Cisco Switching/Routing :: PBR On 3560G With 1811 And 1841 Attached
Oct 30, 2012
My question is wrt policy-based routing on my network. Our switch is a 3560G 24PS running Adv Ip Services image. It is connected to an 1841 and an 1811 each with a dual-wan connection . The 3560 defines 6 vlans and we are using PBR to route some vlans via the 1841 and some vlans via the 1811.
From a client on one vlan a traceroute to a client on another vlan goes through the 1811 before being routed back to the 3560. Is it possible to use PBR to detect traffic that is destined for another vlan on the same switch and then route it directly?
View 2 Replies
ADVERTISEMENT
Sep 25, 2011
I have a Dual-Hub DMVPN with PKI dep[oyment infrastructure and with 2 Hub on Cisco 1811 and Spokes on Cisco 1841. When I enter the 'subject-name' parameter (pki trustpoint configuration mode) on a Spoke routers, one of two Tunnel is up, but the second Tunnel is not up. ISAKMP-negotiation select the rsa-sig-mode is correctly. If I select pre-shared-mode or if i remove 'subject-name' from Spokes, DMVPN work is fine!
In what there can be a problem?
Configuration example:
1. HUB:
crypto pki trustpoint TRUSTPOINT-CA1
enrollment mode ra
enrollment url http://.../certsrv/mscep/mscep.dll
password ...
[ code]....
View 17 Replies
View Related
Oct 4, 2012
I have a pair of N7K's in vPC topology with some FEXs attached. I am looking into enabling Jumbo frame on the N7K as well as the FEX. I understand Jumbo frame is enabled globally by default.
My question is I have some interfaces in a port-channel that I need jumbo frame enabled. Do I enable it at the port-channel interface or at the physical interface ? and is the change disruptive to the network ? I am running NX-OS 6.0.2.
View 6 Replies
View Related
Feb 22, 2010
Our customer is having C6513 running with 12.2(18)SXF15a . One of the module (ACE20-MOD-K9) got rebooted with following error:
Feb 22 10:41:41.155 GMT: %OIR-SP-3-PWRCYCLE: Card in module 6, is being power-cycled off (Reset - Module Reloaded During Download)Feb 22 10:41:41.183 GMT: %C6KPWR-SP-4-DISABLED: power to module in slot 6 set off (Reset - Module Reloaded During Download)Feb 22 10:41:53.686 GMT: %OIR-SP-3-PWRCYCLE: Card in module 6, is being power-cycled off (Module not responding to Keep Alive polling)Feb 22 10:41:53.686 GMT: %C6KPWR-SP-4-DISABLED: power to module in slot 6 set off (Module not responding to Keep Alive polling)
Code...
View 4 Replies
View Related
Aug 2, 2012
I have the network described below, on which I am running PIM.
(network) ---- Embedded Linux Router --(vlan 5)-- CAT 3560G --(vlan 5)-- Cisco 1811 Router ---- Multicast Listener
The Linux Router and the 1811 have formed a PIM neighbor relationship. The multicast listener sends an IGMP Join and I can see the PIM join leave the 1811 router (via "debug ip pim"). Using tcpdump on my linux router I never see the Join come in, but I can see the PIM Hellos (which is why the neighbor relationship formed).
View 2 Replies
View Related
Jul 24, 2012
Since two weeks I have a problem with the VLANs who I started to configure. I hope together we find the way.I have 5 VLANS configured in a CISCO 3560G switch. In my windows server 2003 I configured DHCP scope for each VLAN.One of the requirement to connect vlans each other is to put the IP of each vlan as gateway in the clients.So, how can I do to access to internet?. The ip of my Firewall are in one of the VLAN´s.When the configuration of the LAN only had one DHCP scope the gateway was the ip of my firewall. But now i don´t know how to configure the DHCP server, or the firewall, or the switch, or all of them To get access to internet.
View 2 Replies
View Related
May 14, 2013
I'm trying to set up per vlan routing on a 3560G switch but it's not performing as I would expect. I've got a server on the 109 vlan with a 10.1.9.100 address and a default gateway of 10.1.9.1 this address is an HSRP gateway and currently resides on 10.1.9.7. When I traceroute through to my user PC on the internal network it receives a response from 10.1.9.7 However, it is then denied by an ACL on the internal firewall which has been applied to interface Eth0/0. It should arrive at the firewall on Eth0/2.109 as it has the 10.1.9.4 address.
My goal here is to route traffic on the 101 vlan to a seperate interface on the internal firewall from 109 vlan traffic. I'm either doing something wrong or these routing commands aren't designed to work in the way I'm expecting (I couldn't find any documentation on the ip route command where it is followed by different gateways for different vlans)
interface GigabitEthernet0/12
description Internal-FW Eth0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 109
switchport mode trunk(Code )
View 1 Replies
View Related
Feb 2, 2012
I have a 3560G switch with c3560-advipservicesk9-mz.122-46.SE and 2 routers. The switch has vlans defined. I want to route all traffic on vlan 25 out of one of the routers exclusively. Here is what I have attempted:
-Set the SDM template to routing & reload
-Define an access-list for the v lan traffic
-Define the route-map
-Apply the route-map to the vlan interface
When I attempt the last step I receive the following syslog error:
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map RM_IMDGuest not supported for Policy-Based Routing
Also, the route-map is removed from the vlan interface after this error is thrown. Im 99% confident that PBR is supported on this switch (am I wrong?). Here is the relevant show output:...
access-list 125 permit ip 192.168.25.0 0.0.0.255 any
route-map RM_IMDGuest permit 10
match ip address 125
set ip next-hop 192.168.5.3
[code]....
View 2 Replies
View Related
Jan 24, 2013
I was assigned a task to connect two locations through a L2 VPN, The infrastructure which i have are...
Fortigate 80 C firewall at Location A
CISCO 3560G at Location A
CISCO 3750G at Location B
2 MBPS Leased Line connecting two locations.
T1 line at Location A.
The requirements are as follows..
Both locations should be in the same ip range (ex 10.80.71.1/24) Internet for Location B should be from Location A, both locations should talk to each other.
View 6 Replies
View Related
Jan 8, 2013
I am trying to get a 1811 to update routes on a 3750x. My static routes are being redistributed to the switch fine, however my connected networks are not My router has Vlan with several subnets attached.
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address xxx.xx.xx7.185 255.255.255.0 secondary
ip address 172.90.0.185 255.255.255.0 secondary
ip address 172.99.0.1 255.255.255.0 secondary
ip address 10.170.10.254 255.255.255.0 secondary
[code]....
A host on the xxx.xx.xx6.0 network cannot ping a host on the 10.10.44.0 network. All ports on the switch and the router are in vlan1
View 3 Replies
View Related
Oct 2, 2012
We have 2 catalyst 3560g-48-PoE protected by a 1000Va 800Watt tripp-lite and I was cheking to see if that is really sufficient. Looking at the charts from Cisco suppport I would think I should have more, but have not had any issues with a few power outages
View 1 Replies
View Related
Aug 13, 2012
i facing problem with my switch cisco 3560G, when it power on only System light is green and noting happen. i check with serial cable ( Console) but noting happen no booting.
View 2 Replies
View Related
Apr 18, 2013
I have 3560g with 15.0(2)SE2 version. I try to give different default gateways for different interfaces.I've already changed the sdm, run "ip routing" and made interest interfaces in "no switchport" with ip addresses.
my route-map is "
route-map ABC permit 10
set ip next-hop 192.168.77.3"
and it is applied on the interface with "ip policy route-map ABC" but when I try to apply it says "%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map ABC not supported for Policy-Based Routing" everything is fine if I change from "set ip default next-hop" to "set ip next-hop" but it is not I need in the guide of the version it is said this statement is not in unsupported list of route-map commands.[URL]
View 4 Replies
View Related
Feb 20, 2013
I have a WS-C3560G-24TS-S running 12.2(50)SE5 with IPBASE. I have been told that the functionality i seek (multicasting) is only available in the IPSERVICES version of the software. I was reading up on upgrading and saw that i needed to do a show license and get the UID and Serial number and get a license that is tied to my box. But the show license command doesnt work wtih my box. i then found something that said that the 3560's were special in that way. Im not sure how to get this box upgraded. I have a different 3560 running the IPSERVICES elsewhere in my organization. Can i take the IOS Version and update my switch to that?
View 3 Replies
View Related
Aug 13, 2012
We currently have two 5548UP and two 2232PP switches running on 5.1(3)N2(1a) and the plan is to connect our old 3560G switches to 2232 PP using enhanced Vpc.
I enabled spanning tree bpdufilter on the 2232 PP ports so that we can connect switches to them but VTP is not working on those ports. Is there anything that needs to be done on the HIFs for VTP to work.Does VTP depends on BPDUs? Does enabling Bpdufilter affects VTP?
View 2 Replies
View Related
Nov 27, 2012
We have a problem with the throughput over etherchannel in LACP with 2 or 4 ports. It is iSCSI traffic (vmware esxi 4.1 U3) is going from 2 separate NICs (ports) to the etherchannel (with 2 or 4 ports) that has a SAN connected (Nexenta).
The SAN is configured in passive LACP and the switch is in active LACP. Actually it does not matter if we do LACP or just MODE ON, still same result: ~1GBit/s throughtput in either direction. Like already mentioned, 2 or 4 ports in the etherchannel make no difference, or the configuration of the etherchannel.
I will post some config data below, but here is the question: Why can't we see traffic beyond 1GBit/s? Source and destination are capable of doing much more than that (vmware esxi RAID 5 of 1TB SATA; SAN 16 x 1TB NL-SAS). If we look with CNA, we can see that the traffic is balanced equally over the etherchannel ports. With or without QOS or flowcontrol, no difference. This whole traffic happenes on this switch.
!
port-channel load-balance src-dst-ip
!
interface Port-channel5
[Code]....
View 13 Replies
View Related
Aug 30, 2012
I have a Cisco 1811 with a 4/port Serial Async/Sync (HWIC 4 A/S) and another 2 port A/S serial wic. My router seems to have a problem reading the 4/port card. I did some research and it looks like there shouldn't be a compatibility issue.
View 7 Replies
View Related
Feb 25, 2013
I have manual Cisco 1812 (1811) Integrated Srvice Router Cabling and Installation in front of meI have Cisco 1811 connected to my laptop according to this manualI have Cisco SDM latest version installed on my laptopI have DHCP enabled on my laptopThe problem that my laptop can't get valid IP adreess from the router (see att. laptop_, laptop_2)
Which IP address I have to use in order to get access to router inrerface (see. SDM_1)?
View 3 Replies
View Related
Oct 25, 2012
Recently i atsrt having problems with my cisco router 1811/k9, apparently was booting continiosly when restarted.
After i connected my console i found the problem while booting:
DDR memory test failed. Resetting the router ...
I tried to contact cisco TAC, but i need a reseller contract number to place a ticket, i do not have a resller contract number as my router was bought more than two years ago. I called cisco support and they told me to contact my reseller, my reseller told me to contact cisco so i am in a eternal loop of forwarding phone calls...
View 1 Replies
View Related
Jan 12, 2013
We have a Catalyst 3560G 24 port POE switch. It's been running fine for 1+ years. A few weeks ago we enabled SPAN on it to capture packets. Today, we had a random spike in CPU on the switch. Seems hardware swithing continued to work fine, but software based processes choked and effectively took down EIGRP, HSRP, etc. We collect syslogs from the router and we saw 2 crashes/reboots. Both showed the exact same error both times, with the same hex values. I **believe** the CPU usage dropped when a tech disconneted the SPAN port and it's state changed to down, but I'm not 100% sure.Could this indicate an IOS bug (I'm hoping it's not a hardware failure)? And, how to track this down to see if this could be related to SPAN? I've disabled SPAN for now.
View 3 Replies
View Related
Nov 19, 2012
We have recently started as Internet service provider in an open metropolitan.
We use a Cisco 3560G Layer 3 switch, where we have all our vlan where we have konfiguerat ex. Switch (config) # interface vlan 150, an interface for each VLAN capabilities such as int vlan 1 - 10/10 int vlan 2 to 30/10, int vlan 3 100/10 and so on.
Our int vlan is configured as follows:
dhcp relay information trusted
ip address <x.x.x.x> <x.x.x.x>
ip helper-address <x.x.x.x>
Ports (ex. int Gigabit Ethernet 0/1) are configured as follows:
description Uplink
switchport access vlan x
[Code].....
Now the problem; we have a customer in ex. vlan 3 who needs to access a server provided by another customer in the same vlan (vlan 3), and access to each other in the same vlan is not possible. You can access the server from any other vlan, but when it comes to access to another host in the same vlan, you will not reach it.
We suspect that the energy company has configured with pvlan isolated. If we use the command ip local-proxy-arp on each vlan, it works to reach each other, but it seems that our 3560 becomes overloaded when ip local-proxy-arp is enabled and it streaming and use IP telephony it doesn't work. The response time at ping is longer and the loss of packets increase with ip local-proxy-arp enabled. The other operators in the metropolitan also uses Cisco 3560G so the hardware should be sufficient.
We have also tried to add no split-horizon, but it made no difference. How do we get around this without negative consequences? Probably need something that makes you allow to send out the same interface that it came from, because it works as long as you are in another vlan.
View 1 Replies
View Related
May 19, 2013
I currently have a 3560G switch running c3560-ipservicesk9-mz.122-58.SE2 I have a spare 3560 V2 switch I want to configure and have ready in case of a failure. This spare switch is running c3560-ipbasek9-mz.122-55.SE5 My plan was to pull the IOS image from the current switch and upload it to the spare that way I have an "idnetical" switch. From what I have read, there are some feature differences between "ipbase" and "ipservices". However, when I run the show license command on the production switch, I get an unrecongnized command error. So that throws into my confusion as if its running an ipservices image, shouldn't it have a license file?
View 4 Replies
View Related
Mar 2, 2012
on IOS versions higher than 12.2(50) on Cisco 3560G-48TS I get this error/traceback, when I reach a certain number of Access-lists group'ed to "interface vlan", and the ACL inserted in the TCAM reaches acl label #128 (can be seen with : Show platform acl label 128)I can see errors in the TCAM if I issue the command
View 21 Replies
View Related
Jan 22, 2012
I've a 7206VXR (NPE-G1) router. I would like to purchase a PA-GE port adaptor where I've to use a GBIC connector.
1. Is it possible to have a connection between PA-GE and a 3560G switch (4 SFP ports)? If yes, what type of cables & connectors are to be used?
2. Is there any GigabitEthernet port adaptors / modules for 7206vxr where I can connect RJ45 (cat 5) or SFP modules?
View 4 Replies
View Related
Feb 11, 2013
How do i enable InterVLAN MultiCasting. I have a WS-C3560G-24TS as my core switch and it does InterVLAN Routing. I have a Server VLAN (70) and Workstation VLAN (71). I have a server that i have set up to deploy images to computers. Up to this point i have only done one computer at a time, so unicasting was ok. I would like to be able to Multicast to multiple computers, but am unsure what i need to do on the switch (if anything) to enable this.
View 2 Replies
View Related
Oct 8, 2012
We are seeing some high output drops on our 3560G's and I'm wondering if there is anything I can do to solve this, or should I just be looking at an upgrade.I do not have qos enabled:
do-rs-ah-3560g#show mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled
I don't have anything special configured apart from some trunk ports, otherwise its mostly defaults.Should I enable qos and tweak the buffering?
View 9 Replies
View Related
Feb 21, 2012
We have two 3560G-TS-E running 12.2(35)se2, configured as HSRP. Both are running ntp config "ntp peer 210.72.145.44" and it's pretty well that they get the correct time. Yesterday I upgraded the second device to IOS 12.2(58)se2 and ntp doesn't work now. I checked doc that 12.2(58)se2 runs ntp default version 4 so I change to "ntp peer 210.72.145.44 version 3" but still not work. I put here "show ntp" result for different IOS.
IOS 12.2(35)
SW01>show ntp status
Clock is synchronized, stratum 2, reference is 210.72.145.44
nominal freq is 119.2092 Hz, actual freq is 119.2022 Hz, precision is 2**18
reference time is D2EF12A5.2EB2DCB2 (15:07:17.182 GMT Wed Feb 22 2012)
clock offset is -4.6616 msec, root delay is 57.50 msec
[code]...
View 10 Replies
View Related
Jan 2, 2013
getting CPU utilization around 62%
CPU utilization for five seconds: 54%/6%; one minute: 61%; five minutes: 61%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
35 82081 9642 8512 0.31% 0.21% 0.18% 0 Compute load avg
[Code]....
View 1 Replies
View Related
Nov 13, 2012
Not sure if this is a problem with the switch or the wireless AP connected to the switch, but I have a couple of 3560's, one is a 3560G and the other is a 3560, both have phones and wireless ap's connected to them. The ap's on both of these switches continue to loose there ip address and thus disconnect from the controller. This happens about once a week, but the odd thing is that the phones never loose there ip address. All of my other 3560s and 3560g's that have AP's and phones connected are working fine.
View 2 Replies
View Related
Apr 11, 2012
to resolve a problem with L2 etherchannel -when I add VLAN on Portchannel, this VLAN does not appear in config Members of this Po, so after reboot Portchannel does not work: "...and will be suspended (vlan mask is different)"
I try to simulate it on test switch in office, but problem does not appear! Both switch are Catalyst3560G with same IOS.
1. SW in real network segment:
Model revision number : D0
Motherboard revision number : B0
[Code]...
View 6 Replies
View Related
Oct 2, 2012
I have Cisco 1811 and Cisco 2960 interconnect with each other by TRUNK link. As time pass i recieving below log on cisco 1811 router.
DTP-5-NONTRUNKPORTON: Port Fa8 has become non-trunk
LINEPROTO-5-UPDOWN: Line protocol on Interface FastEtherne t8, changed state to down
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan200, changed state to down
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan300, changed state to down
LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan400, changed state to down
View 4 Replies
View Related
Apr 12, 2013
Configuring OSPF on a catalyst 3560G Switch to connect to our building next door by way of fiber. The other two switches in the other building are running OSPF, I am trying to connect to the other building and access a server which is on a switch running OSPF. I am trying to configure the switch here to run OSPF and be able to see the neighbor, but currently can't although I've identified the networks. Maybe I'm missing something, I've followed the instructions but something is not right.
View 15 Replies
View Related
Oct 27, 2011
We had some problems with 3560G-48PS-S switches and PoE for our phones. IOS is 12.2(50)SE3. There were some problems after power outage. The switches didn't reboot because we have two eletric circuits. But after the problems we had no PoE on all ports.
The switches logged to following syslog message:
%ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi0/17: Power Controller reports power supply VDD under voltage
I can't find any informations in the error message decoder for that. But there was another thread here with quiet the same message, but another problem regarding RPS2300.
After reloading the device all works fine again. The workaround with the commands "power inline never" and "power inline auto" I didn't know till today.
Some information about that syslog message?
My guess is that there was a voltage swing and the switch powered down its supply? Is that possible?
View 5 Replies
View Related
