Telco provided a BGP connection on MPLS network. When I connect router directly to Telco switch I can see BGP neighbor, so my router BGP config is OK. However, I need to put this router in a diffferent building and want to bring the connection over on a "trunk"; now I loose the BGP neighbor. I'm sure I did this before and it worked OK. I'm trunking between 2 x2950 switches using this config on each switch. [code]
I also configured the trunk as vlan 1214, which is the encapsulation provided by the Telco (dot1Q 1214).
I have been though the setup a couple of time with no luck pinging one pc to another from vlan 10 to vlan 20. I posted the running configs and some other information from my router and switch. I am relatively new to all of this so if you need me to post more information from the hardware let me know and Ill put it up. There are no firewalls in place and I know the cables are good because I switched them around to make sure. Also when I change the ip on my second machine for vlan 10 I can ping from one pc to the other but when I try the same for vlan 20 I get nothing.
**From my 2950 switch** Current configuration : 2825 bytes ! version 12.1 no service pad service timestamps debug uptime service timestamps log uptime
I have two 3560G 24 port switches. Each of them connects to some 3560G or 2950 switches. Trunks between 3560G are set as 1000/full. Trunks between 3560G and 2950 are set as 100/full. show int status also shows the interface negotiation is 100/full for trunks between 3560G and 2950. The issue is I keep getting outdiscard errors in trunks between 3560G and 2950. At 2950 switches, I see Recv-errors too. I checked all the trunks traffic. They are totally not high. Only serveal mbps. Most time even lower than 1mbps.
I googled this kind of issue online. I see it could be possibly caused by high volume traffic higher than the capacity. But it appears the traffic there is not high enough to cause this kind of issue. Is there any possiblity that could cause this problem?
The below is 3560G trunk configuration for 2950 switch
interface GigabitEthernet0/10 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-122,124-4094 switchport mode trunk speed 100 duplex full srr-queue bandwidth share 10 10 60 20 queue-set 2 priority-queue out mls qos trust cos auto qos voip trust
the trunk configuration at 2950 switch: interface FastEthernet0/24 switchport trunk allowed vlan 1-122,124-4094 speed 100 duplex full
I am looking into the possibility of using private vlan's for some dmz implementations however I do have what may be some very rudimentary questions. It seems straightforward how to configure the primary/secondary vlan configuration as well as associating them. However in my case I would be looking to configure the PVLAN on a 6500-vss platform acting as the router while all of the hosts which I would desire to have in the isolated vlan would be spread out across a number of older Cisco switches which only support "protected port" setup or Procurve switches all of which I do not have budget to replace with something newer. So in my scenario I would have a 6500 connected by trunk to multiple switches which only support a protected port setup such as a Procurve (top of rack) or a Cisco 2950. As the Procurve or 2950 would not support Private VLAN setup, do I then just configure the secondary vlan to be allowed across the trunk from the 6500, configure that vlan on the Procurve or 2950 (as vtp will not foward the info for the secondary vlan) and assign that vlan to the host port as well as setting it as a protected port and this will communicate just fine across the trunk to the router as well as stopping the protected port in top of rack switch 1 from being able to communicate to a protected port in top of rack 2,3,etc? If the above scenario is what needs to be done, do I just use a regular trunk or do I have to use a PVLAN trunk?
So there are two VLAN's traveling over the port attached to the controller (User vlan 100, and Guest vlan 102). I need to block the guest from everything but the internet allowing the free flow of everything else on the User vlan. All info sanitized of course.I think I have the ACL's correct for what I am trying to accomplish I just can not get this ACL to work on a trunk port.Confirmed the ACL to work correctly on access ports however.
ip access-list extended Wireless permit ip 172.100.0.0 0.0.255.255 any permit udp any any eq bootpc permit udp any any eq bootps permit udp any any eq domain[code].....
I have a couple 3750 switches that I am trying to run VTP Version 3 on.one as primary and the other as "server" which implies secondary from my research. [code]Additionally, running a show VTP devices yields a "No VTP3 devices found" on both devices. Despite ensuring that the domainname and password match.I have a patch cable from Gi1/0/1 on switch one runnning to Gi1/0/1 which from what I read is acceptable on GigE.
I am trying to test the gigabit ports on a Cisco 2950 switch. 1000Base-SX. I have the internet or dhcp server connected to port 24 on the first switch and my pc hooked up to the (any) port on the second switch. Both switchs are connected with a fiberoptic cable with MTRJ connectors on either side.
Now when I use gi0/2 on both switchs all works fine. I get a dhcp address from the router on the other end of the first switch. but when ever I include gi0/1 on either end of the fiber optic cable neither of the ports will initialize (neither of the leds above the ports light up). I have deleted all the config files before booting up the switchs so they should have a default blank configuration.
When looking at the Http web page for the switch I dont see any issues with the port. what can I do to make sure these ports are working or can be configured?
I will not be able to post back any more information about the switch until next tuesday. Im off till then.
I have issue with 2950 switch dot1x config is not working , but on 2960 its working fine .Below are the configs from both switches and a debug dot1x all snap, what may be the issue with 2950 switch ...
on 2950======> aaa new-modelaaa authentication dot1x default group radiusaaa authorization network default group radius
I have network consists of more then 20 cisco 2950/2960/3700 switches. I have configured port security in my switches. initially when i configured on my switches it worked fine....even for copule of months it worked fine. but suddenly it start creating issues and now i am not able to implement port security on switches. the configuration is same but there is no effect now. Same switches were fine but now even having same configuration it is not working. please see the configuration: [code]
i am facing a strange issue on cisco 2950 .IOS (tm) C2950 Software (C2950-I6K2L2Q4-M), Version 12.1(22)EA9, RELEASE SOFTWARE (fc1) suddenly my phone stopped working for DTMF tone, i mean when i dial a conference bridge lets say 6565 and then it ask for conference bridge code lets say 12345, it doesnt recognize the code and says code is invalid, SIP Proxy is Asterisk in this case.Currently my cisco switch port is configured for dual data + voice vlan, where DTMF dont work, sample config below [code]
Is there really any reason why you wouldn't use spanning-tree portfast on a trunk port other than a trunk between two switches? We have it enabled on all ports except for the fiber trunk between two non-stacked switches and the trunk ports connected to our Astaro firewall.I'd like to enable it on the ports to the firewall unless that would cause issues.
we recently aquired a managed services job and have to do a overhaul of the vlan configs and have a whole dozen WC2948G's trunk between a set of ports as well as trunk out a LAG channel setup to non cisco equipment. the deal is the lacp-channel works properly on both ends but no routing of vlans between ports and between the lag trunk are working.
theres alot of settings in the config and im planning on clearing it and starting from scratch but before i do i want to know where my problem lies.
How does the ESW 500 or SF300 line guarantee QoS of voice traffic when trunking switch to switch? I have (2) ESW 500 series switches in series. The phone on switch 1 have no audio issues, but the phones on switch 2 (the last in the series) have intermittent voice quality issues when dialing across a WAN circuit to another office. The phone on switch 1 do not have that issue though they traverse the same circuit. They are all using the same VLAN 100.
We install a stack of C3750x switches rescently. A HP C7000 blade server uplink to C3750x using etherchannel and 802.1Q.If the trunk includes a RSPAN vlan on it by 802.1q default configuration, the VM on HP blade cannot ping the same vlan server on C3750x.If the trunk is configured by "allow vlan" and exclude the RSPAN vlan, then the connection is ok.
i have plan to deploy cisco WAP321 on my customer, and after rading the document about WAP321, it said the WAP321 support for VLAN ID feature, but i cant find whether it support for trunk port because i would like to connect the WAP 321 LAN port to the cisco SMB switch SG300/SG200. is the trunk port already enable on the WAP 321 LAN port so i dont need to configured it or not ?
i would like to setup a L2 VLAN trunk connection over a VPN. I hear this can be done with a GRE tunnel. I currently have Cisco MWR2941's that i would like to configure the TRUNKs on then push them over a 5520 VPN ( IPSEC Tunnel ) to a 5510. on the other side of the 5510 i will have another MWR2941 to recieve the trunk.
how to configure this trunk or some configuration ideas?
We have installed last Network Assistant version, 5.6(3), but we can't add any switch to it.... It says always "Unsopported Device type: unknown".Our switches are all 2950, 2960 and 2970 models.
I've been studying my inter-vlan routing , mainly in this case routing on a stick. I noticed through packet tracer that the 2960 switch doesn't allow for the '(config-if)#switchport trunk encapsulation' command, but the L3 3560 switch will.I am very concerened about this since VLANs are a main topic. What perspective will Cisco be seeing this from for the CCNA exam, I test in 12 days. I have embedded a packet tracer screen shot for more information in case I didn't word this right (which happens all the time to everyone it seems like in NW'ing now and then if not alot).
We have our aggregation layer here composed of two N7K with vPC between them. Every access switch is a N5K. Security policies state that we have to filter unnecessary vlans going through the trunk between N5K and N7K. So we use the 'switchport trunk allowed vlan 10,20,30' command. My question is: Do I have to include the native vlan id on this command?
I'm trying to configure a 2940 switch to trunk. I just can't get it to work.On the interface I have added: switchport mode trunk The default is encap for this switch is dot1q, so there is no need, or ability to add/change the encap mode. Also all vlans are being allowed by default. I still can't get any port to trunk. Need to get G0/1 to trunk, have also tried to trunk f0/6 to the switch in my office. Also can't find the command to change the management VLAN. I do not use vlan 1 for management. Can I change the Mang VLAN on this switch?
I'm working with an established Network, which has 2 Allied Telesis Switches (1)&(2).I must add another Allied Telesis (3), and a Cisco Switch.If I connect just the Cisco Switch, and the AT(3), it works ok. I mean it trunks. It also works ok if I connect the AT(3) with AT (1) and AT (2). But if I want to connect the Cisco SW with AT(1) and AT(2), or AT(1), AT(2) and AT(3) It doesn´t trunk. Even if I set the Cisco Switch port I use, as a trunk port.I think I have a problem with the vlans already created on AT1 and AT2. But the problem is that I cannot access to the AT console mode.
I have a Cisco SW ( 3560 ) with one Trunk link to my router ( 7606 ), Trunk link is fully utilized so i need to add 2nd Trunk.Shall all move some customers from old trunk to 2nd one and create a new subterface for them ?I am think if i can create bundle and add subinterfaces under this bundle ?Add two GE ports to be memeber of this bundle ?
2 router to connect my phone system to a Sip trunk provider router and to extend my Lan segments so the phone system have internet access.i need it this way because i cant put 2 default gateway in my phone system so the cisco Rv042 is the default gateway of the phone system and i use port fowarding of the UDP ports 5060 to point to the system.and i also use protocol binding of these ports to the Wan 1
Phone system connect to a switchport The sip trunk router connect to the Wan 1 My lan is connected to the Wan 2 Everything is working fine exept this intermittent issue : Each hour or so my sip trunk stop working. to make it start working i need to unplug my Wan 2 connection and wait for 1 minute.
I have a customer with two ASA 5510s. All four ports are used by the following interfaces: inside, outside, dmz, and failover. This customer is looking at getting redundant internet connections, but we don't have any ports to the redundant connection. What I'd like to know is it possible to configure sub interfaces on one of the currently occupied ports (I'm thinking inside) and use one for inside and one for failover. This way I could have the other port free for the redundant internet connection.
I have noticed that our LMS does not collect any information about wireless users connected to autonomous access points, although I can see the mac address of the wireless users on the switch (2960) Trunk port connecting to the AP via CLI. I can also get the IP address from the core switch. Even after selecting 'Perform Data Collection' on the AP in the topology, the Wireless End hosts report remains blank.
I am trying to enable the option 'End host Discovery on Selected Trunks' in the 'Acquisition configuration in Trunk' menu and after selecting the switch where the AP resides and clicking 'show Trunk' I get the message 'there are no trunks in the device(s) selected', although there are several trunk ports on this switch, other than the one connecting to the AP. The switch and the AP are managed by LMS. We are facing this problem with all Autonomus APs. We do not use WLSE. Is there something missing to discover these Wireless hosts ?
I have a 5508 controller with multiple SSID’s that are non-broadcasting. My goal is to get a 1142N to work in non-root bridge mode by accessing one of the existing WPA2 SSID’s.
I have a IDF that has a 3750 switch with multiple devices connected to it in 3-4 different vlans. B/C of fiber length restraints, I can’t uplink in a traditional way. So, my thought is I can connect a 1142N in non-root bridge mode and connect it to an existing WPA2 w/AES that’s being broadcasted by our 5508WLC. Connect the 1142 to 3750 and let it act as the trunk port for the devices on the switch.
Running Cisco NAC 4.1.6 OOB on the LAN. For some reason in the middle of the night, the snmp trap mac-notification added command appeared on the trunk uplink port of one of our switches.
I don't know exactly when the command was added but at 2am when the backup of the config was taken, it was there. At around 4:30am, the uplink went off-line. Is there anything within NAC that would push a change like that automatically to a switch. We do have NAC Profiler running on the network also.The problem was in a branch office so I only got the information second hand what was on the switch itself. We moved the uplink to a different port which allowed the switch to show up on the CAM again, however when I viewed it, the uplink port was set to controlled! Does this make any sense?
how long devices will stay in the certified device list if no timer is configured to clear it out?
I recently was asked to turn a routed link between our HQ and our DR Site into a trunked link to allow us to span our main Server VLAN up to the DR Site.I was informed by the ISP that owns the 100Mb Leased Line between the sites that the link was configured to pass dot1q traffic and I should just have to configure my links at either end as trunks to get the link to come up.
There is a Cisco 3560 at either end with Layer 3 routing enabled (obviously as this was a routed link previously).So, I scheduled an outage and configured either end as a trunk links as follows and repointed any routes from the /30 routed addresses to the management addresses of the switches on either side:
***For info VLAN 15 is the DR Site and VLAN 11 is the Server range at our HQ and was available on the connected switch***
I'm trying to set up a trunk between an SG200 and a SRV2048.. I am attaching my configuration that not works..
I test to ping an host that is open on Vlan 22 on Swich01 from the other switch, SWITCH02 , from a port 26 that I opened on VLAN 22 in untagged mode but nothing works..
in the last days i'm encountering some issue about ping on some 2950 access layer.These ones are directly connect (fiber trunk) to 4500 core switches. Ping response is very high between 200 up to 600 ms for a period about 30-40 seconds, then returns to normal valueI tried to ping every host connected to this 2950 and ping responses are normal 1ms or less.
