Cisco Switching/Routing :: Access Layer Switching With 2960 / 3560x / 3750x And 4506
Jan 17, 2013
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE)
6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt
Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4
For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
View 12 Replies
ADVERTISEMENT
Mar 6, 2013
i cant find any difference in these two devices when i am trying to compare throughput.I need upgrade our new POP and there will be around 4900 MAC adresses in VLAN 150 and 130 MAC adresses in vlan 200.Uplink is 1 gig routed internet connection and there is 14 downlinks to separate villages.i found a few differences for eg stack interface on 3750x but i dont need it.
View 2 Replies
View Related
Jun 10, 2013
Is it possible to to build a Layer 3 ether channel from two separate physical switches (layer3) that are trunked together?I know you can easily do this on a single switch and on stacked switches which I've done but in this case the customer have purchased two 3560X's which are not stackable yet want redundancy. The purpose of the etherchannel is to connect both switches to a private circuit provided by the hosted partner then route to the same setup in the DR location to different subnets.
View 4 Replies
View Related
Sep 29, 2012
I configure 3750 stack switch as core and 2960 stack switches as access layer switches.I connected my laptop to one of my core stack in VLAN 10 and I am pinging to one of my server in VLAN 1. What will be the minimum latency at the time of inter VALN routing
View 2 Replies
View Related
May 23, 2013
If the 3560 or 3750 "X" series support GRE.I am pretty certain the older 3750-E does not support GRE (both in hardware and software)Was hoping the new super duper X series do. If not, it could get expensive
View 5 Replies
View Related
Aug 28, 2011
Is the CAB-C15-CBN - Cabinet Jumper Power Cord, 250 VAC 13A, C14-C15 Connector, supported on the Cisco Catalyst 3750X/3560X. I need to plug the switches into a UPS PDU, that requires a C14 plug.
View 2 Replies
View Related
Apr 1, 2012
Do you have the ability to setup DHCP servers on this layer 3 switch? I know I can with my old 3550 switch. Want to upgrade and make sure this model supports setting up dhcp servers on it.
View 3 Replies
View Related
Feb 13, 2012
Need to clarify if ip sla icmp echo operation is supported in catalyst 3kx switches (ip services)? on the configuration guide, commands are available, but on the feature navigator, i can't find the feature, only ip sla video operation. i don't have a device to test on here.
View 2 Replies
View Related
Feb 9, 2012
I can understand it 's one of those very basic questions , but how do I identify a Switch is Layer 2 or Layer 3 ?Looking through # show version command and checking the IOS version to be IP BASE or LAN BASE . Is it the right way ?Cisco 2960 is a Layer 2 or a Layer 3 Switch ? I noticed that access-lists could be configured which means that it 's a Layer 3 Switch , right?
[code]....
View 5 Replies
View Related
Dec 23, 2012
I just received a Catalyst 2960-C (WS-C2960C-8TC-L R) switch and I am unable to sign into its web GUI in order to configure it. I've tried both the Cisco Network Assistant and Internet Explorer and I am unable to log in either way. The documentation provided by Cisco states that the default password is simply cisco and that a username is unnecessary. Needless to say, it doesn't work. I've also Googled for other default passwords (such as cisco-cisco as the username-password), none of which worked either. I've also tried resetting the switch back to its factory default a few times.
View 8 Replies
View Related
Aug 14, 2012
4500 switch is connected to 2960 switch.
4500 config
Vlan 10
name Data
It has ip helper configured that points to DHCP.From 4500 switch port - port x connects to 2960 port.Port x is configured as trunk between 4500 and 2960.
2960 config
vlan 10
name data
All user ports are configured under vlan 10 and as access ports.Port x is trunk port connected frpm 2960 to 4500 switch allowing vlan 1 and 10 only.This switch has no default gateway configured.
We connected user PC on 2960 switchports and they were able to get the IP from DHCP server and were able to access the network? My question is how users on 2960 switch are able to access the network without ip default-gateway configured on 2960 switch?
View 6 Replies
View Related
Nov 14, 2011
I have one computer connected to the 4506 that management does not want this PC to have access to anything on our network except our DHCP server and the one printer that resides on our network. I created an extended access list as follows. Our network is the 10.10.x.x and the external addresses the PC needs to access is 11.1.x.x. Once this PC is rebooted, it is unable to access DHCP to get the needed IP address it bounces back to a 169.x.x.x address and stops working.
Extended IP access list 2000
permit tcp host 10.10.200.242 host 11.1.200.1 (gateway)
permit tcp host 10.10.200.242 host 11.1.2.151 eq smtp (access from the pc to external server for smtp)
permit tcp host 10.10.200.242 host 11.1.2.149 eq 5721 (access from the pc to external server for remote access)
[ code]...
Then I applied the access-group 2000 on the interface the PC is connected to. What am I missing for DHCP to work and for this PC to always get the ip address that is reserved?
View 3 Replies
View Related
Jun 9, 2013
I configured a Switch Cisco 3560X with a basic configuraction, My problem is that when I access Web interface by http://X.X.X.X an login after the image that I attached.I tried restore the default configuration, also tried with different navigator, chrome, Internet explorer, fireffox, safari, change laptop... and update the java client.
View 3 Replies
View Related
Feb 6, 2012
We are using 18 numbers of 3560X -Lan base series switches in our network(Access layer). We have 400 users and created vlans in access switches. we are planning to purchase Two numbers of 4900 M as Core layer switch and for redundancy. The uplink would be on 10 gig copper cable (CAT 7) between the access layer switches and core switches. I like to know whether 4900M can take the load of 18 access switches.
View 1 Replies
View Related
Jul 8, 2012
recommend a cisco core switch and access switches in IPTV network infrastructure?I was ask to implement a network for IPTV system but i don't have idea what will be the model i will use.
Core Switch = Cisco 4503
Access Switches = Cisco 3560X
View 3 Replies
View Related
Mar 28, 2013
Lately I have been noticing mac flap messages on some of our access layer 3750G switches. Just a little background on how this is setup.
These 3750G switches are stacked and uplinked to a distribution layer 3750E stack (2 switches) via cross stacked etherchannel. (Usually 4 links) The access layer switches are stricly layer 2 where the distribution layer 3750E is routing the VLANs at the access layer to to the core 6500 switches.
I have just about ruled out physical loops on these stacks for the reason that the Macs are flapping. I am seeing this on two different stacks now each having 3 switches in the stack at the access layer. The cross stack etherchannel is spanned across the first two switches at the access layer and connected to both switches at the distribution layer. I have checked the etherchannel status and all ports appear to be part of the etherchannel and they appear fine.
The mac addressses that are flapping are just plain old desktop machines that plug directly into the access layer. I usually see this when the mac is learned on a port such as when a machine is plugged into the network or reboots.
View 6 Replies
View Related
Mar 18, 2012
I want to setup VLAN with the switches SG300 and SLM2024. What is the suggestion to connect these 2 switches. We have the Juniper net screen.
View 1 Replies
View Related
Jan 12, 2013
This is my scenario. I have my IP as 172.16.1.1 (aaaa.bbbb.cccc.dddd) which has full internet access. Now when i am not available in the office, i noticed some one assigning my IP in to his workstation and gaining full internet access. How do i restrict such things? i.e. even if some one assigning my IP on the network, they shouldnt access LAN or WAN.I tried 'arp 172.16.1.1 aaaa.bbbb.cccc.dddd arpa' configuring on my L3 Cisco 3750X switch assuming i can acheive, but that did not work.
View 8 Replies
View Related
Aug 14, 2012
I've got a bunch of 3750-X switches all running IP Base and acting as a routed access layer. They run OSPF in a totally stubby area with the distribution layer (Nexus 7K) as the ABR. We also have a physically separate management network into which the fa0 management interface of the 3750-X is connected. The management network itself runs OSPF and has multiple subnets and external access.
On the 3750-X, I'd ideally like to be able to run some sort of separate OSPF process for the management network or at the very least have a static default route for management traffic pointing out the fa0 interface, but clearly not have it interfere with the main default route for data traffic coming from the N7K ABR. Normally I'd just create a management VRF, sling the fa0 interface into it and run a separate OSPF process in that VRF. The problem is you can't create VRFs in IP Base! Surely there must be a way to do this? Cisco don't really expect customers to upgrade to IP Services just to have a working OOB Management network, do they?!
View 4 Replies
View Related
Apr 9, 2012
My colleague and I have been having a discussion about using rapid spanning tree in the access layer. Most of our infrastructure has been migrated to a routed access layer with 3750s.
The idea was brought up to configure the switches with rapid PVST. On the surface, it seems like a better idea, faster convergence, in the event that spanning tree ends up being used for some reason. My colleague prefers sticking with standard PVST. His argument is that, in the event of a layer 2 loop, some consumer-level switches filter out BPDUs and if the control plane is overwhelmed, the shorter timers of rapid PVST just puts that much more of a burden on the CPU trying to regain control, whereas with standard PVST it will have around 20 seconds before it starts to engage. (It may still be overwhelmed, but the longer timer delays the additional burden.) He says he's seen this problem with rapid PVST and that his opinion is backed up by our Cisco rep. (I haven't spoken to him yet.)
In our model, it should be very rare -- pretty much never -- that we would layer 2 span another switch off of our access stack.
One suggestion I saw is to use BPDU Guard, which is a good suggestion as well.
But we have had experiences with overloading the control plane on a 3750. I believe that concern is valid. If the CPU can't service spanning tree. But I'm interested in hearing about other experiences people have had in terms of rapid spanning tree in the access layer, end users plugging in unauthorized devices and creating loops, and the effects when using rapid spanning tree vs standard spanning tree.
View 6 Replies
View Related
Mar 29, 2012
We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers. We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain, the point to point links alone just to get one additional VRF on each floor required far too many Vlans.As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
View 2 Replies
View Related
May 29, 2013
I have started to use ip extended access-lists on several 3750X-switches to filter inbound and outbond traffic on the VLANs. But it seems that the use of object-groups is not supported, is this correct? Is it really no way to group different ip-addresses into groups and then use these groups in the access-lists?
I am running sw version 15.0(1)SE2.
View 1 Replies
View Related
Feb 6, 2013
I have a LIII Switch Cisco 3750x ,with diffrent Vlans , Some users are in Vlan 102 (10.10.2.0) and Some Users are in Vlan1 (10.10.1.0) , now i want to restrict the Vlan102 users to access Vlan1 , i am pasting my configuration below , how to create a access list .
interface Vlan1
ip address 10.10.1.36 255.255.255.0
ip helper-address 10.10.1.36
[Code].....
View 2 Replies
View Related
Mar 19, 2013
I have one issue on Vlan in Cisco 3750X switches , I have 2 Offices , I am sitting at corp OFfice and i have one 3750 ( 10.10.1.36)Switch at my location , in my remote office i have one more switch 3750 ( 10.10.33.1) and i am able to access the both vlan IPS with out any issue , now i have some network components in Vlan33 ( 10.10.33.1) at my remote office . i am able to ping 10.10.33.1 IP from my corp office , but i am not able to ping any network devices in 10.10.33.5 example : 10.10.33.5 is my Cyberoam IP at remote location and i am not able to ping , i have taken a trace route and not able to find the issue as i am not much femilar , ping 10.10.33.5 at remote location devicec
I am giving the Configuration for both locaitons below :
10.10.1.36 - Corp Office 3750 Switch:
sh run
L3-#sh running-config
Building configuration...
[Code].....
View 1 Replies
View Related
Mar 18, 2013
I've got a 3750x stack set up as my core switch (only a small-ish environment) - I'm shortly going to be deploying an enterprise wireless network with Corporate and Guest SSID's. I'm going to be putting all traffic from the Guest SSID in VLAN 244, and don't want it to have access to any of the other VLANs (1 (Legacy Eqpt), 4, 8, 12, 16, 20, 24, 28, 32, 248 & 252).
IP ranges for all the main VLANs are:
1: 10.0.0.x/22
4: 10.0.4.x/22
8: 10.0.8.x/22
12: 10.0.12.x/22
16: 10.0.16.x/22 etc etc (you get the pattern)
I'll probably give Guest traffic (VLAN 248) the IP range 192.168.10.x/22 (not because I NEED that many addresses, but it's easier for everyone to remember/understand if I keep the subnet masks the same all round). However I also have a CCTV VLAN (252) which already has the range 192.168.0.x/24, which some people in other VLANs WILL need access to.
So my question is: What is the syntax for the ACL on my 3750x (IP base - 15.0.2) to prevent traffic from VLAN 244 gaining access to any of my other VLANs. I'm making a broad assumption here that a layer 3 switch is perfectly capable of supporting that function? I need ALL the syntax for setting up ACL's - I've never done it before
My gateway device by the way is 10.0.4.1, and I do have inter-VLAN routing set up on the core switch (obviously).
View 3 Replies
View Related
Aug 26, 2012
I have a Cisco 3560X series 48 port PoE switch which im using to try to power a Axis Q6032E PoE+ PTZ camera that requires 25W of power. Although when I plug the camera into the switch it power as PoE Class 4 but will only assign the port 15.4W of power. I have tried going into the switch and manaually assigning the port to 30W of power but no luck. I have talked with the Axis vendor and they stated that Cisco does not turn on 802.3at protocol by default? This does not seem correct. I am running a single 1100W power supply as well. See output below. Gi0/43 is port in question.
Gi0/41 auto on 15.4 Ieee PD 4 30.0
Gi0/42 auto off 0.0 n/a n/a 30.0
Gi0/43 auto on 15.4 Ieee PD 4 30.0
[Code]....
View 1 Replies
View Related
Mar 17, 2013
I want to configure accesslists on my Catalyst 3750X-switches to protect different VLANs/networks. Any best-practices about inbound versus outbound accesslists? In my head it is more readable and easier to understand the config when accesslists are assigned outbound on the VLAN to protect instead of assigning them inbound on all possible source-VLANs. But of course, from a performance point-of-view it is better to use inbound access-lists to avoid un-necessary routing etc.
View 1 Replies
View Related
Jul 24, 2011
It is understood that sub-50 ms ERPS convergence can be achieved with certain HW/SW combinations.
1) What are the platforms supported (and with what FW/SW) has this been tested ?any results that can be shared?
2) Link failure detection in GigE on Copper is slower compared to GigE over "pure" Fibre; so no sub-50ms would be possible with Copper ring ports.is sub-50ms convergence achievable with "combo SFP ports" ?
View 1 Replies
View Related
Jun 15, 2012
We are setting up a test lab in our DMZ. The path to the internet is basically like this. Anything past the firewall is irrelevant. For this lab lets assume it is vlan 300.
LAB SW ---> DMZ-SW ---> ASA FW ---> INTERNET
LAB IP Range = 172.16.300.0 /24
GW = 172.16.300.1 (On FW int)
Trunked all the way through.
I have an int vlan set up on the LAB SW. It is being trunked to DMZ SW. DMZ trunks it to ASA FW where there is a failover with a redundant switch.On the ASA the interface 0/2 is a subinterface 0/2.300 being used as the default gateway.
I have DHCP running in a specific range on the LAB SW and do get an ip address when plugged in. I cannot ping the default gateway on the ASA FW.The GW is defined using default-router command for 172.16.300.1 i.e. default-router 172.16.300.1?
We are running ospf on the firewall. There appears to be a pattern with ospf and a similar subnet setup elsewhere. I was wondering based off of this info would configuring ospf for 172.16.300.0/24 allow me to ping the GW from a client on the LAB SW.Secondly. I trunked 300 on the DMZ SW but I didnt add the vlan to the configuration. i.e. conf t <enter> vlan 300 <enter> Does this really matter? Or is having the vlan in the configuration only pertain to access mode on interfaces?
View 1 Replies
View Related
Feb 6, 2012
I have a 2960-S running the lastest software for testing on my bench:
[code]
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 24 WS-C2960-24-S 15.0(1)SE2 C2960-LANLITEK9-M
[/code]
I have set up VLAN 2 on 192.168.2.0/24 with the switch as the DHCP server. The switch is connected to an RV082 router which is at 192.168.1.65/27. Once I figure out what I doing I'll eventually shift that to 192.168.1.0/24 or something similar. So I have my switch acting as the DHCP server for VLAN 2 but I can't figure out how to get it to access the internet.
I found this example to set up the DHCP server:
[code]
###################################
this works to get vlan 2 to serve ips
conf t
[Code].....
The RV082 doesn't support trunks AFIK and I'm pretty much a newb at this stuff. TIA. I guess I should get a real router and I most likely will but I'd like to get this working if possible before taking the next plunge.
View 7 Replies
View Related
Dec 27, 2012
I have 2960 switch and i can't access it using my console cable .I can access other switches in my network ( 3560 & 2960 ) but i can't access only this switch.may be the console port in the switch damaged? or it's a bug ?? !!! although the switch is worked normally.
View 11 Replies
View Related
Dec 11, 2011
I need to enable/disable a mac access-list on a 2960 scheduled by time. The switch has lanbasek9-mz.122-44.SE6. As the mac access-list can not support time ranges, I tried EEM but seems like it is not supported in this device.
View 1 Replies
View Related
Aug 22, 2012
What is the difference between sdm prefer access & sdm prefer default & sdm prefer lanbase-routing? When do we use these options?
View 2 Replies
View Related
