cant assign cisco switch 3560G port g0/1to access vlan 10
main-switch(config-if)#switchport access vlan 10 Command rejected: Gi0/1 not a switching port.
Actually i have 7600 router and all trafic passes through Gi0/1(Routed port) interface to 6500 series switch. I need to create a vlan on this router eg. vlan 10 Any how it is possible assign a vlan to routed port and traffic of wan interfaces and the vlan traffic passed together.
View 2 Replies View RelatedWe have recently started as Internet service provider in an open metropolitan.
We use a Cisco 3560G Layer 3 switch, where we have all our vlan where we have konfiguerat ex. Switch (config) # interface vlan 150, an interface for each VLAN capabilities such as int vlan 1 - 10/10 int vlan 2 to 30/10, int vlan 3 100/10 and so on.
Our int vlan is configured as follows:
dhcp relay information trusted
ip address <x.x.x.x> <x.x.x.x>
ip helper-address <x.x.x.x>
Ports (ex. int Gigabit Ethernet 0/1) are configured as follows:
description Uplink
switchport access vlan x
[Code].....
Now the problem; we have a customer in ex. vlan 3 who needs to access a server provided by another customer in the same vlan (vlan 3), and access to each other in the same vlan is not possible. You can access the server from any other vlan, but when it comes to access to another host in the same vlan, you will not reach it.
We suspect that the energy company has configured with pvlan isolated. If we use the command ip local-proxy-arp on each vlan, it works to reach each other, but it seems that our 3560 becomes overloaded when ip local-proxy-arp is enabled and it streaming and use IP telephony it doesn't work. The response time at ping is longer and the loss of packets increase with ip local-proxy-arp enabled. The other operators in the metropolitan also uses Cisco 3560G so the hardware should be sufficient.
We have also tried to add no split-horizon, but it made no difference. How do we get around this without negative consequences? Probably need something that makes you allow to send out the same interface that it came from, because it works as long as you are in another vlan.
Since two weeks I have a problem with the VLANs who I started to configure. I hope together we find the way.I have 5 VLANS configured in a CISCO 3560G switch. In my windows server 2003 I configured DHCP scope for each VLAN.One of the requirement to connect vlans each other is to put the IP of each vlan as gateway in the clients.So, how can I do to access to internet?. The ip of my Firewall are in one of the VLAN´s.When the configuration of the LAN only had one DHCP scope the gateway was the ip of my firewall. But now i don´t know how to configure the DHCP server, or the firewall, or the switch, or all of them To get access to internet.
View 2 Replies View RelatedI'm trying to set up per vlan routing on a 3560G switch but it's not performing as I would expect. I've got a server on the 109 vlan with a 10.1.9.100 address and a default gateway of 10.1.9.1 this address is an HSRP gateway and currently resides on 10.1.9.7. When I traceroute through to my user PC on the internal network it receives a response from 10.1.9.7 However, it is then denied by an ACL on the internal firewall which has been applied to interface Eth0/0. It should arrive at the firewall on Eth0/2.109 as it has the 10.1.9.4 address.
My goal here is to route traffic on the 101 vlan to a seperate interface on the internal firewall from 109 vlan traffic. I'm either doing something wrong or these routing commands aren't designed to work in the way I'm expecting (I couldn't find any documentation on the ip route command where it is followed by different gateways for different vlans)
interface GigabitEthernet0/12
description Internal-FW Eth0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 109
switchport mode trunk(Code )
We have a 24 port and 48 port 3560 E switches with identical IOS the 48 port switch supports private vlan while 24 port switch doesnt
configure private vlans on 24 ports 3560e and is it best practise to configure private vlan on this platform(3560)?
IOS version : C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9-mz.122-55.SE3.bin
What the different between using hsrp on vlan interface and on physical port (routed port) on Cisco 3750 Switch? Wha the benefits?
View 3 Replies View RelatedWhy I cannot ping vlan when no port connect to switch.
View 3 Replies View RelatedStumped again with my Catalyst 2950. Everything is working perfectly with wan/dhcp/router on fa 0/1 with all ports assigned to vlan1. All devices plugged in connect to the router correctly with ip's being assigned via dhcp.Instead of hooking up by console port I want to be able to SSH or telnet in to the switch using any port while still maintaining the above functionallity. Is it possible to assign a dhcp assigned ip address to vlan 2 and have vlan1 and 2 bridged? Or is there a better way of doing this ?
View 3 Replies View Relatedi facing problem with my switch cisco 3560G, when it power on only System light is green and noting happen. i check with serial cable ( Console) but noting happen no booting.
View 2 Replies View RelatedWe have a Catalyst 3560G 24 port POE switch. It's been running fine for 1+ years. A few weeks ago we enabled SPAN on it to capture packets. Today, we had a random spike in CPU on the switch. Seems hardware swithing continued to work fine, but software based processes choked and effectively took down EIGRP, HSRP, etc. We collect syslogs from the router and we saw 2 crashes/reboots. Both showed the exact same error both times, with the same hex values. I **believe** the CPU usage dropped when a tech disconneted the SPAN port and it's state changed to down, but I'm not 100% sure.Could this indicate an IOS bug (I'm hoping it's not a hardware failure)? And, how to track this down to see if this could be related to SPAN? I've disabled SPAN for now.
View 3 Replies View RelatedI've a 7206VXR (NPE-G1) router. I would like to purchase a PA-GE port adaptor where I've to use a GBIC connector.
1. Is it possible to have a connection between PA-GE and a 3560G switch (4 SFP ports)? If yes, what type of cables & connectors are to be used?
2. Is there any GigabitEthernet port adaptors / modules for 7206vxr where I can connect RJ45 (cat 5) or SFP modules?
We have two 3560G-TS-E running 12.2(35)se2, configured as HSRP. Both are running ntp config "ntp peer 210.72.145.44" and it's pretty well that they get the correct time. Yesterday I upgraded the second device to IOS 12.2(58)se2 and ntp doesn't work now. I checked doc that 12.2(58)se2 runs ntp default version 4 so I change to "ntp peer 210.72.145.44 version 3" but still not work. I put here "show ntp" result for different IOS.
IOS 12.2(35)
SW01>show ntp status
Clock is synchronized, stratum 2, reference is 210.72.145.44
nominal freq is 119.2092 Hz, actual freq is 119.2022 Hz, precision is 2**18
reference time is D2EF12A5.2EB2DCB2 (15:07:17.182 GMT Wed Feb 22 2012)
clock offset is -4.6616 msec, root delay is 57.50 msec
[code]...
I have a LIII Switch Cisco 3750x ,with diffrent Vlans , Some users are in Vlan 102 (10.10.2.0) and Some Users are in Vlan1 (10.10.1.0) , now i want to restrict the Vlan102 users to access Vlan1 , i am pasting my configuration below , how to create a access list .
interface Vlan1
ip address 10.10.1.36 255.255.255.0
ip helper-address 10.10.1.36
[Code].....
Is it possible to assign 2 ports to a vlan on this switch and have the 2 machines connected to those ports be able to see each other without having to go off of the switch? If so, how would it need to be setup on the switch?
View 4 Replies View RelatedConfiguring OSPF on a catalyst 3560G Switch to connect to our building next door by way of fiber. The other two switches in the other building are running OSPF, I am trying to connect to the other building and access a server which is on a switch running OSPF. I am trying to configure the switch here to run OSPF and be able to see the neighbor, but currently can't although I've identified the networks. Maybe I'm missing something, I've followed the instructions but something is not right.
View 15 Replies View RelatedI have made a routed port on 3560G Switch and defined a pool 172.28.4.62 255.255.255.192 and connected to E1 converter RAD (4E1 to 4 FE) the E1 media is through Microwave on the other end same E1 converter is connected through layer 2 switch and defined a pool as of routed port configured in 3560G switch.
The port is generating lot of giants and after a while it also distrubs other routes ( Port1 to Port 16), configured with Vlan11 and port 22 as routed port.I have checked the routed port through wireshark the maximum frame size is 1514 and configured the MTU to 1514, giants are not showing any more but after 10 to 12 hours switch gets hang. Either to shut the port or to reload the switch to get switch and other layer routes to be normal.
I have checked speed and duplex settings same as E1 converter. Full duplex. 100 Speed. Why switch is not behaving normal. If I shutdown the routed port it is normal.
1. interface GigabitEthernet0/22
no switchport
ip address 172.28.4.62 255.255.255.192
flowcontrol receive on
end
[code]....
I have got 2 Cisco switches (3560G and a 3560X) connected by a trunk port. see config below:
3560G#sh run int gi0/26
Building configuration...
Current configuration : 130 bytes
[Code].....
I can't seem to get VLAN 79 through to the first switch (3560G). Beyond this switch there is a router with acts as default-gateway for the respective VLANs. For VLAN 79 it is 192.168.79.1. I can ping this from the first switch but can't ping it from the second (3560X) switch but can ping 192.168.25.1 which also is the default gateway for this switch.
The field engineer has a stand alone 24 port 2900 series switch that he has different equipment connected to and are segmented using VLANs. So for example, he's got ports 1-4 assigned to VLAN 10, 5-12 assigned to VLAN 20, 13-19 assigned to VLAN 30 and 20-24 assigned to VLAN 40. He would like all the gear on VLAN 30 to have the ablity to talk to all of the other VLANS, but VLAN 40 should not be allowed to talk with any other VLAN. Trunking would do no good here since the switch isn't connected to anything and you can only assign one VLAN per port.
Is there a way to do this within the stand alone switch? The only possible way I could think of would be to ensure that each VLAN has an assigned IP number (subnet) and doing this through access lists.
I have two 3560G 24 port switches. Each of them connects to some 3560G or 2950 switches. Trunks between 3560G are set as 1000/full. Trunks between 3560G and 2950 are set as 100/full. show int status also shows the interface negotiation is 100/full for trunks between 3560G and 2950. The issue is I keep getting outdiscard errors in trunks between 3560G and 2950. At 2950 switches, I see Recv-errors too. I checked all the trunks traffic. They are totally not high. Only serveal mbps. Most time even lower than 1mbps.
I googled this kind of issue online. I see it could be possibly caused by high volume traffic higher than the capacity. But it appears the traffic there is not high enough to cause this kind of issue. Is there any possiblity that could cause this problem?
The below is 3560G trunk configuration for 2950 switch
interface GigabitEthernet0/10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-122,124-4094 switchport mode trunk speed 100 duplex full srr-queue bandwidth share 10 10 60 20 queue-set 2 priority-queue out mls qos trust cos auto qos voip trust
the trunk configuration at 2950 switch: interface FastEthernet0/24 switchport trunk allowed vlan 1-122,124-4094 speed 100 duplex full
I have been working on some Catalyst 3750's running 12.2(55)SE6 and hit an issue with CEF load-balancing over multiple equal-cost paths. Anyway this issue is now solved but it introduced me to the command 'show platform forward' - this shows you how the forwarding of a packet would be done via hardware cef (as opposed to the command 'sho ip cef exact-route' command that only shows the software cef path). Anyway I tried the command on a 3560G running 15.0(2)SE and it crashes the switch. I tried it a couple of times and verified that the MAC & IP addresses were exactly right in the command and each time the switch crashes. I have extracted the relevant bits from the crashinfo and attached them.
View 3 Replies View RelatedI'm new to networking and was looking for some assistance. First off im using packet tracer to diagram my senario as I will be receiving my equipment next week to deploy.
Hardware to be used:
1. 2 catalyst 3560 switches
2. all connect to a sonic wall router
I have two companies that work in the same office space. I need to keep these companies seperate on their own vlan. They will however need to share the phone system.(Packet tracer file uploaded to give those who have the time to see what I put together.) [code]
is it possible to assign a loopback address to a typical switch port on a 2950 switch? I want to be able to have some devices connected to a switch to test access lists and VLANs.
View 3 Replies View RelatedI'm Confused from the fact that Vlan tagging is done at access port and trunk port always gets tagged packets (untill its case of native vlan).But I still believe in other fact which says tagging happen only when a frame hit the trunk port which means trunk port gets untagged frame and tagging is not possible at access port.
Would like to know where actually this tagging happens ?
and also which command we can use to encapsulate 802.1q protocol to access port ? The way we do at trunk port is #switchport trunk encapsulation dot1q Is the above command applicable for access mode also?
I have three VLANS set up on my Catalyst 3560G switch. Each VLAN has its own subnet and I have enabled IP routing and set up my VLANS so that clients on VLANS 1 and 3 can get to VLAN 2 because they share a server located on VLAN 2. However, now they can also see and get to each others VLANS! How I can allow my clients on VLANS 1 and 3 access a server on VLAN 2 but not access the other VLANS? I don't want VLAN 1 to get to VLAN 3 or VLAN 3 to get to VLAN 1.
View 17 Replies View RelatedI have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
I am trying to configure a 3500XL switch (and I know its old). I get to the int fa 0/1 line and thats where it all stops working.
switch#(config-if)#switch port mode access
switch#copy run start
or
switch#(config-if)#switch port mode access
switch#sh run int fa 0/1
It will show the configuration for port fa 0/1 as if I hadn't entered the "switch port mode access" command. Or any other command for that matter. Why the switch is not holding configuration and seemingly loses it as soon as you exit out of each interface?
Can i configure access ports into port channel on Nexus 7K switch.If possible then provide the complete configuration.....
View 2 Replies View Relatedrecently i just connected a non cisco ip phone(from panasonic) to Cisco 2960 POE switch at site A. The PABX system is located at site B,Site A and site B are connected using MetroE Point to point.I would like to apply QoS for voice vlan. I want to assign 2MB to the point to point connection for voice vlan.
View 3 Replies View RelatedI'm getting this error message on syslog server (Kiwi syslog)access-list logging rate-limited or missed XXXX packets i did the following commands but still I'm getting the error :logging buffered 16386 debugginglogging rate-limit all 5000no logging consoleno logging monitorip access-list logging interval 30000ip access-list log-update threshold 30000 i don't want to report to the console or monitor i want to report direct to syslog server, because I'm monitoring all the traffic (permit ip any any log) !
View 2 Replies View RelatedI am trying to harden my Nexus box and I am not able to ACL assigment command. Following are the commands I am trying to add.
interface cmp-mgmt module 5
Ip access-group NETWORK_MANAGEMENT_ACCESS in
On the supervisor card of a cisco 6500 series, according to the following link, [URL] it only has 2 uplink ports on the card. Would I be correct in assuming that I only have those to ports that I can configure IP addresses on?
The cisco that is being devlivere is coming with a 48 port switch and 24 port fibre switch. Could I change any of those ports into a router port and configure IP addresses on those?
The supervisor card is a ws-sup-720-3b the 48 port switch is a ws-x6748-ge-tx the 24 port fibre switch is ws-x6724-sfp
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
