We are trying to replace the CSS between our firewall and DMZ with a BigIP. Among it's other functions, it will act as the router between the firewall and the DMZ. To make this work, I need to assign vlan tags values for the vlans I create on the BigIP box and these must match the tags on the cisco switches (3550's) How do I find this information on the switch?
View 2 RepliesI have a 2960 switch connected to another. The I need to verify that vlan0010 on one switch is forwarding tagged traffic between the other switch it is hooked up to through the Gi0/1 port. How do I verify this? I have a server that's multihomed (Broadcom) on the other side an it is supposed to be on this vlan with one of it's network interfaces. We had a pwer outage and now it cannot communicate on this vlan. However, everything else on the vlan can reach all the other nodes accept this server in the front of my building. All the devices in the same room are linked to the same switch which has one port (fa0/17) on vlan0010 and can ping eachother just fine. The server is hooked to port 24 on my server room switch and Gigabit port one goes to a fiber converter all the way to the back. It then gets converted from fiber to cat5e again and links into the switch (2960) in the backroom.
View 5 Replies View RelatedWe have a problem with CDP packets on sent by our Cisco 6509's. Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan. As a result the CDP packets are sent with an 802.1Q header with a tag of 1. The other switches send the CDP packets untagged on the native vlan. This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509. They see the packets from the 4948 and 5020 just fine.
How can I disable the administrative native vlan tagging on the 6509? Here is the current setup:
nwkdev-6509-1#show vlan dot1q tag native
dot1q native vlan tagging is disabled globally
nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport
[Code].....
I've been experimenting with the 'vlan dot1q tag native' command on a switch and it seems as though tagging the native vlan breaks vty access to my access point.With the 'vlan dot1q tag native' commnand applied, I lose management connectivity to the AP with 'no vlan dot1q tag native' applied, connectivity is restored. Why is this? Is it safe to say that one can access the AP via vty lines using ONLY untagged packets?
SWITCH
Model: WS-C3560G-24PS
Code: c3560-advipservicesk9-mz.122-46.SE
--Abbreviated CONF
vlan dot1q tag native
[code]....
Does Catalyst 3550 switch support inter vlan routing ?
View 12 Replies View RelatedI'm having some problems setting up vlans to talk to each other on a 3550-12T switch. Its quite a simple setup I have, but I need to split my network up.
Currently I have a network of 192.168.25.0 255.255.255.0 I want to create a new vlan network of 192.168.30.0 255.255.255.0 So I have configured my vlan1 (default vlan) to have an ip of 192.168.25.250 for getting to the management page
I have created a vlan2 of 192.168.30.1 255.255.255.0 ?I have a port 10 linked to one of my 3560G's?In port 9 which is on vlan2 I have my pc plugged in with a static ip of 192.168.30.50 from the router I can ping any device on 192.168.25.x.
I can not ping 192.168.30.1 (which is my vlan2) nor can i ping the PC.
I have enabled ip routing But I dont have a default route, this is becase we don't have a router on the network.
ARP broadcasts not reaching all VLAN ports on 3550
Cisco 3550, interface Vlan9
ip address 1.1.1.1 255.255.255.240 secondary
ip address 3.3.3.3 255.255.255.240
[Code].....
I am having trouble after creating a management vlan (99) on a 3550 switch.I have configured the vlan (99) and given it an IP (192.168.1.100) and a default gateway (my router address - 192.168.1.99).I can ping to the switch from a PC and vice versa. The management VLAN IP is fine but now I cannot ping to the router from either the PC or the switch.It seems that just by adding VLAN 99 with it's own IP address has now prevented pings from the switch/ PC to the router ?Due to the fact that I have created a new switch management VLAN with an IP, does this mean I have set up the router as a 'router on a stick' scenario ? [code]
View 4 Replies View RelatedI am attempting to create a mass upgrade server for some of our more standardized equipment since our vender cannot upgrade them pre-shipping for us, we've got to do them on our own. This means using a terribly organized wizard written in what appears to be Java...
I have an aversion to Windows and felt that I could accomplish the same thing using expect scripts and a Gentoo Linux server; now all I need is to set my Cisco 3550 (c3550-ipservicesk9-mz.122-44.SE6.bin) to have each port on it's own VLAN, except for fa0/1 which will be a trunk port to communicate with all ports as well as the server.
I was given a task of creating a vlan and isolating one pc to access an internal website (192.168.90.15) on a specific port (port 8080)The pc is connected in the following manner:
PC--> HP Switch --> Cisco Small Business SG200 switch --> 3550 Catalyst 1, 3550 Catalyst 2 and 3550 Catalyst 3.
I have created a vlan 110 on the Main 3550 Catalyst switch and successfully added the pc to that vlan.However, that PC must be able to access the internet and an internal website on port 8080.I have placed an access-list on the main 3550 catalyst switch which is connected to our router as below:
Client ip address: 192.168.100.2
VLAN 110: 192.168.100.3
access-list 110 permit tcp host 192.168.100.2 host 192.168.90.15 eq 8080access-list 110 permit icmp host 192.168.100.2 anyaccess-list 110 deny ip 192.168.100.0 0.0.0.255 ? I was unable to access the webserver even after many attempts.
Unfortunately I do not remember the model and the switch is a couple of hours away without remote access.I have 4 vlans on a procurve switch.
VLAN1 - Network Devices (Server, printers, WAPs)
VLAN100 - Admin (Office workers)
VLAN200 - Teachers
VLAN300 - Students
There is a server doing DHCP. There are 4 ranges of IPs 1 for each VLAN.
The router is on Port 44. VLAN 1, 100, 200, 300 - Tagged
The Server is on Port 46. VLAN 1 - Untagged
The WAPs are on Ports 1, 11, 31 VLAN 1, 100, 200, 300 - Tagged
All other ports are on VLANs 100, 200 or 300 - Untagged
The WAPs all have VLANs 100, 200, 300. Each VLAN on a different SSID.
I have IP helper with the server IP on VLANs 100, 200, 300.
There are IPs from the different subnets on their respective VLANs in the switch.
The gateway for each subnet is on a different subinterface on the router.
The router is a linux box. (Untangle)
The WAPs are not able to talk to the server, therefore no computers on the wireless networks can get an IP.The server can only talk to the router if I change port 44 to untagged.What combination of tagged and untagged ports do I need to make everything talk?
Do I need to put the VLANs on the subinterfaces of the router?
I need some assistance in setting up VLAN's (802.1Q) accross two switchs, I want the same 2 vlan's on both switchs, how do i configure them to be connected and pass both vlan's traffic.VLANs from firewall are tagged at 3 and 8.Single port out from the firewall.The first switch is simple enough, port is connect at port 52 and configured from both vlan's then the individual ports are either on one or the other. The question is how do i connect the second switch so that it can also do both vlans. Assume I connect switch1 at port 51 to switch 2 port 52. Do I configure both ports to be on the same VLAN's. or do i setup LAG's.
View 3 Replies View RelatedI am currently tasked with setting up a network, pretty much from scratch, that requires some fairly hefty VLAN deployment. My hardware on hand (already existed so can't can't change anything easily) 5x ESW-540-48 Switches, 1x3750g switch, 1x2811 router. I don't believe the router should be required as the 3750 is capable of intervlan routing. [code]
Now at one point I actually had the VLAN's *working* in that I could specify an IP address and could ping to and from it! However DHCP wasn't passing despite numerous attempts with DHCP relay and IP-Helper configurations.Also I was having issues with VLAN 1 as the native VLAN, the ESW switches don't allow you to do much with them, as they 'weren't created by the user'. So tried switching that out to VLAN11 also but with very little success there (I had to change the native vlan on all trunks to VLAN 11)All the 10.x.x.x addresses need to be able to communicate with each other.All the ESW switches need to be able to handle their respective VLAN's as well as VLAN 1 (for Printers and wireless access points distributed around the building).
If you have a router with multiple direct vanilla FE (non trunked) interfaces on a switch trying to send QOS tagged packets to a wifi bridge several switches away does the trunking in the switched infrastructure mess with the qos tags if no qos is configured on the switches.
Does it depend on the switch? We have new 2960's running 12.2 and a few older 2950's running 12.1
Our enviornment includes 3560 switches and 2800 routers. We have a few remote offices using an application on TCP port 1677 that use far to much bandwidth. Our WAN provider can throttle and police this for us, if I can TAG this traffic, for example all Traffic from Florida using the Groupwise app on TCP uses TCP port 1677 and I want it tagged with CoS 3.
View 1 Replies View RelatedWe are having one HP core switch and VLAN is configured on it. Four Nortel BES1010(24port) switches will be connected to this HP switch. We need to configure the VLAN tagging in the Nortel switches in order to make deices connected to nortel switches can communicate with devices in the VLAN.
View 3 Replies View RelatedI'm Confused from the fact that Vlan tagging is done at access port and trunk port always gets tagged packets (untill its case of native vlan).But I still believe in other fact which says tagging happen only when a frame hit the trunk port which means trunk port gets untagged frame and tagging is not possible at access port.
Would like to know where actually this tagging happens ?
and also which command we can use to encapsulate 802.1q protocol to access port ? The way we do at trunk port is #switchport trunk encapsulation dot1q Is the above command applicable for access mode also?
I have a sf300 with (2) vlans (1) ] vlan for data and vlan (100) is my voice vlan I have Vlan (100) tagged traffic, and my VoIP pbx as an access port only to vlan (100) all other ports are trunk ports with vlan (100) tagged and vlan (1) untagged traffic. I get no outbound audio on calls I can call out hear them fine they cant hear me. I am wondering if my tagged traffic leaving the phone is being striped and if so were. I have CDP turned off.
View 1 Replies View RelatedI want to know if there is way to tag traffic with DCSP tags without having to do all the other requirments of QOS setup. All i want to do is just tag traffic at different DCSP values via source and destination IPs. We do not have a need to be priortizing traffic on out internal switches. We just want to tag the traffic so our MPLS provider can distinguish the different types of traffic.
Our environments is primarily 3750s in all offices.
we have a base license ASA 5510, and been trying to get ICMP working to check that we're routing and not hitting any NAT translation. We have a VLAN280 setup to ISP for VPN link to remote site and another VLAN281 for internet access for internal users.
Users can browse internet from (name _inside interface e0/1 access port) which is fine. When I do a ping to remote office through the VPN I get a response pinging from VLAN280 name VPN_Link. When I do a ping from name inside interface I don't get a response both are security level 100 with same-security-traffic permit inter-interface configured.
Config:
!
interface Ethernet0/0
speed 100
no nameif
[Code]....
I rencently bought the E4200v1 router, to be wired together with my WRT610nv2 to form gigabit network for different floor network.However with the recent installation of fiber to home network offered by my local ISP, I would need router that capable for performing vlan tagging (500 for internet & 600 for IPTV).Would like to know if Cisco have any development plan to enable the VLAN option for:-
1. E4200
2. WRT610nv2
At the moment, I'm still stuck with the provider "home-made" router which lacks of Gigabit & dual band wireless.
Having an issue getting my DMZ vlan working. Running my ASA5505 and i have configured e0/2 for DMZ w/ VLAN ID 3. Connected to my 2716 on port2.Inside e0/1 w/ VLAN ID 1. Connected to my 2716 on port1.
I am trying to get my DMZ Vlan to ports3&4 (LAG1) but when i assign the LAG group to PVID 3 i lose connectivity on VLAN1. I want to send both VLANs to that host because the teamed adaptor is used for Hyper-v Network Switch.
I'm a little stuck with a 4400 7.0.220.0 + RAP 1550 + MAP 1260 Ethernet bridging issue. I'm using the VLAN tagging functionality and I'm finding that periodically a VLAN that I've tagged on the MAP will deregister from the backhaul and stop passing traffic. If I go into the Mesh tab on the MAP, select the wired interface, remove the VLAN from the list of tagged VLAN IDs and then add it right back to the list, its starts passing traffic again
View 2 Replies View RelatedI would like to ask if how can we determine by mear physical inspection if the power supply of a CISCO2911/K9 router is AC, POE or DC? Do we have images of the actual spare power supply?
View 3 Replies View RelatedDo they have a default IP assigned to them?
I'm trying to access the CMS administration page from my browser. I've already tried 192.168.0.1 and that brings up my gateway (cable modem from Time Warner).
There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).
We are trying to setup a WAP4410N with 2 SSID's. One SSID for our private network and the other for guest internet access. On the VLAN and QoS page there is a setting for priority. What would be the suggested values for this setting? We obviously want our private network to receive priority over our guest network.Also, does VLAN Tag setting need to be on Tagged to determine private from guest traffic?
View 2 Replies View RelatedI have a collapsed core design with routed ports between all components. Access layer switches, data center switches, core/aggregation. All routed (no spanning-tree at all).Now...I have to add an IBM BladeCenter with a BNT layer 3 switch to my topology. However, those nasties don't seem to support routed ports.How can I have a routed port on my cisco switch and a standard access port on the BNT and still establish an adjacency with an SVI? I am running OSPF, but I am labbing this in my home lab with 2 x 3550s and EIGRP.
On SW2:
*Mar 1 00:57:00.711: EIGRP: Received HELLO on Vlan100 nbr 10.1.1.1
*Mar 1 00:57:00.711: AS 999, Flags 0x0, Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
*Mar 1 00:57:02.303: EIGRP: Sending UPDATE on Vlan100 nbr 10.1.1.1, retry 9, RTO 5000 tid 0
*Mar 1 00:57:02.303: AS 999, Flags 0x1, Seq 17/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
[code].....
Region : Malaysia
Model : TL-WDR4300
Hardware Version : V1
Firmware Version :
ISP : Maxis
I bought the TL-WDR4300 almost 6 months ago using it on my TM Streamyx broadband service, it worked perfectly and this is indeed a very good product very reasonably priced too Kudos to TP-Link. The thing is shortly after purchasing it, I moved to Maxis Home Fibre Internet (more bandwidth). Following the ISP change the router has since went back into the box and had been there for 5 months now. This is because without the VLAN tagging feature or a Maxis mode, it is currently incompatible with Maxis Home Fibre Internet and will stay that way.I understand this is by no mean TP-Link's fault but I and many other WDR4300 owners on Maxis, if TP-Link could look into ENABLING VLAN TAGGING FEATURE/MAXIS MODE on this device. This I am sure would work with TP-Link sales as there are not many routers out there with this feature set and price range that could work with Maxis Home Fibre Internet.
Is L3 ip routing on by default in 3550s? If so is the "ip routing" command visible in the config file? If no - I assume that one would enable L3 routing with that config command.In general terms are there any IOS devices where ip routing is enabled and one would not see the "ip routing" command in config. I.E. if that command is not visible in the config could you assume there is no L3 capablity in that device?
View 1 Replies View RelatedThe layer 2 switches are connected to layer 3 Switch via trunks, and routing between layer 2 switch ports with configured SVI's on 3550. All working fine. Now I'm trying to configure routing between 2800 and 3550, I tried connecting both Straight Throught and Crossover cables to the 2800 Fa0/0 and Fa0/1 ports as well as the switchports on 3550
No switchport commands are configured however, the lights do not go on for both straight through or crossover cables. I tried connecting 1750 routers but same result. My goal is to have all the VLANS routed to the internet with configuring NAT translation the router.
I have a 3550 l3 switch configured as follows:
vlan 10 ports 1-10
vlan 21 ports 11-20
vlan 30 port 21-30
vlan 40 ports 31-40
default vlan should be vlan 21
I have the servers, switch and router connected to vlan 21. Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19
[code]
Building configuration...
Current configuration : 4833 bytes
!
version 12.2
no service pad
[code]....
I've been working with these two Cisco devices in my home off and on for several months now but I just can't take it anymore, I'm about to throw them away and go back to Linksys router.
I have a Cisco 2600 Router with only one Ethernet card in it so I have to trunk from my 3550 Switch to that device. I'd like to have my ISP and all users plug into switch and all trunk back to the router's sub interfaces. Currently, I have started over...again, and am unable to simply get the router and switch to ping each other if I put sub-interfaces on the router. See my configs:
2600 ROUTER:
Router#sho run
Building configuration...
Current configuration : 555 bytes
[code]......
3550 SWITCH:
Switch#sho run
Building configuration...
Current configuration : 2302 bytes
!
version 12.2
[code]..........
Port F0/24 is in VLAN 1, as are all ports but Port F0/1 which is my desktop PC. I mocked it up in Packet Tracer and it works just fine. This is just a simple setup and I'm making sure I can ping between switch and router before I move to each next step.