Cisco Switching/Routing :: Layer 3 Switch And ASA 5550
Apr 29, 2013
I created a lab and I have a few issues. One with a layer 3 switch and another with a ASA 5550.
1. Layer 3 switch: I have created multiple Vlans and I am able to route between them. I can ping the switch IP but not the default gateway to the ASA. I did a tracert of the default gateway of the ASA and once I am past the Vlan gateway it fails.
2. On the ASA 5550 I created the Vlans on sub-interfaces but still cannot get to the internet. ASA config is below the switch config.
View 7 Replies
ADVERTISEMENT
Aug 24, 2011
I got one SF 300-48 layer 3 switch I tried to configure to use it in the office network.Unfortunately I'm unable to configure the VLAN settings.I need port one for input(VLAN2),port 7-15 for another vlan(vlan3) also need to connect with the vlan 4.port 15 is another vlan(vlan4) this is for wireless.Other ports are static.It doesn't get any connections with other vlans.I wish to know how to configure vlans in GUI mode.I tried , But I can't get the Vlan setting correctly.Also,I need to know how to communicate both vlans in GUI mode.
View 8 Replies
View Related
Apr 26, 2012
I have a 3550 l3 switch configured as follows:
vlan 10 ports 1-10
vlan 21 ports 11-20
vlan 30 port 21-30
vlan 40 ports 31-40
default vlan should be vlan 21
I have the servers, switch and router connected to vlan 21. Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19
[code]
Building configuration...
Current configuration : 4833 bytes
!
version 12.2
no service pad
[code]....
View 11 Replies
View Related
Feb 9, 2012
I can understand it 's one of those very basic questions , but how do I identify a Switch is Layer 2 or Layer 3 ?Looking through # show version command and checking the IOS version to be IP BASE or LAN BASE . Is it the right way ?Cisco 2960 is a Layer 2 or a Layer 3 Switch ? I noticed that access-lists could be configured which means that it 's a Layer 3 Switch , right?
[code]....
View 5 Replies
View Related
Jan 13, 2013
I've created a scenario using a 3750 cisco as core switch ad other 6 switch model 2900 in access level.my problem is this, the router is not a cisco router, and this router is not able to make NAT on more than one subnet.Into the core switch I've created 4 VLAN and I must to give internet access to 3 of them, 192.168.0.0/24 (vlan1), 172.16.0.0/24 (vlan2), 172.17.0.0/24 (vlan3).I've connected the switch to router via gigabit ethernet 0/1 and I've assigned to this interface ip address 192.168.10.2, the router ip address is 192.168.10.1, Switch ip default-gateway is router ip address 192.168.10.1, ip default route is 0.0.0.0 0.0.0.0 192.168.10.1 I've enabled ip routing feature and I've set no switchport feature to interface gigabit ethernet 0/1.From core switch I can ping router ip address but I can't make it from all other user, and the users not able to have internet access.
Below the switch configuration (only necessary strings)
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
[code].....
View 6 Replies
View Related
Sep 5, 2012
My understanding is that even layer 2 switches like the Cisco 3500XL can have 1 IP address for management. However, I cannot seem to figure out how to configure it to get it working in a router on a stick setup. I can manage the router through SSH, but I cannot SSH to the switch.
View 3 Replies
View Related
May 25, 2012
I have made a topology by using one 3560 switch and 2 2950 switches. I have also made 2 vlans name Clients and other Servers and vlan 1 is for anagement purposes. The left 2950 switch is for clients and the right is for servers. Clients is vlan 2 and servers is vlan3 . Now what i want is that my dhcp is should assign ips to clients in vlans 2 provided that servers are in vlan 3. I am also using a border router and i have introduced a default route on the 3560 to the border router.
Now when i assign static ips to my clients pc and server dhcp then i can ping between vlans but when i try to assign ip through dhcp then it wont work. Also the default route on the switch to the border router doesnt seem to work. I can ping only the border router when i put a default route on the border router instead of the 3560 switch.
View 3 Replies
View Related
Oct 16, 2012
is it possible to run a Catalyst 4500 as pure Layer 2 Switch, i.e. disabling "ip routing", but still managing the switch via Fa1, i.e. the defautl mgmtVrf vrf ?I tried the following:
!
no ip routing
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
ip address 192.168.1.1 255.255.255.0
!
ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 192.168.1.254
ip default-gateway 192.168.1.254
I was not able to reach the Switch even from the same subnet. Only after enabling ip routing I could manage the Switch. I haven't found any command to set ip default-gateway for a vrf. Any workaround to keep routing disabled, but still manageable via VRF?
View 3 Replies
View Related
Apr 12, 2013
Configuring OSPF on a catalyst 3560G Switch to connect to our building next door by way of fiber. The other two switches in the other building are running OSPF, I am trying to connect to the other building and access a server which is on a switch running OSPF. I am trying to configure the switch here to run OSPF and be able to see the neighbor, but currently can't although I've identified the networks. Maybe I'm missing something, I've followed the instructions but something is not right.
View 15 Replies
View Related
Nov 29, 2012
RACK 1 is the old rack and NEW RACK is the rack which is going to be procurred for some new Servers. All the Servers in the RACK 1 has a default gateway as PIX Inside IP. As of now the 3560 Switches acts as Layer 2 and does not have L3 IP routing enabled. How can I enable conenctivity between 192.168.36.0 range and 192.168.57.0 range wihtout making any change to current PIX inside IP address 192.168.57.1?Is it possible that I can enable IP routing on the 3560 Switches , create interface VLAN 36 and since already Switch 2 has it 's default gateway as 192.168.57.1 , Would the traffic from 192.168.36.0 be routed to 192.168.57.1 ? Or do I need to create static route for that ?Since L3 Routing is not enabled and since the 3560 Switches are just acting as L2 , the VLAN 2 - 192.168.57.0 range does not have any interface VLAN configured. When it is changed I would need to create interface VLAN 2 on 3560 Switches?
View 18 Replies
View Related
Dec 23, 2012
I just received a Catalyst 2960-C (WS-C2960C-8TC-L R) switch and I am unable to sign into its web GUI in order to configure it. I've tried both the Cisco Network Assistant and Internet Explorer and I am unable to log in either way. The documentation provided by Cisco states that the default password is simply cisco and that a username is unnecessary. Needless to say, it doesn't work. I've also Googled for other default passwords (such as cisco-cisco as the username-password), none of which worked either. I've also tried resetting the switch back to its factory default a few times.
View 8 Replies
View Related
May 23, 2012
I'm building the below network configuration:
WAN -------- ASA5505 ------<802.1q trunk>----- L3 switch -----<802.1q trunk>----- L2 switch w/ VLAN support
The following VLANs exist on the ASA and both switches: VLAN 10 (10.10.10.0/24), VLAN 11 (10.10.11.0/24), and VLAN 99 (10.10.99.0/24).
The ASA5505 performs the following functions: routing to/from the WAN, firewall, NAT, and DHCP for each VLAN. It has an interface on each VLAN (10.10.x.2) for a DHCP server.
The L3 switch provides inter-VLAN routing and layer 2 switching. The L2 switch provides layer 2 switching, with VLAN support.
What should the default gateway on the L3 switch be? Should I set the IP of the physical interface connected the L3 switch to the ASA5505.
View 8 Replies
View Related
Jan 9, 2012
I would like to know if ip helper-address feature is working on a layer 2 switch (2950,2960) or you should use a Layer 3 switch to do that?
View 7 Replies
View Related
Jul 30, 2012
Configured Layer 3 portchannel from 6500VSS enabled switch to two different 6500 standalone switch. Configured first ip on VSS switch, second ip on standalone switch1 and third IP on standalone switch2. My question is
1. Will the portchannel be up?
2. If port channel is up, will I able to ping the connected IP's.
View 1 Replies
View Related
May 16, 2013
We are working with a contractor to upgrade our network, and I heard from them that the 5596/5548 might not need the Layer 3 module for our inter-VLAN routhing. They have yet to give me an answer.
We do have a few static routes on our current layer-3, core switch too.
View 3 Replies
View Related
Dec 3, 2011
I need a L2 switch with dual AC power supply and RJ45 uplink The optin I got was WS-C3560X-48T-L + C3KX-PWR-350WAC , but the problem is with uplink . There is no RJ45 1G uplink , there is only option for SFP uplink The another option was WS-C2960G-48TC-L , but there is no dual AC power supply option a good model ( Dual AC power supply , RJ 45 uplink ports (Gig) , with 48 port 100/1000 UTP)
View 3 Replies
View Related
Mar 18, 2009
Can a layer 2 cisco 2950 switch be used as a dhcp server with it's own address pool.
View 3 Replies
View Related
Feb 14, 2013
can i configure virtual circuits on cisco layer 2 switch catalyst 2950 ?
View 1 Replies
View Related
Aug 14, 2012
4500 switch is connected to 2960 switch.
4500 config
Vlan 10
name Data
It has ip helper configured that points to DHCP.From 4500 switch port - port x connects to 2960 port.Port x is configured as trunk between 4500 and 2960.
2960 config
vlan 10
name data
All user ports are configured under vlan 10 and as access ports.Port x is trunk port connected frpm 2960 to 4500 switch allowing vlan 1 and 10 only.This switch has no default gateway configured.
We connected user PC on 2960 switchports and they were able to get the IP from DHCP server and were able to access the network? My question is how users on 2960 switch are able to access the network without ip default-gateway configured on 2960 switch?
View 6 Replies
View Related
Apr 1, 2012
Do you have the ability to setup DHCP servers on this layer 3 switch? I know I can with my old 3550 switch. Want to upgrade and make sure this model supports setting up dhcp servers on it.
View 3 Replies
View Related
Feb 26, 2012
I have a switch layer 6500 series connected to a firewall, the port configuration between them is layer 2, in another words I do not configure an IP address in the Cisco switch port to conected it in the firewall, but when a apply a policy on firewall it lose communication with others vlans, just the vlan that is connected between the switch and firewall works, attachment the design. I think that is necessary to configure the connection between the firewall and switch as layer 3 ( a port with IP address in the switch), but I would like to know why? The switch is configured with about 10 vlan and it is a inter vlan routing, a default route is configured in the switch where the gateway is the firewall.
View 5 Replies
View Related
Mar 18, 2012
I want to setup VLAN with the switches SG300 and SLM2024. What is the suggestion to connect these 2 switches. We have the Juniper net screen.
View 1 Replies
View Related
Apr 13, 2013
I am tryingto add a new VLAN on my C3560E Layer 3 switch for administration purpose.My goal is to make this VLAN for administration only and to let the administrators from 172.17.1.1 connect to any host of the internal network 172.16.0.0 plus exit to the internet via the default gateway 172.16.1.245.
Here an extract of what done so far:
ip routing
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
[Code]...
What happened is that:
1. The host connected to Vlan30 can correctly ping the interface it is connected to.
2, The internal network can access the internet
3. The host connected to VLAN30 cannot access the internet and cannot connect to any internal server.
Do I have to add a static route? This is a production envuironment and it is my first experiment with a layer3 switching in production, so I cannot mistake
View 19 Replies
View Related
May 5, 2012
I'm fairly new to networking but I've learned quite a bit on my own without being educated. I'm trying to just figure things out on my gear. So for my LAN party i'm going to need an internet connection. I'm not going to rely on my venues subnet though so i want to create a new /24 subnet(250 hosts is good for a start). I want my subnet to be able to speak to the outside network too.
View 8 Replies
View Related
Feb 4, 2011
I'm setting up a Cisco 3750 layer 3 switch with several vlans. I thought enabling routing would route between the vlans, but no such luck.What I want is to share the internet access of vlan 100 with the other vlans/ip-nets.How can I do that?
View 2 Replies
View Related
Apr 25, 2012
i need to know that how can i make vlans in Linksys SRW224G4 Layer 2 manageable switch , because i have 100 users network having lots of users using more then 1 ip to connect 4 different servers having different ip class pools, what i need is, i want to use only single ip pool with Class B Address like 172.16.6.0 for all network users which all connect to far end servers through layer 2 Linksys SRW224G4 manageable switch controlling to allow different IP pools ? like 172.16.1.0 / 172.16.55.0 / 172.16.99.0 and 192.168.1.0
View 1 Replies
View Related
May 22, 2013
I am attempting to filter a specific host(s) from my OSPF routiing table on a ASA 5550 (ABR) using LSA prefix lists. However, when I look at the other routers in that area, I notice that ALL LSA type-3's are being removed (10 hosts are now missing from the routing table). I have verified the filter is working on the ABR, but I can't figure why ALL hosts/routes that were coming into the area are now being filtered instead of the specific one that I want to filter out.
Here is the config on the ABR:
prefix-list pdm_pl_000 seq 10 permit 206.253.180.137/32
!
!
router ospf 1
network 10.0.0.0 255.255.255.0 area 0
network 10.150.10.0 255.255.255.0 area 10
network 10.150.252.0 255.255.255.224 area 10
[code]....
The 206.253.180.137 host is actually coming from Area '3'. Am I doing something that is removing all type-3 LSA's?
View 3 Replies
View Related
Jul 24, 2011
It is understood that sub-50 ms ERPS convergence can be achieved with certain HW/SW combinations.
1) What are the platforms supported (and with what FW/SW) has this been tested ?any results that can be shared?
2) Link failure detection in GigE on Copper is slower compared to GigE over "pure" Fibre; so no sub-50ms would be possible with Copper ring ports.is sub-50ms convergence achievable with "combo SFP ports" ?
View 1 Replies
View Related
Jan 17, 2013
My management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE)
6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt
Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4
For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
View 12 Replies
View Related
Jun 15, 2012
We are setting up a test lab in our DMZ. The path to the internet is basically like this. Anything past the firewall is irrelevant. For this lab lets assume it is vlan 300.
LAB SW ---> DMZ-SW ---> ASA FW ---> INTERNET
LAB IP Range = 172.16.300.0 /24
GW = 172.16.300.1 (On FW int)
Trunked all the way through.
I have an int vlan set up on the LAB SW. It is being trunked to DMZ SW. DMZ trunks it to ASA FW where there is a failover with a redundant switch.On the ASA the interface 0/2 is a subinterface 0/2.300 being used as the default gateway.
I have DHCP running in a specific range on the LAB SW and do get an ip address when plugged in. I cannot ping the default gateway on the ASA FW.The GW is defined using default-router command for 172.16.300.1 i.e. default-router 172.16.300.1?
We are running ospf on the firewall. There appears to be a pattern with ospf and a similar subnet setup elsewhere. I was wondering based off of this info would configuring ospf for 172.16.300.0/24 allow me to ping the GW from a client on the LAB SW.Secondly. I trunked 300 on the DMZ SW but I didnt add the vlan to the configuration. i.e. conf t <enter> vlan 300 <enter> Does this really matter? Or is having the vlan in the configuration only pertain to access mode on interfaces?
View 1 Replies
View Related
Mar 25, 2012
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
View 2 Replies
View Related
Mar 17, 2013
I found that when I enabled layer 2 auto QoS in 3560 switch, I need to wait so much time to open a file in network drive. Howerver, when I disable the Qos. It can improve a lot. I have used a sniffer to capture the packet to see. Those default packet is in DSCP 0. Therefore, I think majority packet will drop to queue 4. How can I increase the buffer and threshold in order to improve queue 4 performance.
View 1 Replies
View Related
Mar 24, 2012
can we connect ASA 5550 to Nexus 7K F2 module using twinax cable?
View 4 Replies
View Related
