Cisco Switching/Routing :: Dot1q Tunneling On 2960C?

Apr 2, 2012

Is it possible to do dot1q-tunneling on the new Cisco Calalyst 2960 Compact series switches? I know that the 3560 series support it, but im unable to find any information about the 2960C series, personally i doubt it as the standard 2960 series don't support it.

View 2 Replies


ADVERTISEMENT

Cisco WAN :: Dot1q Tunneling On 4500 With Sup7L-E

Dec 25, 2012

How to successfully run the dot1q tunneling on Cat4500 with Sup7L-E? I tried that on IOS XE 3.3 and newest 3.4. It is in feature navigator but i am not able to connect two access switching using trunk - only native vlan is translated. Apparently STP BPDU frames are dropped somewhere. I have the same configuration on 3750X with ip services licence and this works well.

View 2 Replies View Related

Cisco Switching/Routing :: No VTP 3 Possible For 2960C Compact Switches?

Mar 14, 2012

I was rather surprised today to discover that the latest IOS available for the 2960-C switches is 12.2 (55). Other similar switches, like the 2960S range are using IOS 12.2 (58) or 15.0.1-SE2. This doesn't sound like the end of the world at first, but 12.2 (55) does not include VTP 3, which is a major problem if you are using the compact switch within a large modern deployment.
 
Am I correct about the version?Is there any way to deploy VTP 3 to this switch?Is Cisco planning to issue modern IOS releases for this switch? 

View 3 Replies View Related

Cisco VPN :: 4500 Switch - Dot1q Tunneling Via PPTP IPSec VPN Site-to-site Tunnel?

Nov 28, 2012

I have a situation where the site-to-site tunnel is already established using PPTP IPSec VPN with non Cisco Gateways terminating the link on each end. These non Cisco Gateways do not support L2TP tunneling, and there is no plan to change them.Beyond the Gateways on both ends, we have a Cisco 4500 series switch. We need to forward the 802.1q tagged VLANs between the two sites. Is it possible to use 802.1Q tunneling in this case, going via a PPTP tunnel ?
 
Cisco's setup uses dot1q-tunnel over a L2protocol-tunnel to preserve the original client VLAN tagging, so does this mean that the only option we have is to setup a L2TP tunnel at the Cisco device endpoints, and have that tunnel go through the existing PPTP tunnel (established between the 2 non Cisco VPN Gateways) ?

View 1 Replies View Related

Cisco Switching/Routing :: LACP Over Dot1q Tunnel With 4506-E And IOS 15

Mar 14, 2013

i'm desperately trying to get LACP working over a dot1q Tunnel. The "Service Provider" Switches are two 4506-E Switches with SUP7-E connected via a 10G Link, running on cat4500e-universalk9.SPA.03.03.00.SG.151-1.SG
 
sample config:
 
dot1q tag vlan native
interface GigabitEthernet3/1
switchport access vlan 2001

[Code].....

View 4 Replies View Related

Cisco Switching/Routing :: 2960 / QoS Tagging And Dot1q Trunking?

Nov 9, 2011

If you have a router with multiple direct vanilla FE (non trunked) interfaces on a switch trying to send QOS tagged packets to a wifi bridge several switches away does the trunking in the switched infrastructure mess with the qos tags if no qos is configured on the switches.
 
Does it depend on the switch?  We have new 2960's running 12.2 and a few older 2950's running 12.1

View 1 Replies View Related

Cisco Switching/Routing :: Dot1q Encapsulation On 1721 Router?

Jan 26, 2012

enable dot1q encapsulation on two ethernet ports on a 1721 router.  I am able to configure it on the built in fastethernet port, but not on any interface provided by a WIC-1ENET or a WIC-4ESW.  I have an application that requires two physical ethernet ports that support dot1q encapsulation.

View 4 Replies View Related

Cisco Switching/Routing :: Cat4500e Dot1q Encapsulation Command Fails

Jul 17, 2012

I have a Catalyst 4500 L3 Switch Software (cat4500e UNIVERSAL-M), Version 03.02.00.XO RELEASE SOFTWARE (fc2). So I just wanted to verify that the switch only does dot1q encapsulation because the switchport trunk encapsulation dot1q command does not work.

View 3 Replies View Related

Cisco Switching/Routing :: When Use Dot1q-tunnel On 3750 / Packets Seems To Be Corrupted

Nov 20, 2011

In fact i receive traffic on a one client per vlan basis (traffic is PPPoE), i receive all this traffic on a router, collecting all these vlan on a bridge where the pppoe packets are treated.When I use a transeiver to convert operator fiber arrival to my router copper media interface, i have no problem....
 
When I use dot1q-tunnel to make the same on my 3750, packets seems to be corrupted.I get PPPoE timeouts and packet loss, not regulary, totally stochastic...
 
I made dozen of tests and different settings, without success I first thougt of MTU issues. [code] I made tests with system MTU and/or system jumbo MTU above 1500, without success.I didn't found any known caveats on 3750 running Version 12.2(25r)SEE4 related to dot1q-tunnel.

View 7 Replies View Related

Cisco Switching/Routing :: Switchport Trunk Encapsulation Dot1q Fails On A 4900m?

Jan 9, 2012

I'm setting up a new 4900m running  cat4500e-ipbase-mz.122-53.SG5.bin. I'm attempting to create Port-Channels as a Trunk for uplink to a 4503 running cat4500-ipbase-mz.122-37.SG1.bin.When I attempt the command "switchport trunk encapsulation dot1q" it errors out.

View 3 Replies View Related

Cisco Switching/Routing :: 4507 - Dot1q Encapsulation Option Not Showing Up Under Interface

Jun 9, 2012

I am trying to configure a 4507 R chassis with Dual SUP but i cannot see teh switchpot mode trunk encapsulation dot1q?
 
I have typed:
 
interface GigabitEthernet5/1
description DOWNLINK toxxxxxx
switchport mode trunk
channel-group 11 mode on
!
I have have searched all other commands and sub-commands but could only find dot1q-tunnel which I beleive is for QINQ or some QoS featues and lot for L2 encapsulations?
 
the puzzling is:
 
XXX-Core4507#sh int gi5/1 trunk
 
Port        Mode             Encapsulation  Status        Native vlan
Gi5/1       off              802.1q         notrnk-bndl   1
                                      (Po11)
 
when I connect the dostribution switch a 3507 to this int gi 5/1, both interfaces do come up?

View 9 Replies View Related

Cisco Switching/Routing :: 7604 WS-X6724-SFP - Can Apply Service Policy To Dot1q Main Port

Jul 9, 2012

Example config

int g2/24
service-policy output test
 #and/OR 
int g2/24.10
encap dot1q 10
ip address 10.1.1.1 255.255.255.0
service-policy output test

View 5 Replies View Related

Cisco Switching/Routing :: L2 Tunneling 4503 SUP2+TS?

Sep 16, 2012

I need to implement over an ethernet link L2 tunnel because I want to isolate another VLANs domain.On the first side I can use the command : sw mo dot1q-tunnel on a new C4503 on the other side I cannot configure the command : sw mo dot1q-tunnel.
 
the other side is an old C4503 we upgrade the flash with a compact flash to upgrade to a new IOS v15 but the command doesn't exist also.I red the cisco feature navigator feature and I am sure the dot1Q-tunnel is available on my image : cat4500-ipbasek9-mz.150-2.SG.binso I don't know why I can use it.

View 1 Replies View Related

Cisco WAN :: Second-dot1q Missing On 1841 15.1M IOS?

Feb 28, 2012

I have two 1841 routers running different IOS versions:R1 running 15.0(1)M3 Advanced IP ServicesR2 running 15.1(4)M2 Advanced IP Services R1 supports the encapsulation dot1q second-dot1q on FastEthernet subinterfaces. Surprisingly, R2 with the newer IOS (of the same feature set) does not have the second-dot1q command option. I've done my Feature Navigator homework but I did not see any significant differences between these two IOS versions that would explain why the second-dot1q command is not available on R2. Am I missing something? Has the syntax changed, or a different feature set is needed for 15.1M and higher to get the second-dot1q command back?

View 2 Replies View Related

Cisco :: Span Capturing Dot1q Headers?

Dec 30, 2012

Im trying to span a trunk port and capture the dot1q headers on the destination. I'm positive I have it configured right (encap replicate) but wireshark just isn't seeing them. Im trying to capture them on a seperate NIC on my Windows 7 64bit pro box. The NIC is a realtek RTL8169 and it just won't capture the headers. I've also tried the built-in motherboard NIC (which is also a realtek) with the same results.

View 19 Replies View Related

Cisco WAN :: 2620 - Encapsulation Dot1q Is Not Working?

Mar 26, 2012

I am trying to config a 2620 Cisco router to perform subintreface (F0/0.1) for Vlan Trunk Protocol, however when I try to configure the encapsulation dot1q, I continue to receive error massage with ^ symbol below the 'c' See below, the platform version is a 12.3(26) which should be acceptable to perform an (encapsulation dot1q). The Ethernet is a fast-Ethernet 10/100 port. I also try the ISL, I receive the same massage.
 
Router#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int f0/0

[Code]....

View 29 Replies View Related

Cisco :: Dot1q Doesn't Work On AIR AP1142-N After Upgrade IOS?

Nov 19, 2012

Prior to upgrade AIR AP1142-N (Version 12.4(25d)JA1) everything worked fine! After upgrade IOS (to new Version 15.2(2)JA) without any config modification, management interface (encapsulation dot1q 33) or any IP interface with encapsulation dot1q became unreachable... If set IP on SVI (or BVI) with native VLAN (encapsulation dot1q 4094 native), this IP is reachable. Probably, there are bug in new IOS and Dot1q encapsulation? (see 'tech-support' in attached files)

View 3 Replies View Related

Cisco :: VPN Tunneling Using RV 042 Router

Mar 20, 2013

3 different sites which are directly/indirectly connected to cisco VPN router RV042 and we want to make a vpn between them, how can we make it

View 2 Replies View Related

Cisco :: Split Tunneling / ACL On ASA5510

Jul 16, 2011

I just moved our vpn over to using LDAP/DAP instead of the previous RADIUS we were using before. First of all, the group policy split tunnel is setup for Tunnel Network list Below Network list has a group of networks named "split-tunnel" setup with all of our internal subnets in it. Which seems to be working fine, users are hitting internal networks no problem.Where the issue lies is surfing the web while they are connected to the VPN.I think I know what one of the the issues are, I'm just not sure how to get around it. I have a proxy server setup that all domain traffic goes through say 10.20.30.40. That is obviously on our internal subnet. Our remote users has a policy on their laptops set to where if they can see/get to the proxy server then it pushes all traffic through there, however if they can not, it goes straight to the internet. That way they can still surf the web when they aren't connected to the domain network.

With the new DAP vpn policies, it seems as though they are trying to go through the proxy but failing so all http traffic is getting blocked on their computer as I can still ping say google.com...just can't open the web page.In my SALES-VPN access lists there isn't any acl that allows any traffic to 10.20.30.40(proxy server) so there isn't any reason their laptop would think it could get to it correct?I can't put an access-list SALES-VPN extended deny ip any any log critical at the end of the acl list because then it doesn't show up as an option to apply to the DAP since the acls have to be either permit or deny, not a mix.Also, if I just create an ACL access-list DENY-VPN extended deny ip any any log critical and apply it to the DAP *after* the SALES-VPN ACLs thinking all traffic would flow down as in go through all the permit acls first, and then hit the deny acl after, it just blocks all traffic.It almost seems that some traffic that isn't specifically being permitted by the permit acls is still getting through which is obviously not wanted. However, if I try to rdp into a server that isn't specifically permitted in the SALES-VPN acls it doesn't work so I'm kind of at a loss..

View 5 Replies View Related

Cisco VPN :: Tunneling IPSec Through A 6509?

Mar 27, 2011

Is it possible to tunnel IPSec through a 6509 with an FWSM installed without the packets being interferred with?My question arises because myself and a colleague were attempting to form an IPSec tunnel in just this environment last week and no amount of resetting policies, key phrases etc would allow the tunnel to come up. The 2821 was complaining about Phase 2 not matching but the policies were definitely matching and configured the same on both ends. If there shouldn't be an issue with the 6509 and the FWSM then I will post configs from both ends. The 6509 is configured to all all ports through for the two IP addresses for now and is performing a one-to-one NAT for the PIX that is behind it.

View 5 Replies View Related

Cisco VPN :: ASA5510 / Win XP Pro - Split Tunneling

Aug 23, 2011

I'm using an ASA5510 for remote access IP Sec VPN clients and it is configured for split-tunneling.  The client computers are running Cisco VPN client software.  All of the client computers running Win 7 work perfect, but the client computers running Win XP Pro cannot browse the internet, they only connect to the inside network.

1) Does XP Pro support split tunneling when using the Cisco VPN client software? 
2) Does the ASA require a special config to support split tunneling with Win XP clients?

View 1 Replies View Related

Cisco VPN :: Split Tunneling On ASA5505 Not Working?

Mar 29, 2012

I am currently trying to configure an Easy VPN connection from an ASA 5505 to and ASA 5520.  I have enabled split tunnelling and in the group policy defined the network to be tunneled but when I activate the VPN it tunnels everything from the host computer connected to the ASA 5505.  I get no internet access.  Have been trying to troubleshoot this for days.Hee are soe specifics, running version 8.2(5) on the 5505 and the 5520 and below is the local config on the 5505 for the Easy VPN:
 
vpnclient server **.***.***.**
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
vpnclient vpngroup dbernstein-5505 password *****
vpnclient username dbernstein password *****
vpnclient ipsec-over-tcp port 10000
vpnclient enable
 
and the downloaded dynamic policy:
 
Current Server                                 : 12.***.163.**
Primary DNS                                  : ***.160.***.39
Default Domain                               : cisco.com
PFS Enabled                                  : No
Secure Unit Authentication Enabled  : No
User Authentication Enabled            : No
Split Tunnel Networks                      : ***.160.***.0/255.255.255.0
Backup Servers                               : None

View 9 Replies View Related

Cisco Wireless :: 2504 WLC Tunneling To 5508?

Oct 14, 2012

Can a 2504 WLC on a remote site provide guest access on one SSID, drop taht out locally on that site and provide corporate access on a second WLC that it then tunnls to a 5508 at the main corporate site ?

View 4 Replies View Related

Cisco VPN :: 5505 Disabling Split Tunneling In L2L

Jul 25, 2011

my company has used Split Tunneling for all of our VPN uses, however we recently purchased 2 ASA5505s for use at various jobsites, and have been running into problems with Local Network Administrators blocking certain traffic that we need to operate. They allow full VPN connectivity to traverse their networks, so we are able to use our LAN Resources over the split tunnel no problem.
 
We have it set up as a Dynamic L2L Connection, and this ASA is operating flawlessly minus the traffic being blocked upstream by the network admin. Our VPN topolgy is Hub & Spoke. Below is excerpts from our config on how the VPN is set up: [code]
 
What we'd like to achieve is being able to pass ALL traffic (LAN & Internet) through the VPN tunnel, then be processed by the Hub ASA (192.168.9.1) on the other end. I am guessing crypto map + routing would have to be changed?
 
access-list to_hq extended permit ip 192.168.101.0 255.255.255.0 0.0.0.0 0.0.0.0route inside 0.0.0.0 0.0.0.0 192.168.9.1Disable NAT on Spoke. Is this how I would go about doing this??? We need ip address dhcp setroute so our ASA can find the other end and form the VPN tunnel, and I am not sure how this would affect things. [code]

View 1 Replies View Related

Cisco WAN :: GRE Tunneling For IPv6 Is Based On RFC2473?

Feb 2, 2011

Is GRE tunneling technique for IPv6 based on RFC2473 or Cisco proprietary standard?

View 2 Replies View Related

Cisco VPN :: Configuring Split-tunneling On ASA 5520

May 28, 2012

I have some troubles configuring split-tunneling on ASA 5520.Number of remote users establish ipsec connection with ASA 5520 (in central office) using ubuntu vpnc-client.Split-tunneling is in use, to allow remote users to surf Internet using their ISP.The goal is to remove the possibility to ssh/telnet servers inside corporate LAN for remote users. [code]

There is nat enabled on interface, but there is special statement in nat0 ACL for 192.168.100.0 subnetwork access-list INSIDE_LAN_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0.The problem is that remote users can easely ssh and telnet servers in INSIDE_LAN network. Whatever i put in INSIDE_LAN_in ACL, remote users still have full access to this network. Restrictions in REMOTE_split ACL don't work either.

View 2 Replies View Related

Cisco VPN :: ASA 5510 - Split Tunneling On Network

May 23, 2012

What is the best way to install a split tunneling on a network, I got Cisco ASA 5510 with Cisco vpn clients.

View 1 Replies View Related

Cisco VPN :: ASA 5520 - Mac OS X Client Can't Use Split Tunneling

May 10, 2011

We have an ASA with software version 8.2(1) and ASDM 6.2 to use the VPN.  We configure the anyconnect client with split tunnels for our vendors to access internal server and have access to the other resources in the web simultaneously.  Windows XP client works fine however, the Mac OS x can only access the internal resource but not the web.we need to restrict the client to access and use only specific IP and http port.have internal and external DNS that are separated by ASA5520s all VPN terminate at the DMZ with192.168.xx.0/24 IP pool?

View 1 Replies View Related

Cisco VPN :: 2811 - Disable Split Tunneling?

Apr 2, 2012

I need to create a VPN and have split tunneling disabled, so that all traffic including internet traffic goes over the vpn back to the headquators and out that internet pipe or to the network. I will be using the Cisco VPN client software and connecting to a 2811 router running IOS ver 12.3(8r)T7. I am pretty new when it comes to these configurations

View 1 Replies View Related

Cisco VPN :: Router 2911 - Unable To Do Tunneling

Sep 3, 2012

We have a router 2911 recently purchased which supports vpn but we are not able to do vpn tunneling, So what is required to use VPN connection.

Does ios has to upgrade or some kind of license is required.If license is required then what kind of license.Router version is 15.0(1r) M15 which I found in sh version command.

View 2 Replies View Related

Tunneling Internet Traffic Between 2 Computers?

Jun 3, 2011

I have 2 computers in 2 different countries. The current country of residence (France) has some Internet restrictions that I want to bypass, so I need to pass all my Internet traffic to my home computer.The home computer is on Windows XP and the connecting computer is on Windows 7 (I also have a Windows XP laptop so that's not a restriction).

I created a vlan (or vpn?) using Hamachi, to have a static IP on the home computer. So now I have a connection to my home computer. The next step would be to direct all trafic through this connection. How do I do that? I tried using the windows wizards: on the home computer (server) I created a new incoming connections thingy and on the client computer I created a VPN connection using the hamachi IP. I finally succeeded connecting the two, but nothing happens. Once I connect to the VPN, I lose Internet connection, and with it the Hamachi connection. I don't think the server passes along the client's internet...

View 5 Replies View Related

WRT54GL SSH Tunneling And Tear Down Of Session

May 19, 2012

I am running OSX Leopard 10.5 and DDWRT is running on WRT54GL v24-sp2 (08/12/10) vpn.I have an SSH tunnel set up using DDWRT. So now I can surf securely when I am in a remote location.

The problem is after I am done browsing, I can't figure out how to close out the session in a proper manner. For example, I type ssh -p 2222 -N -D 8888 and it works with no problems. However, to kill the session I have to hit "CTR" and "Z". This is not the best solution because it leaves the session and port still open. how to tear down the session without using "ps aux" and then the "kill" command?

View 3 Replies View Related

Cisco VPN :: ASA 5505 - How To Override Split Tunneling Per User

Nov 5, 2012

I've an ASA 5505, running at ASA 8.2(2). I'm using ASDM 6.2(5).ASA is set up with Split Tunneling and it works perfectly.However, for a few users, I want all traffic, including Internet traffic, routed through the ASA.The spesific users IP address at internet should then be the same as ASA Outside address, not the client local address.The question is therefore:How to simple override the split tunneling at user level?Alternatively set up an "tunnel all" group policy for the specified users?

View 19 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved