Cisco Switching/Routing :: Maximum VLANs In Transparent Mode 2960
Nov 22, 2011
On a low-end switch like a 2960 the maximum VLANs is 255, as shown in the output of VTP status:
Maximum VLANs supported locally : 255
Number of existing VLANs : 245
When the VTP mode is changed to transparent, VLANs from the extended range can be added without increasing the number of existing VLANs - e.g. if I create VLANs 3000 - 4000 the number of existing VLANs is still listed as 245.
If MST is used to cut down on the number of spanning-tree instances - and assuming propagation of VLAN configuration via VTP is not required - is there any downside to using transparent-mode VTP to increase the number of available VLANs? It does feel like I'm cheating the maximum listed in the datasheet.
View 4 Replies
ADVERTISEMENT
Jun 19, 2012
I have to put an ACL Firewall in front of a public IP range.There's no routing so I want to do it with a transparent layer 2 Firewall. I found this document which descibes exactly that feature I need: [URL]
It seems to be a feature introduced in IOS 12.3.
My Questions:
1.) is it possible use this transparent firewall feature with the 3750 Switch instead of a "normal" IOS-Based router?
2.) I've seen there is no IOS 12.3 for the 3750 but rather 12.2 (currently installed) or 15.0.1. Is this Feature included in 15.0.1?
If the feature described above is not available, is there any other way to achieve my goal?
View 1 Replies
View Related
Mar 25, 2012
My current production network is setup using VTP in Client mode, and I am looking to enable VTP Transparent so I can enable the extended VLANs. My main question would be, would enabling VTP Transparent on my 6509 affect all of the access switches it is connected to? And if so, would changing all of the access switches to VTP Transparent allow them to regain connectivity quickly with little downtime? Or is there another way that I should be handling this situation to enable the extended VLANs?
View 2 Replies
View Related
Apr 23, 2007
Any one who knows where I can find a documentation where it says the maximum switches per stack for the Catalyst 2960 family?
View 2 Replies
View Related
Feb 8, 2012
I have two switches, a 2960 (sw01) and a 2948 (sw02). The sw01 is trunking via dot1q on Gi0/24 to sw02 on 2/48. Why are VLANs 2-4 not active on sw02?
sw01#sh int Gi0/24 trunk
Port Mode Encapsulation Status Native vlan
Gi0/24 auto 802.1q trunking 1
Port Vlans allowed on trunk
Gi0/24 1-4094
[code].....
View 5 Replies
View Related
Sep 26, 2012
How can i add two data vlans on cisco 2960 on one interfase? i have 3 mac adresses on one interfase: one PC, one ipphone and one XP virtual machine(VM). PC and VM are in one data vlan and phone is in voice vlan. i need to place the VM in another data vlan is it possible? if so could you give me a link or place information here.
View 2 Replies
View Related
Apr 30, 2012
I have a a hardware server running a VM hosting virtual servers which are all on different VLANs. My challenge now is to configure the switchport that the server is connected to, to see all the VLANs needed by this VM. The VM has an IP that is used for managing the server VMs which is on a different VLAN also.
My switch is a 2960 switch and it is presently trunked from the core switch.
View 3 Replies
View Related
Nov 12, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature?
View 1 Replies
View Related
Dec 19, 2012
I have two Catalyst 2960 Series (48 port) switches with the newest Cisco IOS installed. There is also a Cisco 2600 Series Router which I can't manage because it's ISP managed.
Now the problem is as follows. I'd like to create two VLANs, one in the IP range 192.168.0.xxx and the other in the 192.168.1.xxx. Now the router has a gateway IP address 192.168.1.1 .
Would it be possible to somehow connect these two VLANs with the router so that these 2 VLANs can't see each other but they can ofcourse both contact the router and exit on the internet?
View 3 Replies
View Related
Nov 11, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?
what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature
View 7 Replies
View Related
Mar 7, 2012
I've just started a new job after a couple of years not touching cisco gear and been pitched in... My new employer has a network that's Juniper based. We've inherited a load of Cisco switches as part of the deal for hosting matches during the Rugby world cup (plus a load of Aruba wireless gear that promises to be my very own special millstone, but that's bye the bye.)
My task is to hang these catalyst 2960's onto our existing infrastructure via fibre connections.
On the Juniper switch, there are four vlans being pushed to the port the cisco's hooked into: Code...
View 7 Replies
View Related
May 10, 2012
I've previously used trunkports and vlans between my ASA and accesspoints, connected directly. Now I want to put a 2960S-24PS-L bewteen. Where should i define the vlans (in the switch or in th ASA?) and what ports to put in trunk mode? (the ones on the switch or the one between the switch and the ASA?)
View 1 Replies
View Related
May 30, 2013
I've run into an odd problem - I have connected two 2960s together with copper on FastEthernet interfaces, and STP on the new switch immediately puts that port into blocking mode. I don't understand why this would be, since there is only one connection between the two, in fact, there is only one connection at all on the switch that is blocking.
View 6 Replies
View Related
Jun 29, 2011
I am trying to get an ASA5510 working in transparent mode, multi-context. I am on revision 8.2.5, so there are no bridge groups (those are enabled in 8.4). I first set it to transparent mode, then set it to multi-context mode. I am doing trunking through the Ethernet0/0 to Ethernet0/1, and have two vlans on subinterfaces of each interface. These interfaces are in the 2nd and 3rd contexts, and all trunking between vlans is working correctly in transparent mode.
But I can't telnet or ssh to the ASA itself.
I have an IP address on the inside vlan interface in each context, and can ping tthe IP in context 2 and context 3. There is an IP also in the admin context, but I am unable to ping this. I have tried putting it in the same vlan as the 2nd context, and putting it on the management interface, but since there is a global IP only in transparent mode, I don't think the management interface is used (even though it is in the admin contexts included interfaces).
Since I can't connect to the ASA, I can't easily get the running config to post it here, even though that would likely
To summarize:
- transparent mode
- multi-context
- trunking (dot1q) through Eth0/0 and Eth0/1, so each interface has four sub-interfaces, each in its own vlan
- these VLANs are in each of the contexts except the admin context
- the IP of each conext is able to be pinged, but can't telnet or ssh to it
- telnet and ssh are setup for allowing a /16 subnet range access, in each context
- access-list is setup for permit ip any any and permit icmp any any on the inside and outside interface of each context
- all thru-traffic is passing correctly, but can't manage the ASA other than sitting at the console of it
What I'm going to try now is putting the admin context into one of the vlans in the trunk and see if I can use it that way.
View 6 Replies
View Related
Dec 19, 2012
I need to know if the 5512X IPS will work if the ASA is in transparent mode and/or any limitations.
View 5 Replies
View Related
Feb 20, 2013
Is it possible for an 5505 ASA to be in transparent mode such as ethernet0/0 outside, ethernet 0/1 inside, and use ethernet 0/2 for syslog only on a seperate network other than the one that 0/0 and 0/1 is using. The tranparent part being on a 192.168.168.X/24 and the syslog server being on say a 10.2.1.X/24 network?
View 1 Replies
View Related
Sep 15, 2012
I just have 1 question. I am going to be getting U Verse installed at my house and have been having a hard time finding this in the documentation. The modem I am going to be getting is the 3800HGV-B. Over on the ATT forum users are stating that the modem needs every MAC of every potential IP. I thought about using it's DMZ Plus mode but I am getting a block of 8 IP's and it doesn't seem to play nice unless it see's 5 different MAC's. Right now I have my 5505 in routed mode so I don't believe it passes the MAC of the client's through. Will the ASA pass the MAC of the client's through to the modem with the appropriate ACL's applied?
View 2 Replies
View Related
Feb 4, 2012
Recently i have configured ASA5550 with 2 Contexts in Transparent mode. Traffic can pass through a single Firewall context but through both contexts it couldn't.
View 0 Replies
View Related
Jun 26, 2012
have a Cisco ASA that I am trying to configure in a unique way, I want it to perform a variety of tasks;
VPN SSL
VPN Tunnels
Firewall Inside to Outside via versa
But the difficult task, is creating a DMZ with devices that are assigned fully routed IP addresses from our ISP directly, these are H323 and SIP devices that cannot use NAT, and must have a fully routed IP address assigned to them.
Obviously the problem I have with the Firewall in its default routed mode, is that it wont allow me to overlap IP addresses on the outside interface with the DMZ interface.
Could the Firewall be configured for Transparent mode between Outside and DMZ, but Routed mode between Outside and Inside?
Eth0/0: 10.0.0./24 (inside)
Eth0/1: 190.0.0.0/24 (dmz)
Eth0/2: 190.0.0.0/24 (outside)
[Code]....
But could the new Cisco ASA with the latest firmware and model be ale to do this with 1 physical firewall?
View 5 Replies
View Related
Sep 19, 2012
Recently, I unable to configure the failover on bridge group in transparent mode . I have five interfaces .out of this only 3 is showing in the show run config . Whether I can config failover on on of the data interfaces.
I have the ASA 5520 with the version ASA Version 7.2(4) <context>
View 3 Replies
View Related
Dec 5, 2011
i need to configure a ASA 5505 in transparent mode.learned from Internet, my configuration is :
int e0/0 --- vlan 1---->nameif outside
int e0/4 --- vlan 2------> nameif inside
gloable ip is 172.17.104.10 255.255.255.0
http server enable
http 172.17.104.0 255.255.255.0 inside
when i connect the outside interface to one PC with ip addr 172.17.104.194 my PC connect to inside interface with ip 172.17.104.249 cannot ping each other even when i set rules as permit any any on both direction
View 2 Replies
View Related
Oct 23, 2011
I've setup my Cisco ASA 5505 in transparent mode. I have a Cisco 1841 connecting to the ISP (DHCP client) and F0/0 for inside. The 1841 is the DHCP server. I have my ASA 5505 behind the 1841 in transparent mode (Vlan 1 for Outside and Vlan 1 for inside). The router config is good as when you connect a computer straight to the inside interface I get DHCP and can go to internet, no problems what so ever. But When you're trying to go through ASA isn't not working. if I add a ip any any statement to the access list it will work but having an "ip any any" in a access list is like having no firewall at all.
ciscoasa(config)# sh run
: Saved
:
ASA Version 8.2(4)
!
firewall transparent
hostname ciscoasa
enable password zmQ6OnxvsOOEDNAy encrypted
[code]....
View 4 Replies
View Related
Feb 19, 2013
I have a cisco ASA5505 configured in transparent mode. This evening we attempted to plug a couple of new servers in but they simply didnt work, despite our test server working absolutely fine. The server IP's are all in a network object group (the same as the test server) and they're all using the same ACLs etc. I'm relatively new to configuring cisco equipment.
the only thing I can think of is a static route I had to add to get the managemet IP to work might be causing problems.route outside 0.0.0.0 0.0.0.0 XX.XXX.132.1 1(IP addresses obfuscated- servers are all in the same range so assume XX.XXX is the same across all IP's).
View 7 Replies
View Related
Jan 1, 2013
I'm supposed to configure this 1721 for bridged mode, taking a Level 3 T1 into the serial 0 side and passing it out the f/e 0 side. So, basically that's a T1 to ethernet conversion. I guess this customer is buying a T1 from us but they have to use a different make/model router due to the large hospital requiring that of doctors offices.Encapsulation from Level 3 is ppp static ip address, no password or anything like that.
View 3 Replies
View Related
Mar 3, 2013
I understand that in transparent mode an ASA5510 would only be able to have two interfaces, inside and outside. My question is could one of those logical interfaces be an LACP'd interface, made up of two physical interfaces. Topology below. I understand that the router and ASA5510 are SPOF here, so it is a bit of a moot point, but we're connecting already existing infrastructures together!
|-------–---| |---------|
| Switch 1 |------| |
|-----------| | ASA5510 | |----------|
| | | (transp |---------| Router |
|-------–---| | mode) | |----------|
| Switch 2 |------| |
|-----------| |---------|
View 4 Replies
View Related
Oct 9, 2012
I have a ASA 5510 that is connected to my ISP and the inside interface that is connected to my router. I have a /30 and need to determine if the configuration of x.x.x.121/30 which is my ISP and also the BVI address on the ASA. The inside router address is x.x.x.122/30 same subnet as my ISP will allow me to pass traffic. Management interface works using a different ip address but not able to get the traffic to pass traffic out to the internet thru the ASA
ISP-------->ASA-------->Router
Bottom Line is that I only have one usable address that is being used by the router and the ISP and ASA are using the other. Will this work?
View 4 Replies
View Related
Jul 30, 2012
On the ASA running the 8.4.4.1 code in transparent mode. Can I create sub interfaces in different vlans and attach them to different BVI groups?
switch---trunk---ASA---Trunk---switch
Gig0/1.1 vlan 100 bridge-gr1 Gig0/2.1 vlan 101 bridge-gr1
Gig0/1.2 vlan 200 bridge-gr2 Gig0/2.2 vlan 201 bridge-gr2
View 6 Replies
View Related
Feb 7, 2012
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
View 12 Replies
View Related
Feb 11, 2013
I have a 24 port 2960-S that is not communicating with a 2960-LST that it is directly connected to over fiber. The link is up on the LST but will not come up on the -S. What command should I use to bring up this link? I have tried no shut from the (Config-if)# prompt.
View 3 Replies
View Related
Jan 28, 2012
We have a few stacked 3750 switches with vtp transparent configured...some plugged in a fiber from another network into our stacked switches...that network/switch has vtp server configured...once that switch connected to our stack of switches, it turned that stack switch into vtp server...causing the previous vlans configured to erase thus causing management issues with the stacked switches..
View 4 Replies
View Related
Apr 19, 2012
I m trying to set my friewall in my network. The network is very simple. I have my router in 192.168.16.1 255.255.255.0 (mac-address 58-98-35-2a-4c-39) I have my switch in 192.168.16.26 255.255.255.0 (mac-address 00-19-99-5d-1f-43) and i have my firewall ASA between the router and the switch in 192.168.16.250 255.255.255.0 (mac-address 64-9e-f3-ba-28-c9)
So i need to configure 3 interface in my ASA.
- OUTSIE e0/0(I call it INTERNET)
- INSIDE e0/1(I call it LAN)
- MANGEMENT m0/0(I call it MANAGEMENT)
[Code]....
But with this config when I plug the firewall, i dont have access to internet anymore.
View 7 Replies
View Related
Mar 6, 2012
I am facing the following issue. In our environment we have a couple of WS-C2960S-24TS-L configured as stack. These switches are configured as VTP mode transparent.We are running LMS 4.1 and although UserTracking Acquisition works fine for all other switches, it only runs on demand for the above. The user tracking report for these switches shows only the MAC of the connected end hosts, without the respective IP address. The vlan I am interested in is configured on both the gateway (cisco 6509) and the switches, and the subnet is routable.Show arp on the gateway does show the "mac-ip address" binding, so I would have thought that usertracking would have been able to report both IP and MAC.
Why does usertracking only run on demand for the above switches in vtp mode transparent?Why does the UserTracking report show only the MAC and not the IP?Are the above issues related to the vtp mode? I have ruled out any connection to the switch-model, because we have recently installed the same switches in VTP mode client and User Tracking Acquisition works fine for them.
View 3 Replies
View Related
Apr 24, 2012
Is it possible to have context in transperant mode and routed mode. Means if i need three context then 2 of them is in routed mode and one of them is in transperant mode. If yes then how, i can 't find this info in cisco website.?I am havin 5585-x and asa version 8.4?
View 8 Replies
View Related
