1, 10.10.71.1 and 10.10.100.1. It is also DHCP-server for VLAN70 and 71.
Radius server is at 10.10.100.5, listening on port 1645 and 1646 for EAP/PEAP and MS-CHAP v2.
I get both WiFi-networks with VLAN 70 and 71 working without encryption, ie. open networks. Traffic flows fine and get network access without problems.
The problem I run into is that it seems the Radius server must be on the same network as the WiFi-clients for them to be able to authenticate with it. That is, I tried to use VLAN100 as the corporate WiFi network and then I am able to connect, authenticate and get network access if I also enable DHCP for that range. However with VLAN70 as WiFi I am unable to authenticate with Radius on VLAN100. It seems the AP can reach the Radius server but clients never get connected and eventually fail with an error.
I can ping the Radius server from the AP. All traffic should be allowed from VLAN71 to VLAN100 in the ASA. Packet tracing shows no errors there.
The switch is a 2960G with the following interface config:
interface GigabitEthernet0/20
description WiFi trunk
switchport trunk native vlan 71
[Code].....
upgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies View RelatedI have the following config using a Cisco 1921. I am trying to get devices on the the native VLAN to get internet access via the gateway x.x.x.73.Any thing being routed from the other Vlans 15/20/30 can get access, but nothing from an internal IP address. Is there something I am missing.
The Xs replace the same 3 octets for each interface.I am trying to route from VLANs 15/20/30 to see VLAN 5. I have tried a few things, in terms of adding extra ip routes, but can't get anything to work. Each of those Vlans have another router on the other side of them, which I have also tried adding ip routes too, but nothing. One of the routers (Vlan15 is a Draytek 2830). [code]
I have purchased these two switches from ebay as a test lab, I plan to connect them up via a gigastack modulecable and enable ip routing on the c3550 and vlans to talk to each other.
I'm very much a procurve person and really need to get into the cisco switching.I will want to trunklacp between the switches - whats the process is setting that up on cisco switches?
I have a 3560E with 2 vlans that I want to route between. one device with 2 vlans and route between.Interfaces are configured as such:
int g0/11
switchport mode access
switchport access vlan 10
int g0/12
switchport mode access
switchport access vlan 11
[code]...
Laptops on each port with 10.10.10.2 and 10.10.11.2 configured on them. I can ping from 10.10.10.2 to 10.10.11.1, but not to 10.10.11.2.What do I have to configure to be able to get the 2 laptops to talk to each other?
I am setting up a vm environment for a customer in my lab off site. I have two stacked 3750-x switches, a san, and threes UCS c220 M3S servers for hosts. I am trying to separate the lan traffic, san iscsi traffic, and san management traffic using vlans. The problem is i'm unable to communicate cross vlan with my current config, which I have attached to this post. The only noteworthy things in my conifg is that the ip route 0.0.0.0 0.0.0.0 192.168.83.6 is referring to a switch stack they have on site, that I will connect this stack to using the first two trunk ports on each switch, that I do not have here in the lab. I don't want to cause any confusion in why I have things set a certain way.
View 1 Replies View RelatedI have 2 WRVS4400N's installed in our network, one at each end of a VPN tunnel between 2 physical locations. I continue to have issues with the VPN to "Stay" connected, even after purchasing another new WRVS4400N 4 months ago. I can reboot both routers, and the VPN connects with no problem, but hangs up after a few hours / days (no pattern).
I am taking a hard look at the issue now, as about 1 month ago, the newest router "automatically" reset it itself back to factory settings (thus interrupting nearly everything in our network). After contacting support, we reset the router and re-configured it to our environment. It is plugged into a surge protected UPS (yep, I thought maybe a power issue caused the problem, but it's not). Then about 1 week ago, the other/older (9 month old) router lost it's configuration. again, reset it and all works. Including the VPN, but the VPN still works as it did before connects for a while, but then drops and generally I need to reboot the router to get it connected again (clicking on the Connect on either router doesn't work until after a reboot).
Also, in light of the recent "lost configurations", I turned on logging and now I'm getting TONS of emails of log activity, even when the network is idle (no users, no background jobs running).
after rebooting and no inter activity, I get this kind of log, all night long (to me it generally looks like the VPN connection resets and increments by 1... I'm taking a guess that the increment hits a limit someplace and I lose my VPN).[code]
The situation include 2 cisco routers an 2 switch 3550
so we have Router A in Vlan x access ----->Sw1----Trunk----Sw2<------Vlan y Access Router B I 've to enable rip1 on guys A and B ONLY !!! Avoiding any kind of tunnel I though it was all around fallBAck bridging ... but after days of tries ...
I have tried to test copy tftp: numerous time with no success. I believe the reason it is failing is my laptop to Ethernet port is in vlan 62 and the tftp process operates in a different IP space.I am using gig 7/1 and configuring my laptop nic for x.x.x.254 mask 255.255.255.0. I can ping from laptop to gateway) and I can ping from the switch to my laptop using ping vrf production x.x.x.254. Can you tell me what vlan I need to set my laptop connection in or if there is something else I need to change to make tftp work on vlan62?Does TFTP only work in vlan1 or can it be changed?
View 2 Replies View RelatedI recently set up a Cisco 881 to cover a small business network. The router is currently set up and working as expected. We recently decided to move to VoIP phones and here is where I'm running into some issues.
First an overview: We run a network with a cable internet WAN connection, this connection is DHCP, however we have a static IP through our ISP. We also have a block of 30 additional IP addresses for one to one mapping as we need them. The new VoIP system is being run over T1 lines throughout the township (we are a municipal organization) and the VoIP system is being run to about 5 buildings in the township.
This brings me to the topic of VLANs. As the phone engineer explained it to me, there is a network set up over the T1 that allows the VoIP equipment to talk to one another and operates all of the VoIP phones on one network. The equipment that is being installed at our building connects to the network over the T1 and "talks" to the other equipment on the network. The engineer wants to create a VLAN and run it on ports fa1 and fa2, with the fa2 port being connected to the actual "MPLS" (their term) that connects to the T1 and into the cloud, and the fa1 port connected to the internal phone switch.
TLDR; The problem is this: When we attempt to set up the VLAN on ports fa1 and fa2, we have no connectivity with the other units in the external VoIP cloud. Pinging while directly connected to the "MPLS" yields successful pings, while pinging from the router with the "MPLS" connected to fa2 yields failures. I'm going to post the running config below, I feel like what we're doing should be working. I asked around about subinterfacing, but others seemed to think this was not necessary.
ROUTER CONFIG
Building configuration...
Current configuration : 4909 bytes
!
! No configuration change since last restart
version 15.1
[Code].....
I have VLans 20 and 21 set by ISP for Voice and Data respectively.What will happen if I already have VLans 20 and 21 in my Local network?
View 4 Replies View RelatedI am working on getting my CCNP. The first exam I plan to take is the switching test BCMSN 642-812. Using the 4th Edition Self-Study Guide from Froom, Subraniaman, and Frahim.In Ch-4 it talks about End-to-End VLANs and Local VLANs. I read that section 4 or 5 times and still did not understand the difference between them two.I know one spans across the entire network and the other is local. What do they exactly mean by that?
View 15 Replies View RelatedI just want create vlans on switch sge2010p
Scenario:
vlan10
ip address 192.168.10.254/24
vlan20
ipaddress 192.168.20.254/24
vlan10 needs internet.
I have a static ip internet which is 200.33.22.11 gateway: 200.33.22.10 I have a router configured working as gateway, It has ip 192.168.2.1.
I have configured two vlans. But when I try to check if vlan has internet, it doesn't work.
I have the need to filter multicast between vlans as described below. PIM Sparse-Mode is being utilized for this multicast network and changing any Vlan to PIM Dense mode is not an option.
- Vlan 217 and Vlan 4 should not be communicating on mcast with any other vlan, including eachother (each vlan isolated).
-Vlan 64 and Vlan 80 are able to communicate witch each other on mcast but not with any other vlans (isolated vlan group).
-All other vlans can communicate mcast freely.
What I've created thus far is below. It does not appear to be the most elegant solution and would be difficult for the administrators to adjust as new requirements come along. Yes, I will be adding the appropriate link-local multicast addresses so as to not break routing and other dependent technologies.
ip access-list ext ANY_CONN
permit ip any any
ip access-list ext MCAST_INTRA_217
permit ip 224.0.0.0 15.255.255.255 133.106.197.32 255.255.224.0
permit ip 133.106.197.32 255.255.224.0 224.0.0.0 15.255.255.255
ip access-list ext MCAST_ISOLATE
[code]....