Cisco WAN :: 2600 X1 / Assign Subnets To Ports?
Feb 24, 2013
Was just wondering if we can segregate users using subnets and not vlans in cisco switches? We have few groups we want to segregate onto different subnets, but don't want to use Vlans. Apparently I have been told that vlans do way too much packet processing and slows the network.
we are working on a school network. Want to segregate staff/students/admin.Further segregate students by year levels. This means if we were to use vlans we would have around 15 vlans. will it slow the network? (thats what I have been told and i dont agree to it). How to implement this topology without vlans and by just using subnets.PS: we use Juniper EX4200 (layer3), Juniper EX2200 x15,H3C 3100 x16 and cisco 2600 x1 switches on campus.
View 1 Replies
ADVERTISEMENT
Apr 2, 2013
I have just setup a new WLC 2504 controller to manage a WiFi service that will span 6 geographic locations. The local networks at each location are on different subnets (all 192.168.x.x) and are linked up via IPSEC VPN links, and there is Active Directory spanning the sites, with DNS and DHCP servers running at each location.
I tested the WLC at our main office with a single AP, and it worked fine. The AP set itself up, and wireless devices connect with no probs. Great! Yesterday I headed out to one of our remote sites, and connected an AP to their network - and that seemed to work fine too. Within a few minutes I was able to see the WiFi network I'd setup, and my smartphone connected to it straight away (as I'd rpeviously connected at the main office), so I was pretty happy that all was working well.
This morning however I've had notification that wifi performance at the remote site isn't great. I've got someone to check their ip address, and I've found that their IP address and default gateway match the LAN at the main office where the WLC is based - NOT the LAN where the wireless client is. Obvioulsy this is not ideal!
(I guess I HAVE done something wrong!?). And how can I get wireless clients at remote sites to pick up an IP from the DHCP server at THEIR site?
View 3 Replies
View Related
May 2, 2012
I have a Cisco 2600 series with 2 X Fast Ethernet ports and I would like to configure the cisco to perform the task if it is possible.The scenario is:
2 networks:
F0/0: 192.168.x.x
F0/1: 10.1.x.x
No communication between them except one way multicast from F0/1 to F0/0.
View 1 Replies
View Related
Jan 24, 2013
I’m working with a managed switch that has three V LANs setup on it. Recently the domain changed and the wireless V LAN can no longer access the internal website. I found access rules, in the switch that allowed the wireless V LAN to use the DNS server on the private/staff V LAN. Their DHCP scope is on the switch and DNS is set there. The Website is also on the V LAN with the DNS server. This configuration totally cuts out external DNS usage. It stopped working though. It is as if when things switched on the Domain the wireless users were denied DNS requests. The switch was not touched at that time. I’m looking at it though and it seems that I may have conflicting rules.
The version is 12.2. I believe its a Catalyst 2600~
DHCP scopes: ip dhcp pool INSIDE network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.6 192.168.1.4 domain-name saline.lib.mi.us
ip dhcp pool WIRELESS
network 172.16.0.0 255.255.255.0 default-router 172.16.0.1 dns-server 192.168.1.6 192.168.1.4
Here is the V LAN Setup:
Interface Vlan1
ip address 192.168.1.1 255.255.255.0
[code]...
Here are two access lists that should be allowing the traffic from 172.16.0.0 into the list IPs/Ports. These do no work.
ip access-list extended WIRELESS-PRINT
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 30044
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 21326
permit tcp 172.16.0.0 0.0.0.255 host 192.168.1.12 eq 6987
[code]...
During my testing I removed the Deny rule and everything worked. deny ip 172.16.0.0 0.0.0.255 192.168.1.0 0.0.0.255
However, the “ permit ip any any “ rule, makes all the port rules pointless because when this rule is in place solo, I can ping and access everything on the 192.168.1.0 network. Is there a way to deny everything, except what I permit? Because when I remove the ip any any, then they cant even get out. Perhaps there a better way to say, the wireless users can get out but only get into the sub net over specific ports? I have a feeling it may have not be thought out entirely when initially created. However, the big mystery is that it worked before secondary domain controller failed.
View 1 Replies
View Related
Jan 10, 2012
My network generally runs older routers (2600 series) with 16 port switch modules (NM-ESW-16). This has always worked great since I can configure the router and the switch ports on the fly, making changes to either as necessary. Well I am upgrading to 2811 routers, and we wanted to get gigabit ethernet ports on our switch modules. I think I made an error when I purchased a few of these switch modules: NME-16ES-1G.
The first problem, is that the switch ports don't even show up on the router config, I have to establish a session into the switch, (And I can't seem to get back to the router unless I manually switch off power and restart). I don't like this type of switch module, it's like I'm running a completely separate device, and while having a layer 3 switch is cool, It doesn't let me setup routing protocols so I don't like doing it this way. I want to go back to using a switch module that simply adds a ton of ports to my router like the NM-ESW-16. (Note: The NM-ESW-16 does actually work in the 2811 and would be perfect if it were Gigabit speed.)
The seconds problem is that the NME-16ES-1G isn't actually a Gigabit switch. It has a single gigabit port, but the 16 ports are all Fastethernet, and not gigabitethernet. So ideally, I am looking for a switch module that I can fully configure from the router interface that has 16 gigabitethernet ports, and works with a 2811. IE I want to do this. [code]
View 4 Replies
View Related
Dec 17, 2012
Is it possible to assign 2 ports to a vlan on this switch and have the 2 machines connected to those ports be able to see each other without having to go off of the switch? If so, how would it need to be setup on the switch?
View 4 Replies
View Related
Aug 15, 2012
I need to NAT some subnets to one IP and other subnets to another IP. The range command want work because some of the subnets are out of order.For example subnets 192.168.1.0 - 192.168.7.0 and 192.168.25.0, 192.168.28.0 nat'd to 1.1.1.1. subnet 192.168.26.0-192.168.27.0 nat'd to 1.1.1.2
View 2 Replies
View Related
Jun 9, 2013
We have an ASA 5505. 5505 comes with two default vlans 1&2 with each of them marked as inside & outside respectively.My query is , if i do not want to use vlans on 5505 and only want to use the Ethernet ports as pure physical layer 3 ports, is it possible?i.e. i want to assign a layer 3 ip address on eth0/0 and eth0/1 and make them as the inside & outside interfaces rather than vlans. is it possible to do away with vlans in 5505 & will it work otherwise?
View 3 Replies
View Related
May 14, 2013
Is there a way to associate spare firewall ports with another port that is being used..For example...int gi 0/2 is being used currently for my web dmz. Its ip is 192.168.10.1..Is there a way for me to associate gi 0/3 with the same layer 2 as gi 0/2 ?
In my webdmz I use 2 ACE 4710 proxys in FT mode. I used a layer 2 switch to connect firewall and proxys together.
I would like to eliminate this switch if possible..and connect both 4710's (layer 2) direct to firewall.If I could make gi0/2 - 4 part of the same vlan, then I would be good to go.
View 2 Replies
View Related
Aug 7, 2011
How many of the 881 switch interface ports can be used as router ports, have used the 877 etc where i can use 2 but need a low cost router that supports 3 for routing. (needs to be physical ports)
View 2 Replies
View Related
Feb 2, 2012
One of techs accidentally connected two access ports from different switches together. Since then, LMS is alerting them as being Link ports down. I tried to default the config and set them to access ports without any success. what I should do in LMS to recognize them as access ports?
View 2 Replies
View Related
Jun 30, 2011
I'm looking at purchasing one Cisco 2600 XM Series router that has IOS 12.4 on it. I put the IOS name into Cisco's feature navigator and it states that it supports SSH and IPv6. Can I buy that router, take the IOS off that one, and put it on another 2600 XM Series so I don't have to spend $400 on two routers with 12.4 on them?
View 3 Replies
View Related
Sep 30, 2011
I am trying to secure sub interfaces on a 2600 Router
interface FA0/1.1
No Access-group
Interface FA0/1.2
IP Access-group 110 out
Access-list 110 deny ip 2.2.2.0 0.0.0.255 1.1.1.0 0.0.0.255
Access-list 110 permit ip any any
This works but it blocks traffic both ways I only want to block one, I dont want FA0/1.2 to be able to access FA0/1.1 but I want all traffic to be allowed to go the other way
View 2 Replies
View Related
Apr 12, 2012
I have a home network. There are a total of 3 PCs. Each runs Server 2008 32 bit. One PC - Lets say Server A has 2 NICs with Ip addresses, 10.0.0.10/30, 10.0.0.2/30. Other two computers Server B and Server C have single NIC with addresses 10.0.0.1/30 and 10.0.0.9/30 resp. So as you can see that there are two subnets 10.0.0.2 - 1 and 10.0.0.9 - 10. I can ping B and C from A. I want that B and C can also ping each other and if I run tracert on B or C, it should give me the route to the destination via A. All this without any other hardware. Like using route add... etc eg. if I write tracert 10.0.0.9 on B, it should return a route like 10.0.0.1-----10.0.0.10------10.0.0.9.
View 3 Replies
View Related
Aug 24, 2012
I have two subnets, that need to share a common link, and each with its gateway at the opposite end. What kind of switch do I need for the two red boxes?
View 7 Replies
View Related
Nov 20, 2012
I have an exercise with picture you find below. The question is: Will the network shown in the diagram work correctly when you consider that the MAC-addresses PC0 and PC8 are the same, and why?
View 1 Replies
View Related
Mar 26, 2013
I have 2 DSL Lines going into a load balancing router. The load balancer is set up to distribute the traffic equally on the two lines, hence doubling the bandwidth. Though great at load balancing, it cannot handle DHCP for the 50+ users on our network, and therefore we are using another router for DHCP, which is running DD-WRT firmware.DSL 1 - 10.1.0.1DSL 2 - 10.2.0.1Load Balancer - external 10.1.0.2, 10.2.0.2 internal 192.168.10.1. DHCP Router - external 192.168.10.2, internal 192.168.1.1All other devices - 192.168.1.xThe load balancer has many options to direct traffic to one WAN port or the other based on IP address, which we would like to implement. But right now, since all my devices are on the 192.168.1.x subnet, it can't see anything but the DHCP router. So essentially it thinks it has only one client.
View 1 Replies
View Related
May 5, 2011
I recently added a post lately referring to drawing a topology of a large network with a high number of hosts. Now with project itself, I'm designing a network for a large organisation with a different number of hosts at each location.These are, 500,18,52,236 and 12. The location with 500 hosts is the head office, to which every other branch has a wide area network connection through a serial link.How many subnets would I require? I wrote down subnet details, but only for 5 subnets, a subnet for each location. Is that all I need? Or do the WAN connections count as subnets
View 9 Replies
View Related
Sep 13, 2011
I am working on a Cisco 5510 with multiple interfaces and requirements. I have experience with Cisco IOS, but not too much with the ASAs. I seem to be getting a bit confused on the NATing and ACLs on a firewall that was started by another employee, who is no longer here. With my current config I can get the firewall in place (we are currently using an older PIX) and most basic functions work except for two key things: 1) communication from the finance interface to the inside interface. The finance subnet has some restrictions that you will see in the ACL- we are trying to limit connections to the those systems, but they need to be able access an e-mail server on the inside. 2) communication from the DMZ interface to the inside interface. Maybe related to the first problem?
View 2 Replies
View Related
Mar 2, 2012
I've currently got my ASA (5505) serving a /28 public subnet. I've ran out of IPs, so my DC has issued me an additional /24 subnet that they have routed to my ASA. What needs to be done on my ASA so be able to use these new addresses? I've been trying to search and not been able to find a good answer (some say I shouldn't have to do anything, everything else references NATing, which I currently don't do and would rather not do).The servers I assign these to, I'd like them to have the public ip assigned directly to them.
View 5 Replies
View Related
Mar 11, 2012
I purchased an ASA 5505 and placed it between my Cable Modem and Cisco 3745 router. The outside interface on the ASA is dhcp, the inside interface is 192.168.100.1. The outside interface of the 3745 is 192.168.100.2 and the inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.
1. When I establish a VPN session to the ASA, I can ping and access any resources dierectly connected to the ASA's interfaces and on the ASA's internal 192.168.100.0 network. However, I cannot access any resources behind the 3745. I cannot even ping 192.168.1.1. Even directly connected hosts on the ASA cannot access Hosts in the 192.168.1.x subnet. There appears to be no traffic between 192.168.100.0 and 192.168.1.0.
2. Although I believe that I sent up split-tunnel, I cannot U-Turn back to the internet once connected to the VPN.
Here is my network topology as well as my ASA config and Router config.....
ASA ......
ASA Version 8.2(5)
!
hostname poog-fw1
domain-name poog
[code]....
View 7 Replies
View Related
Mar 31, 2012
I have 1 Cisco switch 24 ports and 12 computers. The 12 computers are divided in three groups and every group is a different network segment.
question 1: I need that every group has communication with its own set of computers but no communication with the computers on the other segments.If I connect the computers to any port on the switch, can they communicate within its own groups? Can the switch pass the network traffic for all of them?
question 2; What I need to do on the switch to have them to reach the internet?
View 9 Replies
View Related
Feb 12, 2013
I have a cisco 2921. I have 2 networks that has its own router
192.168.1.0 network is connected to watchguard firewall 192.168.9.0 network is connected to the cisco 2921 router.
I want to connect the 2 subnet using one of the interface of the cisco router. How I can get this work? It is not connected via vpn tunnel but we want to have LAN speed when accessing resources on both network. Each network is connected to a dell switch.
View 22 Replies
View Related
Nov 8, 2011
I have a 5508 controller that has 14 APs connected to it. I installed them without an issue. The 2 new APs are on a different subnet. I can ping them from the 5508 controller ping command, but they do not self discover from the web interface. The 2 new APs are at a differnet physical location.
View 21 Replies
View Related
Jun 18, 2012
I am coming to this forum because TAC and several CCIEs are having trouble finding me a solution to my problem.
I have Two 5520s each running 841 connected in two different data centers with two different internet providers. I have 100+ 5505s that have the capability to connect to either 5520 via EZVPN to either 5520. Up to now there has not been a need for a 5505 connected to one 5520 to talk to another 5505 on the other 5520. Each 5505 accesses network resources as in any enterprise network. Our company recently started telecommuting and I have been giving 5505s and a VOIP phone out to people. What was discovered is, if you are on one 5505 connected to a 5520 and the other 5505 is connected to the other 5520 the audio in voip does not work. If both the 5505s are connected to the same 5520 than everything works fine. Conversely a 5505 on one 5520 cannot ping a 5505 on the other 5520. 5505s on the same 5520 can ping each other no problem.
My problem: All 5505's are configured for a 172.18.xxx.xxx 255.255.255.224 subnet. This subnet is not used anywhere else. So I have a 100 Class "C" subnets carved up into 255.255.255.224 networks. If I look at a specific route for a subnet on one 5520 I see it pointed to the outside interface via RRI. I can look for the route in the 5520s connected CORE switch and I see the route pointed to the 5520. We have a fiber connection to the CORE in the other data center. The route is in this CORE switch as well. When I look for the route in the 5520 connected to this core it is not there. I have all other routes visible but not this particular route which should show on the inside interface. All I show on the 5520 are the 5505s connected to this ASA. So the 5520 is not processing the RRI subnets from the other 5520 and vise versa. Thats why a 5505 on one 5520 cannot ping a 5505 on the other 5520. I only see 172.18.0.0/27 on the outside interface of both 5520s. I do not see any 172.18.0.0/27 on the inside interface on either.
I have had numerous TAC cases open on this and no one seems to either understand my problem or have a solution for me. My local sales rep CCIE says the problem looks like a bug in 841 (which I am running) and that the ASA is not processing RRI from eigrp which I am running as well. The whole network is running the same instance of EIGRP including the 5520's.
My questions:
1) Is it possible the 5520 is not allowing 172.18.0.0/27 on both the outside and inside interface? Even though all subnets are masked proper the ASA maybe thinks it is being spoofed? I have not been able to confirm this using the real time log.
2) Could this really be a bug? I have looked at all the release notes and have not found anything resembling my problem. TAC has not recommended that I upgrade or downgrade my IOS.
View 6 Replies
View Related
Oct 6, 2011
I have 2 sub nets and 2 up links
port g1 = 211.122.10.x
port g2 = 210.211.10.x
Can use 1 switch (sf-300 24)
assign port 1-12 up/down to g1
assign port 13-24 up/down to g2
View 1 Replies
View Related
Jan 12, 2012
Is it possbile to NAT to other subnets with the RV082. It is on a 192.168.41.x and I have a phone system on a 192.168.20.x. After searching all over others are saying no.
View 4 Replies
View Related
Jul 29, 2012
Is it possible to use a 2504 wifi controller to manage compatible AP's across different subnets ?
View 2 Replies
View Related
Jul 13, 2011
I have a cisco 877 router connected to our adsl broadband at our head office. I have managed to set this up with Nat and DHCP all working to let multiple users access the internet through our single static ip supplied by the ISP lets say the ip is 1.2.3.4.Our internal network is 192.168.1.0 255.255. 255. 0.I have a draytek vigor 2600 at a branch office set up the same with a static ip addresss supplied by the ISP lets say the ip is 5.6.7.8.The internal network is 192.168.4.0 255.255.255.0
I am trying to set up a VPN between the head office and branch office so the branch office users can connect to our internal server(lets say ip is 192.168.1.2) to receive group policies,access files and also telnet into our database server(lets say ip is 192.168.1.3).I have attached a sort of running config that i have pieced together from bits i have read on this site and others. I have tried these settings and other permutations of these settings but i cant seem to establish a tunnel even though when i show int tunnel0 on the router it says tunnel is up and line protocol is up, if i show ip route it shows that there is an ip address for the tunnel and that is about it(No vpn light on).
If it makes sense and that I have entered the right information? I have highlighted the parts i am not sure about in red(Quite a bit and obviously not the exact settings but what i think it should be). Once all the settings are correct on the cisco will it automatically establish the vpn or do i have to dial it from the draytek.
View 4 Replies
View Related
Mar 4, 2012
i want to configure the router for internet access for hosts this is the my pub ip x.x.x.174 and mask 255.255.255.252 this is isp given subnetmask internal ip range is x.x.x.20-x.x.x.254
View 1 Replies
View Related
Mar 14, 2013
I am new using cisco router 2600, i want to use dmz like adsl modem to direct ip public to ip lan like 180.15.22.x.x to ip lan 192.168.1.2 ( lrouter mikrotik ) outside to inside so when i call ip public then forrward to mikrotik
View 2 Replies
View Related
Aug 24, 2011
I was trying to erase my lab router 2600 and reset it back to the factory defaults. Well I was able to to reset it all right but I used the erase command which worked a little to well. So now there is no IOS and the router is in ROM mode and I didnt back up the pervious IOS "Nice". So was able to get an updated IOS for my 2600 but I'm trying to install it and don't know how. I was able to get a tftp server app for my windows pc but I'm unsure on how to configure it so I can transfer the new IOS to the router. On the up side I did learn something erasing and reset are to very different things.
View 6 Replies
View Related
Jun 20, 2012
I have 3 Cisco 2600 routers with the same IOS and memory.One of them has CME...
What would be the best way to copy the CME from the one router over on the other two?Backup my FLASH to my TFTP and then restore to the other two routers?
View 1 Replies
View Related
