Cisco Switching/Routing :: WS-C3560G-24PS / Native Vlan Tagging And Vty Access To Autonomous APs?
Jan 14, 2013
I've been experimenting with the 'vlan dot1q tag native' command on a switch and it seems as though tagging the native vlan breaks vty access to my access point.With the 'vlan dot1q tag native' commnand applied, I lose management connectivity to the AP with 'no vlan dot1q tag native' applied, connectivity is restored. Why is this? Is it safe to say that one can access the AP via vty lines using ONLY untagged packets?
SWITCH
Model: WS-C3560G-24PS
Code: c3560-advipservicesk9-mz.122-46.SE
--Abbreviated CONF
vlan dot1q tag native
[code]....
View 14 Replies
ADVERTISEMENT
Dec 13, 2012
We have a problem with CDP packets on sent by our Cisco 6509's. Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan. As a result the CDP packets are sent with an 802.1Q header with a tag of 1. The other switches send the CDP packets untagged on the native vlan. This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509. They see the packets from the 4948 and 5020 just fine.
How can I disable the administrative native vlan tagging on the 6509? Here is the current setup:
nwkdev-6509-1#show vlan dot1q tag native
dot1q native vlan tagging is disabled globally
nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport
[Code].....
View 13 Replies
View Related
Feb 10, 2011
Just spoke to the TAC and didn't get the information needed. When configuring ip dhcp snooping database I am adding this to my configuration:ip dhcp snooping database scp://dhcpsec@192.168.1.50/home/dhcpsec/switch1.dhcp.database.txt..I assumed that to do this I would either specify the password on the command line, similar to the way its done when using ftp/http, or that I would need to create a public/private key.I have enabled scp and can manually copy a file from the switch to the linux server. So I believe I have all the aaa commands correct. Cisco WS-C3560G-24PS System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE.bin".
View 3 Replies
View Related
Apr 23, 2012
I have a WS-C3560G-24PS service as a distribution switch with six (6) WS-C2950T-24 connected to it. In looking at the utilization on the inter connect links no one is running close to a gig speed and this includes the link between this switch and the core. The CPU load (6%) and memory utilization (30%) on the switch do not seem bad so what else does one watch to see if it needs an upgrade?
We are starting tohave discussions about any needed upgrades on the network. I have an ocassional user that complaines about low performance but looking through the network I can find nothing glaring on a consistent basis that says an upgrade is warranted. I am however looking at things such as the above. Utilization on links, CPU, memory, etc.
View 2 Replies
View Related
Jun 13, 2013
We are trying to replace the CSS between our firewall and DMZ with a BigIP. Among it's other functions, it will act as the router between the firewall and the DMZ. To make this work, I need to assign vlan tags values for the vlans I create on the BigIP box and these must match the tags on the cisco switches (3550's) How do I find this information on the switch?
View 2 Replies
View Related
Jul 5, 2012
I have a 2960 switch connected to another. The I need to verify that vlan0010 on one switch is forwarding tagged traffic between the other switch it is hooked up to through the Gi0/1 port. How do I verify this? I have a server that's multihomed (Broadcom) on the other side an it is supposed to be on this vlan with one of it's network interfaces. We had a pwer outage and now it cannot communicate on this vlan. However, everything else on the vlan can reach all the other nodes accept this server in the front of my building. All the devices in the same room are linked to the same switch which has one port (fa0/17) on vlan0010 and can ping eachother just fine. The server is hooked to port 24 on my server room switch and Gigabit port one goes to a fiber converter all the way to the back. It then gets converted from fiber to cat5e again and links into the switch (2960) in the backroom.
View 5 Replies
View Related
Jun 14, 2011
I am not on site and I have not seen a WS-C3750V2-24PS-S. Customer has a stack of 6 x WS-C3750V2-24PS-S and one unit has failed. We do not have a WS-C3750V2-24PS-S spare. Can we replace it with a standard WS-C3750-24PS-S (not V2) switch and be part ofthe stack.
1. Are there any traps gotchas?
2. What about IOS versions - aren't they different for V2 switches
3. Are the stack ports and stack cables same for both WS-C3750V2-24PS-S and WS-C3750-24PS-S
4. What is the main reason for bringing out the V2 switches. What features do they have extra?
View 3 Replies
View Related
Jun 5, 2012
is possible to have WS3750G-24PS in one stack with WS-C2960S-24PS? I want to add two new WS-C2960S-24PS to stack with one WS3750G 24PS.
View 1 Replies
View Related
Feb 19, 2013
In our network environment, we have a 2960 switch sitting behind our router. Off of this we have a lot of external connections, like our external DNS, firewall, and VPN concentrators. I've configured a VLAN other than the default, moved everything into it and then shut VLAN 1. In this hardening guide it says that your native VLAN should be something other than the user VLAN, but if I am not using any trunk links, wouldn't I not really have a native VLAN? I attempted to make the link to our firewall a trunk link and then set the native VLAN to something else.
View 5 Replies
View Related
May 25, 2012
1 week ago, I got a call from a client that reported a network outage, the client told me that, 3 switch has crashed he try to console but it just hang. I ask him, did you change something? he said he didn't change anything, he just pluged a nortelswitch to the cisco switch number 9, but that switch doesn't crash like the others (3,4,8). I check the uptime, and yes the switch never been powered off..
the topology look like this
____ 6500 ____
/ / |
1 2 3 4 5 ...... 9
the vlan is end to end vlan, so vlan span between all those switches. transparant. this is collapsed topology, core and distribution is the 6500 itself all of the 1-9 access switch are in the same rack, with no loopguard, and bpdu guard configured. and connected to the core using etherchannel. the problem is there is no log available to start the troubleshooting/investigation.
View 3 Replies
View Related
Jun 15, 2013
SG-300 52 native VLAN blocking network packets
View 3 Replies
View Related
Dec 22, 2012
I am having trouble after creating a management vlan (99) on a 3550 switch.I have configured the vlan (99) and given it an IP (192.168.1.100) and a default gateway (my router address - 192.168.1.99).I can ping to the switch from a PC and vice versa. The management VLAN IP is fine but now I cannot ping to the router from either the PC or the switch.It seems that just by adding VLAN 99 with it's own IP address has now prevented pings from the switch/ PC to the router ?Due to the fact that I have created a new switch management VLAN with an IP, does this mean I have set up the router as a 'router on a stick' scenario ? [code]
View 4 Replies
View Related
Jan 4, 2012
We are trying to setup a new configuration with 2960S as access switchs and a 4507 as a core switch.I want to protect the management IP VLAN of the swich using vrf on the 4507 so we :
SHUT VLAN 1 on every switch (2960 + 4507)
CREATE A NEW VLAN 289 (management vlan) -> IP network : 10.32.126.192/26
L3 VLAN on every switch
VLAN 289 in the VRF XXX on the 4507
create tunk between the switch and the 4507 :
switch mode trunk allowed vlan 200-230
sw trunk native vlan 289
so with this configuration on the 2960 the vlan 289 is UP/DOWN and UP/UP on the 4507 I can access to the 4507 using the IP in the VLAN 289 but i cannot access to the 2960 behind the 4507 CDP connectivity is ok?
View 14 Replies
View Related
Oct 7, 2012
I am migrating an existing LAN from 3550 to 3750X-12S. In the existing configuation, I´ve got some trunks with native VLAN <> 1. The native VLAN is also used for user data transport. With IOS 15.0(1)SE3 on 3750X I recognized, that per default behavior PVST is not active for a VLAN defined as native, even if the corresponding trunk is up and trunking. My current workaround is to add a "switchport access vlan" command on the trunk even this one never should become an access port. With this statement only the switch is activating the PVST for the native VLAN. For all other vlans PVST works as exspected. [code]
View 6 Replies
View Related
Jun 6, 2012
I have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
!
6509 configs:
!
interface Vlan50ip address 172.16.50.2 255.255.255.0!interface FastEthernet
[Code]....
View 5 Replies
View Related
Sep 28, 2012
I'm Confused from the fact that Vlan tagging is done at access port and trunk port always gets tagged packets (untill its case of native vlan).But I still believe in other fact which says tagging happen only when a frame hit the trunk port which means trunk port gets untagged frame and tagging is not possible at access port.
Would like to know where actually this tagging happens ?
and also which command we can use to encapsulate 802.1q protocol to access port ? The way we do at trunk port is #switchport trunk encapsulation dot1q Is the above command applicable for access mode also?
View 6 Replies
View Related
Apr 2, 2013
I have a 2811 Router (config below) with VPN configured. I can connect through the VPN and access devices on the native VLAN but I can't access the 10.77.5.0 (VLAN 5) network (I don't care to access the 10.77.10.0 - VLAN 10 network). This issue has been plagueing me for quite a while. I believe it's a NAT or ACL issue. VPN client IP pool is 192.168.77.1 - 192.168.77.10. [code]
View 4 Replies
View Related
Jun 16, 2011
we need config on WS-C3560G-24TS-S inter vlan communication stopping as per attached document.
View 1 Replies
View Related
Jul 11, 2012
Hardware: Cisco 3750 switch and Cisco autonomous access point (AIR-AP1142N-E-K9).Requirement: A single broadcast SSID; use dot1x to assign vlan 98 to authenticated clients (computer certificate); assign vlan 3 (guest) if the authentication fails.I can achieve assigning a guest vlan on authentication failure when using a wired connection by using the following command on the interface:authentication event fail action authorize vlan 3 I'm after a way to achieve the above using the wireless access point. The main point is that internal users cannot access vlan 3 as they have a valid certificate and that guests do not have to authenticate.
View 2 Replies
View Related
Jul 29, 2012
Unfortunately I do not remember the model and the switch is a couple of hours away without remote access.I have 4 vlans on a procurve switch.
VLAN1 - Network Devices (Server, printers, WAPs)
VLAN100 - Admin (Office workers)
VLAN200 - Teachers
VLAN300 - Students
There is a server doing DHCP. There are 4 ranges of IPs 1 for each VLAN.
The router is on Port 44. VLAN 1, 100, 200, 300 - Tagged
The Server is on Port 46. VLAN 1 - Untagged
The WAPs are on Ports 1, 11, 31 VLAN 1, 100, 200, 300 - Tagged
All other ports are on VLANs 100, 200 or 300 - Untagged
The WAPs all have VLANs 100, 200, 300. Each VLAN on a different SSID.
I have IP helper with the server IP on VLANs 100, 200, 300.
There are IPs from the different subnets on their respective VLANs in the switch.
The gateway for each subnet is on a different subinterface on the router.
The router is a linux box. (Untangle)
The WAPs are not able to talk to the server, therefore no computers on the wireless networks can get an IP.The server can only talk to the router if I change port 44 to untagged.What combination of tagged and untagged ports do I need to make everything talk?
Do I need to put the VLANs on the subinterfaces of the router?
View 1 Replies
View Related
Nov 6, 2011
I have WS-C3750-24PS version 12.2(55)SE4. I am configuring PBB VPLS. MY PE/P routers are alcatel 7710/7750
my topology is like that.
CE1<-------> Provider_switch(3750)<-------> PE1 < ----IP/MPLS----> PE2<-------> Provider_switch(3750)<----------->CE2
16 11 11
[Code].....
View 3 Replies
View Related
May 18, 2011
I need some assistance in setting up VLAN's (802.1Q) accross two switchs, I want the same 2 vlan's on both switchs, how do i configure them to be connected and pass both vlan's traffic.VLANs from firewall are tagged at 3 and 8.Single port out from the firewall.The first switch is simple enough, port is connect at port 52 and configured from both vlan's then the individual ports are either on one or the other. The question is how do i connect the second switch so that it can also do both vlans. Assume I connect switch1 at port 51 to switch 2 port 52. Do I configure both ports to be on the same VLAN's. or do i setup LAG's.
View 3 Replies
View Related
Aug 19, 2011
I am currently tasked with setting up a network, pretty much from scratch, that requires some fairly hefty VLAN deployment. My hardware on hand (already existed so can't can't change anything easily) 5x ESW-540-48 Switches, 1x3750g switch, 1x2811 router. I don't believe the router should be required as the 3750 is capable of intervlan routing. [code]
Now at one point I actually had the VLAN's *working* in that I could specify an IP address and could ping to and from it! However DHCP wasn't passing despite numerous attempts with DHCP relay and IP-Helper configurations.Also I was having issues with VLAN 1 as the native VLAN, the ESW switches don't allow you to do much with them, as they 'weren't created by the user'. So tried switching that out to VLAN11 also but with very little success there (I had to change the native vlan on all trunks to VLAN 11)All the 10.x.x.x addresses need to be able to communicate with each other.All the ESW switches need to be able to handle their respective VLAN's as well as VLAN 1 (for Printers and wireless access points distributed around the building).
View 16 Replies
View Related
Jan 21, 2013
I have three new 2960 switches as listed in the title. I configured them as follows:
192.168.1.215 host: whse-c
192.168.1.216 host: whse-b
192.168.1.217 host: whse-a
Switches B and C flow into A before continuing on into the server room switch (distance issues).All three switches are configured for ports 21-24 at 1000 and set as cisco switches. all other ports are undefined as they have a myriad of desktops, printers and non cisco access points flowing into them. side question - should i configure them as access points where applicable even if they are non cisco? I am replacing three netgear switches that currently are in place and have no known issues other than they are old and the fans may fail soon.hooked up .217. was able to get to it from the network. Hooked up 215 and then 216. All the sudden I lost the ability to tap into the switches, any of them. (I think I had done 215 at that point too, before adding 216. I found out later it took the network to its knees as internet was lost, and the MPLS stopped functioning.
I undid the changes and put the netgears back in service and all was right with the world again. At first I thought it was a bad host name as I had used whse-a on switch C in error. I changed that after this issue.Later that day I put 215 in place. checked it from the network and could get to it just fine. Then I put 216 in service. I lost connection to 215. I could no longer get to the internet from my pc and the MPLS went down again. This time I just unhooked 216. 215 is still in place and working on the network at the moment and not causing issues. (btw these switches are not even in my path from my pc to the internet, just on the same network) tomorrow I am going to try 217 again while 215 is still on the network and see if there are any issues adding that swtich. if I can do so, and there are no problems, is this an indication of a faulty switch? what further testing can I do, have I missed something in setup? If this brings the network down again, why cant i add two of these switches to each other/on the same network path (B and C were not even connected to each other yesterday evening when it went down again).
View 2 Replies
View Related
Mar 7, 2012
This switch randomly reboots throughout the day. I checked the stacks info and reported it was using crashinfo_12 (report below). I have access to the switch throughout the day if more config info needs to exported.
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(50)SE1, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2009 by Cisco Systems, Inc.
[Code].....
View 1 Replies
View Related
Mar 11, 2013
3560 is running c3560-advipservicesk9-mz.122-40.SE. The SFP (GLC-TX) has been tested in another 3560 and is recognized. Both the gi0/1 and gi 0/2 ports show the type as unknown.
Port Name Status Vlan Duplex Speed TypeGi0/1 notconnect 1 auto auto unknownGi0/2 notconnect 1 auto auto unknown
View 2 Replies
View Related
Nov 23, 2011
I need to prepare a Bill of Material for WS-C3560G-48PS-S switch.
Whether we should go for CAB-AC-JPN - AC power cord for Japan OR CAB-AC-ACE AC power cord for Europ
View 2 Replies
View Related
Nov 2, 2011
I recently removed a catalyst 2950 switch code version: c2950-i6q4l2-mz.121-13.EA1 ?I had an ASA 5505 connected as a switchport access to the 2950 on port 44. We will call the VLAN that the ASA sits on: VLAN 404. The 2950 had a trunk to our catalyst 6509 distribution switch carrying that VLAN 404. We also have a another VLAN for computers that sits on: VLAN 129, this is a standard DHCP vlan and it accounted for the rest of the switchports. The 2950 also has this trunked to our 6509 distribution switch.
Everything was working fine with that setup.After replacing the 2950 with a 3560 we started running into problems. The 3560 was configured the same exact way as the 2950. What was happening is that computers that sat on VLAN 129 started experiencing packet loss and were unable to work. It's as though the ASA was taking over the switch.
Is there a protocol that is enabled by defult on the 3560 that would do this?
View 4 Replies
View Related
Mar 4, 2012
I am having an issue with VoiP phones giving me an insufficient bandwidth message. I have three remote locations connected to our main building using 2 Mb point to point ethernet solutions through TWC. Each remote location has a Cisco WS-C3560-24PS running IOS C3560-IPBASE-M, version 12.2(25) and have the cable modems plugged into port 1 on them. The remote buildings are labeled 192.168.101.xxx, 192.168.102.xxx, and 192.168.103.xxx. There are 14-16 VoiP phones in each remote building. The main building being in the subnet of 192.168.100.xxx. I have the 3560s connecting to a single port on a 2801 in the main building, all using the subnet of 192.168.253.xxx The phone server sits in our network at 192.168.100.203. I have created the ACLs, class maps, and policy maps on all of the equipment.
For the remote buildings I have the following:
ACL
===========
Extended IP access list VOIP
permit tcp any host 192.168.100.203 dscp ef
permit tcp any host 192.168.100.203 eq 5566
[Code]....
I have put a hub in to capture traffic via Wireshark to see if DSCP flags are being appropriately marked and I do see that all VoiP packets are getting marked with as EF. However, I have been receiving phone calls from people in the remote buildings stating that their phones will cut out, flash Insufficient Bandwidth on the LCD displays and then the call will cut back in. I am wondering if the 2801 is not applying QoS with the rate-limits in mind since it is set to 100 Mb, or is it an issue with trying to take 3 remote locations and bring them down into 1 port on the 2801?
View 6 Replies
View Related
May 1, 2012
how to reset password on WS-C3560G-24TS?
View 1 Replies
View Related
Dec 10, 2011
I'm having trouble stacking a new WS-C3750X-24P with existing switches WS-C3750G-24PS ?I can see the license is on the new WS-C3750X-24P:
switch#sho lic
Index 1 Feature: ipservices
Period left: 8 weeks 4 days
License Type: Evaluation
License State: Active, Not in Use, EULA not accepted
License Priority: None
[code].....
I could put on the c3750e-ipbasek9-mz.122-55.SE1 image, but I may need to get the license sorted still, but not sure if that will work or how to add it if i got one.....
View 2 Replies
View Related
Nov 9, 2011
If you have a router with multiple direct vanilla FE (non trunked) interfaces on a switch trying to send QOS tagged packets to a wifi bridge several switches away does the trunking in the switched infrastructure mess with the qos tags if no qos is configured on the switches.
Does it depend on the switch? We have new 2960's running 12.2 and a few older 2950's running 12.1
View 1 Replies
View Related
May 1, 2013
Our enviornment includes 3560 switches and 2800 routers. We have a few remote offices using an application on TCP port 1677 that use far to much bandwidth. Our WAN provider can throttle and police this for us, if I can TAG this traffic, for example all Traffic from Florida using the Groupwise app on TCP uses TCP port 1677 and I want it tagged with CoS 3.
View 1 Replies
View Related
