I have a LIII Switch Cisco 3750x ,with diffrent Vlans , Some users are in Vlan 102 (10.10.2.0) and Some Users are in Vlan1 (10.10.1.0) , now i want to restrict the Vlan102 users to access Vlan1 , i am pasting my configuration below , how to create a access list .
interface Vlan1
ip address 10.10.1.36 255.255.255.0
ip helper-address 10.10.1.36
[Code].....
Extended IP access list VLAN20
10 permit tcp any any established
11 permit icmp any any
20 permit tcp any 192.168.20.0 0.0.0.255 eq 80
30 permit tcp any 192.168.20.0 0.0.0.255 eq 443
40 deny ip any any log
[code].....
Above is the network diagram and access list for VLAN 20 and VLAN 30, applied on incoming direction of each valn.But still able to access other port which is not on access list, tried changing the direction with no luck.Inter vlan routing is enabled on CoreSwitch default router is 192.168.10.10
In my core Switch,there are 2 v LAN(V LAN 1 & V LAN 2)my switch is Cisco 4948,so be default ip routing is enable in it. My all servers (DHCP,HTTP,HTTPS) are in v LAN 1 & internet is also in v LAN 1.
My requirement is that v LAN 1 user should not communicate with the v LAN 2 and vice versa. But the v LAN 2 users need an access of all servers and internet which is in v LAN 1. How to configure the access-list. I have try on Packet tracer which i have attached.
note:v LAN 2 user should get the IP from dhcp server which is in vlan1.
I have one issue on Vlan in Cisco 3750X switches , I have 2 Offices , I am sitting at corp OFfice and i have one 3750 ( 10.10.1.36)Switch at my location , in my remote office i have one more switch 3750 ( 10.10.33.1) and i am able to access the both vlan IPS with out any issue , now i have some network components in Vlan33 ( 10.10.33.1) at my remote office . i am able to ping 10.10.33.1 IP from my corp office , but i am not able to ping any network devices in 10.10.33.5 example : 10.10.33.5 is my Cyberoam IP at remote location and i am not able to ping , i have taken a trace route and not able to find the issue as i am not much femilar , ping 10.10.33.5 at remote location devicec
I am giving the Configuration for both locaitons below :
10.10.1.36 - Corp Office 3750 Switch:
sh run
L3-#sh running-config
Building configuration...
[Code].....
I've got a 3750x stack set up as my core switch (only a small-ish environment) - I'm shortly going to be deploying an enterprise wireless network with Corporate and Guest SSID's. I'm going to be putting all traffic from the Guest SSID in VLAN 244, and don't want it to have access to any of the other VLANs (1 (Legacy Eqpt), 4, 8, 12, 16, 20, 24, 28, 32, 248 & 252).
IP ranges for all the main VLANs are:
1: 10.0.0.x/22
4: 10.0.4.x/22
8: 10.0.8.x/22
12: 10.0.12.x/22
16: 10.0.16.x/22 etc etc (you get the pattern)
I'll probably give Guest traffic (VLAN 248) the IP range 192.168.10.x/22 (not because I NEED that many addresses, but it's easier for everyone to remember/understand if I keep the subnet masks the same all round). However I also have a CCTV VLAN (252) which already has the range 192.168.0.x/24, which some people in other VLANs WILL need access to.
So my question is: What is the syntax for the ACL on my 3750x (IP base - 15.0.2) to prevent traffic from VLAN 244 gaining access to any of my other VLANs. I'm making a broad assumption here that a layer 3 switch is perfectly capable of supporting that function? I need ALL the syntax for setting up ACL's - I've never done it before
My gateway device by the way is 10.0.4.1, and I do have inter-VLAN routing set up on the core switch (obviously).
The field engineer has a stand alone 24 port 2900 series switch that he has different equipment connected to and are segmented using VLANs. So for example, he's got ports 1-4 assigned to VLAN 10, 5-12 assigned to VLAN 20, 13-19 assigned to VLAN 30 and 20-24 assigned to VLAN 40. He would like all the gear on VLAN 30 to have the ablity to talk to all of the other VLANS, but VLAN 40 should not be allowed to talk with any other VLAN. Trunking would do no good here since the switch isn't connected to anything and you can only assign one VLAN per port.
Is there a way to do this within the stand alone switch? The only possible way I could think of would be to ensure that each VLAN has an assigned IP number (subnet) and doing this through access lists.
cant assign cisco switch 3560G port g0/1to access vlan 10
main-switch(config-if)#switchport access vlan 10 Command rejected: Gi0/1 not a switching port.
I recently upgraded my network to have two 3750x core, one interface on the cisco is connecting to a Netgear switch via a fiber converter. I am keep getting the vlan flapping error message in my log as below.
View 2 Replies View RelatedI have on 3750X stack with a few vlan
--------------------------------------------------
vvlansw06# sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/6, Gi1/0/10, Gi2/0/5
Gi2/0/6, Gi2/0/37
10 LAN_10 active Gi1/0/16, Gi1/0/17, Gi1/0/19
[code]....
where are the others vlan?
I am migrating an existing LAN from 3550 to 3750X-12S. In the existing configuation, I´ve got some trunks with native VLAN <> 1. The native VLAN is also used for user data transport. With IOS 15.0(1)SE3 on 3750X I recognized, that per default behavior PVST is not active for a VLAN defined as native, even if the corresponding trunk is up and trunking. My current workaround is to add a "switchport access vlan" command on the trunk even this one never should become an access port. With this statement only the switch is activating the PVST for the native VLAN. For all other vlans PVST works as exspected. [code]
View 6 Replies View RelatedIm trying to simulate a switch in Gns3 and i use 16ESW module in a cisco 3700 router. why im getting this record after i try to filter which vlans pass through my trunk port:Router(config-if)#switchport trunk allowed vlan 2,3,4 Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.
View 6 Replies View RelatedI'm building a new colo presence with a full class C of public IP's. The idea is to connect to our ISP with a 3750x switchstack and they will be providing two ethernet drops that conect directly into two seperate switches on their side with HSRP and BGP at the routing level, so we will just point to their virtual IP (gateway address).I'm not sure how to either segment the public ip block or statically route each ip address and the interaction of vlans/svi with HSRP groups. Just use the switch at layer 2 or handle the internal routing with eigrp or ospf at layer3?
View 2 Replies View RelatedHas anything changed in the way of defaults for creating a trunk port and spanning-tree between a 3750x and the newer 2960s? I have one of each I just took out of the box and applied my standard switch configuration template but I cannot get my VLANs that are configured on my 3750X to appear on the 2960S. I find nothing that is blocking and everything seems to be forwarding and I am running out of things to check.
View 5 Replies View RelatedI have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
It seems I have seen this before (and even done it once a few years ago).. but it has been a while. I have a stack with a Cisco 3750 stack that I have to replace a member.The replacement switch is a 3750X.
I think I have to upgrade the IOS of the older switch to be the same as the 3750X.
Current switch: WS-C3750G-48TS 12.2(46)SE
TO BE ADDED WS-c3570X-48 15.0 (1)SE2
It seems to me there was a way to upgrade the older switch IOS from the newer switch or downgrade the newer switch with the older IOS.I dont have the Cisco account to download updated IOSs.
my company pay a switch 3750 X. WS-C3750X-24T-E. It uses IP services basically but I failed to configure InterVLAN routing. why interVLAN routing doesn't work on my switch?
View 10 Replies View Relatedwhile i am configuring a port on switch .The switch reloads.After reload the show version says
System returned to ROM by bus error at PC 0x458F6C, address 0x0
show version from the effected switch is
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
[cODE].....
can I make the stacking of these two switches WS-C3750E-48PD-SF and WS-C3750X-48PF-L. Both have universal IOS.
View 11 Replies View Relatedif we can stack the 3750G switch with a 3750X switch ?
View 7 Replies View Relatedwhen enabling multicasting on layer 3 interfaces the CPU becomes fully utilized , is there any specific configuration should be enabled to reduce this .
Config :
Inetface vlan 100
ip pim sparse-dense
ip igmp version 3
[Code]......
The process "HL3U bkgrd proce" is causing high CPU usage issues in a switch 3750X-24T-L. The IOS is 15.0.2-SE2.
show platform ip unicast failed route and adjacencies displays a lot of entries, I've seen up to 1200.
After restart HL3U bkgrd proce takes around 10 - 20 % CPU, some hours later 99%.
A coupe of times we got logs like this:
%SYS-3-CPUHOG: Task is running for (2136)msecs, more than (2000)msecs (172/73),process = HL3U bkgrd process.
-Traceback= 0x1BE9C3Cz 0x27E103Cz 0x27E0F64z 0x50DCF8z 0x50DE98z 0x503BD0z 0x4F7718z 0x1FF0A18z 0x1F46DECz 0x1F4816Cz 0x1F48698z 0x1F499C8z 0x1FF15D0z 0x2000430z 0x1FF55B4z 0x1FF5FA4z
[Code].....
I have a 3750X 24 port switch (with NM-1G network module) running IOS 15.0(1). Is there any benefit or reason to plug in the included Stack Wise cable and loop it back to itself in a single switch installation?
I don't see any recommendation in the documentation. The data sheet indicates a single switch is a non-blocking device so I'd think there's no bandwidth advantage like there is when connecting an actual multi-switch stack and needing to close the loop for the full 32 Gbps stack bandwidth.
About an hour ago I had the master switch on one of my 3750x (WS-C3750X-48PF-S) stacks crash. The only two items we've found that could have caused this issue are the roughly 1.3 million big buffer misses and several of the following in the syslog
SLT:WARN:No exporter configured for smartlog! I do not have smartlogging turned on, nor is there a netflow exporter configured
sh logging smartlogsmartlog is disabledsmartlog exporter:smartlog pkt length: 64 Total pkts processed: 0Total DHCP Snooping pkts processed: 0Total DAI pkts processed: 0Total IPSG pkts processed: 0Total ACL pkts processed: 0
I did not see any traffic spikes prior to the crash.
This stack has been stable since it's last IOS upgrade from 12.2(58)SE1 to 12.2(58)SE2 back in October 2011 so this has me a little worried.
I've 3750X switch that isn't loading email. then I went to rommon mode and accidently for "format flash". after that I loaded 15.0 SE2 s/w on it using tftp server but it doesn't boot up with that image. flash had only .bin file after I loaded it from tftp server.
since it wasn't booting up, I did format flash again and thought to load image again from tftp server but now, it doesn't load image from tftp server.
I have a 3750X four-switch stack acting as the core of a fairly simple LAN. All I need to achieve (and this seems inordinately hard, but it is entirely likely that I'm just being dense) is to get access to the internet through my core switch, through the firewall and out through my VSAT. I've spoken at some length with the firewall providers (Cyberoam) and they tell me all I need to do when I migrate onto my new system (Cyberoam is currently in place at the entrance to our existing LAN) is change the local IP address of the Firewall, plug in the new switch to the LAN port, and away I go. Tried that, didn't work, so obviously I'm missing something.
View 22 Replies View RelatedI am looking for a way to bind between a switch interface (cat 3750X) and a DHCP server reply.The switch can operate as the DHCP server .a PC connected to interface Gi 1/0/1 will lways get IP address 10.0.0.1 because it is connected to interface Gi 1/0/1, a PC connected to interface Gi 1/0/5 will lways get IP address 10.0.0.5 because it is connected to interface Gi 1/0/5 and so on... (no matter the source MAC address who sends the DHCP request).
View 8 Replies View Relatedi am seeing very high utilization on a random basis on the stack. and the logs indicate me that there is a pattern where there is a stack power cable shows inserted (which was never unplugged) followed by sudden spike in the utilization.
001018: *Mar 6 16:21:22.138: %PLATFORM_STACKPOWER-6-CABLE_EVENT: Switch 4 stack power cable 1 inserted
001019: *Mar 6 18:18:37.982: %SYS-1-CPURISINGTHRESHOLD: Threshold: Total CPU
[Code]......
I work at a hospital and we have 3750X-48P switches in stacks in various locations throughout the hospital. We have noticed that when an EKG machine is plugged into one of the ports on some of these switches and the EKG machines are set manually to 100/Full, the ports are no longer usable until the switch is restarted. The switch is configured for auto. If the EKG machine is set to auto, it will work and not cause problems. The link on the interface will show up/up and there will be output packets increasing. However, there will be no inputs on the link and the port is unusable. Unfortunately, even when the device is removed, the port becomes unusable for any device. Is there any way to fix this problem without rebooting the switch?
View 5 Replies View RelatedIn change network topology, we are going to assign PC's Gateway as Switch (3750X) IP Address rather than server IP Address. Currently we have configured all Sytems's Gateway is Internet Server IP Address which we are going to replace with Switch IP as Gateway.Issue is while connecting specific application like team viewer in which application tried to send keepalive message to the live server and in case of switch/router IP as gateway. Connection doesn't established. However it is working fine when Internet Server IP treated as gateway.
View 1 Replies View RelatedWe have a 3750X VTP Server and the rest of the switches are clients.
Due to cabling issues, we have a switch (Switch F) that we can't connect directly to the 3750X so we have it connected through another switch. Everything is set to VTP client with the correct domain and password but this not-directly-connected switch isn't receiving any VTP VLANs.
Anything I need to do on Switch D so that Switch F can receive the VTP updates?
I would like to know if it possible to create a policy map in order to redirect the traffic ( 80 , http, 8080) to a proxy.
My current equipment its a 3750X using a IP Service License ,I was reviewing some options but i want to be sure before implement in production.
We have 9 x 3750x switches with 5-nonPOE and 5-POE. There is a limitation with 4 POE per stack with Stack Power.
Can we combine all 9 to one stack since there are only 4 POE?
Or, is the 4-switch limitation applied regardless if they are mixed with POE and non-POE?
In my environment we have 3750x switches running ios 15.0 (1) SE2. We have port security mac address sticky configured on all our switch ports. I noticed that we have several interfaces (on different switches) that are up but have not captured the MAC address from the workstation. Here is one example:
interface GigabitEthernet2/0/11
switchport mode access
switchport port-security
[Code].....