I need to setup a vlan between the 6509 and 2621 router. This needs to be a VLAN (200) the runs between the devices that uses DOT1Q trunking. The end result is all the networks (vlans) on the 6509 can talk to the LAN on the 2600 (10.133.22.0 / 23) and visa versa.
Device 1
6509 with CatOS / IOS
Config I did on the MSFC:
Interface Vlan 200
ip address 10.10.10.1 255.255.255.248
[code]....
Setup is like this: Poly com IP phones -> Cisco 2960 switches -> Cisco 2621XM router running 12.28(r). A Windows 2003 server running on HP Proliant DL380 G4 with the correct DHCP scope is configured for the IP phones, also sitting on a Cisco 2960 switch.
A typical port config on the 2960 is:
interface FastEthernet0/1
switchport mode access
switchport voice vlan 60
mls qos trust cos
auto qos voip trust
spanning-tree portfast
spanning-tree bpduguard enable
Relevant section of the config on the 2621XM router:
interface FastEthernet0/0
no ip address
no ip redirects
no ip proxy-arp
ip pim sparse-dense-mode
[Code] .......
This used to work on a Windows 2000 server which sat on different piece of hardware, but stopped immediately after the migration to Windows 2003 server was done. There was no change on the router or switches prior to or after the server migration. I see DHCP server log on the 2003 server giving DHCP NACK because the phones are apparently asking for IP's in the data VLAN.
I have a Cisco 3845 Integrated Service Router and I have installed a Service Module. I want to use the integrated Gigabit ports as switch ports and put ports in the Service Module and Gigabit port in a VLAN.
Is this possible? can it be done by setting internal Gigabit link as trunk and how? Below is the somewhat the setup i am looking for
Service module
fa0/1 |
fa0/2 | Vlan X
fa0/3 |
[Code]....
We backup the running config on the 6509 does it also backup the vlan.dat as well?I tried command dir/all and just dir but did not see the vlan.dat listed
View 6 Replies View RelatedI have a Cisco 6509 connected (gig3/17) to a Cisco 3560 G switch (Gig 0/28). The 3560 switch Gig 0/26)is connected to a distribution switch on another network. The ip address on my 6500 is 10.120.11.244 255.255.252.0 and the ip address on my 3560 is 10.120.11.211. The ip address given to me by the other network is 10.162.20.10 255.255.255.252. How do I configure the new vlan in this situation and the ip address given to me.
View 4 Replies View RelatedI would like to ask you if it's possibile to block routing between some Vlan for just once of them.
Maybe I can explain better:
I've got a Cisco 6509 with 4 configured vlan interfaces
Int Vlan 10 10.10.1.0/24
Int Vlan 20 10.10.2.0/24
Int Vlan 30 10.10.3.0/24
Int Vlan 40 10.10.4.0/24
Vlan "10" is the phone voip Vlan and it must not talk with the others Vlan. The others Vlan can comunicate normally except with Vlan "10".
Pratically Vlan "10" needs to be isolated from the others.
This equirement comes becouse Vlan 10 is wireless and has the WEP key encryption (very weak protocol). Some Phone couldn't support the WPA2 key and I need to avoid an unauthorized external client, cracking the WEP key and connecting to this WiFi, could have free access to the others Vlan.
After a abrupt power cylce of 6509 switch, vlan configuration got missing. Switch has not crashed.
View 4 Replies View Relatedwe have an heterogeneous network with Cisco devices (6509-E, 3750G and 3560) and Alcatel 6850 devices. We have to enable a PTP Wifi line as a backup for the fiber line between two buildings. For this purpose, we have connected a wifi device to GigabitEthernet 0/47 of SWIHGJ1 and configured it as: [code]
View 2 Replies View RelatedWe have a pair Cisco 6509 switch in which 2 * 48 Port 1G line cards and 1 * 16 Port 10G line Card, FWSM and Sup 720 are installed.We have Cisco UCS and HP Blade servers.Cisco UCS servers are connected to Cisco 6509 switch using Fabric Interconnect, and HP Servers are directly connected to core switches.Recently the team made many changes in the network. Upgraded the IOS in Cisco 6509 switch, Configured Port profiling , MAC Pinning , HBA Cards to UCS / Nexus 1000V Infrastructure. After this change they lost the connectivity to UCS and HP Serers. Every tower is checking at their end.
The Network Team has reverted back the core switch with old IOS , but still the problem persisit.I could only see the following error log in the core switch. There are two port-channels one between core 1 and core 2. The other is between core switch and FWSM module. [code]
I'm working at a company that has several 6509 switches running CatOS. They have two of the 6509's running in vtp server mode and the rest as clients. I set up a new vlan from one of the vtp servers and it propagated out. The problem comes when I try to assign a port on one of the vtp clients to this new vlan. It gives me an error that the switch must be in vtp server mode to add/delete vlans. I'm not trying to add/or delete a vlan just trying to add a port into an existing vlan. I'm hesitant to put the switch in vtp server mode. Is this a CatOS thing or is there a specific command to accomplish this?
View 5 Replies View RelatedI have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
!
6509 configs:
!
interface Vlan50ip address 172.16.50.2 255.255.255.0!interface FastEthernet
[Code]....
We have a problem with CDP packets on sent by our Cisco 6509's. Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan. As a result the CDP packets are sent with an 802.1Q header with a tag of 1. The other switches send the CDP packets untagged on the native vlan. This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509. They see the packets from the 4948 and 5020 just fine.
How can I disable the administrative native vlan tagging on the 6509? Here is the current setup:
nwkdev-6509-1#show vlan dot1q tag native
dot1q native vlan tagging is disabled globally
nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport
[Code].....
We have a pair of 6509 working in a VSS configuration (IOS 12.2(33)SX5). The 6509s connect to a pair of ASAs (7.2 code) running in an Active/Standby setup. These ASAs in turn connect to routers going to remote sites. I have configured Netflow on the following VLANS,
VLAN 10 - Servers Vlan
VLAN 9 - Transit/ASA VLAN (connects ASAs to 6509s). All traffic originating from any VLAN on the 6509 crosses this VLAN in order to reach remote sites and vice versa
I configured the netflow source VLAN 11 although I am not collecing any netflow from it.Although I have been getting lots of Netflow info, I noticed that netflow for traffic originating from any user VLAN on the 6509s going to any remote site via TRANSIT/ASA VLAN(9) does not get reported, I even tested with 4 GB traffic but no result. Only reverse traffic (i.e. from remote site to user VLAN) is reported as it traverses the Transit VLAN (9).
I read somewhere that egress netflow is not supported in 6500, but isnt traffic originating from a user vlan to a remote site via the transit VLAN (9) considered ingress with respect to the transit VLAN (9)? I would like to know whether bidirectional Netflow is supported on 6500 VLANS. I have mimimum control on routers beyond the ASAs, and since these ASAs run 7.2 code netflow is not supported, and Monitoring this Transit Vlan gives me extremely useful info.
I do get netflow biderectional traffic from the Server Vlan 10, but I think it is correlated by the netflow collector from vlans 9 and 10. [code]
I am getting very slow window file transfer speed (4 Mbps per second) between two connecting servers in Cisco 6509 switch. I have connect the two laptops in 6509 switch in same module using the same vlan and try to copy the files from one laptop to another and vice versa and got the same speed on 4 to 5 Mbps per second. Switch utilization is not more than 10% and both the laptops are connected in 1 Gbps full duplex.
I have checked by removing the gateway in both laptop but the output is same.
I have a Cisco 6509 with IOS "s222-ipservicesk9_wan-mz.122-18.SXF16.bin"I need to enable dot1x on user's ports on the switch. each user is connected to the switch through the IP phone.
I just found out that I can not enabled dot1x on trunk port. I have tried to use "switchport voice vlan " but I got:
Switch(config-if)#switchport voice vlan 123
Command rejected: Gi7/20 is Dot1x enabled port.
let me know what should I do to get dot1x working?
Note: I have connected a laptop directly to the port and dot1x is working fine.
I have a power conncet 6224 with routing enabled with several VLANs setup.VLAN Database: 6,8,10,90-254VLAN 6 is our management vlan10 is for our core network services (DNS, Domain, Exchange etc)90-254 are isolated vlans.What I need to accomplish is to prevent vlans 90-254 from communicating with each other and only allow communication to VLAN 10 and the internet. All internet firewall work will be handled by our Sonicwall. [code]
View 1 Replies View RelatedI'm trying to set up per vlan routing on a 3560G switch but it's not performing as I would expect. I've got a server on the 109 vlan with a 10.1.9.100 address and a default gateway of 10.1.9.1 this address is an HSRP gateway and currently resides on 10.1.9.7. When I traceroute through to my user PC on the internal network it receives a response from 10.1.9.7 However, it is then denied by an ACL on the internal firewall which has been applied to interface Eth0/0. It should arrive at the firewall on Eth0/2.109 as it has the 10.1.9.4 address.
My goal here is to route traffic on the 101 vlan to a seperate interface on the internal firewall from 109 vlan traffic. I'm either doing something wrong or these routing commands aren't designed to work in the way I'm expecting (I couldn't find any documentation on the ip route command where it is followed by different gateways for different vlans)
interface GigabitEthernet0/12
description Internal-FW Eth0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 109
switchport mode trunk(Code )
I am trying to set up VLAN on my cisco router, where do i check for the setting for creating a VLAN on my Wireless AP. Is it possible on this model.
View 1 Replies View RelatedI have 2 SG300 switches, in layer3 mode, lag'd together for high availability, serving 2 Dell R815's and a Dell Equallogic 4100 for virtualisation. I have setup a number of vlan's, network traffic, mgmnt traffic, iScsi, vMotion etc and they seem to work.
However, Equallogic unit suddenly became unavailable to view for managment yet maintained iscsi traffic for the servers ok. After much head scratching, noticed that one of my SG300's had the vlan ports assigned to various vlans had *automagically* changed there assignment, ie tagged changed to excluded, but only for one of the iscsi traffic connections and the mgmnt port, both coming from the Equallogic, the other iscsi continued its assignment fine. The other SG300 hasn't changed. Guaranteee no one has been into change it and no changes have been made to Dell servers or Equallogic.
Q. Is there any circumstance where the switch can change the port setup itself? or is there any external circumstance that would trigger that change either?
This has now occured twice. The setup is running as a test lab, not in production until all setup is complete, then it will replace our existing harware.
I am attempting to upgrade from a Cisco3945 to a ASR1002. On my Cisco3945, I have interface associated with VLANs. It appears that with the new IOSX, VLAN configuration has changed. Any config to setup a simple VLAN?
View 5 Replies View RelatedI purchased a Cisco 2621 with IOS Version 12.3(26) on it. When I went through the commands, I couldn't find any VLAN or VTP available. I need to make sure I can see this on the device in order for me be able configure VLAN on my network and get ready for my CCNA exam.
Below is the version on the device and I also attached the available commands:
Version: IOS (tm) C2600 Software (C2600-I-M), Version 12.3(26), RELEASE SOFTWARE (fc2)
I am trying to setup a network using Cisco 2960 switches with vlans configured. One vlan will handle video coming from four cameras that are connected to another 2960.
We have four cameras feeeding one port each on a 2960, that 2960 in turn feeds one port on the main 2960 which is the video vlan for that site. From the site it goes back to a Cisco 3750 to be sent over to a Sonicwall firewall. If we connect to the 2960 that the camera are connected to we can see the video, but not on the main site 2960.
I have a 2621 that I am configuring on the internet. My ISP gives me a static DHCP assigned address and then two more static addresses that are not part of the same block. (e.g. 1.2.3.4 is static via dhcp and then they give me 5.6.7.8/30).
I have fa0/0 getting 1.2.3.4 ia dhcp. I have 5.6.7.8 on a loopback interface for PAT/NAT as I have the main one on fa0/0 doing vpn to a remote ASA. The problem is that I have yet another device that needs a public IP, mainly 5.6.7.9... I want to hook that device up to fa0/2 (this box has three fa interfaces). How do I setup fa0/2 if I want to give the device on it a real live public IP address? I have done this before, but it must have been 10 years back on an even older CISCO and I can not remember how I did it.
I've got a 2621 configured as my main gateway to the internet - right now it's obtaining a DHCP ip from a the ISP's proprietary router set to bridged mode.
As of now, I'm unable to ping the internal interface of the router. I can ping external IP's only, even though I have DNS servers listed, i am unable to resolve host names. I'm running a few servers to which people are able to connect to my web server, among other services. I even have a crypto map setup to another 2621 across the country and can ping all internal ips on the other end... I JUST CANNOT PING THE INTERNAL INTERFACE of the router!!
I've noticed that when I ping the router during it's boot process (using linux un-interupted) I get a response in a very short window, then dies again. I'll post my config below:
[code]....
OPTEMAN: 3 routers connected via a private subnet (/29) over the OPTEMAN: Site A, Site B, and HQ. Site A is a 3560 that is the gateway for two subnets: siteA1 and siteA2. SiteB is a 2621, and HQ is a 6509 w/ MFSC.
HQ also connects to 4 other sites via MPLS: SiteC, SiteD, SiteE, and Site F.
HQ has the server subnet, Internet connection, and connection to other services via MPLS.
I have basic EIGRP setup on HQ, SiteA, and SiteB. So far only siteA and HQ are updating each other. Not sure why. I am looking for the best practice example of how I should setup my enterprise EIGRP. I currently use static routes between the sites. I would prefer to be able to setup EIGRP in parallel, the remove the static routes.
I have a lab setup to take my CCNA and CCNP and I'm having issues trying to get WAN connectivity back to a switch at the end of my network. My lab environment consists of 1 - 2950 switch, 1 - 2620 and 1 - 2621XM. I have 1 Ethernet connection from each router to the switch and 1 serial connection from the 2620 to the 2621XM. I have the serial interfaces in a shutdown state right now so there is no loop since I do not have Spanning tree setup on the ports on the switch yet.
Right now using the fast ethernet ports on the routers and I have no issues its when I shut down those Ethernet ports and try using the serial interfaces when I start having issues. So my network layout is Ethernet from switch port f0/4 to port f0/0 on 2620 and serial from s0/1 on the 2620 to s0/2 on the 2621XM. My 2621XM f0/1 is whats connected to the WAN and I have no issues getting to the WAN from my 2621Xm or my 2620 but when I try pinging any website or even my WAN default gateway from my switch I get nothing!
Ive also noticed that when I do a IP NAT translation (after accessing the WAN from my 2620) on my 2621XM the source IP is of my serial connection not the ip of my 2620 router? I have my default gateway on the 2620 as the the IP of my serial interface on the 2621XM and vice versa because my LAN network is 172.16.1.0 and my WAN is 172.16.9.0. I have a /31 setup between my serial connections 172.16.11.0 (s0/1) is on the 2620 and 172.16.11.1(s0/2) is on the 2621XM. I used the SDM (ver 2.5) to setup NAT to have f0/1 with Nat outside and s0/2 as Nat inside. Encapsulation is HDLC between the serial links. Ive attached the running configs of the switch and routers.
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
We have 6509 VSS with FWSM Module and we have created two context on it, one is INTERNALL CONTEXT othe is EXTERNALL Context? We have spanned various VLANS in switches and FWSM context level. All VLAN Gateways are configured in context level.
Activity description : We had planned migration of these devices into a new Datacenter, it was a planned activity. During migration of devices from one Dc to a new DC we broke the VSS and kept the primary running and removed the secondary switch and migrated this secondary to new DC and powered this device ON in the new DC and checked all the config was very much fine but this device was OFF network as secondary was brought to new DC just to limit the downtime during the primary switch movement.
During the activity ( Primary switch movement )We powered off the Primary switch and mean time before shifting into new Data center We had brought up secondary switch which was already existing in the DC was put live in the network and it was working fine without any issues.
Later we had moved Primary into new data center and tried to put into VSS with the secondary , during this period the secondary device into went into RECOVERY MODE and primary device was not responding and devices went off network and immediatly we removed the VSL link and brought up primary into production network without secondary online in the network ( Without VSS just stand alone switch ) network started working, but bringing up the primary we found that some of the VLANS in the FWSM was deleted and some VLAN had misconfiguration ( example : say original VLAN ip 10.200.112.1 has become 10.300.13.1 ) also some of the access list as well as SVI was deleted making configuration mismatch.
Wanted to know while syncronization b/n primary and secondary switch in VSS if we pull out VSL link would create this type of issues.
I have a duplicate router ID problem that is confusing to me. A 6509 and 4510 swich both show the same router ID, but only the 6500 has the router ID IP address configured in it. We are running EIGPR. The 6509 has L0 as 164.72.239.1 configured, which is it's router ID. The 4510 doesn't have 164.72.239.1 configured on it, yet that's what it's router ID is. Below are a few show commands displaying this - and as you can see from the 'show run | include 239' from the 4510 there is no 164.72.239.1 configured on it:
6509 chassis
interface Loopback0ip address 164.72.239.1 255.255.255.255end
RS6509-Core-A#sh ip eigrp topIP-EIGRP Topology Table for AS(1)/ID(164.72.239.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply, r - reply Status, s -
[Code].....
why the 4510 has that router ID?
I know I can configure a different router ID on the 4510, but I'm curious as to why it is the way it is.
Any "best practices" or recommendations on how to migrate from a fixed router (3745) to vlan routing on Catalyst 4507 switches in order to minimize the disruption to the network.
View 4 Replies View RelatedI have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies View Related
