Cisco Switching/Routing :: Vlan Redundancy / Segmenting Public IP Block 3750x
May 21, 2012
I'm building a new colo presence with a full class C of public IP's. The idea is to connect to our ISP with a 3750x switchstack and they will be providing two ethernet drops that conect directly into two seperate switches on their side with HSRP and BGP at the routing level, so we will just point to their virtual IP (gateway address).I'm not sure how to either segment the public ip block or statically route each ip address and the interaction of vlans/svi with HSRP groups. Just use the switch at layer 2 or handle the internal routing with eigrp or ospf at layer3?
View 2 Replies
ADVERTISEMENT
Oct 22, 2012
We have a workstation that processes sensitive information and we want that workstation to only have access to very select endpoints on our LOCAL LAN and also internet access.
Solutions:
1. At first we explored VACL, this worked well except when the workstation needed to be moved around the environment to a switch that didn't support VACL (2960).
2. We explored a VLAN but thought that a routable VLAN with one single IP Address was somewhat wasteful, hoped there was something easier
View 2 Replies
View Related
Sep 22, 2011
I recently upgraded my network to have two 3750x core, one interface on the cisco is connecting to a Netgear switch via a fiber converter. I am keep getting the vlan flapping error message in my log as below.
View 2 Replies
View Related
Feb 6, 2013
I have a LIII Switch Cisco 3750x ,with diffrent Vlans , Some users are in Vlan 102 (10.10.2.0) and Some Users are in Vlan1 (10.10.1.0) , now i want to restrict the Vlan102 users to access Vlan1 , i am pasting my configuration below , how to create a access list .
interface Vlan1
ip address 10.10.1.36 255.255.255.0
ip helper-address 10.10.1.36
[Code].....
View 2 Replies
View Related
Mar 19, 2013
I have one issue on Vlan in Cisco 3750X switches , I have 2 Offices , I am sitting at corp OFfice and i have one 3750 ( 10.10.1.36)Switch at my location , in my remote office i have one more switch 3750 ( 10.10.33.1) and i am able to access the both vlan IPS with out any issue , now i have some network components in Vlan33 ( 10.10.33.1) at my remote office . i am able to ping 10.10.33.1 IP from my corp office , but i am not able to ping any network devices in 10.10.33.5 example : 10.10.33.5 is my Cyberoam IP at remote location and i am not able to ping , i have taken a trace route and not able to find the issue as i am not much femilar , ping 10.10.33.5 at remote location devicec
I am giving the Configuration for both locaitons below :
10.10.1.36 - Corp Office 3750 Switch:
sh run
L3-#sh running-config
Building configuration...
[Code].....
View 1 Replies
View Related
Mar 18, 2013
I've got a 3750x stack set up as my core switch (only a small-ish environment) - I'm shortly going to be deploying an enterprise wireless network with Corporate and Guest SSID's. I'm going to be putting all traffic from the Guest SSID in VLAN 244, and don't want it to have access to any of the other VLANs (1 (Legacy Eqpt), 4, 8, 12, 16, 20, 24, 28, 32, 248 & 252).
IP ranges for all the main VLANs are:
1: 10.0.0.x/22
4: 10.0.4.x/22
8: 10.0.8.x/22
12: 10.0.12.x/22
16: 10.0.16.x/22 etc etc (you get the pattern)
I'll probably give Guest traffic (VLAN 248) the IP range 192.168.10.x/22 (not because I NEED that many addresses, but it's easier for everyone to remember/understand if I keep the subnet masks the same all round). However I also have a CCTV VLAN (252) which already has the range 192.168.0.x/24, which some people in other VLANs WILL need access to.
So my question is: What is the syntax for the ACL on my 3750x (IP base - 15.0.2) to prevent traffic from VLAN 244 gaining access to any of my other VLANs. I'm making a broad assumption here that a layer 3 switch is perfectly capable of supporting that function? I need ALL the syntax for setting up ACL's - I've never done it before
My gateway device by the way is 10.0.4.1, and I do have inter-VLAN routing set up on the core switch (obviously).
View 3 Replies
View Related
Jun 22, 2012
I have on 3750X stack with a few vlan
--------------------------------------------------
vvlansw06# sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/6, Gi1/0/10, Gi2/0/5
Gi2/0/6, Gi2/0/37
10 LAN_10 active Gi1/0/16, Gi1/0/17, Gi1/0/19
[code]....
where are the others vlan?
View 3 Replies
View Related
Oct 7, 2012
I am migrating an existing LAN from 3550 to 3750X-12S. In the existing configuation, I´ve got some trunks with native VLAN <> 1. The native VLAN is also used for user data transport. With IOS 15.0(1)SE3 on 3750X I recognized, that per default behavior PVST is not active for a VLAN defined as native, even if the corresponding trunk is up and trunking. My current workaround is to add a "switchport access vlan" command on the trunk even this one never should become an access port. With this statement only the switch is activating the PVST for the native VLAN. For all other vlans PVST works as exspected. [code]
View 6 Replies
View Related
Dec 8, 2011
I have a quick query which i need ratified before proceeding. I have the following scenario -
Two Cisco 3750v2 switches with stackwiseISP allocated block of /26 (64 addresses)8 customers each with a VLAN and SVIInternet facing VLAN and SVIDefault route to ISP router Lets say the ISP has given me the network range 10.10.10.0/26 (we'll assume this is routable on the internet for the purposes of this example) and a default gateway to the internet of 10.10.10.1 within this range. I have configured a public facing VLAN as follows -
VLAN 300
name PUBLIC
int VLAN 300
IP Address 10.10.10.2 255.255.255.252
I have then created a default route as follows -
ip route 0.0.0.0 0.0.0.0 10.10.10.1
With this configured, the switch can successfully route upstream to the internet with no problems. I have then moved onto the customers and depending on what service they have purchased, I have subnetted the 10.10.10.0/26 range into smaller subnets. See as follows -
Customer A - 10.10.10.4/30
Gateway IP - 10.10.10.5
Useable IPs - 10.10.10.6
Customer B - 10.10.10.8/29
Gateway IP - 10.10.10.9
Useable IPs - 10.10.10.10 - 10.10.10.14
This continues for each customer depending on how many IP's the have purchased. I have then assigned these IP ranges to a customer VLAN and SVI as follows -
Customer A
VLAN 10
name CUST-A-VLAN
int VLAN 10
ip address 10.10.10.5 255.255.255.252
[code].....
It is then up to the customer as to what equipment they use and how they NAT or firewall their internal networks.
View 5 Replies
View Related
Jul 22, 2012
I have 4 vlan and all has conectivity/access with all (VLAN10,VLAN20,VLAN30 and VLAN40, I use a 3560 Switch for this propose, I need to modificate one vlan (VLAN40) that has access to the rest of the VLAN's BUT the rest of the VLAN's dont have access to VLAN40. I know that it is a problem of access-list BUT I can't undertand how to obtain the result that I like
View 1 Replies
View Related
Oct 8, 2012
Has anything changed in the way of defaults for creating a trunk port and spanning-tree between a 3750x and the newer 2960s? I have one of each I just took out of the box and applied my standard switch configuration template but I cannot get my VLANs that are configured on my 3750X to appear on the 2960S. I find nothing that is blocking and everything seems to be forwarding and I am running out of things to check.
View 5 Replies
View Related
May 22, 2012
I have a LAN with 6 vlans and a 2821 router. By default, intervlan routing is enabled for all vlans, however, I want specific vlans to be denied access to others, though all should still be able to use the Internet being served from GE/0.
View 6 Replies
View Related
Feb 21, 2013
I have One switch 3750 and many switch 2960 c.I use one ASA 5510 to reach emote branche site (vpn conexion).I use one router 1841 for internet conexion.Router 1841, ASA and catalyst 2960 are connected on the 3750.Default gateway of all user is ASA IP
I configured Vlan 3750 and it work.Now I need to implement security : permit/block specific traffic between vlan [code] From vlan 72 I cannot have remote access on computer in vlan 34 and I cannot ping computer in vlan 34.
View 1 Replies
View Related
Jan 11, 2012
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
View 3 Replies
View Related
May 12, 2013
I have the following devices :
-1 VM Host
-2 Layer 3 switches
I would like to provide full redundancy for all vlans being used by VM Guests on the VM Host as well as the management vlan being used by the VM Host.I have created two LACP etherchannel connections on the VM Host. Each etherchannel from the host consists of 4 ports spanning a single NIC. One etherchannel connection goes to a trunked etherchannel connection on switch 1, and the other etherchannel connection goes to a trunked etherchannel connection on switch 2.Switch 1 and switch 2 have an etherchannel connection between them that carries all of the vlans in the topology.Vlan 2 is the managment vlan. Vlans 3, 4, and 5 are vlans that VM guest systems will be using for normal data traffic.
I intend to use switch 1 as the VRRP active router and spanning-tree root bridge for vlans 2 and 3.I intend to use switch 2 as the VRRP active router and spanning-tree root bridge for vlans 4 and 5.The spanning-tree configuration is using multiple spanning-tree with two instances. Instance 1 has vlans 2 and 3 associated and Instance 2 has vlans 4 and 5 associated. I would like to have this topology be fault tolerant to the point where if one of the etherchannel links between the host and one of the switches goes down, (for example, if switch 1 was powered off) traffic will be automatically redirected through the other functional link. I believe that my VRRP configuration would allow for a fairly quick failover of layer 3 services, but I am not certain that my design will be functional at a layer 2 level.
What I am uncertain about is how spanning-tree will converge. I am assuming that the virtual switch on the VM host will not be forwarding any BPDUs being sent by either switch. Would either of the links connecting to the host be considered a redundant link by either switch?Would the link between switch 2 and the host be inactive for all vlans in MST instance 1 during normal operation?Conversely, would the link between switch 1 and the host be inactive for all vlans in MST instance 2 during normal operation? Would all links remain active for ALL vlans? Would this mean that some traffic may travel through switch 2 to reach switch 1 instead of going directly to switch 1?
View 1 Replies
View Related
Nov 1, 2012
have main office of 70 people.Also I have 2 redundant ISP:One give me 20 mbit/s Other only 2 mbit/s and it is my backup ISP.
I have some resources in data center and I need a IPSec VPN to it and some other location. I suppose there will be up to 3-5 IPSec tunnels. I choose Cisco ISR 881-SEC-K9 with one wan port and 4 LAN switch. But know I’m looking for Cisco 891-K9. There is no security bundle for it. But in cisco.com this router is marked Cisco 891-K9 Security router. Does it support security features like VPNs, ZBF, IOS Firewall, NBAR and IP SLA for ISP redundancy? Also if my boss will choose chipper Cisco router 881-SEC-K9. Will I be able to organize 2 ISP redundancy on 4 LAN switch port inside VLAN interfaces because there is only one WAN port?
View 2 Replies
View Related
Sep 9, 2012
I have a 6509 switch with SSO Redundancy (STANDBY HOT) with IOS ver 12.2(17d)SXB11, RELEASE SOFTWARE (fc1) (c6k222-jk9sv-mz.122-17d.SXB11.bin). I need to upgrade the IOS on this switch.I have 512MB Memory on the switch and 40144896 bytes free on Disk0.which IOS is the latest version to upgrade and also give me some hints for IOS upgrade on this switch?
View 7 Replies
View Related
Aug 2, 2012
we are in the planning phase for a network upgrade. We have two C2960 Switches connected via one (L2) Etherchannel (4x1 Gbit/s) which works very well. In the next phase we would like to upgrade our router to an 2911 series which has 3 gb interfaces. and indeed we would like to create an etherchannel as well. our plan is to use 2 of the 2911 to connect to the first 2960 switch and the one left to the other 2960. i think we will achieve some redundancy with this config.
View 6 Replies
View Related
Mar 26, 2012
I would like to know if i can have redundancy between these Supervisor Engine (on the same chassis) :
WS-X6K-SUP2-2GE & WS-X6K-S2-PFC2
I already know that WS-X6K-SUP2-2GE + WS-F6K-PFC2 = WS-X6K-S2-PFC2, but i'm not sure if we can have compatibility(redundancy) between these two cards.
Example :
Mod Slot Ports Module-Type Model Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
1 1 2 1000BaseX Supervisor WS-X6K-S2-PFC2 yes standby
2 2 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok
View 2 Replies
View Related
Jun 13, 2012
How to setup redundancy on a 2800 series Router so that whenever it fails it will be routed through the MPLS router
View 5 Replies
View Related
Sep 9, 2012
Can any share some useful links on how this works and how to configure it? Do you still need to configure FHRP or does configuring redundancy take care of active/standby relationship between the ASR's?
View 2 Replies
View Related
Oct 31, 2011
Our company's c4510 with redundancy supervisor 7E just been crashed, first the master then the slave. What should I do ?
View 1 Replies
View Related
Dec 18, 2012
I have a setup with two Cat 4506E working as a HA,I used a bundle 4Gb interfaces working as ether-channel,I'm facing a problem with DHCP pools on the both SW's,There is no problem if I use the pools on one sw,But when I but the pool on both sw's then I faced a lot of conflict IP in the DHCP pools,How can setup a real DHCP redundancy on both SW's,
View 6 Replies
View Related
Oct 31, 2012
Why rpr is the only available redundancy mode option available to me. I'm running a 4507R+E with twin SUP7-E's.
Abbreviated show ver Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.03.01.SG RELEASE SOFTWARE (fc2)Technical Support: [URL]/techsupportCopyright (c) 1986-2012 by Cisco Systems, Inc.Compiled Sun 26-Aug-12 13:45 by prod_rel_team
ROM: 15.0(1r)SG2gp08401 uptime is 6 weeks, 6 days, 4 hours, 59 minutesUptime for this control processor is 6 weeks, 3 days, 2 hours, 21 minutesSystem returned to ROM by RPR SwitchoverSystem image file is "bootflash:/cat4500e-universalk9.SPA.03.03.01.SG.151-1.SG1.bin"Jawa Revision 7, Snowtrooper Revision 0x0.0x1C
[code]....
View 3 Replies
View Related
Aug 14, 2012
I am facing a problem in implementing HSRP. My scenario is like this, I have two 3750 switches and I have a server with two NICs. I want to run HSRP in these two switches. By the way the server is connected directly with the switches. I mean each NIC to each switch.we have teamed the two NIC (Active / Standby).what configuration need to done in switches to work HSRP.
View 4 Replies
View Related
May 8, 2012
I want to have an opinion that which switch shall I replace the Cisco 2960s with so as to elimintae the need for spanning tree in there but then what would be the design look like between Netscreen and those new switches. Also would it be vendor independant to work Between Cisco and Netscreens/Cuberguard.
View 1 Replies
View Related
Oct 9, 2012
Four 6500 connected to each other to form a full mesh. Switches 4 and 7 is running eigrp. A question came up, why didnt it have eigrp on SW 2 & 3 ? Will it still be redundant if link between SW3 and SW4 is removed? If redundancy is working, SW3 should be able to find its way to SW4 via SW7 or SW2, yes?
The config looks:
SW4 eigrp
router eigrp 100
network 192.168.0.0
redistribute static
auto-summary
[Code]....
Recently, the eigrp was configured to SW 2 and SW 3 as well, it included the “redistribute static” statement. The route for SW2 and SW3 now has the VLANs, 51 or so. Sent ping from a PC to VLAN1 IP of SW3, then link between SW3 and SW4 was disconnected, network connectivity went down for about 20secs, and ping came right back. Thought it was a success. All of a sudden, outside connectivity was lost. Ping within the LAN was successful, but no internet connection.
The eigrp on SW2 and SW3 was removed, and the internet connection came back up. The initial concern was that although there is physical redundancy in place, the other routes may not be known. Hence, eigrp configuration has been attempted for SW2 and SW3. Perhaps the “redistribute static” should have never been configured on SW2 and SW3, SW7 does not have the “redistribute static” statement anyway.
Without eigrp running on SW2 and SW3, does it still have redundancy? For what it’s worth, SW4 and SW7 are both VTP servers. With the current configs, does it still have redundancy? Link redundancy was never tested; it always has been assumed that it works. Later today, with it’s current config, the link redundancy will be tested.
View 5 Replies
View Related
Nov 15, 2011
I'm not able to find power redundancy mode when i do show power on my Cisco 4510R+R with SUP7E.
[code]...
When i do show power on my Cisco 65000 the first line shows the power redundancy mode, I have all other show power related command but couldn't find redundancy mode
View 1 Replies
View Related
Feb 1, 2013
Any pointers on configuring security on a Cisco 3750X switch that sits on a public (WAN) network. It will distribute connectivity to individual ASA firewalls as there are only two main links from upstream. Obviously I'll be disabling the http server, SSH (besides the management interface), etc.I know I can create ACL's, but worried about performance? I'm looking at blocking Netbios and other protocols that are not nessesery on our network. I've been told to disable the default VLAN... is that a good idea? And instead use the management port? I've looked around but there doesn't seem to be much information about what you should enable or disable on public switches.
View 9 Replies
View Related
May 1, 2012
I plan to build improved redundancy in to my LAN by stacking two 3750s and teaming pairs of NICs on my Dell PowerEdge servers, with each cable of the pair going to a different switch.In my mind this provides redundancy for the NICs and the switches. Does this configuration will work, and also what type of teaming is supported, as I was planning to have one NIC active and one standby, but can I run this configuration with both NICs in the team as active with load balancing?
View 1 Replies
View Related
Sep 26, 2012
I am still working on the design of my big project and always that you think that every thing is solve, appears a details.We need to deploy a fiber links to some buildings that will have access switches connected to the Core. I have been reading about ethernet ring topologies and quite differents to the hierarchical model because of the using of Ressilent Ethernet Protocol instead of STP or RSTP.My question is which of the next to scheme will be the best?
1.- Deployment an ethernet fiber ring topology with REP? Consider that the edge Switch of this ring will be my Core and this one is connected to my distribution switches in a hierarchical topology. In this situation, Acces Switch 1-A is connected to Acces switch 1-B, Access Switch 1-B to 1-C and Switch 1-C to the Core. Feel fre to recomend me wich switches and considerations are the best. We conssider 1 Catalyst 6506 Chasis for the Core and catalyst c2960s-48-TDL for acces, maybe the 3750x series. Each Acces node in the ring topology will have a maximun of 50 end devices.
2.- Deployment a Fiber ring but not connecting each switch with the next. In this case we want to ensure redundancy to the core wih equal costs path, but because of the ring each switch won´t have equal length link to the core. In this situation, Acces Switch 1-A is not connected to Acces Switch 1-B is connected directly to the core but the fiber cable will take the route to Access Switch 1-B, to Acces Switch 1-C and finnally to The Core Switch. This apply to the other to Switches. Note now that Acces Switch 1-A will have a 281 Ft link to the core and a second 1612Ft. link to the core. Here comes the question this differents lenght will negative affect RPVSTP ? or It doesn´t matter? Can i setup an etherchannel/load balance in this situation?
View 1 Replies
View Related
May 24, 2012
I need to configure a 4507 chassis with two SUP 7 installed. I havenot done SUP redundancy comnfiguration and i was owndering
View 9 Replies
View Related
Feb 14, 2012
How to configure Supervisor Engine Redundancy between two different cisco 4507R and 4506E.
View 5 Replies
View Related
