Cisco Switching/Routing :: Catalyst 2970 Switch For 2 Vlans
Oct 14, 2012
I am using a catalyst 2970 switch for 2 vlans. Corporate data and a separate VLAN for backups. What I want to do is create an LACP etherchannel to the switch and also trunk these ports so the server is part of both VLANS.Due to fact that some of these servers are on totally separated networks, they really shouldn't be able to talk to the backup server. Creating the VLAN for backups works to achieve this. I plan to create inbound ACLs on each port to allow only the ports and IPs for the backup network and allow everything we need for corporate data.I read somewhere that you can't have ACLs on an etherchannel and I just want to get it all straightened out. I notice I can't add an access group to the port-channel itself but I can on the port- channel member ports. Is this all I need to do or does this not work?
a switch port is shutdown, but when i use NO SHUTDOWN command it is working and shows administratively down. like this command does not affect on it. i should enable this port? what can i do btw, port is not in errdisable and portfast is enabled.
I have a above said switch at my remote office (600KM) which is connected with L2 Point to Point leased line. Both the ends I have Cisco 3950 catalyst switches with Vlans configured at both the ends. Now, for obvious reasons I should remove the other end 3950 switch and replace with Cisco 2950 switch. The other end 3950 is having 4 Vlans configured on 4 ports. Now my requirement is, I should configure 3 Vlans (one for P2P, one for 10 Desktops and one for to bring traffic from other network).
I've just started a new job after a couple of years not touching cisco gear and been pitched in... My new employer has a network that's Juniper based. We've inherited a load of Cisco switches as part of the deal for hosting matches during the Rugby world cup (plus a load of Aruba wireless gear that promises to be my very own special millstone, but that's bye the bye.)
My task is to hang these catalyst 2960's onto our existing infrastructure via fibre connections.
On the Juniper switch, there are four vlans being pushed to the port the cisco's hooked into: Code...
I am testing on lab equipment (2 Catalyst 3550 and 1 Catalyst 3560) HSRP version 1 and 2.I successfully created a load balancing between the two Catalyst 3550 on a couple of vlans (11 and 12) on ver 1
now, just adding the command "standby xx version 2" my hosts on the 2 vlans are completely unable to ping the virtual IP def. gw on debugging i checked that msgs are exchangedthe two cat 3550 are seeing each other on HSRP (active / standby roles)the real ip addresses are pingable rebooted the swiches (just as a last resort try)deleted arp chache on hostsremoved the auth on hsrp all of this no effect.
i also tried to modify the priority on the cat 3560 (before he was on both vlans in standby) to make it the active one and with the same config it worked flawlessly.
My only idea is that there is a bug on CATs 3550 (IOS: c3550-ipservicesk9-mz.122-55.SE4.bin) [code]
We have 2 internet connections- one for production and one as a backup. The backup connection will be used for allowing guest visitors on a wireless network that is on a seperate VLAN.
VLAN routing provided by Dell 6224 switch and other switching is Cisco 2970 (L2) switches.Backup Internet router is SMC (Comcast)
I would like to allow clients on VLAN 41 access the internet connection in VLAN 10 at 192.168.100.1. Clients on VLAN 41 can PING and trace to the default gateway 100.1. VLAN 41 clients are also able to get DHCP info from VLAN 1. NSlookup fails when using the ISP DNS servers. NSlookup is suscessful when using our internal DNS servers, but web pages are not returned. It eventually fails.We've tried to set the DFGW on the clients to both 41.1 and 100.1 with no success.
100.2 know where to find 41.1 interface for the 41.0 network. The router/gateway can PING the clients on VLAN 41, 192.168.41.0 network and visa-vera.
It seems like the clients are not able to get through 100.1 to the internet or the gateway/router doesn't know how to get packets back to the clients.A static entry was made on the router that mapped back to the next hop at 100.2. 1 Someone alluded to a NAT issue, where the returning packets have information for the 100.0 network only and the internet router doesn't know to send the packets through to the 41.1 interface to the clients.
This is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
After changing the VTP mode to from client to transparent, I noticed the output of 'show run' now displays the vlans. I don't have any spare 2970s to check this with at the moment. Output of 'show run' looks like this now with vlans info, this was not shown before changing the VTP mode.
I have a Cisco 2970 port 24 configured as a trunk port to handle all 11 vlans. This switch is also plugged into a couple other Cisco switches all is good on that side.
Here comes the ODD ball of the bunch. Since our wondeful execs wont let us buy anymore Cisco switches till our numbers get better they gave me this pos Netgear GSM7224. I know this isnt a Cisco product but someone out these has been thru this before.
I have a Catalyst 4006 switch in production and a spare switch of same model. I have to quickly copy the configuration from production switch to spare switch (both L2 and L3 configurations) How do I do that?
3945 is running c3900e-universalk9-mz.SPA.151-4.M2 3560e is running c3560e-universalk9-mz.150-1.SE
I've got brand new 3945's with onboard 16-port 3560e switches. On the first power up I see that there are several new vlans added that appear to be default vlans..
vlan 2 name fst2 vlan 3 name fst3 vlan 4 name fst4 vlan 5 name fst5 vlan 6 name fst6 vlan 20 name VLAN0020 vlan 21 name VLAN0021 vlan 22 name VLAN0022 vlan 23 name VLAN0023 vlan 99 name VLAN0099
I deleted the vlan.dat and reloaded the switch but these vlans come back. What these vlans are intended for and is there a better way to get rid of them? What does "fst" stand for?
I'm trying to setup a port on a catalyst 3750 so it will pass traffic for 2 vlans. It connects to a (watchguard) firewall which I've configured with a primary IP (for vlan 27) and a secondary IP (for vlan 29).
However I can't seem to find the correct commands to enter on the cisco switch port (I've tried a variety).
FYI the current configuration is... interface FastEthernet1/0/38 description ## Connection to WG vlan27 and vlan 29 ## switchport trunk encapsulation dot1q
I have a small cisco switch cluster (seven different 2924, 3524cisco switches) with 3550 as a cluster control which does all the inter vlan routing that works fine.
This cluster is in semi production PBX interop testing lab. This is a closed network without internet access and not connected to our corporate network.However now I have to add this capability so some equipment in the lab can get Microsoft updates over the internet.
I've created a port on a 3550 (fa0/19) and connected it to another network that has internet access. It picked an ip address and when I'm logged in to the 3550 I can ping hosts on the outside network. However I can't ping any hosts on that network from any hosts that are connected to my vlans.I've tried a few different things, but still can't make it to work.
Here is a short version of my 3550 configuration:
! version 12.2 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption
Is it possible to configure both Catalyst WS-C2960-24PC-L and Switch Cisco SG300-28 to work together for VLANs for voice and data ? If yes, can you give me the resources which I can refer to ?
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net. My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20,I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2),my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to,go out to the internet.
We have a network of 30 VLANS and currently all the vlans have access to everything. We are using Cisco 6509 switch for Layer3 routing.I would like to prevent some VLANs accessing the server VLANs. How can I restrict access to the server VLANs?Do i need to implement access-lists on the 6500 switch? or do i need to create VLANS on the firewall so that all traffic i filtered ?
i try to implement layer 2 qos in 2960. when i complete to configure the switch, i want to test the qos.PC1 conect to switch port 1,PC2 conect to switch port 2 . PC1 is source teminal. i use skydata.exe and FTP for the test.
when use the skydata ,the PC2 speed can reach 10mbps.when use the FTP , the PC2 only can reach 1.2mbps. why?
I can use Putty to SSH into my new switch (Directly connected to my laptop with ethernet cable), but I cant log into my switch.
Sent username "admin" admin@192.168.251.1's password: Access denied
It doesnt like my password, but I have only set 1 password (king) on this switch. I've configured 3 other switches with SSH and had no problem. Been trouble shooting for awhile and It'd be great if I could have a 2nd set of eyes take a peek, Also, my running config is attached.
I am confused on how acl's respond on normal cisco switch (eg.6500) when applied on respective vlans. this is my scenario:on a 6506, i have 2 main vlans in question: Vlan 100 ( vendor1 - 172.16.100.0/24 ) & Vlan 200 ( vendor2 - 172.16.200.0/24 ). the requirement is,
- vendor1 should be able to access/ping vendor2 end points
- vendor2 should not be able to access/ping vendor1 end points
Now, if i ping from a host 172.16.100.11 in vlan 100 to another host 172.16.200.21 in vlan 200, will i be able to get a successful response ?
I had an old Cisco Catalyst 2948G switch that I have not used in about 7 years down in my basement. I powered it on and went through the process of clearing out the configurations, and I got to a point where one of the commands to clear out the config asked me to install jumpers for "ROM" and "ERASE". There is a third jumper labeled "NO BOOT". They are numbered J6, J7, & J8 respectivelyI found the jumpers inside and put the jumpers on them and ran the command expecting it to remove any old configurations I had on the switch and bring it back to factory state, but I was wrong.
Does the port adaptor PA-MC-2E1/120 work with the Catalyst Switch 6506E (Sup Engine: 720-3B)? We have bought a Enhanced FlexWAN card for this port adaptor.I read through the cisco website and seem to get confusing answers whether they are compatible.
I had an old Cisco Catalyst 2948G switch that I have not used in about 7 years down in my basement. I powered it on and went through the process of clearing out the configurations, and I got to a point where one of the commands to clear out the config asked me to install jumpers for "ROM" and "ERASE". There is a third jumper labeled "NO BOOT". They are numbered J6, J7, & J8 respectivelyI found the jumpers inside and put the jumpers on them and ran the command expecting it to remove any old configurations I had on the switch and bring it back to factory state, but I was wrong. This switch runs CatOS, not IOS.When power is applied to the switch, the fans turn on as normal, but no LEDs are lit on the front. There are green LEDs lit next to the jumpers inside, but that is all. I am not able to get any response from it on the console at all anymore.The LEDs that are lit green inside are labeled "CR5" and CR6".
I have inhereted a network in a school that is using a Cisco Catalyst 500 series switch. Previously, it appears that this switch was never managed (just plugged in and using it's default configuration). I am trying to change that and be able to control the switch using the Network Assistant or just the web-based device manager. I understand that you cannot perform the initial configuration with anything past Windows XP, because the broadcast flag setting past XP causes an issue where the IP address of the management computer is assigned but not the default gateway. Despite this, I am still unable to connect to the switch for management purposes. Here is a list of the steps I have taken, all of which have been unsuccessful:
1) I tried using a computer running Windows XP. The same issue occurred. It was assigned an IP address from the switch but did not get a default gateway. It was unable to access what should have been the default IP of the switch; 169.254.0.1
2) I tried it in Windows Vista by editing the registry to turn broadcasting off. It still did not work.
3) I tried it in Windows 7. Still no luck.
4) In all 3 operating systems, I tried using the "Advanced" setting in the TCP/IP configuration to add a default gateway of 169.254.0.1 to no avail.
is it possible to run a Catalyst 4500 as pure Layer 2 Switch, i.e. disabling "ip routing", but still managing the switch via Fa1, i.e. the defautl mgmtVrf vrf ?I tried the following:
! no ip routing ! interface FastEthernet1 ip vrf forwarding mgmtVrf ip address 192.168.1.1 255.255.255.0 ! ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 192.168.1.254 ip default-gateway 192.168.1.254
I was not able to reach the Switch even from the same subnet. Only after enabling ip routing I could manage the Switch. I haven't found any command to set ip default-gateway for a vrf. Any workaround to keep routing disabled, but still manageable via VRF?
Currently we have cisco 4503 switch in one of our location without redundancy which servers below,
300 user (desktop & ip phones) 5 vlans 15 access switches are connected one L3 connectivity.
Actually i want to understand is it really necessary to have 4503 or we can go for 4900 series as we are planning to have redundancy in distribution segment.
Which is the best L3 switch in the above scenario and how to measure the overall performance of the current 4503 switch...
one of the most widely deployed switches in the world. The "Swiss Army knife of network", can do routing, switching, security, wireless and almost everything that you would want your core switch to do. Remember to use the rating system to let Akshay know if you have received an adequate response.
Akshay might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network Infrastructure sub-community LAN, Switching and Routing discussion forum shortly after the event. This event lasts through July 27, 2012. Visit this forum often to view responses to your questions and the questions of other community members.
My problem is that I have a Cisco 300 series small business switch with multiple VLANS each one with an IP address and two or three ports assigned to each VLAN. I have an E3200 wireless router that I want to use to use to share internet on the switch. All of the VLANs are reachable from the other VLANs and I've put a static route on the E3200 so that I can reach the VLANs from a machine connected only to the router. But I can't reach machines on the otherside of the router or get to the internet from the switch.
In my ongoing project i need to monitor cisco 3750-X port status (uplink/downlink) i.e. whenever there is some problem at a specific port. I need to monitor it through an OPC server and right now what i am doing is as follows: i am using Kepserver and i have added SNMP driver in it for that purpose i am not a networking expert but what i have learnt till now is that SNMP agent (that resides in switch) delivers the status of MIBs to SNMP manager ( which in my case is kepserver (opc server)) for the above purpose i am adding IF-MIB to monitor OID 1.3.6.1.2.1.2.2.1.8 (which shows port statuses) but when i add that in OPC server then it indicated that this OID is not available in the Switch ( it might be disabled) so i need to ask if there is any way to enable OID's in a switch,