Cisco Switching/Routing :: CAT3750E No Longer Use Multiple Ports Within Extended ACL

Mar 12, 2012

I was wondering why can't we no longer use the multiple ports within an extented ACL like I use to do it in a CAT3750E.I have IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.02.00.SG.I wanted to create an ACL like so [code] But when I do, it tells me that I cannot do it.... I can only add 1 tcp port to my ACL line. I tried to search the "object-group" concept also but it's not implemented in this IOS.Can this be done in IOS-XE ?I'm migrating my enviroment from a CAT3750E stack to a C4510-E.

View 1 Replies


ADVERTISEMENT

Cisco Switching/Routing :: Output Drops On CAT3750x With Multiple Ports

Jan 25, 2013

I've got a recurring them developing across several deployments of Catalyst 3750X series switches, I'm seeing large amount of output drops across multiple ports but there are is no QoS deployed on any of these switches. (standard FiFO). As it happens the ports in question are a member of EtherChannel groups which are connected to ESX Hosts.I've also seen this behaviour also unexplained on another 3750X at a different site, however it's a single port and connects to an Upstream firewall.However in both cases neither switch has any QoS or non-standard configuration, literally a couple of VLAN's and some EtherChannel groups.Here's some output from the case involving the ESX servers.

View 5 Replies View Related

Cisco Switching/Routing :: To Configure Multiple LAN Ports On Router With Same 2921

Mar 10, 2013

I have 2921 router and I have 3 very basic switches that I need to connect to the router. The switches have very basic default configurations and there is no way to edit them, so I only have one VLAN and one default gateway. I can't assign the same IP address to each LAN port. I'm not sure how to make this setup work.

View 12 Replies View Related

Cisco Switching/Routing :: Output Drops On Cat3750x Multiple Ports

Jul 4, 2012

I've got a recurring them developing across several deployments of Catalyst 3750X series switches, I'm seeing large amount of output drops accross multiple ports but there are is no QoS deployed on any of these switches. (standard FiFO).
 
As it happens the ports in question are a member of EtherChannel groups which are connected to ESX Hosts.I've also seen this behaviour also unexplained on another 3750X at a different site, however it's a single port and connects to an Upstream firewall.
 
However in both cases neither switch has any QoS or non-standard configuration, literally a couple of VLAN's and some EtherChannel groups.Here's some output from the case involving the ESX servers:
 
Port-channel6 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 1cdf.0f82.1607 (bia 1cdf.0f82.1607)
Description: EC to xxxx
MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)

[Code]...

How I can attempt to identify what traffic is being dropped?

View 5 Replies View Related

Cisco Switching/Routing :: Monitor Traffic Between Multiple Source To Destination Ports On Nexus 7k?

Nov 5, 2012

i would like to monitor traffic between multiple source ports to multiple destination ports on a nexus 7k. i lknow when you set up monitor session is between source and destination (laptop or traffic analyser) but is there a way i can set up between source and multiple destination ports and capture that traffic ?

View 3 Replies View Related

Cisco Switching/Routing :: Does Nexus 7K Support Multiple VDCs Sharing Ports On Single Line Card

Mar 19, 2013

Does Nexus 7K support Multiple VDCs sharing ports on a single line card. One of our cisco parnter engineers stated that cisco doenst recommend using same line card for multiple VDCs.The second VDC (Non-Default VDC) will be used four our Outside, and DMZ Segment, and to phyiscally segregate our Firewall from our Internal/Inside Core Switch without using a physical DMZ Switch.I know Cisco used the Nexus in this way in their PCI DSS 2.0 Compliance Document. Module is N7K-M148GT-11L
 
Mod  Ports  Module-Type                      Model              Status
---  -----  -------------------------------- ------------------ ------------
1    48     10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L
Mod  Ports  Module-Type                      Model              Status
---  -----  -------------------------------- ------------------ ------------
1    48     10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L

View 7 Replies View Related

Cisco Switching/Routing :: 3750 - Extended Ping With Df Bit Set

Mar 5, 2012

I am trying to test the MTU between two 3750 switches I have in the lab.  I've set the MTU with the command "system mtu 9000" on both switches and rebooted.
 
The only connections on the switches are the gig ports connecting the two switches.  Each interface is  a member of vlan 1.
 
I am doing an extended ping.  I set the datagram size to 2000.  When the df bit is set the ping doesn't go through.  If the DF bit is not set the ping goes through.
 
The debug ip icmp shows, 4d00h: ICMP: dst (1.1.1.1): frag. needed and DF set.
 
Why is fragmentation needed when the MTU is set to 9000?
  
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0015.2b7d.0d01 (bia 0015.2b7d.0d01)
MTU 9000 bytes, BW 1000000 Kbit, DLY 10 usec,

[Code].....

View 4 Replies View Related

Cisco Switching/Routing :: 3560 / Creating Extended VLans And Subinterface?

Jan 24, 2013

We have a 3560 switch running IOS universalk9-mz.150-1.SE3.bin.Recently, we saw two problems with this switch:-
 
1. if we try to enable subinterface on any routed interface , for eg. gig1/1, it says invalid input detected. It doesnt accept encapsulation command also.   Following was done to enable subinterface: 

   int gig1/1
  no ip address 
  int gig1/1.2000
  ip address 1.1.1.1
 
under the gi1/1.2000 subinterface, it doesnt present the option of ip address.
 
2. we created a layer 2 vlan 2000 like:   vlan 2000 When we do an exit after creating this vlan , it gives following error:-
 
%SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 2000: extended VLAN(s) not allowed in current VTP mode

View 6 Replies View Related

Cisco Switching/Routing :: Radius-server Attribute 61 Extended On ASR1004

Nov 9, 2011

We faced with problem after upgrade ASR from 12(2) 33 XNE2. I know that this is an old XE release but our Radius deny authization from ASR with more new XE version. Here is our radius attribute configuretion:
 
!
radius-server attribute 44 include-in-access-req
radius-server attribute nas-port format d
radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard

[Code]....

How can I add in my configuration that ASR send necesserry NAS-Port-Type - VPDN

I couldn't found out any info ((( for radius-server attribute 61 extended

View 1 Replies View Related

Cisco Switching/Routing :: 4503 -MAC Access-list Extended To Only Allow Gateway Traffic

Nov 7, 2011

We have a gateway on a 4503, say on port 2/1, and we only want the other devices that are plugged into the 4503 to be able to talk to the gateway and thats it.  The other devices are Motorola TUT DSL devices and they plug into the 4503 directly.
 
Normally "switchport protected" would make this very easy to keep stuff on one port from talking to other ports but with 4500's you are not able to do that command.  So we implemented a MAC Access-List Extended ACL.  Here is what we did
 
mac access-list extended BLAH
permit #host 0000.XXXX.YYYY any
interface range fa 2/5 - 20
mac access-group BLAH out 
 
The MAC address 0000.XXXX.YYYY is the MAC address of the gateway that is plugged into Fa2/1 and the DSL TUT devices are plugged into ports Fa2/5-20.  We would think that this config would only allow devices on the TUT DSL to talk only to the Gateway but we don't really think this is happening.  The TUT devices are learning about MAC addresses that are on other TUT devices. 

View 1 Replies View Related

Cisco Switching/Routing :: Catalyst 4505 - Write Extended ACL For Voice VLan

May 14, 2012

I am trying to write an extended ACL for the voice vlan.My scenario is the following:I have two PBXs with two Catalyst 4505 L3 switches.The C4505 are connected trough a trunk link.I have a VTP domain configured.

Voice VLANs are Vlan 100 and Vlan 101 with networks 10.2.0.0/16 and 10.4.0.0/16 Voip telephones are communicating between them self and everything is working fine.I want to secure both voice VLANs with an ACL to allow only couple of IPs to administer the phones.The PCs are connected trough a integrated switch via VOIP telephone.Here is the sample configuration of the dhcp pool for the PC VLAN:

ip dhcp pool PCs
   network 10.1.0.0 255.255.0.0
   default-router 10.1.1.1
   dns-server 10.10.10.1
   option 43 hex 010a.5369.656d.656e.7300.0000.0204.0000.0064.0000.0000.00ff

I had to implement the 43 hex option because the PCs did not get the ip from the DHCP because of the vendor specific information.The thing that worries me is will the DHCP forward the ACKs for the PCs if I implement this test ACL:

ip access-list extended VLAN100
permit ip 10.2.0.0 0.0.255.255 10.4.0.0 0.0.255.255
permit ip 10.4.0.0 0.0.255.255 10.2.0.0 0.0.255.255
permit ip 192.168.2.0 0.0.0.255 10.2.0.0 0.0.255.255
permit ip 192.168.2.0 0.0.0.255 10.4.0.0 0.0.255.255
permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps  (this I am not sure do I need)
permit udp host 255.255.255.255 eq bootps host 0.0.0.0 eq bootpc   (also this)
deny   ip any any
 
I only want to allow the network 192.168.2.0/24 and maybe some other hosts to access the web based http gui to adiminister the IP phones.All PCs are connected trough the VOIP terminals. I do not want to deny the traffic to PCs.

View 8 Replies View Related

Cisco Switching/Routing :: 6509 - Configure Multiple Dhcp Pools On Switch For Multiple VLANs

Mar 9, 2010

Is it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.

View 5 Replies View Related

Cisco Switching/Routing :: ASR 1002 Router Will No Longer Communicate With Anything

Feb 12, 2013

I was asked to configure a new ASR 1002 today and after successfully puttintg the config on the router (via TFTP) the router will no longer communicate with anything.  There is nothing in the config to cause this (it was actually pulled off a working production ASR 1002) and I am unable to ping a local loop back IP while consoled into the router??  I removed the config, reloaded the router and configured a new loop back - same issue cannot ping the loop back or anything else connected to this router. 

View 7 Replies View Related

Cisco Switching/Routing :: 1941 ISM Previous Net Admin Is No Longer Employed

Mar 11, 2013

I have a Cisco 1941 ISM. It sits between my Fortinet Firewall and the Internet. I tried to console to it so I can backup the configuration. Is there any way I can do this as I do not know the name and password for this unit as the previous net admin is no longer employed.

View 1 Replies View Related

Cisco Switching/Routing :: C3750 DHCP Relay Is No Longer Functioning For Client PCs

May 29, 2012

I have upgraded a C3750G-12S-E to c3750-ipserviceslmk9-tar.122-55.SE5This switch is a distribution layer switch for one of my remote sites.  it contains an ip helper-address on the site vlan's SVI.DHCP relay is no longer functioning for client PCs.  Static address assignment allows full network functionality. I enabled debug ip dhcp server packet. [code] Actually I am betting you upgraded your IOS from something before 12.2(50)SE to 12.2(50)SE or later.  We added enhancement CSCso19800 which will validate DHCP options when we are a relay agent.

View 1 Replies View Related

Cisco Switching/Routing :: Multiple VLAN Routing Tables For 3750 Catalyst

Oct 24, 2012

I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?

View 2 Replies View Related

Cisco Switching/Routing :: 5505 Inter-vlan Routing With Multiple Gateways

Feb 15, 2013

We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .

Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]

View 20 Replies View Related

How To Open Ports For Multiple Ips

Nov 26, 2011

I have 3 xbox 360s in the house and im having nat trouble with them, i am currently using an actiontec pk5000, from centrylink. i need to know if there is a way to open all ports on this router or if i should get a router/switch that i can open the ports on and use dmz on the actiontec for the new router to make this work.

View 2 Replies View Related

Using Multiple LAN Ports For Transferring 1 Item Between 2 PCs?

Apr 6, 2011

Is it possible to transfer an image (that is broken into parts for transfer) using 4 LAN ports at source end and 2 LAN ports at recieving end.The goal is to minimise the transfer time of the image as we have 4 LAN ports ont he source machine and 2 LAN ports at the destination

View 3 Replies View Related

DLink DIR 655 Router - Same Ports / Multiple IPs?

Mar 28, 2012

My internet is running through a D-Link DIR-655 router at home it's giving me some problems at the moment.Me and my roomie both play World of Warcraft and we both have to have the ports open for updates, and it won't let me.It will only let me open the ports for 1 IP, if i try to open it for more it 'conflicts', it's only passing through the port in the router, it's not dedicated to one IP.

View 6 Replies View Related

Cisco Switching/Routing :: 2960 - Ports Going Up And Down?

Nov 7, 2012

we hava a couple of 2960 switches and we are logging to a syslog server. Ports keep going up and down is it normal severity (error)   ?

View 2 Replies View Related

Cisco Switching/Routing :: SG-300 - Switch With 24 SFP Ports

Nov 9, 2011

I like the SG-300 switches for SMB and I'd like use them in our network. Design is quite simple just 6 SG-300 switches connected to one central switch using SFP ports (using 2 port trunks) so I need 12 SFP ports and this is my question. Could you recomend me switch with more then 12 SFP ports from Cisco for this SMB network ? I don't know all the Cisco product lines and I can't find it.

View 2 Replies View Related

Cisco Switching/Routing :: 3560CPD Ports Won't Come On?

Sep 16, 2012

I'm currently having a problem getting the ports on a 3560CPD (ports 1-8) to power on and establish connectivity. I have them hookedup and TURNED on by a 3560 PoE 8 port switch via the uplink ports. I can console into the CPD switch just fine and getting it configured.. but when I connect anything to the ports (1-8) I'm not getting any indicator lights.

View 1 Replies View Related

Cisco Switching/Routing :: 10G Ports On Nexus 7K?

Jul 2, 2012

I''ve trying to bring up ports on a N7K-M108X2-12L card using X2-10GB-SR modules.
 
All ports are in a VDC and configured to accept the M1 card:
 
vdc_id  vdc_name                          state               mac                 type        lc
------  --------                          -----               ----------          ---------   ------
2       cam-cor-csw-sfy-01                active              64:a0:e7:43:f0:c2   Ethernet    m1 f1 m1xl

[Code]....

View 3 Replies View Related

Cisco WAN :: C2900 - Assigning Multiple ADSL To GE Ports

Jan 19, 2012

I have 1 x C2900 router with 3 x ADSL WIC and UC500. I setup 3 x ADSL to access internet and UC500 is connected with 3 telephone lines (plugged into FXO ports). I have 2 x GE on my 2900. 1st GE is connected to switch and 2nd GE is connected to UC500.
 
I want to setup that traffic from UC500 (SIP) is going through 1 dedicated ADSL line and data (from computers & servers) is going through remaining 2 interfaces only. How I can set it up.
 
I would also like to know how I can load balance internet connection going through 2 dedicated data ADSL lines.

View 4 Replies View Related

Cisco Firewall :: Allow SIP On Multiple Ports Not Only 5060 (ASA 5505)

May 14, 2012

We've read everything about inspecting SIP packets and allowing them to pass through on port 5060, the default SIP port. However, our setup requires the ASA 5505 to allow SIP on ports 5060, 5160 and 5260.
 
Is this possible with the ASA 5505? If it's not, it would be a blocking issue for us to move forward with ASA appliances. We are currently investigating in a lab environment and really having difficulties configuring it to facilitate full SIP functionality.

View 1 Replies View Related

Cisco Application :: ACE 4710 - Rserver With Multiple Ports?

May 28, 2012

Currently migrating from a CSS to a new ACE for all our inbound ssl connections.
 
On the CSS, I could define multiple backend services, different tcp ports and 1 IP.
 
ex.              
service TEST_HTTP22
protocol tcp

[code]....

But now I have to define each backend web server as an RSERVER and it doesnt allow me to configure 2 rservers with same IP.

View 11 Replies View Related

Routers / Switches :: Block Multiple Ports On Only One Ip?

Oct 4, 2011

how can I block multiple ports on only 1 IP Address while not blocking those ports on other IP Addresses. I am using a Netgear WNR2000v1 which assigns the IP Addresses to each device.

View 1 Replies View Related

Cisco Switching/Routing :: Multiple VLANs On 881?

Oct 23, 2012

I recently set up a Cisco 881 to cover a small business network. The router is currently set up and working as expected. We recently decided to move to VoIP phones and here is where I'm running into some issues.
 
First an overview: We run a network with a cable internet WAN connection, this connection is DHCP, however we have a static IP through our ISP. We also have a block of 30 additional IP addresses for one to one mapping as we need them. The new VoIP system is being run over T1 lines throughout the township (we are a municipal organization) and the VoIP system is being run to about 5 buildings in the township.
 
This brings me to the topic of VLANs. As the phone engineer explained it to me, there is a network set up over the T1 that allows the VoIP equipment to talk to one another and operates all of the VoIP phones on one network. The equipment that is being installed at our building connects to the network over the T1 and "talks" to the other equipment on the network. The engineer wants to create a VLAN and run it on ports fa1 and fa2, with the fa2 port being connected to the actual "MPLS" (their term) that connects to the T1 and into the cloud, and the fa1 port connected to the internal phone switch.
 
TLDR; The problem is this: When we attempt to set up the VLAN on ports fa1 and fa2, we have no connectivity with the other units in the external VoIP cloud. Pinging while directly connected to the "MPLS" yields successful pings, while pinging from the router with the "MPLS" connected to fa2 yields failures. I'm going to post the running config below, I feel like what we're doing should be working. I asked around about subinterfacing, but others seemed to think this was not necessary.
 
ROUTER CONFIG
Building configuration...
  
Current configuration : 4909 bytes
!
! No configuration change since last restart
version 15.1

[Code].....

View 10 Replies View Related

Cisco Switching/Routing :: How To Segment The Ports On SF-300 Switch

Jul 13, 2012

The default Gateway and DHCP server is connected to port 1 of the switch.  I have various other devices on the network plugged into other ports on the switch.I want port 1 to communicate with every port on the switch, but don't want the other ports to be able to see eachother unless I specifically allow them to. For example, port 5 should see port 1, and 7, but nothing else.Everything needs to be in the same subnet.  With the older Dlink switches I am used to this feature is called "Port Segmentation" but I see no such option in this switch.   I have been playing with the VLAN settings but so far I have not been able to achieve this.

View 7 Replies View Related

Cisco Switching/Routing :: Can SM-ES3G-16-P Act As L3 Ports For Router

Mar 27, 2013

I have a SM-ES3G-16-P in a 2951. Is there any way that the service module interfaces can be transparent to the host router. Essentially I want the SM to act like an HWIC-1GE .. only with more ports!

View 4 Replies View Related

Cisco Switching/Routing :: 4500 - How To Configure The SFP Ports

May 23, 2012

How i can  configure the SFP Ports on my 4500 SERIES CHASSIS with other SFP ports on the connecting switch. I want to connect 15 switches via GLC=SX=MM to my 4506E sfp card.

View 4 Replies View Related

Cisco Switching/Routing :: 2960 Switch Ports Using POE?

Feb 5, 2013

I have a statck of 4 2960s switches, with POE powered access points on 2 of them. All of the access points appear to be functioning normally. For some reason, on 3 interfaces connected to access points, I get the following when issuing show interfaces status:
 
Gi3/0/9                      connected: T 7          a-full a-1000 10/100/1000BaseTX
^
 
My question is regarding the "T" in the status field. I can't find any documentation on this.

View 5 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved