Cisco Switching/Routing :: Changing Native Vlan On 3550 Switch
Dec 22, 2012
I am having trouble after creating a management vlan (99) on a 3550 switch.I have configured the vlan (99) and given it an IP (192.168.1.100) and a default gateway (my router address - 192.168.1.99).I can ping to the switch from a PC and vice versa. The management VLAN IP is fine but now I cannot ping to the router from either the PC or the switch.It seems that just by adding VLAN 99 with it's own IP address has now prevented pings from the switch/ PC to the router ?Due to the fact that I have created a new switch management VLAN with an IP, does this mean I have set up the router as a 'router on a stick' scenario ? [code]
I'm having some problems setting up vlans to talk to each other on a 3550-12T switch. Its quite a simple setup I have, but I need to split my network up.
Currently I have a network of 192.168.25.0 255.255.255.0 I want to create a new vlan network of 192.168.30.0 255.255.255.0 So I have configured my vlan1 (default vlan) to have an ip of 192.168.25.250 for getting to the management page
I have created a vlan2 of 192.168.30.1 255.255.255.0 ?I have a port 10 linked to one of my 3560G's?In port 9 which is on vlan2 I have my pc plugged in with a static ip of 192.168.30.50 from the router I can ping any device on 192.168.25.x.
I can not ping 192.168.30.1 (which is my vlan2) nor can i ping the PC.
I have enabled ip routing But I dont have a default route, this is becase we don't have a router on the network.
In our network environment, we have a 2960 switch sitting behind our router. Off of this we have a lot of external connections, like our external DNS, firewall, and VPN concentrators. I've configured a VLAN other than the default, moved everything into it and then shut VLAN 1. In this hardening guide it says that your native VLAN should be something other than the user VLAN, but if I am not using any trunk links, wouldn't I not really have a native VLAN? I attempted to make the link to our firewall a trunk link and then set the native VLAN to something else.
1 week ago, I got a call from a client that reported a network outage, the client told me that, 3 switch has crashed he try to console but it just hang. I ask him, did you change something? he said he didn't change anything, he just pluged a nortelswitch to the cisco switch number 9, but that switch doesn't crash like the others (3,4,8). I check the uptime, and yes the switch never been powered off..
the topology look like this
____ 6500 ____ / / | 1 2 3 4 5 ...... 9
the vlan is end to end vlan, so vlan span between all those switches. transparant. this is collapsed topology, core and distribution is the 6500 itself all of the 1-9 access switch are in the same rack, with no loopguard, and bpdu guard configured. and connected to the core using etherchannel. the problem is there is no log available to start the troubleshooting/investigation.
We are trying to setup a new configuration with 2960S as access switchs and a 4507 as a core switch.I want to protect the management IP VLAN of the swich using vrf on the 4507 so we :
SHUT VLAN 1 on every switch (2960 + 4507) CREATE A NEW VLAN 289 (management vlan) -> IP network : 10.32.126.192/26 L3 VLAN on every switch VLAN 289 in the VRF XXX on the 4507 create tunk between the switch and the 4507 : switch mode trunk allowed vlan 200-230 sw trunk native vlan 289
so with this configuration on the 2960 the vlan 289 is UP/DOWN and UP/UP on the 4507 I can access to the 4507 using the IP in the VLAN 289 but i cannot access to the 2960 behind the 4507 CDP connectivity is ok?
I am migrating an existing LAN from 3550 to 3750X-12S. In the existing configuation, I´ve got some trunks with native VLAN <> 1. The native VLAN is also used for user data transport. With IOS 15.0(1)SE3 on 3750X I recognized, that per default behavior PVST is not active for a VLAN defined as native, even if the corresponding trunk is up and trunking. My current workaround is to add a "switchport access vlan" command on the trunk even this one never should become an access port. With this statement only the switch is activating the PVST for the native VLAN. For all other vlans PVST works as exspected. [code]
I have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
We have a problem with CDP packets on sent by our Cisco 6509's. Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan. As a result the CDP packets are sent with an 802.1Q header with a tag of 1. The other switches send the CDP packets untagged on the native vlan. This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509. They see the packets from the 4948 and 5020 just fine.
How can I disable the administrative native vlan tagging on the 6509? Here is the current setup:
nwkdev-6509-1#show vlan dot1q tag native dot1q native vlan tagging is disabled globally nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport
I've been experimenting with the 'vlan dot1q tag native' command on a switch and it seems as though tagging the native vlan breaks vty access to my access point.With the 'vlan dot1q tag native' commnand applied, I lose management connectivity to the AP with 'no vlan dot1q tag native' applied, connectivity is restored. Why is this? Is it safe to say that one can access the AP via vty lines using ONLY untagged packets?
We are trying to replace the CSS between our firewall and DMZ with a BigIP. Among it's other functions, it will act as the router between the firewall and the DMZ. To make this work, I need to assign vlan tags values for the vlans I create on the BigIP box and these must match the tags on the cisco switches (3550's) How do I find this information on the switch?
I am attempting to create a mass upgrade server for some of our more standardized equipment since our vender cannot upgrade them pre-shipping for us, we've got to do them on our own. This means using a terribly organized wizard written in what appears to be Java...
I have an aversion to Windows and felt that I could accomplish the same thing using expect scripts and a Gentoo Linux server; now all I need is to set my Cisco 3550 (c3550-ipservicesk9-mz.122-44.SE6.bin) to have each port on it's own VLAN, except for fa0/1 which will be a trunk port to communicate with all ports as well as the server.
I have a 3560 switch with the following ports config [code] I would like to use theses ports on a different vlan to connect 4 pc's to them. Can I just remove them from the vlan, remove the trunk switchport and set up on the vlan i want them on with no trunking?
I was given a task of creating a vlan and isolating one pc to access an internal website (192.168.90.15) on a specific port (port 8080)The pc is connected in the following manner:
PC--> HP Switch --> Cisco Small Business SG200 switch --> 3550 Catalyst 1, 3550 Catalyst 2 and 3550 Catalyst 3.
I have created a vlan 110 on the Main 3550 Catalyst switch and successfully added the pc to that vlan.However, that PC must be able to access the internet and an internal website on port 8080.I have placed an access-list on the main 3550 catalyst switch which is connected to our router as below:
Client ip address: 192.168.100.2 VLAN 110: 192.168.100.3
access-list 110 permit tcp host 192.168.100.2 host 192.168.90.15 eq 8080access-list 110 permit icmp host 192.168.100.2 anyaccess-list 110 deny ip 192.168.100.0 0.0.0.255 ? I was unable to access the webserver even after many attempts.
I have 2 SG300 switches, in layer3 mode, lag'd together for high availability, serving 2 Dell R815's and a Dell Equallogic 4100 for virtualisation. I have setup a number of vlan's, network traffic, mgmnt traffic, iScsi, vMotion etc and they seem to work.
However, Equallogic unit suddenly became unavailable to view for managment yet maintained iscsi traffic for the servers ok. After much head scratching, noticed that one of my SG300's had the vlan ports assigned to various vlans had *automagically* changed there assignment, ie tagged changed to excluded, but only for one of the iscsi traffic connections and the mgmnt port, both coming from the Equallogic, the other iscsi continued its assignment fine. The other SG300 hasn't changed. Guaranteee no one has been into change it and no changes have been made to Dell servers or Equallogic.
Q. Is there any circumstance where the switch can change the port setup itself? or is there any external circumstance that would trigger that change either?
This has now occured twice. The setup is running as a test lab, not in production until all setup is complete, then it will replace our existing harware.
vlan 10 ports 1-10 vlan 21 ports 11-20 vlan 30 port 21-30 vlan 40 ports 31-40 default vlan should be vlan 21
I have the servers, switch and router connected to vlan 21. Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19
[code] Building configuration... Current configuration : 4833 bytes ! version 12.2 no service pad
i have an OM1 MMF fiber run between two switches, the first being a 3750 and the second being a 3550.
The link currently exceeds the maximum distance for OM1 @ 1000Mb/s (220m) so i would like to downgrade the link to 100FX using the necessary SFP's/GBIC's to extend the maximum distance to 550m and run the link @ 100Mb/s.
I have the part code for the 100FX SFP to install in the 3750 (GLC-GE-100FX) but cant find a 100FX GBIC for the 3550, can I use a 1000SX GBIC (WS-G5484) for the 3550 at one end and the 100FX SFP at the other? Any success with this configuration over MMF?
I have a 3550 switch right now, and need to upgrade to a gigabit switch, so I'm looking at a 3560G-48. For some reason I purchased an EMI version of my 3550, but run the ipbase image...what I need to look for - is a 3560G-48-s good for what I need?
While working at a client site today, I was troubleshooting some ICMP connectivity for a network we have created.I turned on 'debug ip icmp" on the 3550 switch int he middle, and was inundated with the following debug output:
Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5 Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5 Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5 Jan 25 11:01:14.641: ICMP: dst (172.16.1.7) port unreachable rcv from 172.16.1.5
[code]....
This output fires several times a second, and based on how often it is firing, I am curious if it may be a culprit with respect to the fact that the client has indicated that they have some slow internet.Should the next step be to look at the workstation at 172.16.1.5?
I have cisco switch 3550 IOS Version 12.1(19)EA1c.
I can configure route-map commands on that. but i can not apply that into any vlan interface. while i try to apply the following command ( ip policy route-map PBR) on VLAN int i get an error msg saying that the command is not recognized.
I live in a condo building that uses 3 Cisco Catalyst 3550 switches connected to a Comcast router with 100 Mbps download. Currently we regulate bandwidth by providing each user with 3 Mbps download. Even if only two people are active they still only get 3 Mbps download. I would like to set it up so if two people are using they each get 50 Mbps; a sort of 'dynamic qos. Is this possible with these switches? Would we have to purchase a Cisco router in order to provide this feature?
My cisco 3550 EMI switch is not responding to power connection. I have checked and changed power cable. its still not working.fan is not running and no lights on front panel
I have a small cisco switch cluster (seven different 2924, 3524cisco switches) with 3550 as a cluster control which does all the inter vlan routing that works fine.
This cluster is in semi production PBX interop testing lab. This is a closed network without internet access and not connected to our corporate network.However now I have to add this capability so some equipment in the lab can get Microsoft updates over the internet.
I've created a port on a 3550 (fa0/19) and connected it to another network that has internet access. It picked an ip address and when I'm logged in to the 3550 I can ping hosts on the outside network. However I can't ping any hosts on that network from any hosts that are connected to my vlans.I've tried a few different things, but still can't make it to work.
Here is a short version of my 3550 configuration:
! version 12.2 no service pad service timestamps debug uptime service timestamps log datetime no service password-encryption
im having this strange issue where everytime i plug in a voip phone to my 3550 the switch disconnects another voip phone.then to fix the disconnected phone (7940) i need to power off the phone 5-10 minutes then power it on again.
but the strange thing is, once i have to do that to fix the phone and connect the phone back to the switch, the port link is up, but no macs are seen on that port.
I have a 3550 switch that was replaced at a remote site with no IOS. This is a switch not a router so tftpdnld does not work.
[Code]...
The problem is the switches interface never comes up so try to connect to the tftp server. I read on google it can't be done on a switch to copy from tftp to flash in rommon mode on a switch and to use XMODEM. My problem is I do not have access to it, I ssh into a 3640 which is an access server for all devices and that is how I have console to it, how to use XMODEM over ssh.
But I'm fairly certain that there has to be a way to just copy it from tftp? I have a 3550 local and when I put it in rommon mode it stops the port check at port, port 1 goes from green when you plug it in to off then port 2 changes to amber and the rest green. So just by the look of this I would believe tftp would work; you just need to use port 1.
I am going to change a running 6500 switch. I am missing a best pratice doc for changing a cisco switch configuration. My question is if a startup-config has an error (due to typo mistake, or due to comands not supported on latest IOS) and I do copy tftp startup-config then what will happen ? I want to make sure when I do "reload" the switch then it should boot normally with the latest startup config !
Our switch had a little crash-fest this morning at 2:30 AM. I did find a web page about diagnosing Software Forced Crash Exceptions, but it did not look like ours was one of the more easily-identifiable ones.
It may be worth noting that we've only used this switch for about a month, everything seemed fine until now. When we got the switch it did not have any GigE modules, and this week we put 2 into it and have been using them for 2 servers.
It looks like the switch was crashing repeatedly over a period of 20 minutes, and then it stopped and normalized. In the logs of the router that this switch uplinks into, we could see the ethernet port flapping during the time that the switch wasn't reachable.
Here's the Show Stack on the switch:
Sfld_3550# show stackMinimum process stacks:Free/Size Name4404/6000 vegas_flash init3352/6000 SaveCrashBuffer5716/6000 CDP BLOB8512/9000 IP Background5596/6000 vqpc_shim_create_addr_tbl5584/6000 SPAN Subsystem5552/6000 SASL MAIN4944/6000 vegas IPC process8704/9000 cdp init process5404/6000 RADIUS INITCONFIG4928/6000 Vegas CrashBuffer5664/6000 URPF stats2536/3000 Rom Random Update
