Today, we have a server running SNA that connects to router via the following. Vitrual Server --> Nexus 1000v ---->Nexus 7010 ---->2800 series router.We are trying to move server to new environment where it is Virtual Server ----> Nexus 1000v ----- Fabric Interconnect-----Nexus 55xx-----Nexus 7010-----2800 router.
View 2 RepliesMy host has an IP of 20.168.1.2 from a router DHCP. I have a virtual environment which has a DC and DNS and the IP is: 192.168.1.x how can I get access from my host to the virtual environment? What do I need to setup on the host OS? (Windows)
View 3 Replies View RelatedCurrently I'm with a pure Cisco shop, running every LAN Switched infrastructure (even in the HQ datacenter) with PVST+, I'm noticing in the documentation I've read and labs I've created that RSTP is... great, and I've observed that even the uplinkfast functionality seems to be build in by just enabling rapid-pvst. Of course I'll propose a migration plan, document the network, diagram it entirely and provide effective steps to implement the change, but that's assumed from any get'go.
View 1 Replies View RelatedI am currently finalising my project in Uni and in the project planning section is asks if there are any ethical considerations to be made in my project. I am conducting penetration testing on a VIRTUAL network simulator (GNS3) using Metasploit toolkit. I am guessing I will need permission to download these tools onto the university network, would that count as an ethical consideration? If not, what would I say in this section? note, all of the data I am using in the project was created by myself, and there is no other human participation.
View 3 Replies View RelatedI have an 1811 with several subnets connected to it.I recently installed a 3750x plant and want to bring my interior routing back to it.
All the routing is handled by the 1811 via secondary interfaces on vlan1?
I have 192 ports, and subnets show up on almost all of them. None of the ports are assigned to any specific vlans. Most ports have several subnets on them.
What is the best approach to getting the 3750x to handle the routing?
you find attached my network architecture with 2 Nexus 7010 on core layer and 2 Nexus 5020 on distribution layer, each one with 1 N2148T fabric extender switch. PC-A1 and PC-A2 are connected to one N2148T, PC-B1 is connected to the other N2148T. Nexus-7000-1 is HSRP Active for all VLANs, Nexus-7000-2 is HSRP standby. PC-A1 and PC-A2 are connected to VLAN A, PC-B1 is connected to VLAN B. PC-A1 and PC-A2 have the same default gateway correspondent to IP HSRP on VLAN A. It happens that PC-A1 is able to ping PC-B1 while PC-A2 is unable to ping PC-B1. If I issue a traceroute from PC-A2 I see Nexus-7000-2’s physical IP address as the first hop even if Nexus-7000-2 is HSRP standby. After the first hop the traceroute is lost. If I shutdown Port-channel 20 on Nexus-5000-2, PC-A2 starts to ping PC-B1.I can’t understand what’s wrong in this architecture.
View 6 Replies View RelatedWe need to move some line cards around on our 4510. The top slots have a 24Gbps backplane while the lower slots are limited to 6Gbps. Poor planning on our part has left us with installing a 10Gb line card in one of the bottom slots. I'd like to move a couple of the cards up top, to the bottom.
My question is simply will the switch magically preserve the configuration for those cards and change the slot number for me or will I need to reconfigure the interfaces for those cards I move?
I would like to know if it's possible to change a master in a 3750 stack without rebooting it?I searched in Cisco documentation, in the forum, and I googled it but I didn't find anything.
View 3 Replies View RelatedCustomer has ordered the following routers, which will go in three separate locations.
1. 3945 W/SPE150, IP Base Image
2. 3945 Voice Bundle, includes PVDM3-64 and (1) 2-port T1 MFT
3. 2911 IP Base Image.
If the customer wants to move the Voice image from the existing 3945 to the 3945/WSPE150, would he just need to contact Cisco Licensing, or would the customer have to pay for a software upgrade on the 3945/WSPE150?
Same scenario, except moving the Voice Image to the 2911 router.
We are moving a small network of 3560 and 3750X switches from VTP Server and Client to VTP Transparent. I noticed the vlan database is stored differently depending on the VTP mode.
Is there any chance of losing vlan database on a given switch when moving from Server or Client to Transparent?
I have a Cisco 6513 switches connected to HP VC Flex 10 Module. The (2) 10Gb ports on a Cisco Switch connected to VC Flex-10 in LACP mode.
I need to move those (2) 10Gb ports on Cisco Switch 10Gb Module to a different 10Gb module on a same Switch without bringing the ports down since it is a live environment.
What I would do is to configure a same port channel ID on a new 10Gb module and then move port one by one. unplug one port and connect to the new port on a module. While I will be unplugging the first port the other active port will keep sending traffic and as soon as I plug in on another port, both ports will be active.
we have some pairs of 6509-VSS, which partially have old (no more officially supported) 6509-Chassis.All linecards in the VSS are the same (Sup 720-10GE-3C, 67XX).
We now bought some new 6509-E-Chassis and want to change the old chassis by the new ones in a ISSU manner, that means:
1. putting the partner, which chassis changes, in redundancy mode, switch it off, exchange chassis (old "Catalyst 6509", new "Catalyst 6509-E")
2. inserting the line-cards exactly in the same slots and connecting all cables
3. switch on the new chassis, witing to come up in VSS
I'm not sure of having to set the switch number for VSS (is that in the Sup?; configuration? or part of the chassis-memory?)
I've looked up cisco for some hints, but don't found anything.
I am working in an enterprise LAN environment. We have about 100 switches, mostly 3560 and 3750's. This is a typical Cisco network, yet it's flat. No routing on the access layers. The core switch does do the routing. We use an third party vendor network monitoring tool, and we use Secure CRT to remote into devices.
Here's the problem. There was a device we stumbled into that had not been put into our monitoring software. It has the same IOS as our other devices. All I can say is that it's the same version and type. Each device has a management v LAN. And each device has it's own management IP. An ACL exists to prevent unauthorized SSH access into the devices, yet allows the management v LAN scope to get in.
So, here's the problem...we can't SSH into our problem mystery device, let's call it Switch X. Switch X has an IP of 10.10.100.150. Now, I can be logged into it's up link device, let's call it switch B. Switch B has an IP of 10.10.100.130. The ACL allows all devices from 10.10.100.0/24 to SSH. Our PC's at our desk are also in the same management V LAN. SSH version 2 is on the configs, and the domain names are the same on these two devices.
So, let's be clear. From my desktop, I can connect to any device on my network EXCEPT switch X. When I try to connect using SSH, port 22...it just sits there until it times out. I can do the same thing to any other switch, and connect just fine. We are using TACACS+ and RADIUS as well, and they are up and running just fine. The configs on Switch X like I said are the same for switch B, except it's IP address of course. While logged into switch B, I can do a CDP neighbor and see switch X connected via trunk link. Both sides are running dot1q encapsulation, and both are in trunk mode. I can ping switch X from switch B. When I try to SSH from B to X..I get timeout with no connection.
So, I hiked over to the building where switch X is located. I consoled into the switch. I confirmed that the ACL is the same as the ACL for switch B. It is set up to allow the management v lan inbound on the VTY 0 - 15. Yes, it's access-class (name) in on both vty 0 4 and 5 15. It also is set up for transport ssh in and transport ssh out.
I rechecked the domain name on Switch X; it was correct. I also did a crypto key and regenerated the crypto key. SSH v2 came up. Again, while in Switch X, I can do a CDP neighbor and see switch B. But I cannot SSH from switch X to Switch B, or any other devices that I tried. Now, we did find a config error with VTP; the VTP domain name was different. But VTP has nothing to do with SSH. Just to placate my co-workers, I went ahead and renamed the VTP domain name (it's running transparent mode). After I regenerated the crypto key, I saved everything of course. I then reloaded the switch. When all came back up, I still could not SSH
This is a 3560 switch, and it is trunk to a 3750.
I'm introducing a Cisco 3750 switch into a Avaya environment for testing/lab. I'm concerned about any STP, VTP problems I might create as I'm going to give a address on the Management VLAN and connect it to a trunk port on a ERS5520 Avaya. I've set the switch to transparent mode and the VTP revision is set to 0. I've checked the STP priority but it doesn't give any - there is no output because it is not connected. I wouldn't be so concerned but, I'm not sure if any config has been on it before.Also, is there any way for me to see the STP prioroity without having it connected?
View 10 Replies View RelatedI have 3560e which doesn't appear to be passing igmp traffic to the upstream router
PC1 ----------- ASA ------------ PC2--------- 3560e ----------- 3825 -------------------- WAN --------------------- Router ------------- Server
My ASA runs SMR, has an igmp forward interface outside command on the inside and has a trunk port to the 3560e (V lans 32 & 48).PC2 is a test pc on the 3560e on vlan32. 3825 is my ISPs router on vlan32.
- if i try to access the stream from PC2 it works.
- if i try to access the stream from PC1, i see the igmp join leave my ASA onto the 3560E (i've captured on the 3560e's link to the ASA).
I've also captured on the ASA and i can see the igmp packet leave the outside interface but the join doesn't reach the 3825 (i've captured on the 3560e port facing the router and there is no join being forwarded).the switch is running in layer 2, 12.2(35r)SE1.
switch#sh ip igmp snooping querierVlan IP Address IGMP Version Port---------Switch#
Global IGMP Snooping configuration:------------------------IGMP snooping : EnabledIGMPv3 snooping (minimal) : Enabled Report suppression : Enabled TCN solicit query : Disabled TCN flood query count : 2Robustness variable : 2Last member query count : 2Last member query interval : 1000
I would like to know if Catalyst WS-C3750G-48TS-E recognizes and understand Cisco VSS ( Virtual Switching System) . Is there a List available which tells us which Old Catalyst Switches or current switches understand Cisco VSS?
View 3 Replies View RelatedDoes the nexus 7010 support virtual switching yet? All of the posts I have found from about a year ago say that it is going to be supported, but there were no dates listed. I heard the same thing from Cisco a while back, but haven't followed up with it.If it is supported finally are there any configuration guides available for it?
View 7 Replies View RelatedI've created the VLAN on the Database but it tells me that there are no VLANs configured when i issue the command. Both VLAN 110 and 111 status are down, down.. Below is my config:
Building configuration...
Current configuration : 15817 bytes!upgrade fpd autoversion 12.2service timestamps debug uptimeservice timestamps log uptimeno service password-encryptionservice counters max age 10!hostname Router!!no aaa new-modelip subnet-zero!!!ipv6 mfib hardware-switching replication-mode ingressvtp domain Marinersvtp mode transparentmls ip multicast flow-stat-timer 9no mls flow ipno mls flow ipv6no mls acl tcam share-globalmls cef error action freezeno scripting tcl initno scripting tcl encdir!!! !!!!!!!redundancymode ssomain-cpu auto-sync running-configspanning-tree mode pvstno spanning-tree optimize bpdu transmissiondiagnostic cns publish cisco.cns.device.diag_resultsdiagnostic cns subscribe cisco.cns.device.diag_commands!vlan internal allocation policy ascendingvlan access-log ratelimit 2000!vlan 110name Data!vlan 111name Voice!vlan 112name Video!------------Output
[code]....
We recently had a contractor deploy a 4500 catalyst switch with a WS-x45-SUP7-E. After installation and configurations, HP openview is detecting a "downed" interface on the 4500 chassis that is not in the configuration. I have attached an image with the interface circled. We assumed that it may be a configuration issue with openview, however after running diagnostics with a network analyzer, the same ip address for the down interface is still detected. Is this some sort of internal virtual interface on the SUP7?
View 4 Replies View RelatedI am looking at deploying a Cisco Virtual Wireless LAN Controller (vWLC 7.3).
Do I need Prime Infrastructure to manage the environment, or can I manage my AP's (1200 series) using the vWLC alone?
Do the cisco 4503 switches support virtual clustering feature ? I have a requirement where switch ports on two different 4503 switches need to combined in the same Link aggregation group . This is needed because the firewall notes say that the aggregated interfaces need to be conected to a single switch and combined in the same LAG . So according to the diagram below , the interfaces marked RED need to be in the same LAG in the switches , same for the interfaces marked BLUE . I have done the same setup using Juniper switches where it uses VIRTUAL CLUSTERING to group the different switch ports in the same LAG.
View 2 Replies View RelatedIt is possible to add interface from different line cards reference ( for example N7K-148GT-11L and N7K-F132XP-15 ) to a vPC ? I ask you because I try it and I have the following error :
command failed: port not compatible [Capabilities FabricPath]
can i configure virtual circuits on cisco layer 2 switch catalyst 2950 ?
View 1 Replies View RelatedI'm looking into a way of routing users internet connection based on their username or group in a windows environment. Currently there's two ISP connections with their own proxy server. I want a user to be fully redirected to one of the ISPs based on who they are. I was hoping via IE proxy settings, this can be accomplished, but it looks like the primary ISP connection, is still getting most of the connections/routing.
View 1 Replies View RelatedThe OID I am using for module index 6509-E family is not working on 6509 Virtual Switching System(VSS).I have used "1.3.6.1.4.1.9.5.1.3.1.1.1" for single6509- E configuration. How to know OID for module index on VSS environment.
View 5 Replies View RelatedI am running a websever on virtual machine on ubuntu .how can i forward all traffic coming to my ip to virtual machine which is 192.168.1.4 on my LAN.here are my configs.
OS - Windows 7
Router - DLink
Virtual machine network Setting - Bridged adapter.
I need to move from ASA 8.4(1) to 9.0(2). Reading [URL] it seems to be a quite safe upgrade cause I do not have IPv6 ACL and I have only IKE v1. The following is not very understandable to me,No Payload Encryption for export—You can purchase some models with No Payload Encryption. For export to some countries, payload encryption cannot be enabled on the Cisco ASA 5500 series. The ASA software senses a No Payload Encryption model, and disables the following features:
#
–Unified Communications
#
–VPN
#
You can still install the Strong Encryption (3DES/AES) license for use with management connections and encrypted route messages for OSPFv3. For example, you can use ASDM HTTPS/SSL, SSHv2, Telnet and SNMPv3. You can also download the dynamic database for the Botnet Traffic Filer (which uses SSL) and redirect traffic to Cloud Web Security. Reading [URL] under 'Limitations and Restrictions' I find this point moving to 8.4(2), which I also dont understand,Currently in 8.4(2) and later, the PAT pool feature is not available as a fallback method for dynamic NAT or PAT. You can only configure the PAT pool as the primary method for dynamic PAT. For example, if you enter the following twice NAT command that configures a PAT pool (object2) for fallback when the addresses in object1 are used up, you see the following error message:
hostname(config)# nat (inside,outside) source dynamic any object1 pat-pool object2
interface round-robin
ERROR: Same mapped parameter cannot be used to do both NAT and PAT.
ERROR: NAT pool allocation failed.
You can alter this command to make it PAT-pool only by removing object1; the PAT pool is used as the primary method, instead of as a fallback method:
hostname(config)# nat (inside,outside) source dynamic any pat-pool object2 interface
round-robin
(CSCtq20634)
Is there any other point I need to consider moving from ASA 8.4(1) to 9.0(2)?
I have recently moved, taking my PC (Windows Vista) from the UK to Norway. My Norwegian partner has a Wi-fi network set up in our new home via his cable TV service (Lyse) and I purchased a Netgear wireless network adaptor so I could get into this. It says I am connected to his network and I entered the correct network security key but I only get 'limited connectivity' which seems to not include internet access. 2 iPhones & 2 other laptops regularly network in so there is nothing wrong with the network per se. The trouble seems to be that mine is a desktop PC.
I had a LAN from home in my 'connections' so I deleted that (and deleted my UK broadband connection) and in the LAN settings box, I unchecked 'automatically detect' & and checked the proxy server box.
Is a protocol inspection or something like it that allow MSDTC flows avoiding to open a backward rule will all ports?
I have for FTP and other protocols as ICMP too but MSDTC ?
Currently trying to set up the above so that if an access service is not matched then it will go to the next one. Looking at the logs what happens is - our auth is set to AD so it matches that - then it isnt in the correct ext AD group and goes to default deny access.
Cant see how to get around this - the only continue command is in the advanced area of the auth - but i cant set up ext ad groups on the auth. How do i get this to move between access services if it doesnt match the ext AD.
We have an old Cisco 2600 series router, running a single T-1 line, AT&T is the carrier. Very standard stuff.
The T-1 works perfectly on the old router. Cisco 2600 with a WIC-1DSU-T1 card. We have a brand new 2911 router with a VWIC3-1MFT-T1/E1 card in it. The circuit runs 100% clean and trouble free on the old router. When I plug it into the new router, it shows up/up but has a massive number of errors on the line, and the circuit is not usable. There are no timing slips or anything like that.
I have another site using the same router and card with the same configuration on that T-1 and it works perfectly. Zero errors. This site (in a different city) is totally slammed with errors. We already replaced the T-1 card and still have the exact same issue.
I've actually been doing this a long time, and I've tried all of the usual things, adjusting line build out, changing clock source, checking and re-checking configs. Nothing seems to reduce the error rate.
I personally think it has something to do with the Smartjack. Like maybe their LBO is too high or too low, and the old router card was more/less sensitive than the new one?
This is a layer 1 issue and is not defective hardware or defective configuration. I am looking for T-1 insights or bugs/issues.
I used my Pix config to setup the ASA 5505.Everything seems to be right. I used ASDM to view settings and it seems right. I am missing something minor, but I am going blind looking at it.
I can remote into the network from outside, but internatlly I cannot get out of network. No internet or email is passing through.
: Saved
:
ASA Version 8.2(5)
!
hostname textasa
domain-name testcorp.com
enable password 579oWRzSY5syo9yt encrypted
passwd 579oWRzSY5syo9yt encrypted
[code]....
I have a customer moving from a 5505 to a 5510. They are currently running websense express, which monitors and filters traffic based off of a port mirror on the ASA. Can this function still be performed on the ASA5510? If so, I am having trouble figuring out the method.
View 6 Replies View Related