vlan interface and physical interface (that is serving for this vlan ) have different input/output counters, there is only one physical interface in this vlan .
sh int vlan 64
30 second input rate 9000 bits/sec, 9 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
[Code]....
I notice strange input rates on the interfaces of a 881 router:
show int fa4
..
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec
..
30 second input rate 85000 bits/sec, 11 packets/sec
30 second output rate 16000 bits/sec, 9 packets/sec
221434 packets input, 287889736 bytes
..
..
142286 packets output, 15683576 bytes, 0 underrun
How can 11 packets/sec be 85000 bits/sec -- average packet size of 8KB?. The total packets input (221434 packets versus 287+ MB) also shows this kind of a 10KB+ average packet size. There is ahardly any traffic through the router when the above snapshot was taken so 11 packets/sec sounds right, but not the 85Kbits/sec.
The router is running c880data-universalk9-mz.151-4.M4.bin and config is simple with a single Vlan (inside NAT) with a public IPs on fa4 and a couple of IPs for dynamic NAT. Everything works fine except for these interface counters that look worng.
I have a pair of router Cisco 2800 running in HSRP, now I want to configure one sub interface with another sub net, Will my current IP on physical interface work or do I need to create two Sub interfaces for each network. Do i must need encapsulation on sub interface
Current Config:-
Router 1:-
interface FastEthernet0/1description Connect to LAN_SW1 Gi1/0/1ip address 192.168.1.13 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 90standby 1 preempt
Router 2:-
interface FastEthernet0/1description Connect to LAN_SW2 Gi1/0/1ip address 192.168.1.3 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 110standby 1 preempt
For second network I do not require HSRP
Router 1:-
interface FastEthernet0/0description Connect to LAN_SW1 Gi1/0/1no ip addressduplex fullspeed 100
[ code]...
Router 2:-
interface FastEthernet0/0description Connect to LAN_SW2 Gi1/0/1no ip addressduplex fullspeed 100
[Code]...
Firewall: ASA 5510
Switch: Linksys SRW2048
Physical topology: PC - > VLAN99 - > SRW2048 - trunk - > ASA5510
Switch Setup:
I've been tasked with breaking up a network that has run out of IP's, and have decided to use VLANs to accomplish this. I have to use an ASA5510 to accomplish all the routing between hosts in different VLANs.Port 48 is trunked to the ASA eth0/0 interface, with VLAN 99 and VLAN 20 tagging packets, VLAN 1 Untagged. Hosts hooked up to appropriate ports on Switch.
I currently use L3 switches as edge routers to my WAN. I want to use a pair of 3560x switches with IPbase to provide a failover path to my WAN using HSRP at one location but had some problems testing the configuration. My plan is use a virtual address on the LAN interface (VLANx which port gi0/1 accesses) and the WAN interface (VLANy which port gi0/24 accesses). I want switch 1 to be primary since it will have an IPS attached to it, and switch 2 will be backup and used only when switch 1 or the IPS requires maintenance. On both the LAN and WAN sides there is no advanced routing going on, the various hosts just depend on the availability of their respective default gateways, so HSRP should be sufficient to provide a failover in either direction.
In my testing I got 1 or the other link to fail over but not the entire switch. What should my config look like to achieve failover of the entire switch in the event 1 or the other interface goes down, and fail back when the primary links are again available?
if a connect to the switch via Internet Explorer or every other browser I can't enter configuration because I receive a screen as you can view in image below. And I can view those errors:
message: 're_preFlt_txt33' is not defined
Linea: 31
Carattere: 1
Codice: 0
URI:
[URL]
If I connect in HTTPS with IE8 in compatibility mode I view the image as in attachment with_https.jpg.
I am trying to configure EIGRP on my ASA DMZ Interface - topology as follows: [code] The ASA is currently configured for EIGRP with the inside 3560x switch and passing routing updates properly.However, the ASA will not send/receive routing updates to/from the DMZ 3560x switch - the two devices do establish eigrp neighbor relationship. [code]
View 4 Replies View RelatedI configured a Switch Cisco 3560X with a basic configuraction, My problem is that when I access Web interface by http://X.X.X.X an login after the image that I attached.I tried restore the default configuration, also tried with different navigator, chrome, Internet explorer, fireffox, safari, change laptop... and update the java client.
View 3 Replies View Relatedhow to configure this. I did it in the past but kind of forgot how I did it.I have a stacked 3750 (two physical switches) connecting to a 2960.
I am creating trunk ports with limited access to VLAN 300, 600, and 700.
There is two interfaces connected from the 3750's(one on each physical stack member) to the 2960.I have the physical interfaces configured exactly the same.
3750 Config:
interface Port-channel2
!
interface FastEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1, 300,600,700
switchport mode trunk
speed 100
[code]....
Should I keep the configuration on the physical ports and not configure the Port-Channel Interfaces? Do I need to configure port-channel load balancing? Is the channel-group mode sufficient? Goal is to basically create 2 links to the 2960 to double the bandwidth and provide redundancy.
What the different between using hsrp on vlan interface and on physical port (routed port) on Cisco 3750 Switch? Wha the benefits?
View 3 Replies View RelatedWe got a layer3 switched network, with one vlan for every switch, routed by a cat4006. [code] So can we put some ports on different switches in, let`s say vlan 50, with different ips? For example, Port 0/3 on Switch 1 and 0/8 on Switch 2, but keeping the ip of the "old" vlan? Or is it necessary to configure a specified vlan interface with ip-adress for every vlan if i want to route it?
View 4 Replies View Relatedwe've to configure our router 1841 to use both 2 interface Fe for two different vlan (also the second has to go on internet).
Actually we have int Fe0/0 configured with an ip address 192.168.1.1 for lan1 192.168.1.0/24 and we will use the second int Fe0/1 with another ip address like 192.168.2.1 for lan2 192.168.2.0/24.
see below configuration:
[code]...
I have a cisco router 3845 with Etherswitch modules and one Vlan configured "172.16.6/24", many switch ports are assigned to this vlan. i would like to translate one IP address 172.16.6.200 to a new one "172.25.42.10" but need to keep the other IPs from "172.16.6/24" without changes. below is the configuration of vlan interface and switch port. [code]
View 8 Replies View RelatedI have Cisco WS-C6509 with IOS version 12.2(18)I have several vlan interface on this device.Today I create new vlan intervace
interface Vlan165
description test5
ip address 10.10.10.1 255.255.255.252
end
and vlan:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
165 test5 active Gi7/14
But I can't ping this IP address and show ip route shows:
sh ip route 10.10.10.1
Routing entry for 10.10.10.0/24
Known via "static", distance 254, metric 0 (connected)
I have static route for this subnet /24?I can not see any error in logs, but looks like I reached vlan interface limit on this device or something like this.How can I check it?
How many VLAN Interface can be create on a WLC Interface, e.g. GigabitEthernet 1?
View 2 Replies View Relatedi'd like to configure OSPF on a Catalyst 6503 IOS 12.2.17.i habe an Gi1/9 with the ip address 192.168.97.30/24 and a VLAN 19 with the IP Address 192.168.19.0/24.I configured OSPF like this
router ospf 1
network 192.168.97.0 0.0.0.255 area 10.5.0.0
network 192.168.19.0 0.0.0.255 area 10.5.0.0
on the ospf peer is see that the adjaceny is established but i don't get the routes for the 192.168.19.0 network i checked the ip ospf interface vlan 19; i got ospf is not enabled on the interface then i tried to configure
int vlan 19
ip ospf 1 area 10.5.0.0
but it does not access ip ospf 1
I'm trying to configure "IP PIM SPARSE-MODE" command on a vlan interface on a 3560E switch but it doesn't give me the option to do this. The only option available is ip pim passive. What would cause this ? On the same switch a physical interface is already configured with IP PIM SPARSE-MODE.
View 2 Replies View RelatedCannot set route map on interface vlan. which in non default vrf on Cisco 3750.IOS c3750-ipservicesk9-mz.122-55.SE.bin sdm prefer route in enable ip vrf users rd 200:0 route-target export 200:0 route-target import 200:0 interface Vlan201 description Users 1 ip vrf forwarding users ip address 10.31.76.1 255.255.252.0 ip helper-address 10.31.4.57 route-map fromuser permit 10 match ip address fromuser set ip next-hop 10.31.128.155 When I enter "ip policy route-map fromuser" to interface Vlan 201 I heve the message:
% Remove VRF configuration from interface Vlan201 first
I've set up my 3560 to do routing. Now, I'm looking for a way to apply acl restrictions to the vlan interface ip address itself.
View 1 Replies View RelatedI have a really weired thing happening on 6509 device with one of my customers.The device has a SUP 2 (MSFC2) with version 12.2.18SXF17B.
any VLAN interface once administratively down or simply down shows on "show interface status" output as VLAN.While it supposed to show "Routed". However once the port is up it is shows "routed" like it should.
We're running a simple policy map on a 3750 stack (IOS version 12.2(53)SE2), but the route-map counters do not show any matches:
NYKIRDRCX01#sh route-map
route-map remote-route, permit, sequence 51
Match clauses:
ip address (access-lists): remoteACL
Set clauses:
ip next-hop 192.168.101.5
Policy routing matches: 0 packets, 0 bytes
However, I've confirmed via our netflow monitor that the traffic we're trying to send to the appropriate next hop is, indeed, getting there correctly.
I've seen issues in the past with a 3750 not reporting counters correctly.
We have recently deployed several Ciso 887VAW (IOS 15.1(4)M4) to customer premises and I have come to realise counters show extremely high (not at all accurate) output rate and packets on all of them. [code]
View 2 Replies View RelatedI have five 877 routers connected to ADSL circuits provided by Vodafone. Each has a VPN tunnel back to a PIX.
Occasionally one of the sites will lose it's connection to the PIX.
When we check the log, we find entries like these:-
Apr 5 01:31:54.085 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to downApr 5 01:33:19.344 UTC: %CRYPTO-
[Code].....
As you can see, the physical interface (ATM0) is not being reported as changing state to down, neither is the Dialer interface.
When the router is in this state we have to SSL to the public IP address of it and manually restart the ISAKMP SA.
When the router sees the ATM interface go down and subsequently come back up, the VPN connection to the PIX also recovers.
So - in a long winded way I think I'm asking....why does the Virtual interface go down and is there anything I can do to stop it happening?
I understand the vlans on the catalyst side of the house on 2900 to 6500 Catalyst switches.
This 7010 running nx-os 5.1(3) I did not setup, but have to manage it. Hasn't really been a proble till now.
My nexus 7010 has a Layer 2 only vlan 11. It is "Active" but the interface is "shutdown". Yet, it is passing traffic across the directly connected ports on the nexus 7010 and to other switches in my network. Vlan 11 is being set out via VTP to all my switches and things are running fine.
I need to create another L2 only Vlan. I can't seem to find any docs that indicate that a Layer2 vlan Interface on nx-os should be in "shutdown" mode as part of the setup. I do see in the docs where it has to be set "Active" as part of the process.
Is this the correct way to seutp a L2 only vlan on nex-os? Leave the interface in "shutdown" but make it "Active"?
Mystery Vlan 4 and 6
The mystery deepens. I have other L2 vlans ,Vlan4&6 that are NOT defined as "Interface Vlan4" in the nexus config, yet it is applied to GigE ports on the nexus and these Vlans 4/6is also being sent out VTP to all switches. Even weirder is that these vlans have names associated with the numbers. These are valid Vlans that were configured on the old 6509 before the Nexus was installed.
I have checked all switches, NONE are running in Server mode for VTP, all are in CLIENT. The nexus 7010 is the only device running in VTP Server mode.
This is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
View 2 Replies View RelatedIve got a 494810ge switch, and this parameters are important for me:
sh int gi 1/4 counters detail
Port InBytes InUcastPkts InMcastPkts InBcastPkts
Gi1/4 252819467437788 173264735013 10827 760
Port OutBytes OutUcastPkts OutMcastPkts OutBcastPkts
Gi1/4 36657317030233 280590958051 5248439 5443194
Port InPkts 64 OutPkts 64 InPkts 65-127 OutPkts 65-127
Gi1/4 558420918 205564441592 2627477631 60865368994
[code]....
Some parameters i can get by snmp (InBytes,InUcastPkts,InMcastPkts, and so on from out), but how can i take other parameters? I would like to do it by snmp but i did not find proper oids. Now I making a sheme like this: eem every 90 seconds takes this info and writes it down to file into nvram and then send it by scp to server, where file is processed by monitoring system script. It is not very good, cause cisco system cpu sometimes spikes of this and i dont know a resourse of nvram, how much times can i write to it?
i'm going mad on following problem. I'm trying to get 2 networks seeing each other while one of the network is a non VLAN network and the other one is a VLAN network.They should use the same interface so i added VLAN e0/0.122 to the interface e0/0.Send a ping from my asa to both gw-IP's made me happy at first. In second in figured out that i cannot reach any client in the other network. For testing purpose i created an permit acl to any/any for both networks, but the packets still get dropped by the default implicit rule. (deny any/anyMaybe i'm to stupid for this
View 10 Replies View Relatedhow I can check the qos counters and stats for interfaces on my cat 6509 ?
View 1 Replies View RelatedI am attempting to monitor bandwidth utilization of the WAN port for the RV180 via SNMP and I am getting strange results. If a 256MB file is transferred from a remote server (without compression), the ifInOctets counter doesn't increment by anything resembling 256MB:
$ snmpget -v2c -c public 192.168.1.1 IF-MIB::ifInOctets.5 IF-MIB::ifOutOctets.5
IF-MIB::ifInOctets.5 = Counter32: 365402138
IF-MIB::ifOutOctets.5 = Counter32: 32610053
[Code].....
I'm reasonably certain that the .5 interface is the WAN port based on the value of ipAdEntIfIndex.X.X.X.X, but even if that were not the case, none of the other interfaces increment by a value close to the amount of data transfered. SNMP monitoring of a WAP121 on the same subnet returns expected results. I can only assume that SNMP on the RV180 is completely broken.
The router has the latest firmware available (1.0.1.9). There is only one network connection and the RV180 is the default gateway for all internal hosts.
Any chance of one or preferably both of these before I flash the router to a more competent firmware?Rather ridiculous that there's no interface counters and no SNMP server. I prefer keeping stock firmware where possible but I need this functionality, it really isn't a big ask.That said I have an E4200 v1, which already looks like abandonware given it's been 6 months since the last firmware update - not amused and no intention of swapping a high performance router for one that sacrifices performance for better NAS functionality.
View 8 Replies View RelatedI have configured a vlan interface on a 3750 switch. there is aprox 4Mb active traffic flowing through the interface, but when I do a "show interface vlan (vlanid)" the output show zero bits in and zero bits out. Its a typical L3 config with one IP on the vllan interface acting as the gateway for the VLAN devices. Is this a normal behaviur ? and if so is there any way to get the traffic in/out stats. The end PC/devices are connected to this switch via an L2 TRUNK and I dont have access to the L2 switch on which the actual devices connect. so cant get the real time stats of those interfaces.
View 2 Replies View RelatedMy management has tasked me to give them a high level overview of the different switching we can choose for our new building.
This is what I know so far.4 Closets, each closet has 450 ports,One MDF room that is will contain one UCS Chassis and a Nimble iSCSI SAN.
I am working on the spreadsheet and it looks like this (Not totally filled):
2960s3560x3750x45064510Approx cost (Each, 48PORT, POE+, 10G uplink, Dual PS, IP BASE)
6K7K8K45K75KMax Capacity192432432192384Backplane speed206464520520ProLeast ExpensiveStackable to 9Stackable to 9ProDual PSDual PSDual PSDual PSDual PSProLayer 3 opt
Layer 3 optDual SupsDual SupsConExpensiveExpensiveConNo Dual PSConLayer 2 OnlyCannot stack more than 4
For the MDF I would like to use 2 Nexus 5548's with FEX's, and the layer 3 daughter board. For the IDF's I was thinking of two 4010's.
i cant find any difference in these two devices when i am trying to compare throughput.I need upgrade our new POP and there will be around 4900 MAC adresses in VLAN 150 and 130 MAC adresses in vlan 200.Uplink is 1 gig routed internet connection and there is 14 downlinks to separate villages.i found a few differences for eg stack interface on 3750x but i dont need it.
View 2 Replies View Related
