Cisco Switching/Routing :: CAT3750E No Longer Use Multiple Ports Within Extended ACL
Mar 12, 2012
I was wondering why can't we no longer use the multiple ports within an extented ACL like I use to do it in a CAT3750E.I have IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.02.00.SG.I wanted to create an ACL like so [code] But when I do, it tells me that I cannot do it.... I can only add 1 tcp port to my ACL line. I tried to search the "object-group" concept also but it's not implemented in this IOS.Can this be done in IOS-XE ?I'm migrating my enviroment from a CAT3750E stack to a C4510-E.
View 1 Replies
ADVERTISEMENT
Jan 25, 2013
I've got a recurring them developing across several deployments of Catalyst 3750X series switches, I'm seeing large amount of output drops across multiple ports but there are is no QoS deployed on any of these switches. (standard FiFO). As it happens the ports in question are a member of EtherChannel groups which are connected to ESX Hosts.I've also seen this behaviour also unexplained on another 3750X at a different site, however it's a single port and connects to an Upstream firewall.However in both cases neither switch has any QoS or non-standard configuration, literally a couple of VLAN's and some EtherChannel groups.Here's some output from the case involving the ESX servers.
View 5 Replies
View Related
Mar 10, 2013
I have 2921 router and I have 3 very basic switches that I need to connect to the router. The switches have very basic default configurations and there is no way to edit them, so I only have one VLAN and one default gateway. I can't assign the same IP address to each LAN port. I'm not sure how to make this setup work.
View 12 Replies
View Related
Jul 4, 2012
I've got a recurring them developing across several deployments of Catalyst 3750X series switches, I'm seeing large amount of output drops accross multiple ports but there are is no QoS deployed on any of these switches. (standard FiFO).
As it happens the ports in question are a member of EtherChannel groups which are connected to ESX Hosts.I've also seen this behaviour also unexplained on another 3750X at a different site, however it's a single port and connects to an Upstream firewall.
However in both cases neither switch has any QoS or non-standard configuration, literally a couple of VLAN's and some EtherChannel groups.Here's some output from the case involving the ESX servers:
Port-channel6 is up, line protocol is up (connected)
Hardware is EtherChannel, address is 1cdf.0f82.1607 (bia 1cdf.0f82.1607)
Description: EC to xxxx
MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
[Code]...
How I can attempt to identify what traffic is being dropped?
View 5 Replies
View Related
Nov 5, 2012
i would like to monitor traffic between multiple source ports to multiple destination ports on a nexus 7k. i lknow when you set up monitor session is between source and destination (laptop or traffic analyser) but is there a way i can set up between source and multiple destination ports and capture that traffic ?
View 3 Replies
View Related
Mar 19, 2013
Does Nexus 7K support Multiple VDCs sharing ports on a single line card. One of our cisco parnter engineers stated that cisco doenst recommend using same line card for multiple VDCs.The second VDC (Non-Default VDC) will be used four our Outside, and DMZ Segment, and to phyiscally segregate our Firewall from our Internal/Inside Core Switch without using a physical DMZ Switch.I know Cisco used the Nexus in this way in their PCI DSS 2.0 Compliance Document. Module is N7K-M148GT-11L
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L
Mod Ports Module-Type Model Status
--- ----- -------------------------------- ------------------ ------------
1 48 10/100/1000 Mbps Ethernet XL Mod N7K-M148GT-11L
View 7 Replies
View Related
Mar 5, 2012
I am trying to test the MTU between two 3750 switches I have in the lab. I've set the MTU with the command "system mtu 9000" on both switches and rebooted.
The only connections on the switches are the gig ports connecting the two switches. Each interface is a member of vlan 1.
I am doing an extended ping. I set the datagram size to 2000. When the df bit is set the ping doesn't go through. If the DF bit is not set the ping goes through.
The debug ip icmp shows, 4d00h: ICMP: dst (1.1.1.1): frag. needed and DF set.
Why is fragmentation needed when the MTU is set to 9000?
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0015.2b7d.0d01 (bia 0015.2b7d.0d01)
MTU 9000 bytes, BW 1000000 Kbit, DLY 10 usec,
[Code].....
View 4 Replies
View Related
Jan 24, 2013
We have a 3560 switch running IOS universalk9-mz.150-1.SE3.bin.Recently, we saw two problems with this switch:-
1. if we try to enable subinterface on any routed interface , for eg. gig1/1, it says invalid input detected. It doesnt accept encapsulation command also. Following was done to enable subinterface:
int gig1/1
no ip address
int gig1/1.2000
ip address 1.1.1.1
under the gi1/1.2000 subinterface, it doesnt present the option of ip address.
2. we created a layer 2 vlan 2000 like: vlan 2000 When we do an exit after creating this vlan , it gives following error:-
%SW_VLAN-4-VLAN_CREATE_FAIL: Failed to create VLANs 2000: extended VLAN(s) not allowed in current VTP mode
View 6 Replies
View Related
Nov 9, 2011
We faced with problem after upgrade ASR from 12(2) 33 XNE2. I know that this is an old XE release but our Radius deny authization from ASR with more new XE version. Here is our radius attribute configuretion:
!
radius-server attribute 44 include-in-access-req
radius-server attribute nas-port format d
radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard
[Code]....
How can I add in my configuration that ASR send necesserry NAS-Port-Type - VPDN
I couldn't found out any info ((( for radius-server attribute 61 extended
View 1 Replies
View Related
Nov 7, 2011
We have a gateway on a 4503, say on port 2/1, and we only want the other devices that are plugged into the 4503 to be able to talk to the gateway and thats it. The other devices are Motorola TUT DSL devices and they plug into the 4503 directly.
Normally "switchport protected" would make this very easy to keep stuff on one port from talking to other ports but with 4500's you are not able to do that command. So we implemented a MAC Access-List Extended ACL. Here is what we did
mac access-list extended BLAH
permit #host 0000.XXXX.YYYY any
interface range fa 2/5 - 20
mac access-group BLAH out
The MAC address 0000.XXXX.YYYY is the MAC address of the gateway that is plugged into Fa2/1 and the DSL TUT devices are plugged into ports Fa2/5-20. We would think that this config would only allow devices on the TUT DSL to talk only to the Gateway but we don't really think this is happening. The TUT devices are learning about MAC addresses that are on other TUT devices.
View 1 Replies
View Related
May 14, 2012
I am trying to write an extended ACL for the voice vlan.My scenario is the following:I have two PBXs with two Catalyst 4505 L3 switches.The C4505 are connected trough a trunk link.I have a VTP domain configured.
Voice VLANs are Vlan 100 and Vlan 101 with networks 10.2.0.0/16 and 10.4.0.0/16 Voip telephones are communicating between them self and everything is working fine.I want to secure both voice VLANs with an ACL to allow only couple of IPs to administer the phones.The PCs are connected trough a integrated switch via VOIP telephone.Here is the sample configuration of the dhcp pool for the PC VLAN:
ip dhcp pool PCs
network 10.1.0.0 255.255.0.0
default-router 10.1.1.1
dns-server 10.10.10.1
option 43 hex 010a.5369.656d.656e.7300.0000.0204.0000.0064.0000.0000.00ff
I had to implement the 43 hex option because the PCs did not get the ip from the DHCP because of the vendor specific information.The thing that worries me is will the DHCP forward the ACKs for the PCs if I implement this test ACL:
ip access-list extended VLAN100
permit ip 10.2.0.0 0.0.255.255 10.4.0.0 0.0.255.255
permit ip 10.4.0.0 0.0.255.255 10.2.0.0 0.0.255.255
permit ip 192.168.2.0 0.0.0.255 10.2.0.0 0.0.255.255
permit ip 192.168.2.0 0.0.0.255 10.4.0.0 0.0.255.255
permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps (this I am not sure do I need)
permit udp host 255.255.255.255 eq bootps host 0.0.0.0 eq bootpc (also this)
deny ip any any
I only want to allow the network 192.168.2.0/24 and maybe some other hosts to access the web based http gui to adiminister the IP phones.All PCs are connected trough the VOIP terminals. I do not want to deny the traffic to PCs.
View 8 Replies
View Related
Mar 9, 2010
Is it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies
View Related
Feb 12, 2013
I was asked to configure a new ASR 1002 today and after successfully puttintg the config on the router (via TFTP) the router will no longer communicate with anything. There is nothing in the config to cause this (it was actually pulled off a working production ASR 1002) and I am unable to ping a local loop back IP while consoled into the router?? I removed the config, reloaded the router and configured a new loop back - same issue cannot ping the loop back or anything else connected to this router.
View 7 Replies
View Related
Mar 11, 2013
I have a Cisco 1941 ISM. It sits between my Fortinet Firewall and the Internet. I tried to console to it so I can backup the configuration. Is there any way I can do this as I do not know the name and password for this unit as the previous net admin is no longer employed.
View 1 Replies
View Related
May 29, 2012
I have upgraded a C3750G-12S-E to c3750-ipserviceslmk9-tar.122-55.SE5This switch is a distribution layer switch for one of my remote sites. it contains an ip helper-address on the site vlan's SVI.DHCP relay is no longer functioning for client PCs. Static address assignment allows full network functionality. I enabled debug ip dhcp server packet. [code] Actually I am betting you upgraded your IOS from something before 12.2(50)SE to 12.2(50)SE or later. We added enhancement CSCso19800 which will validate DHCP options when we are a relay agent.
View 1 Replies
View Related
Oct 24, 2012
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
View 2 Replies
View Related
Feb 15, 2013
We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]
View 20 Replies
View Related
Nov 26, 2011
I have 3 xbox 360s in the house and im having nat trouble with them, i am currently using an actiontec pk5000, from centrylink. i need to know if there is a way to open all ports on this router or if i should get a router/switch that i can open the ports on and use dmz on the actiontec for the new router to make this work.
View 2 Replies
View Related
Apr 6, 2011
Is it possible to transfer an image (that is broken into parts for transfer) using 4 LAN ports at source end and 2 LAN ports at recieving end.The goal is to minimise the transfer time of the image as we have 4 LAN ports ont he source machine and 2 LAN ports at the destination
View 3 Replies
View Related
Mar 28, 2012
My internet is running through a D-Link DIR-655 router at home it's giving me some problems at the moment.Me and my roomie both play World of Warcraft and we both have to have the ports open for updates, and it won't let me.It will only let me open the ports for 1 IP, if i try to open it for more it 'conflicts', it's only passing through the port in the router, it's not dedicated to one IP.
View 6 Replies
View Related
Nov 7, 2012
we hava a couple of 2960 switches and we are logging to a syslog server. Ports keep going up and down is it normal severity (error) ?
View 2 Replies
View Related
Nov 9, 2011
I like the SG-300 switches for SMB and I'd like use them in our network. Design is quite simple just 6 SG-300 switches connected to one central switch using SFP ports (using 2 port trunks) so I need 12 SFP ports and this is my question. Could you recomend me switch with more then 12 SFP ports from Cisco for this SMB network ? I don't know all the Cisco product lines and I can't find it.
View 2 Replies
View Related
Sep 16, 2012
I'm currently having a problem getting the ports on a 3560CPD (ports 1-8) to power on and establish connectivity. I have them hookedup and TURNED on by a 3560 PoE 8 port switch via the uplink ports. I can console into the CPD switch just fine and getting it configured.. but when I connect anything to the ports (1-8) I'm not getting any indicator lights.
View 1 Replies
View Related
Jul 2, 2012
I''ve trying to bring up ports on a N7K-M108X2-12L card using X2-10GB-SR modules.
All ports are in a VDC and configured to accept the M1 card:
vdc_id vdc_name state mac type lc
------ -------- ----- ---------- --------- ------
2 cam-cor-csw-sfy-01 active 64:a0:e7:43:f0:c2 Ethernet m1 f1 m1xl
[Code]....
View 3 Replies
View Related
Jan 19, 2012
I have 1 x C2900 router with 3 x ADSL WIC and UC500. I setup 3 x ADSL to access internet and UC500 is connected with 3 telephone lines (plugged into FXO ports). I have 2 x GE on my 2900. 1st GE is connected to switch and 2nd GE is connected to UC500.
I want to setup that traffic from UC500 (SIP) is going through 1 dedicated ADSL line and data (from computers & servers) is going through remaining 2 interfaces only. How I can set it up.
I would also like to know how I can load balance internet connection going through 2 dedicated data ADSL lines.
View 4 Replies
View Related
May 14, 2012
We've read everything about inspecting SIP packets and allowing them to pass through on port 5060, the default SIP port. However, our setup requires the ASA 5505 to allow SIP on ports 5060, 5160 and 5260.
Is this possible with the ASA 5505? If it's not, it would be a blocking issue for us to move forward with ASA appliances. We are currently investigating in a lab environment and really having difficulties configuring it to facilitate full SIP functionality.
View 1 Replies
View Related
May 28, 2012
Currently migrating from a CSS to a new ACE for all our inbound ssl connections.
On the CSS, I could define multiple backend services, different tcp ports and 1 IP.
ex.
service TEST_HTTP22
protocol tcp
[code]....
But now I have to define each backend web server as an RSERVER and it doesnt allow me to configure 2 rservers with same IP.
View 11 Replies
View Related
Oct 4, 2011
how can I block multiple ports on only 1 IP Address while not blocking those ports on other IP Addresses. I am using a Netgear WNR2000v1 which assigns the IP Addresses to each device.
View 1 Replies
View Related
Oct 23, 2012
I recently set up a Cisco 881 to cover a small business network. The router is currently set up and working as expected. We recently decided to move to VoIP phones and here is where I'm running into some issues.
First an overview: We run a network with a cable internet WAN connection, this connection is DHCP, however we have a static IP through our ISP. We also have a block of 30 additional IP addresses for one to one mapping as we need them. The new VoIP system is being run over T1 lines throughout the township (we are a municipal organization) and the VoIP system is being run to about 5 buildings in the township.
This brings me to the topic of VLANs. As the phone engineer explained it to me, there is a network set up over the T1 that allows the VoIP equipment to talk to one another and operates all of the VoIP phones on one network. The equipment that is being installed at our building connects to the network over the T1 and "talks" to the other equipment on the network. The engineer wants to create a VLAN and run it on ports fa1 and fa2, with the fa2 port being connected to the actual "MPLS" (their term) that connects to the T1 and into the cloud, and the fa1 port connected to the internal phone switch.
TLDR; The problem is this: When we attempt to set up the VLAN on ports fa1 and fa2, we have no connectivity with the other units in the external VoIP cloud. Pinging while directly connected to the "MPLS" yields successful pings, while pinging from the router with the "MPLS" connected to fa2 yields failures. I'm going to post the running config below, I feel like what we're doing should be working. I asked around about subinterfacing, but others seemed to think this was not necessary.
ROUTER CONFIG
Building configuration...
Current configuration : 4909 bytes
!
! No configuration change since last restart
version 15.1
[Code].....
View 10 Replies
View Related
Jul 13, 2012
The default Gateway and DHCP server is connected to port 1 of the switch. I have various other devices on the network plugged into other ports on the switch.I want port 1 to communicate with every port on the switch, but don't want the other ports to be able to see eachother unless I specifically allow them to. For example, port 5 should see port 1, and 7, but nothing else.Everything needs to be in the same subnet. With the older Dlink switches I am used to this feature is called "Port Segmentation" but I see no such option in this switch. I have been playing with the VLAN settings but so far I have not been able to achieve this.
View 7 Replies
View Related
Mar 27, 2013
I have a SM-ES3G-16-P in a 2951. Is there any way that the service module interfaces can be transparent to the host router. Essentially I want the SM to act like an HWIC-1GE .. only with more ports!
View 4 Replies
View Related
May 23, 2012
How i can configure the SFP Ports on my 4500 SERIES CHASSIS with other SFP ports on the connecting switch. I want to connect 15 switches via GLC=SX=MM to my 4506E sfp card.
View 4 Replies
View Related
Feb 5, 2013
I have a statck of 4 2960s switches, with POE powered access points on 2 of them. All of the access points appear to be functioning normally. For some reason, on 3 interfaces connected to access points, I get the following when issuing show interfaces status:
Gi3/0/9 connected: T 7 a-full a-1000 10/100/1000BaseTX
^
My question is regarding the "T" in the status field. I can't find any documentation on this.
View 5 Replies
View Related