Cisco Switching/Routing :: L3 - Traffic Between Two Servers Leave Switch And Go Up To Optimizer
May 15, 2013
I have a setup where two servers are on the same network are plugged into a L3 switch. Off that switch there is a WAN Optimizer device which is inline going to the MPLS cloud. Also off that switch is an ASA firewall which leads to the Internet for the location. When the two servers communicate with each other i would think the traffic would only go through the L3 switch between the two servers. I am seeing traffic between these two servers hitting the WAN optimizer for some reason. I would think being that these two servers are on the same network the traffic between them would stay at Layer 2. routing is enabled on the switch because of other vlans on the network. What would cause the traffic between the two servers to leave the switch and go up to the optimizer? Below is a diagram that shows the basic setup.
View 6 Replies
ADVERTISEMENT
Oct 3, 2012
I am attempting to block all FTP traffic on port 21 from the servers in my network, and only allow FTP from one server to go out.
I have created the following ACL
access-list 101 Permit ip any any
access-list 101 Permit 21 1.1.1.1 0.0.0.0 any
access-list 101 Deny 21 any any
and have applied it to my truck VPN that goes up to my firewall
int Vlanxxx
ip access-group 101 out
But when i test ftp is still allowed by all servers.
View 6 Replies
View Related
Sep 6, 2012
For my Lan, I have created two Vlan; Vlan 10 = for Users and Vlan 20 = For Database Servers,There are 15 Lan computer/laptop and 5 SQL database server (Dell Server) connected through same 24 port cisco 2960 switch. Means, 15 + 5 port occupied.
I have applied access list on cisco switch to restrict communication between vlan 10 and vlan 20.But My main purpose to create two Vlan is not for any kind of communication or restriction. My main Purpose is that Users traffic do not distrub or choke or affect the Database servers. then what will i need to do for that is VLAN Concept is sufficient for my concern OR I will need to buy seperate Cisco Switch to connect 5 database servers OR Else ?
View 9 Replies
View Related
Apr 1, 2012
Do you have the ability to setup DHCP servers on this layer 3 switch? I know I can with my old 3550 switch. Want to upgrade and make sure this model supports setting up dhcp servers on it.
View 3 Replies
View Related
Mar 2, 2012
We are using Cisco 3750 switches in our environment as distribution switches.We currently use to police inbound traffic, but we need to find a solution to limit inbound traffic per IP.Something like this “Inbound traffic for each IP can be maximum 1 Mbps” This can be done having, one ACL and one class-map for each IP, but in my situation is not a practical solution, because we have more than 500 IP’s on that site.
Is any way to accomplish this without writing 500 ACLs and 500 class-map?
View 2 Replies
View Related
Dec 17, 2012
How do I limit broadcast/mulitcast traffic on a switchport to e.g. 5000 pps ? I don't want the port to shut down, just block or drop broadcast traffic that exceeds 5000 pps.
View 19 Replies
View Related
Feb 21, 2012
On a router I can use IP Accounting or Netflow to see what kind of traffic is moving over an interface. Are there any tools on a 3750 switch with a routed interface which would tell you who is hogging the bandwidth on that interface?
View 2 Replies
View Related
May 30, 2012
We want to get L2 traffic amount (bit/byte) passing through a cisco switch (6500/3560 ...) for a specific VLAN. it can be via SNMP or CLI ...How can we do that?
note: there is no L3 interface on swtiches.
View 2 Replies
View Related
Jun 5, 2013
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
View 2 Replies
View Related
Aug 3, 2011
Downloaded TCP Otimizer and ran it to improve my internet connection. It instantly killed my Wired Lan connection. I still can access internet via wireless connection. When I run a diagnose problem thingy it tells me to connect my cable to PC. It is connected.
View 3 Replies
View Related
May 28, 2012
I'm setting up a config to have WCCP with Blue Coat WAN Optimizer. I have following sinple setup at the moment. Cisco 6500 <----> Firewall. How should my topology should be. Should I have whe WAN-Optimizer in between (in path of switch and firewall on the same VLAN) or have different vlan hanging off the 6500 and have WCCP redirect traffic?
View 2 Replies
View Related
Mar 6, 2012
My printer is hooked up wireless. Can i connect my usb cable to my printer and my computer?
View 1 Replies
View Related
May 5, 2011
I'm sort of new to networks so I'm not sure if this is even possible but what I'm trying to do is set up a wired network between computers but leave the wifi on the computer as how it connects to the internet. I'm using two computers connected through a lynksys router(not connected to the internet) and ethernet cable, and one of the computers has a wireless card that connects to another router that is connected to the internet. i can set up a network between the two computers but then the one can't connect to the internet(even though it says it is connected the network with internet),
View 2 Replies
View Related
Apr 18, 2012
A company with 20 branches in Rio de Janeiro area. The main servers are in a datacenter located in downtown.Each branch has a RV042 router with firmware version 1.3.12.19-tm (Feb 13 2009 13:03:21) installed.All users in this network have a proxy configuration pointing to proxy.[blah].com.br port 3128.the HTTP/HTTPS traffic should go through proxy only. [code] Some "smart" users were caught using Ultrasurf application, which changes the proxy settings to go through port 9666 or even 443.In other machines, we've found some black proxies [for example: 212.46.27.142 port 8080].
My objective:
- To close all ports in Firewall -> Access Rules section and grant permission only to some selected and specified ports.
- To redirect all HTTP/HTTPS connections to go to proxy's IP address only.
Which Access Rules can I set in these RV042s in order to block and prevent these users to continue abusing this network?The users who were caught using Ultrasurf were fired.
View 3 Replies
View Related
Dec 9, 2012
I have a cisco 2851 router as the edge router, I have a 3750G and a 3560G switch and configured intervlan routing with four vlans, also connected to the switches a four servers and one has active directory and a dns server.i am able to ping from all te servers fine from different vlans and the servers are able to ping the edge router. the problem I am having is with DNS, in the edge router i have configured the isp's dns server address in ip name-server and i am able to reach the outside world.
the problem im having is the servers are not able to reach the outside, do i need to do something in the edge router to forward it to the 3750g or do i have to add my isp's dns servers on the 3750g with ip name-server.
View 5 Replies
View Related
Feb 17, 2013
we have tried to use the Cisco Hierarchical model as close as possible. we now have the need for 10 gig servers. we have a 7k, 5k, 6500, and 2960's in our network. we have some open 10 gig ports on our 5k. where is the best place to connect the 10gig servers. or is there a more preferred way to connect these new servers?a 10 gig blade for the 6500, the new 6001 switch?
View 1 Replies
View Related
Mar 14, 2012
We have 2 nexus 5K installed in our data centre recently and we are connecting new three servers to nexus switches. Each server has 2 10GB ports . 1 port of serverA is connected 5K1 and other port is connected 5K2 ( sameway other 2 server connected to Neuxs 5K1 and 5K2 Switches).So do we need to create each VPC with Portchannel (like VPC 1,2 and 3 ) for each server connection?
View 11 Replies
View Related
Apr 23, 2012
I need 10gigbit uplink for this switch. What are the other devices that i need order along with this device.And what is the diff between X2-10GB-LR= and CVR-X2-SFP.if i take CVR-X2-SFP, in future how can i upgrade from one gig to 10 gig?for current use i need 10gig support required. so what are all the other devices that i need to order.Fiber multimode and distance 15Mt only.
View 2 Replies
View Related
Nov 2, 2011
i have an issue to connect a trunk between cisco switch and extreme switch i have many vlans that i want to cross via a link between cisco 3750 switch and a Extreme Alpine 3800 switch
View 12 Replies
View Related
Feb 25, 2013
The two servers (red hat) use multicast for their heartbeat. Unrouted vlan 99 (only layer 2) is configured on the VTP Servers (6509).I have read this document [URL]
Switches 1 and 2 have IOS: c2960s-universalk9-mz.122-55.SE3.bin
and the 6509: s72033-advipservicesk9_wan-mz.122-18.SXF17a.bin
IGMP snooping is enabled on the 2960 switches.In order for the heartbeat of the servers to work, I have tried these solutions:disable igmp snooping for vlan 99 on switch-1 & switch-2. (No additional action was taken on the 6509). This didn't work. I expected that the multicast traffic would be sent as broadcast throughout the network, but for some reason it didn't work.on switch-1 & switch-2 configured "ip igmp snooping vlan 99 querier" (no additional actions on 6509). Didn't work either.on switch-1 & switch-2 configured "ip igmp snooping vlan 99 mrouter interface gigabitEthernet 1/0/25" & "ip igmp snooping vlan 99 mrouter interface gigabitEthernet 1/0/26" for the two connections to the 6509. Again no actions taken on 6509. Didn't work. I want static mac entries on the switches to be my last resort, since the number of red hat servers on the network is going to increase and I want to give a more generic solution to the issue.
View 10 Replies
View Related
Jan 22, 2012
I have two N5K (5020) switches with NX-OS - 5.0(3)N2(1). These two switches form VPC domain: peer-link = 2*10Gb ports (1/17-18) and peer-keepalive link over managements ports.Also I have two HP servers with two 10 Gb ports on each server.Each server conected by one link to each N5K switch (1/9-10). N5K downlinks configured as access ports with LACP Active mode.There is only one VLAN (1).When "no shut" command entered on N5K access ports - ports going in "not connected" status, begin flap and then going in "linkFlapErrDisabled" state.In attach - "sh run" from N5K.
View 1 Replies
View Related
Apr 17, 2012
I need to implement LACP HP servers mostly DL 380 g7 with Intel based dual port with two types of Cisco equipment first scenario server connected to 3750x stack of 4 switch's .second scenario same server type connected to two Cisco Nexsus 5596 . My question regarding two type of connection.Is it possible to do active active ?Would it give fault tolerance ?With HP LACP implementation is there known issue or should i expect latency with such configuration?What is the maximal lag- channel group that is possible per type?
View 1 Replies
View Related
Dec 7, 2012
Need to Have both ISP to access internet/servers configure a Cisco 2911 router, It has two ISP one as primary 216.140.140.0, and secondary for backup as 216.150.150.0. I need to be able to access both the ISP's using the same interface Gi0/1. Since we have servers that have to have specific IP both when accessed and when accessing the internet so I used static Nat for the servers and Dynamic for all others. I did the following configuration but it does not work as i want it, if i unplug the Primary ISP from the unmanaged switch the secondary cant access the Internet or network.The secondary only works when the primary and secondary are both connected and have an equal cost Administrative distance, hence it is not available when the primary is down . Even though I can use a sub-interface instead of a secondary Ip address (which worked when I used it) I need to use the same interface using a unmanaged switch to which the outside interface of the router is connected and the two ISP's. Below is my configuration.
interface GigabitEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat inside
[Code].....
View 1 Replies
View Related
Jun 8, 2011
Upgrading from a PIX 515 ,V6.2, I can get internet traffic out through the ASA , but no traffic in to the servers. The NATS are the same on the old firewall. The routers outside the firewalls are doing further natting from the .253 netwrok to a publilc address. No changes have taken place on the routers. [code]
View 3 Replies
View Related
Dec 20, 2011
We can´t reach DMZ servers from other DMZ servers?If I make a ping from DMZ server to another, sometimes only recieve one ping, sometimes 4, sometimes 0.How can I allow the traffic between DMZ servers??
(ASA 5520 Version 8.4)
View 2 Replies
View Related
Dec 28, 2008
what is the use of no switch port command in L3 switch?
View 7 Replies
View Related
Nov 18, 2012
I have two 3750-X configured to be a stack and I am planning to re-rack these somewhere else. What I would like to know is what are the effects of having the master switch itself lose power? Does it immediately just make the member take over master (there should be no election since there are only 2 switches??) and there would be no loss of connectivity?
View 1 Replies
View Related
Nov 20, 2009
I have a Catalyst 4006 switch in production and a spare switch of same model. I have to quickly copy the configuration from production switch to spare switch (both L2 and L3 configurations) How do I do that?
View 6 Replies
View Related
Mar 15, 2013
I have forgot this technology name, but, I remember it can achive on between Nexus 7000s in two location, and also between two catalyst 6500.Can I ask if it can be done between one nexus and one catalyst 6500?
View 8 Replies
View Related
Jan 12, 2012
I have an 1841 and started to run into an issue which can be resolved but looking to see what you guys prefer to do in this situation. We allow users to connect the laptop via ethernet and wireless to our network at the same time as well as an iPad or any other wireless technology. With that said, for the most part each user has two IP's at any given point. The issue comes in is that I have a large amount of IP exclusions for servers, printers, switches, etc on the exclude list. I am starting to see that the 255 address are not enough to make a long story short. I am also using the 1841 to handle another range for the voice network, which has no isues. What is the best way to fix this issue? Can I run a virtual VLAN off that 1841 for everyone to use and then have the servers, switches, printers, etc on another one? I want to assume no, as both interfaces are used on the back of the 1841 for the two VLANS running now. Or is the only way to handle this with this device to say that as a policy you can only connect assigned company hardware to the network?
View 3 Replies
View Related
May 9, 2012
I start configuring Cisco 2821 router for multicast . First short description and attached sheme explanation. Let we say I have small network with 100 users. One router and Cisco switch 3560. Two VLAN’s, one for data another for multicast. Data from internet works fine but now I want to connect multicast servers (or source of more multicast streams) from another subnet. Router have three interfaces.I expect there should be no problems with multicast configuration, but unfortunately it is not like I expect. What I did ?
View 10 Replies
View Related
Jan 9, 2012
My Data Center has one single core switch where is connected several servers, one port is the link to the router wan and other port is the link to the FW, my boss wants to install 2 nexus in order to replace the single switch. All my network has only one address, for example 192.168.10.0/24 if I connect two nexus 7010 in VPC and Domain, each nexus is going to has 2 modules with 48 port 10/100/1000 rj45 and i wan to connect servers directly to each nexus, with this figure i'm going to have a group of servers connected in two different nexus, Do they can have the same network 192.168.10.0/24 considering that the nexus are in the same vdc and vlan and have only one gateway for both groups? If the answer is positive, which nexus would be the gate way for that address, the primary or secondary? Or i must have a different address for both group of servers, i mean for example 192.168.10.0/24 and 192.168.12.0/24?thus each nexus would be the gateway for that new address?
To have two nexus connected by VPC in a Domain mean that one computer connected to one nexus can share the same address or vlan with other computer connected to the other nexus????
View 2 Replies
View Related
Feb 7, 2012
We have a server connected to a 3560 switch which in turn connects to 6500s. The gateway interface is on the 6500. We will be changing the 6500s so the mac address for the gateway will change, however the IP address will remain the same. As we change out the 6500s the uplink connections to the 3560 will go down. This will flush the old mac address from the 3560.When the 3560 removes a MAC address does it update servers so they have to relearn the correct MAC address?
View 4 Replies
View Related
