i am facing a problem when the client vlan is commmunicating with the default gateway on the core 3750-x.
ios in 3750-x core is 3750e-universalk9-mz.150-2.SE.bin. But, client to client communication is happening without any dealy and icmp is less than 1 ms always.
When try to ping default gateway of client vlan, it is getting delayed (variable icmp delays). Is this an ios bug?
I had setup a lan infrastructure with 5 3750 stack swithes. In these 3 of them are in one stack which is acting as access switch, 2 of them in another stack which is as core switch where all the SVI is configured. Now, when i tried to ping from our edge pc which is connected in access switch to default gaeway, which is configured in core switch, the ICMP is getting delayed . But when try to ping from the same edge pc to another user PC, it is getting less tahn 1 millisecond icmp replies.
why icmp is delaying to default gateway , but working with another edge to edge pcs without any delays?
Using Network Assistant in XP, plugged ethernet cable to first front port and keep getting "Failed to get Default Gateway. Check your security settings to make sure the current Java Virtual Machine is not prevented from running commands.", I have tried reducing secruity to nothing but I still get the same problem.
I also have an official cisco console cable and tried that, but Hyperterminal just does not pick it up when plugged in. I have left the IP dynamic, turned off all netowork adapters apart from ethernet, set the baud rate etc... correctly, still no joy.
We have a Cisco Catalyst 4506 running: "Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA14, RELEASE SOFTWARE (fc1)" I have configured the default gateway as: ip default-gateway X.Y.116.65, However, when I do, "show ip route", it only shows the 3 connected networks and states "Gateway of last resort is not set". The Command "ip classless" is not set. I read on some blogs that this might explain the issue. However, when I go into config mode (config t), I get the following output.
View 9 Replies View RelatedWe have two catalyst 3560 switches running c3560-ipbasek9-mz.122-58.SE2.bin They are connected using etherchannel using gi 0/21 - 24 interfaces.
on 3560-1 switch, there isn't any ip-default gateway or ip route configured. It only have 1 interface vlan configured.
on 3560-2 switch, there is ip default gateway configured along with 1 interface vlan.
What i dont understand here is that, i can reach out to other subnets from 3560-1 switch in which the routing is not enabled?
This would probably sound like a stupid question but it took at least 2 hours of my time so far. I have a 3750 switch where a router and a server is connected. From the switch I can ping the router and server with no issue (directely connected). But from the server I am not able to ping the router. The router and the server are in the same subnet. The router is configured as the default router for the server. I am not able to ping the server from the router either. Here's the output of the ip route from the router. The server IP address is 10.1.200.21 and the router IP address is 10.10.200.1
10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
C 10.1.30.0/24 is directly connected, FastEthernet0/0.30
C 10.1.20.0/24 is directly connected, FastEthernet0/0.20
[Code].....
I have a bit of a mystery on my hands. I had a whole campus of Cisco 3750's cache a new default gateway. Example
Cisco3750#sh ip redirects Default gateway is 10.10.10.1
Host Gateway Last Use Total Uses Interface172.16.0.5 10.10.101.179 0:00 185749 Vlan1172.16.0.76 10.10.101.179 0:01 47254 Vlan1192.168.0.154 10.10.101.179 0:00 183090 Vlan1
My question is what generates a IP Redirect packet or how does the switch know what to change the gateway to? As in my case the changed gateway was a dead IP address. So I am at lose how this happened. I this case the Host IP's are network management servers conducting polling.
We have a 6509 series of core switches and 3750 series of L2 switches, There is no default gateway or any static routes to any IP.VLAN 1 is made admin down and another vlan is used for all communication here in this environment
Attached is configuration for reference But still I am able to take telnet or SSH. I want to know how telnet or SSH or tacacs authentication happens without any static or default route.
I have a working BGP session established. With "debug ip bgp events" I see many (2/3 every second) messages like this:
*Jul 23 11:23:48.773: BGP: default originate timer at max delay of 64 sec
*Jul 23 11:23:48.997: BGP: default originate timer at max delay of 64 sec
I can find nothing about this message. IOS version is 12.4(24)T and platform is Cisco 2811
I have set up an ACL on my 3750 switch to deny icmp from PC A on our inside network to PC B on a different VLAN on our inside network using the following ACLs:
deny icmp host 10.1.17.15 host 10.3.10.4
deny icmp host 10.3.10.4 host 10.1.17.15
-- or --
deny icmp host 10.1.17.15 host 10.3.10.4 echo-replydeny icmp host 10.3.10.4 host 10.1.17.15 echo-reply
These ACLs belong to an access-list that also limits ip traffic to a few specific machines.When I try pinging from PC A I receive a reply message back from PC B. Shouldn't this configuration block any ICMP from PC A to PC B and from PC B to PC A? I would have expected the first ACL statement to block any packets associated with ICMP and when that didn't work I tried the second configuration.
Need to clarify if ip sla icmp echo operation is supported in catalyst 3kx switches (ip services)? on the configuration guide, commands are available, but on the feature navigator, i can't find the feature, only ip sla video operation. i don't have a device to test on here.
View 2 Replies View RelatedAmazed I cannot find this in any documentation but I want to know the default aging timer for ICMP redirects on a 3750 switch running at layer 2.
View 10 Replies View Relatedimagine I want to make VLAN200 workstations communicate like the show in the attachment. What would be the default gateway to be configured in the workstation? If I configure 192.168.1.1 as the default gateway (R1 interface fa0/0) is this right?That could be possible because the switch should be configured with command "ip default-gateway 192.168.1.1"?
View 4 Replies View RelatedI have two ISPs. Each is on it's own subnet connected to the 6509 MSFC/Switch. FW1 is on 100.1.100.0/30 and FW2 is on 200.1.200.0/30 subnet. My goal is route all traffice going to the Internet from subnet 10.133.3.0/24 to FW1 and all other subnets across the organization to FW2. I am not sure if I need to use ACL / Static route combo, or just a static routes or ACLS?
View 5 Replies View RelatedI have a Cisco 2960 ( WS-C2960-8TC-S) running 12.2(46)SE C2960-LANLITEK9-M image.I would like to set an ip route 0.0.0.0 0.0.0.0 87.101.156.97 but the current image does not allow.Will ip default-gateway 87.101.156.97 work or do I need ip routing ?The ISP has provided a /30 address and we are using an additional /29 for our network devices. I dont think this image can be upgraded. I need to forward routes directly out to ISP. [code]
View 5 Replies View RelatedI have a 3500 XL switch with the following default gate IP address that i need to clear from the switch but not quite shore how to remove it.
I've removed the customer original Ip for security reason as this is an open discussion forum and just replaced with 1.1.1.1
switch#show ru
Building configuration...
Current configuration:
!
[Code].....
I have created two vlans, vlan 1 data and vlan 200 voice. the issue is that when an on one vlan i cannot ping the default gateway of the othe vlan from my PC. An using sge 2010p switches.
below is my configuration
p route 0.0.0.0 0.0.0.0 192.168.0.1
ip dhcp relay address 192.168.0.100
ip dhcp relay enable
ip dhcp information option
interface vlan 1
ip dhcp relay enable(code )
I'm trying to configure an IPSEC VPN + tunnel for multicast data. When the default gateway is set on the router (1841) it works fine but if I only set a route to the IPSEC peer via our gateway then the tunnel fails to come up. The end point is to a 3rd party. [code]
I found that if I add a static route for the tunnel destination via fa0/0, the public facing interface, the tunnel comes up..ip route 10.23.4.2 255. 255. 255. 255 FastEthernet0/0
and I can then ping the tunnel IP at the far end - 10.23.0.5.Why would that be? Is there a better way to do this without using a default route??
I have a design hurdle that I cannot seem to cross. I have two sites and I need the same VLAN to span both sites. I have accomplished this using L2TP but my issue is that I can no longer assign a gateway for this VLAN on the router. The 2 routers are 2821's and are connected with a dedicated fiber run.
Ant recommendation for how this could be accomplished? It would be great if I could have the same gateway at both sites by leveraging some sort of bridged interface (BVI so I've heard) but I am at a loss as to where I should start with this. Also, this is not the only VLAN that needs to traverse the link.
Recently we observed that newly installed WS-C3560CG-8PC access switches are able to communicate without a default route or default gateway.The 3650 switches are used as a layer2 access switch behind a layer3 distribution/core. They have only the management VLAN configured for IP with a single address.
The ARP table looks like there is an implicit proxy-ARP request sent for any IP address.
We definitely have no configuration whatsoever which would explain this.
Is this a new feature? We don't observe that with the older 2960-series...
Here is a brief trace of what's happening (debug arp):
host41#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Sep 20 14:44:06.706: IP ARP: sent req src 10.1.8.41 1833.9dc9.wxyz,
dst 1.1.1.1 0000.0000.0000 Vlan1
Sep 20 14:44:06.711: IP ARP: rcvd rep src 1.1.1.1 2c54.2dd3.wxyz, dst 10.1.8.41 Vlan1..
[code]....
The mac address if of course the mac address of the layer 3 interfaces of the distribution switch, no surprise here (proxy ARP is turned on by default).
Why is the 3560 sending out proxy arp requests without being told to? As far as I understood proxy ARP on Cisco IOS it only means it will reply to a proxy ARP request but will not send out proxy ARP requests by default.
I have a 3560G and an ASA FW, for which I am trying to use PBR to append the next hop. The gateway is the switch VLAN address and the amended net hop is the same VLAN interface on the ASA. Trouble is, I can ping the FW from a client, but not the switch. If I remove the route map, I can ping both. Even more strange is this is the case for some VLANs, but not all!
Config:
HOST ON VLAN 96
IP 10.11.120.99
S/M 255.255.255.240
[Code].....
We have two MPLS circuits managed by two different suppliers, one carries VOICE the other DATAWe are to decommision the VOICE MPLS and have increased the bandwith of the DATA MPLS to carry VoIP traffic too.
At both of our sites A & B ,devices connected to the LAN have a default gateway of the VOICE providers Cisco 2600 router , which then goes into the LAN switching. (see diagram)So what I am trying to achieve is toto simply replace these 2600 routers from the VOICE MPLS provider with our own so we dont have to change the default gateways at both sites.
Testing
Our Cisco 2600 routes are plugged into each LAN switching environment with two subinterfaces configured, one for voip and the other for dataThe problem is from the router and respective subinterfaces we can get to the other sites destination without any issue, but if for example a user is at site A with Ip address 10.16.11.12/16 they cant ping the VOIP subnet at site B 10.3.11.0/24. But If a ping is issue from the Site A test router then the 10.3.11.0/24 subnet is reachable but only on the 10.3.12.0/24 configured subinterface.So i guess what Im saying is 10.16.0.0/16 from the LAN needs to be able to get to 10.3.11.0/24Note at site A 10.16.0.0/16 & 10.3.12.0/24 can communicate no problem and at site B 10.207.0.0/16 & 10.3.11.0/24 can communicate no problem.We are using IP routing, should we be using route-maps?
I just checked that PBR with setting ip default next-hop is not available on cat 3750. Any other way to do dual-homing ISP without this feature?
View 10 Replies View RelatedA check out a network segment and want to know why SwA has a static route to SwB if SwA already has a Default GW to Core?
(SwA, SwB - Catalyst3560, Core - Catalyst4948)Note, there are distribute list on SwA - it does not has any OSPF route (exclude O*IA).
Does this mean when SwA send out packet with DA 10.5.64.0/26, Core will use only L2 switching (instead of L3)? Is this more effectively for Core Switch?
Pleace check my reasoning:
1. When use a static route: SwA receive packet from Vlan 20 with DA 10.5.64.0/26 it will strip out Dest. MAC and replace it with MAC of SwB. Core will switch this packet to SwB based on mac add. table (l2 switching)
2. When SwA has only Default gateway and receive packet from Vlan20 with DA 10.5.64.0/26 it replace Dest. MAC with Core MAC. Core receive this packet, lookup route table for 10.5.64.0 entry and forward packet base on this.
4500 switch is connected to 2960 switch.
4500 config
Vlan 10
name Data
It has ip helper configured that points to DHCP.From 4500 switch port - port x connects to 2960 port.Port x is configured as trunk between 4500 and 2960.
2960 config
vlan 10
name data
All user ports are configured under vlan 10 and as access ports.Port x is trunk port connected frpm 2960 to 4500 switch allowing vlan 1 and 10 only.This switch has no default gateway configured.
We connected user PC on 2960 switchports and they were able to get the IP from DHCP server and were able to access the network? My question is how users on 2960 switch are able to access the network without ip default-gateway configured on 2960 switch?
I gave one of my interfaces a IPv6 address the other day and now all of my servers have IPv6 addresses in that subnet.
I'm reading about "ipv6 nd suppress-ra" and I think that's what I need to disable but that's not a valid command on the 3750.
Is there a way to disable this 'automatic IP giving out' thing that I have going on?
I'm running into what seems a basic ip routing config problem with a Catalyst 3750 (IP Base) switch. I have several VLANS configured on the switch with IP routing enabled, and the switch is connected to the inside interace of a new ASA 5520 as follows:
ASA5520 IP (Default gateway): 192.168.1.1Switchport Gi1/0/1 is configured as a routed port, IP address 192.168.1.3 255.255.255.0Example VLAN is VLAN 100, IP address 192.168.100.1 255.255.252.0 From the switch CLI, I can ping all VLAN addresses, as well as the ASA5520, and the client laptop I'm testing with from VLAN 100.
From the client laptop on VLAN 100, I can ping all switch interface and VLAN addresses (inter-VLAN routing is working), including 192.168.1.3, but I CANNOT ping the default gateway at 192.168.1.1.
Here is the relevant configuration information on the 3750:
!
no aaa new-model
switch 1 provision ws-c3750x-24
system mtu routing 1500
[Code]....
have 3 Catalyst 3750 in same stack, the IOS version is 12.2(53)SE2. Today we can not telnet/ssh to this switch, but ping is ok, and switch function is ok. I try to access the console port, it show "low on memory, try again later". After I reboot the master switch in the stack, the master switch change to another switch, then I can telnet/ssh to this switch. I check the Ciscoworks server syslog report, there are many MAC address flapping error message, and I beleive the MAC address flapping occured before several weeks. ( the G2/0/15 & G3/0/15 is connect to a VMware ESX server and the EtherChannel config mismatch with this Catalyst 3750 switch ) How to mention the root cause of the "low on memory" problem and what is the abnormal memory usage ( free memory percentage below ?% )?
View 5 Replies View Relatedmy Catalyst 3750 switch. Following a power cut the switch no longer boots up. The SYST light flashed green but no POST checks are made. I cannot see any boot messages from the console port either. The switch was on a UPS but some thing may have damaged the switch.
View 7 Replies View RelatedThere is a requirement to configure tacacs and radius on catalyst 3750X (version 15.0) where two vrf exist.Is therer a solution to configure "tacacs-server,host x.x.x.x vrf yyy" ?? I know it is possible to configure under the "aaa group server radius xxx" the command "ip vrf forwarding yyy".Is there anything else for the tacacs-server and radius-server command?
View 2 Replies View RelatedIs is correct that vlan's exceeding 128 runs without spanning-tree.?
View 7 Replies View RelatedI have Catalyst 3750. and 2 ISPs
I wanted to use, let say on port5 of Catalyst 3750 only 2nd the ISP will route to this port.
The rest is pointed to the 1st ISP.
Im thinking of using VLAN..
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
View 2 Replies View Related
