Switch: SG500 VLANS: 1 (default) xxx.xxx.0.0/24 network, 150 (device management vlan) xxx.xxx.150.0/24 network I am plugged into port 1. This is a trunk port with VLANs assigned as follows: VLAN 1 (Default) - UntaggedVLAN 150 (dev mgmt) - Tagged Device is plugged into port 2. This is an access port with the following VLAN assigned: VLAN 150 - Untagged Why is it I cannot communicate with the device on port 2?
View 1 RepliesPCs --> SG500(4 vlans) --> rv042 --> Internet..vlan 1 is able to reach the internet..vlan 2-4 cannot reach the internet, but can reach vlan 1.
View 2 Replies View RelatedIs it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies View RelatedI have a LAN with 6 vlans and a 2821 router. By default, intervlan routing is enabled for all vlans, however, I want specific vlans to be denied access to others, though all should still be able to use the Internet being served from GE/0.
View 6 Replies View RelatedI recently set up a Cisco 881 to cover a small business network. The router is currently set up and working as expected. We recently decided to move to VoIP phones and here is where I'm running into some issues.
First an overview: We run a network with a cable internet WAN connection, this connection is DHCP, however we have a static IP through our ISP. We also have a block of 30 additional IP addresses for one to one mapping as we need them. The new VoIP system is being run over T1 lines throughout the township (we are a municipal organization) and the VoIP system is being run to about 5 buildings in the township.
This brings me to the topic of VLANs. As the phone engineer explained it to me, there is a network set up over the T1 that allows the VoIP equipment to talk to one another and operates all of the VoIP phones on one network. The equipment that is being installed at our building connects to the network over the T1 and "talks" to the other equipment on the network. The engineer wants to create a VLAN and run it on ports fa1 and fa2, with the fa2 port being connected to the actual "MPLS" (their term) that connects to the T1 and into the cloud, and the fa1 port connected to the internal phone switch.
TLDR; The problem is this: When we attempt to set up the VLAN on ports fa1 and fa2, we have no connectivity with the other units in the external VoIP cloud. Pinging while directly connected to the "MPLS" yields successful pings, while pinging from the router with the "MPLS" connected to fa2 yields failures. I'm going to post the running config below, I feel like what we're doing should be working. I asked around about subinterfacing, but others seemed to think this was not necessary.
ROUTER CONFIG
Building configuration...
Current configuration : 4909 bytes
!
! No configuration change since last restart
version 15.1
[Code].....
I have a above said switch at my remote office (600KM) which is connected with L2 Point to Point leased line. Both the ends I have Cisco 3950 catalyst switches with Vlans configured at both the ends. Now, for obvious reasons I should remove the other end 3950 switch and replace with Cisco 2950 switch. The other end 3950 is having 4 Vlans configured on 4 ports. Now my requirement is, I should configure 3 Vlans (one for P2P, one for 10 Desktops and one for to bring traffic from other network).
View 1 Replies View RelatedI can not get dhcp to work.I can ping from the switch to both vlans...
here is my config for the router.....
Router is a 1760
Current configuration : 1379 bytes
!
version 12.4
service timestamps debug datetime msec
[Code]....
I have a a hardware server running a VM hosting virtual servers which are all on different VLANs. My challenge now is to configure the switchport that the server is connected to, to see all the VLANs needed by this VM. The VM has an IP that is used for managing the server VMs which is on a different VLAN also.
My switch is a 2960 switch and it is presently trunked from the core switch.
I was assigned a task to configure an SG300-28P to have 3 different vlans.Now on VLAN1 their will be only one device configured with static IP 192.168.0.230,On the other 2 VLANS there will be a separate router connected on each one of them and will also act as a DHCP server.
View 4 Replies View RelatedI am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?
what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature
I would like to configure a 3750 switch port to be able to use two vlans. I know you can do this with a voice and data vlan, but what about two data vlans ? Say I have two devices, one on a 10 subnet and the other on a 172 subnet, but i only have one wall jack for both devices to plug into. So I use a mini switch to connect both devices and connect the switch to the wall jack; and of course this all leads back to one switch port. When I go to enter the switchport access vlan 172 cmd, how would I also make it so the device on the 10 subnet could route out ?
View 9 Replies View RelatedWe need to give differentiated internet access to three VLANs. Each one of this VLANs is used for totally different purposes, so traffic between the VLANs is not allowed. Each VLAN has its own internet access provided for the data center using one fast ethernet connection.
We're thinking about using cisco 2911 for Internet access, VPN and firewall. I suppose that best option for VLANs is using Catalyst 2960S or a swithing module for the 2911, but these two options are too expensive for us. We're thinking about using swtiches from the SB series (maybe a SG-200).
We're totaly newbies to VLANs so we have many doubts. This are our questions:
1) The 2911 has three on board ethernet interfaces; we have three VLANs and three internet connections, so we need to use HWICs to get three more ethernet ports. That's right?
2) We need three HWICs or there is some kind of HWIC with more that one ethernet interface?
3) The routing solution is to assign static routes in the 2911 for each interface connected to a VLAN through a 2911's interface connected to internet?
4) Simply connecting three different router interfaces with three different switch ports, each one of them assigned to one of the three different VLAN, are we going to get internet access for all devices in those VLANs? or do we need to configure something else like trunking, VSIs...?
5) Can we achieve our goals using the SG-200 switch?
6) We have the chance to use older routers, is this possible? We're specially interested in knowing if a 1841 or a 2801 router could be used for this setup.
7) This is not a production environment so we can use refurbished equipment.
We have a customer that is relocating thier headquarters. They have a temporary requirement to bridge multiple vlans or a router T3 link to the new location as they cannot change the IP subnets. Setup is 3560 switch connecting to a 3845 then T3 to remote 3845 and 3560. I need to bridge multiple VLANs. I have seen a good example on how to do it over sonet but I don't see how to translate that to an HDLC or Frame Relay encapsulation for the T3 Link.
View 5 Replies View RelatedI have a Cisco SG200 26 Port Switch, 2 Cisco WAP4410N Access points, and a VLAN aware Router. I have created 4 VLAN's. For the sake of this conversation lets call them.
98 - Intel Vpro
99 - Management
100 - General
101 - Guest
The Access points are capable of doing V LAN tagging so I plan on having them tag a guest network as V LAN 101. That can get sent to the V LAN aware router and out. No problem. I have some devices, or management pages that I don't want accessible from the general network. (Intel V pro KVM, Remote Management Cards, AP Config Menus, Switch config menu...) . I need to be able to take a V LAN unaware device, plug it into port 1, and have it communicate with V LAN 98, 99 and 100.
My problem is that I have a Cisco 300 series small business switch with multiple VLANS each one with an IP address and two or three ports assigned to each VLAN. I have an E3200 wireless router that I want to use to use to share internet on the switch. All of the VLANs are reachable from the other VLANs and I've put a static route on the E3200 so that I can reach the VLANs from a machine connected only to the router. But I can't reach machines on the otherside of the router or get to the internet from the switch.
View 3 Replies View Relatedhow i can configure a second ssid for guest access in our environment. this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time. My AP config is attached below.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan? Does the access point need to be aware of the voice vlan? Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
My question is if I can configure 3 ssid, for 3 different VLAN and add the DHCP address from a WAP4410N AP, when you upgrade to the latest version of IOS I can have this functionality?
View 2 Replies View RelatedI've just set up DHCP Snooping and IP Source Guard on our SG500 series switches. It seems to work quite well, except when a wireless host roams from one AP to another (on a different switch port), all traffic from that host gets blocked.
I can understand why this is occuring, but I don't know what I can do to work around this problem.had success with roaming WiFi machines in conjunction with IP Source Guard?
I'm trying to access the CLI on a Cisco Catalyst 4003 switch.
It has a WS-X4012 Supervisor module, a WS-X4232-L3 - Layer 3 Routing Module, and a WS-X4418-GB switching module. Well to make things short and sweet, I don't have a computer with a COM port on it. I need to access the CLI to setup the switch, and I only have a ethernet port on my computer and I'm running Ubuntu 11.10. How to access the CLI? This is just a second hand switch I picked up.
I have Comcast as my ISP and their Small Business Gateway Router/Firewall. I purchased a WRVS4400N and configured them like this:
Comcast Router/Firewall - 10.1.10.1
Cisco WRVS4400N - 10.1.11.1
I turned DHCP off on the Cisco so that wireless devices that connect to it get a 10.1.10 address from the Comcast device. Now, I am completely unable to connect to the web interface of the Cisco, whether connected to it wirelessly or even if I plug directly into one of the LAN ports on it. I have one of the LAN ports on the Cisco connected to one of the LAN ports on the Comcast. What am I missing here? I'm guessing I'm not able to see the 10.1.11 addresses when I am getting a 10.1.10 address from the Comcast, even though I'm connected to the Cisco?
I have a 6509 running catOS that i had to do some routing changes on this weekend. I guess i forgot to set the default route so now I can't login or ping from outside the local subnet and because of acl restrictions on the vty lines can't login from a device within the local subnet. I can login to the sup module so i'm trying to figure out if there is way to get to the switch from the sup like you would access the sup from the switch by inputting the command session 15 or session 16, is there a way to do the reverse to get to the switch from the sup?
View 1 Replies View RelatedI've attached the file which shows the issue which im facing in reachability between a PC to GNS3 router.
Home Broadband ->LAN (192.168.1.1) ---- Win 7 (192.168.1.3) -->Loopback Adaptor(192.168.137.1)---->GNS3(cloud-->Router (192.168.137.2))
Win XP (192.168.15)
[Code]....
I am trying to make my LAN to work at home. Its pretty small but I am bearly an smart user, noobie if so.I have a Motorola Cable Modem model SB5101 receiving the internet from Shaw Cable.from there I have an ethernet cable to my switch (Cisco SE2500) from there I have two ethernet cables coming out, one goes to my PC and the other one goes to an Airport Extreme so our laptop.I am just here double checking this info... sice this is an unmanaged switch I guess there is no way of accesng an interface to make this happen.I just hate spending the money in something I wont be using just because I dont know whats going on.
View 7 Replies View RelatedOur client having one c3750 with ipbase license switch.They are connected server and end switches to that switch.Our customer want to increase the speed to accessing the server at that time I am told to use etherchannel.Customer happy about this and implement the etherchannel configuration.Now i need to configure etherchannel upto 4 physical link.server are connected on port no Ge1/0/10,they want to bind four phical link GE1/0/10-13.how to configure etherchannel in this switch?
View 1 Replies View Relatedwe recently upgraded from an RVS4000 router which didn't have this issue.
the problem; Internal users from Site A cannot access the external owa address.From Site A i can successfully ping both the external/internal IP addresses/names and they resolve correctly, including pinging the address ('mail.company.com") resolves correctly to the external ip address.
[code]...
I only want SSH to be allowed when accessing this switch, but telnet is still allowed, why? Whe authenticate via radius.version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname 3750!boot-start-markerboot-end-marker!logging buffered 64000logging console informationallogging monitor informationalenable secret 5 $1$1K$!username admin privilege 15 secret 5 $1$Bs$cLHusername users view priv3 secret 5 $1$Jfnviwp!!aaa new-model!!aaa authentication login default group radius localaaa authentication enable default lineaaa authorization consoleaaa authorization exec default group radius local !!!aaa session-id commonclock timezone GMT 0clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-12ssystem mtu routing 1500udld aggressiveno ip domain-lookupip domain-name CB!!login on-failure loglogin on-success log!!crypto pki trustpoint TP-self-signed-3817403392enrollment selfsignedsubject-name cn=IOS-Self-Signed-Certificate-3817403392revocation-check nonersakeypair TP-self-signed-3817403392!!crypto pki certificate chain TP-self-signed-3817403392certificate self-signed 01 3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 33383137 34303333 3932301E 170D3132 30343133 31303539 33395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38313734 30333339 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C31D AE6DD8B5 56245317 AD96F4F4 727385D4 97A5B138 488A215E 4294FC40 1C5B2F26 2B75E1CF E562F240 118F2F50 0CFF2449 16EC66EA 2D489F5F F36BFD05 ACCC79CA DDDA984D 4CB7AB DD95A5E0 9274A225 3F5A3634 DEBF1A2A 416E2189 B35B4473 C7D5EE2C E3D41675 A86F31CD.
View 3 Replies View RelatedI've been assinged a task to connect our branch office with the head office, so that the IP Phones in the branch office can be connected to Cisco Call Manager at head office. To accomplish this they have given a Cisco 877 Adsl router a 10 Port 3-COM POE Switch and 3 Cisco 7911 IP Phones. Currently the there are 7 PC's Connected to 3 COM Switch which indeed is connected to a Internet router(Speedtouch). First I thought of connectiong the IP Phones to the Ethernet Port on Cisco 877 router but had to change my mind as the ports are non POE ports and I do not have adapters for IP phones. So I've decided to connect the Phones to 3 COM Switch and create VLAN's (DATA & VOICE) and pass the DATA traffic through Speed Touch and Voice traffic through the Cisco 877 router, but when I tried accessing the 3-COM Switch via Console I am getting Junk language( See the attachment for reference).
how can I pass through this Junk messeges and access the switch
[Code].....
I’m working with a managed switch that has three V LANs setup on it. Recently the domain changed and the wireless V LAN can no longer access the internal website. I found access rules, in the switch that allowed the wireless V LAN to use the DNS server on the private/staff V LAN. Their DHCP scope is on the switch and DNS is set there. The Website is also on the V LAN with the DNS server. This configuration totally cuts out external DNS usage. It stopped working though. It is as if when things switched on the Domain the wireless users were denied DNS requests. The switch was not touched at that time. I’m looking at it though and it seems that I may have conflicting rules.
The version is 12.2. I believe its a Catalyst 2600~
DHCP scopes: ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.6 192.168.1.4 domain-name saline.lib.mi.us
ip dhcp pool WIRELESS
network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 192.168.1.6 192.168.1.4
Here is the V LAN Setup:
Interface Vlan1
ip address 192.168.1.1 255.255.255.0
[code]...
Here are two access lists that should be allowing the traffic from 172.16.0.0 into the list IPs/Ports. These do no work.
ip access-list extended WIRELESS-PRINT
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 30044
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 21326
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 6987
[code]...
During my testing I removed the Deny rule and everything worked. deny ip 172.16.0.0 0.0.0.255 192.168.1.0 0.0.0.255
However, the “ permit ip any any “ rule, makes all the port rules pointless because when this rule is in place solo, I can ping and access everything on the 192.168.1.0 network. Is there a way to deny everything, except what I permit? Because when I remove the ip any any, then they cant even get out. Perhaps there a better way to say, the wireless users can get out but only get into the sub net over specific ports? I have a feeling it may have not be thought out entirely when initially created. However, the big mystery is that it worked before secondary domain controller failed.
upgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies View RelatedI have the following config using a Cisco 1921. I am trying to get devices on the the native VLAN to get internet access via the gateway x.x.x.73.Any thing being routed from the other Vlans 15/20/30 can get access, but nothing from an internal IP address. Is there something I am missing.
The Xs replace the same 3 octets for each interface.I am trying to route from VLANs 15/20/30 to see VLAN 5. I have tried a few things, in terms of adding extra ip routes, but can't get anything to work. Each of those Vlans have another router on the other side of them, which I have also tried adding ip routes too, but nothing. One of the routers (Vlan15 is a Draytek 2830). [code]
I have purchased these two switches from ebay as a test lab, I plan to connect them up via a gigastack modulecable and enable ip routing on the c3550 and vlans to talk to each other.
I'm very much a procurve person and really need to get into the cisco switching.I will want to trunklacp between the switches - whats the process is setting that up on cisco switches?
I have a 3560E with 2 vlans that I want to route between. one device with 2 vlans and route between.Interfaces are configured as such:
int g0/11
switchport mode access
switchport access vlan 10
int g0/12
switchport mode access
switchport access vlan 11
[code]...
Laptops on each port with 10.10.10.2 and 10.10.11.2 configured on them. I can ping from 10.10.10.2 to 10.10.11.1, but not to 10.10.11.2.What do I have to configure to be able to get the 2 laptops to talk to each other?
I am setting up a link between buildings that uses wireless links. I'm using Layer 3 routed ports on 2 3560 switches to handle the routing between sites. Normally I would just put these in a /30 and then the switches handle the rest. However, the wireless access points have a web interface for managing them that I want to be able to access, but it's only available on the single NIC that also carries traffic. What would be the best way of making this work? Should I make the link a /29 and give the access points an IP in the same range? If this is the case what do I use for the default gateway for the access points?
I have included a diagram to try to explain the issue clearer. The IP addresses in black are what I would do if this were a standard cable (and indeed this will work, but I wont be able to access the admin interface of the wireless AP) and the red ip addresses are the alternative if I use a /29 (but as I said, I'm not sure what to use for the default gateways).