Is it possible to assign 2 ports to a vlan on this switch and have the 2 machines connected to those ports be able to see each other without having to go off of the switch? If so, how would it need to be setup on the switch?
View 4 RepliesWhy I got below error message when config Private VLAN?
Error: while enabling/disabling service: private-vlan, err: Private-vlan is not allowed in F2 VDC (0x40e4005d)
Stumped again with my Catalyst 2950. Everything is working perfectly with wan/dhcp/router on fa 0/1 with all ports assigned to vlan1. All devices plugged in connect to the router correctly with ip's being assigned via dhcp.Instead of hooking up by console port I want to be able to SSH or telnet in to the switch using any port while still maintaining the above functionallity. Is it possible to assign a dhcp assigned ip address to vlan 2 and have vlan1 and 2 bridged? Or is there a better way of doing this ?
View 3 Replies View RelatedActually i have 7600 router and all trafic passes through Gi0/1(Routed port) interface to 6500 series switch. I need to create a vlan on this router eg. vlan 10 Any how it is possible assign a vlan to routed port and traffic of wan interfaces and the vlan traffic passed together.
View 2 Replies View RelatedWe need to connect several DSLAMs on the 4900 switch, every DSLAM has 4 VLANs configured (VOIP service, MGMT, ADSL Private, ADSL Public), and sends the traffic for each service tagged with appropriate VLAN id according to the table:
VOIP: 608
MGMT: 594
ADSL PRIVATE: 2900
ADSL PUBLIC: 2930
On the DSLAM side it is very simple configuration, just a normal trunk with 4 VLANs transversing the link. On the 4900 I need to isolate the traffic for ADSL PRIVATE & PUBLIC service so DSLAMs connected to the same switch do not have L2 connectivity between them. For VOIP and MGMT they must communicate with each other. DSLAM acts also as a VOIP GW so it must communicate with other DSLAMs for VOIP service. Also VLAN 200 is configured on ME 4900 for switch management traffic.
This 4900 Switch connects to MPLS PE router, which offers L3 VPN service for VOIP & MGMT service, and L2 VPN for ADSL service (PPPoE traffic to BRAS). Fortunately we have ES+ linecard to support many ethernet features. I tried this config:
1) VOIP, DSLAM-MGMT, MPLS-MGMT configured as normal VLANs
2) ADSL PUBLIC & PRIVATE configured as isolated secondary VLANs, primary VLAN for ADSL PRIVATE is 2008, for PUBLIC 2308
3) Configure DSLAM facing ports on ME 4900 as private-vlan trunks
4) Configure ME 4900 uplink port to MPLS PE as a private-vlan promiscous trunk
5) Configure ethernet services on MPLS PE for each tag that comes from ME 4900 (ES+ cards are awesome, i love them:D )
6) Apply L3 VPN service for VOIP and DSLAM-MGMT, and L2 VPN for ADSL service.
But at least this last command should list on spanning tree forwarding state also the ADSL VLANs or not?
Here is the output of the show interface switchport.
I have 2960 cisco switch. I want to configure private vlan. But it is not getting configured in cisco 2960. Is there any other way to configure that in switch.
View 1 Replies View RelatedI have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports - and I tried to implement this setup: [code]
The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.
the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct .We are running NXOS: [code]
know if Private Vlans are supported on the Cisco 4900m switch when set in VTP version 3 and VTP disabled?Most documents just specify VTY transparent mode without mentioning the version, trying not to assume since this is production.
View 1 Replies View RelatedI have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
View 2 Replies View Relatedcant assign cisco switch 3560G port g0/1to access vlan 10
main-switch(config-if)#switchport access vlan 10 Command rejected: Gi0/1 not a switching port.
Having problem pinging from Host A on ESX1 to Host B on ESX2. Each host are assigned the same port-profile. If I put 2 host's on the same ESX machine using the same port-profile, they are able to ping each other.
n1kv-vsm# sh port-profile name xxx-prod-40port-profile xxx-prod-40 description: type: vethernet status: enabled capability l3control: no pinning control-vlan: - pinning packet-vlan: - system vlans: 1 port-group: xxxl-prod-40 max ports: 32 inherit: config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown evaluated config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown assigned interfaces: Vethernet3 Vethernet4
System-uplink profile is trunking all vlans.
We have a 24 port and 48 port 3560 E switches with identical IOS the 48 port switch supports private vlan while 24 port switch doesnt
configure private vlans on 24 ports 3560e and is it best practise to configure private vlan on this platform(3560)?
IOS version : C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9-mz.122-55.SE3.bin
I have defined a trunk between a nexus 5k and cat 3750 as a pvlan trunk - now I would like to add redundance and performance and tried to establish a vpc between my par of nexus's and the 3750 stack - but the nexus tell me that the port-channel doesn't support pvlan's - and then - ehh - do I get any benefits of running the trunk as a pvlan trunk at all?
interface Ethernet1/4
switchport mode trunk
speed 1000
switchport private-vlan trunk allowed vlan 550-552
switchport private-vlan mapping trunk 550 551-552
[code]...
I'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
1. Private vlan mapping on the SVI;
2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
3. All Vlans are trunked between switches
4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration.
I am looking into the possibility of using private vlan's for some dmz implementations however I do have what may be some very rudimentary questions. It seems straightforward how to configure the primary/secondary vlan configuration as well as associating them. However in my case I would be looking to configure the PVLAN on a 6500-vss platform acting as the router while all of the hosts which I would desire to have in the isolated vlan would be spread out across a number of older Cisco switches which only support "protected port" setup or Procurve switches all of which I do not have budget to replace with something newer. So in my scenario I would have a 6500 connected by trunk to multiple switches which only support a protected port setup such as a Procurve (top of rack) or a Cisco 2950. As the Procurve or 2950 would not support Private VLAN setup, do I then just configure the secondary vlan to be allowed across the trunk from the 6500, configure that vlan on the Procurve or 2950 (as vtp will not foward the info for the secondary vlan) and assign that vlan to the host port as well as setting it as a protected port and this will communicate just fine across the trunk to the router as well as stopping the protected port in top of rack switch 1 from being able to communicate to a protected port in top of rack 2,3,etc? If the above scenario is what needs to be done, do I just use a regular trunk or do I have to use a PVLAN trunk?
View 2 Replies View RelatedIs it possible to assign a name to your private network so I dont have to type the ip address and port # each time?
View 5 Replies View Relatedrecently i just connected a non cisco ip phone(from panasonic) to Cisco 2960 POE switch at site A. The PABX system is located at site B,Site A and site B are connected using MetroE Point to point.I would like to apply QoS for voice vlan. I want to assign 2MB to the point to point connection for voice vlan.
View 3 Replies View RelatedNew to Cisco and want to know if I can segment a port. I have two v lans. I have one internet connection at the opposite end of the building. Can the port the internet is connected to serve both V lans?
View 6 Replies View RelatedI have two questions for a Cisco 2960 (WS-C2960-24TC-L)
1. I am working to setup a few Cisco 2960 switches for HP iLO access to our servers. We are going to segregate the iLO network (VLAN 40) from the data network (VLAN 10) by using a different VLAN. All of the HP servers will be configured with static addresses. My question is, how do I set all the ports to VLAN 40 so that untagged devices will automatically go onto VLAN 40? I don't want to have to configure the VLAN on each iLO port on the server. I tried to set the port to: "switchport trunk native vlan 40", but that didn't work.
2. Also, how do you access the web GUI for these switches? I get a login box, but putting in the enable password doesn't work. I have the following commands in the config: [code]
ARP broadcasts not reaching all VLAN ports on 3550
Cisco 3550, interface Vlan9
ip address 1.1.1.1 255.255.255.240 secondary
ip address 3.3.3.3 255.255.255.240
[Code].....
I’m working with a managed switch that has three V LANs setup on it. Recently the domain changed and the wireless V LAN can no longer access the internal website. I found access rules, in the switch that allowed the wireless V LAN to use the DNS server on the private/staff V LAN. Their DHCP scope is on the switch and DNS is set there. The Website is also on the V LAN with the DNS server. This configuration totally cuts out external DNS usage. It stopped working though. It is as if when things switched on the Domain the wireless users were denied DNS requests. The switch was not touched at that time. I’m looking at it though and it seems that I may have conflicting rules.
The version is 12.2. I believe its a Catalyst 2600~
DHCP scopes: ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.6 192.168.1.4 domain-name saline.lib.mi.us
ip dhcp pool WIRELESS
network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 192.168.1.6 192.168.1.4
Here is the V LAN Setup:
Interface Vlan1
ip address 192.168.1.1 255.255.255.0
[code]...
Here are two access lists that should be allowing the traffic from 172.16.0.0 into the list IPs/Ports. These do no work.
ip access-list extended WIRELESS-PRINT
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 30044
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 21326
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 6987
[code]...
During my testing I removed the Deny rule and everything worked. deny ip 172.16.0.0 0.0.0.255 192.168.1.0 0.0.0.255
However, the “ permit ip any any “ rule, makes all the port rules pointless because when this rule is in place solo, I can ping and access everything on the 192.168.1.0 network. Is there a way to deny everything, except what I permit? Because when I remove the ip any any, then they cant even get out. Perhaps there a better way to say, the wireless users can get out but only get into the sub net over specific ports? I have a feeling it may have not be thought out entirely when initially created. However, the big mystery is that it worked before secondary domain controller failed.
At present we are having a 4900 series switch where we are running one monitor session.Additionaly we are in need of capturing VLAN traffic and set the destination to 2 * GE ports , both are in the same switch.Due to the limitation of two monitor sessions per switch , we thought of putting the destination ports as port channel but it looks like it is not supported.
View 1 Replies View RelatedI have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
Could I use DHCP for wireless connection and assign private IP for PC for wire connection ?Will it conflict to each other ?
View 3 Replies View Relatedit is possible to let cat3750 or 2960 ports which only allow machine on network which it use dhcp, not static ip? if so, how to configure it?
View 8 Replies View RelatedWe have a 2960 switch which is connected to the core via a VLAN trunk. We have disabled broadcast port suppression but, the 2960 is shutting is shutting 2 ports down on the network and this looks like excessive braodcast. How and why would the switch start dropping traffic when the default is don't do anything? It had to be rebooted to get the port active again
View 1 Replies View RelatedI need the conception of the local network for my company. I have seen the sg300 switch that can be good for me (excuse my bad english, i am french). I have 12 servers (database + file servers) that i want to plug on the sg300 20 ports. I want to plug on it 3 switch sg300 52 ports that contains ipphone, desktops and printers. (about 70 users)
View 4 Replies View RelatedI have to configure failover Active/Standby on my ASA 5510.I am wondering how i could do for the outside interface, i mean, actually the ASA1 outside interface is linked directly to our Internet router.So now if i have to add ASA2 connecting to that router i will need a switch between them.I have already a switch for DMZ & LAN.The thing is that i will have to allow 3 switchs ports to communicate with each others.
- 1 for ASA1--outside
- 1 for ASA2--outside
- 1 for Internet router
How could i isolate these 3 ports to make them communicate alone ? Should i use VLAN for that ?And if i use VLAN, will this require to make any change of configuration on my firewalls (ASA1 & ASA2) outside interface ?I am a bit lost with this, if i am correct i will not have to do some "vlan tagging" on the firewall itself ?
Adding a vlan 820 to existing port channel trunk which currently allows many vlans. What is the best way to add vlan820 with least impact to network. Portchannels from 6513 core with IOS to Nexus 5k,Copy existing vlans, add 820 and paste under: switchport trunk allowed vlan 1,2,5,12,20,820
View 6 Replies View RelatedWas just wondering if we can segregate users using subnets and not vlans in cisco switches? We have few groups we want to segregate onto different subnets, but don't want to use Vlans. Apparently I have been told that vlans do way too much packet processing and slows the network.
we are working on a school network. Want to segregate staff/students/admin.Further segregate students by year levels. This means if we were to use vlans we would have around 15 vlans. will it slow the network? (thats what I have been told and i dont agree to it). How to implement this topology without vlans and by just using subnets.PS: we use Juniper EX4200 (layer3), Juniper EX2200 x15,H3C 3100 x16 and cisco 2600 x1 switches on campus.
I have problems in my Cisco network until I connected some Moxa devices.This Moxa are models EDS-316 and EDS-208
My principal trouble is the traffic UDP. Suddently the network don't permit the traffic UDP in VLAN where are connected Moxa devices.
During an hour the Moxa can send TCP traffic, but can't send UDP. If a Moxa device is unplugged from network, all devices connected to him can work offile from principal network, but if I plugg again the Moxa is like disable.
After one hour (more or less) the system restart all functions and work fine.I catch the logs from TXerrorsInPorts and all the ports where is connected a Moxa have errors all time.
I don't know which is the problem, but I think that problem is in negotiation from Moxa to Cisco.This is the configuration from a port where is connected a Moxa: [code]
we have an heterogeneous network with Cisco devices (6509-E, 3750G and 3560) and Alcatel 6850 devices. We have to enable a PTP Wifi line as a backup for the fiber line between two buildings. For this purpose, we have connected a wifi device to GigabitEthernet 0/47 of SWIHGJ1 and configured it as: [code]
View 2 Replies View RelatedWe have Nexus 7k running as my core with a 6500 manageing my server farm and IP services servers (call manager, IPTV ...)My edge switch are 4500s. We currently have RIP2 running between and the switchs and each 4500 is managing its own VLANs.The IPTV uses IGMP snooping and multicasting to broadcast the video feed. The problem that came up is that the we cannot configure a gatewar for the setup boxs for the IPTV system. They will only work on a single VLAN and they are spread all over the network.Can we configure only this VLAN to be propagated over our RIP network???
View 2 Replies View Related