Cisco WAN :: 2960 - VLan 2 Subnet Without Access Together
Dec 26, 2011
i have 2x 27 subet ( we will call first /27 fip and call second /27 sip) we assign sip subnet to our virtual machine and we do not want assign ip from sip to our physical node and we wan assign ip from fip subnet to our physical server, because we want sip can not spoof physical server ips, so when we create vlan in our switch we set port 1 and fip and sip subnet access to this vlan in this senario can my virtual machine spoof our physical node ip ? some one in my datacenter technical team told me we should create vlan for fip and create a seprate vlan for sip then set vlan fip and vlan sip access to switch port #1 is it right? if it is ok can some one give me the commands for this senario which create 2 spetare vlan and access them to port siwtch #1 for exaple? we have cisco 2960 48 port ,
View 2 Replies
ADVERTISEMENT
Feb 6, 2012
I have a 2960-S running the lastest software for testing on my bench:
[code]
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 24 WS-C2960-24-S 15.0(1)SE2 C2960-LANLITEK9-M
[/code]
I have set up VLAN 2 on 192.168.2.0/24 with the switch as the DHCP server. The switch is connected to an RV082 router which is at 192.168.1.65/27. Once I figure out what I doing I'll eventually shift that to 192.168.1.0/24 or something similar. So I have my switch acting as the DHCP server for VLAN 2 but I can't figure out how to get it to access the internet.
I found this example to set up the DHCP server:
[code]
###################################
this works to get vlan 2 to serve ips
conf t
[Code].....
The RV082 doesn't support trunks AFIK and I'm pretty much a newb at this stuff. TIA. I guess I should get a real router and I most likely will but I'd like to get this working if possible before taking the next plunge.
View 7 Replies
View Related
Sep 27, 2012
I have 4 x 2960 switches in a remote site. These are managed by an NMS in our DC, the NMS IP ends in 35.100 with a /23 mask.
When they are first booted, the switches are visable to the NMS, but after a week or 2, 3 of them drop connection to it. If you reboot them again they are fine. You are able to log onto them form thier local router and use a Radius server which is in the same subnet as the NMS.
The odd thing is, whilst they can not ping the NMS, they are able to ping any other addresses in the 34.0/23 range.
The config on the one that does not lose connection is the same as the other 3 and I have also rebooted the NMS.
View 3 Replies
View Related
Feb 14, 2012
we have some devices on the network which cannot be secured and we need to isolate from the rest of the subnet.Our switches are Cisco 2960.Is it possible to via an ACL local a specifric port down to only allow traffic from specific MAC addresses? I've had a go at this myself but not been able to make any progress. The traffic type is TCP/IP.
View 10 Replies
View Related
Apr 4, 2011
I am designing a network right now that is going to have 356 devices. I need to use vlan separation with subnetting for a number of reasons. The first (and most obvious) is that there are 356 devices that will require an IP. Too many for one subnet. The second is that a good portion of the devices that I am using are a litlle to chatty with the broadcast traffic for my comfort. I have two subnets that are going to be specifically alocated to these chatty devices. Our switches are being provided for us by the client for unknown reasons. They are providing us with HP ProCurve E2810 switches which are layer2 switches.
View 1 Replies
View Related
Sep 16, 2012
I have currently Ciso4404 WLC installed which is in vlan4001 with the 172.16.10.0/24 subnet
I have bought Cisco 5508 WLC recently as AP count is increased... Can I install it in same vlan and subnet? If yes what would be the setting for APs to join... If no how can I configure it with other vlan and subnet..
View 1 Replies
View Related
Aug 12, 2012
I have got a wireless project with WLC main office and have 10 sites where ap's are there and ap's getting registerd .we need 4 ssid in all branches same .
ssid guest
ssid scanner
ssid user
vlan 600 main office for scanner 192.168.1.0
in branch
vlan 600 for scanner but ip is 172.16.1.0
and bgp is running . And customer is asking me not to edit the ip range or vlan or create new vlan . but in wlc am not able to create branch network 172.16.1.0 range interface and vlan 600 as vlan 600 i already created for scanner main office 192.168.1.0 So is there a way to do that .
Temprarly one site i did like created vlan 610 in branch no ip . And in main office interface vlan 610 given another ip range . and i created interface in wlc . from branch i can connect the ssid and getting ip . But they dont want to create any aditional vlan or another network . Customer dont have a smartnet contract . They recently baught 2 wlc 5508 and 40 ap 1142.
View 4 Replies
View Related
Jun 9, 2010
Just got a new SGE2010P layer 3 switch. I'm trying to configure Vlan to reach a few subnet. I have the original 192.168.1.0/24 as vlan1. I want to reach our WiFi subnet 192.168.10.0/24. The WIFI router is directly connected. It's new for me as the previous Job i was sorking with a ws-3750-48.
i did from console change my switch to layer 3 mode... ( i want it as the DGW for each Vlan)from the web interface, i create a vlan4 for our WIFI Next i go to ipv4 to add an IP address to vlan 4 like 192.168.10.254 /24 As soon as I apply the IP the switch stop responding, Ping request time out.. i need to reboot the switch..
View 2 Replies
View Related
May 4, 2011
I'm new to Cisco equipment much more familiar w/ Sonicwall w/ that said......I have a 5505 w/ Security Plus licensing
I have set up multiple VLANs as follows
VLAN 1 inside - still setup as 192.168.1.1 (will not be using this for our lan)
VLAN2 - outside
VLAN100 - LAN 10.1.1.1/24
[Code]....
If I do add all the VLANs above I understand I will probably have to make a trunk port since I only have 5 usable interfaces
View 12 Replies
View Related
Jan 25, 2012
I recently bought SG-300 28P to create the VLAN. My network hs 3 subnet 192.168.1.0, 192.168.2.0 and 192.168.3.0.My main net work is 192.168.1.0. I want to divide it to VLAN to eliminate the boardcast storm; especially from the domain 192.168.3.0
But I want all the devices from 192.168.1.0 to access other subnet.
View 4 Replies
View Related
Feb 12, 2013
vlan.dat file fetch.
I'm using Cisco Prime 4.2 and VLAN fetch for all devices is currently going over TFTP. Devices managed by LMS are 2960, 4500, 6500 series. All devices are using SSH v2. ACS server is configured on all devices and SSH credentials are OK.
This is the error message I get when i select SCP: "SCP user credentials not available. Configure the SCP user credentials and try again Action: Check if protocol is supported by device and required device package is installed."
Is it possible to use SCP as VLAN fetch protocol? How to configure this on a devices and how to enter SCP credentials in LMS?
View 7 Replies
View Related
Apr 10, 2011
We had a new building thats gone up and complete now and we're trying to get a ip phone working down that end of the school on a vlan. We seem to be having trouble with the VLAN going through on the 2960 switch but it works fine on our core 3560 switch.
There looks like a slight variation in the config of the switches, the 3560 switch supports the "switchport trunk encapsulation dot1q" command on the interface where as the 2960 doesn't support the "switchport trunk encapsulation dot1q". Is this why the vlan is working on the 3560 and not the 2960, or is it something else?
Both switches are using the 12.2 IOS
Heres the trunk port configured on the 3560 going down to the new building and connecting into the 2960 with a 1gbit fiber link
interface GigabitEthernet1/2 description 3560X Port UpLink as Trunk Mode switchport trunk encapsulation dot1q switchport mode trunk udld port storm-control broadcast level 60.00 spanning-tree guard root
Heres the trunk port configured on the 3560 going to a Linksys switch which then connects to the DHCP server (The other end of the 3560 is also configued as trunk)
interface GigabitEthernet0/6 description Edge Switch port for clients switchport trunk encapsulation dot1q switchport mode trunk spanning-tree portfast
Heres the working vlan port on the 3560, the ip phone is able to get an ip and ring all other phones etc
interface GigabitEthernet0/7 description Edge Switch port for clients switchport access vlan 2 switchport mode access spanning-tree portfast
Ok now heres the config for the 2960
Heres the trunk port configured on the 2960 going back upto the 3560 switch
interface GigabitEthernet1/0/25 description Port UpLink as Trunk Mode switchport mode trunk udld port storm-control broadcast level 60.00
Heres the access port configured on the 2960 which isn't passing on vlan information. Is there another command i need to use to enable encapsulation as dot1q?
interface GigabitEthernet1/0/19 description Edge Switch port for clients
switchport access vlan 2 switchport mode access spanning-tree portfast
View 11 Replies
View Related
Aug 2, 2012
Apparently on older switches you could just enter the "management" command under the new VLAN interface and it would pull the config from the old one, apparently that feature isn't around anymore. I've tried establishing a trunk to the damned thing and trying to switch over that way, but it doesn't seem to work.
View 4 Replies
View Related
Mar 5, 2012
I have a Cisco 2960 48-port switch. I enter "sh vlan" and it lists all the VLAN's. One of the VLAN's listed is "10" with the name "EPIC". What is the quickest way to find out what ports, if any, are assigned to this VLAN?
View 2 Replies
View Related
Feb 19, 2013
In our network environment, we have a 2960 switch sitting behind our router. Off of this we have a lot of external connections, like our external DNS, firewall, and VPN concentrators. I've configured a VLAN other than the default, moved everything into it and then shut VLAN 1. In this hardening guide it says that your native VLAN should be something other than the user VLAN, but if I am not using any trunk links, wouldn't I not really have a native VLAN? I attempted to make the link to our firewall a trunk link and then set the native VLAN to something else.
View 5 Replies
View Related
Nov 28, 2012
I have copied the config and vlan.dat files via tftp to the computer and want to import them to a replacement switch. Both switches are 2960 model. I get the config over fine but not sure how to get the vlan.dat file to the flash.
View 1 Replies
View Related
Feb 25, 2013
New to Cisco and want to know if I can segment a port. I have two v lans. I have one internet connection at the opposite end of the building. Can the port the internet is connected to serve both V lans?
View 6 Replies
View Related
Feb 11, 2013
I have 2 hosts, 1 plugged in fa 0/21 in VLAN 101 and another in fa 0/22 in VLAN 101 on our L2 Cisco 2960. If I try and transfer files from either host the gig 0/1 trunk port on the 2960 leading tot he 3750 fa 0/1 port hits 100mb (using a real time bandwidth monitor tool), but why? This VLAN is on the same switch, why does it go one way up the trunk to the L3 3750 switch? The L3 3750 is the VTP server and the 2960 is a client. I would of thought the traffic stays local. The 2 hosts don't even have a gateway set.To sum up the typology the 2960 and 3750 are trunked using a single cable. The 3750 hangs of a ASA firewall using SVIs.Here is whatthe traffic looks like when copying a file between hosts (2gb file).
3750 L3 Switch (VTP Server)
interface FastEthernet1/0/4
description Trunk to Cisco 2960 Gig 0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
[code]....
View 6 Replies
View Related
Mar 13, 2013
I have 2960 cisco switch. I want to configure private vlan. But it is not getting configured in cisco 2960. Is there any other way to configure that in switch.
View 1 Replies
View Related
Aug 6, 2012
I have two questions for a Cisco 2960 (WS-C2960-24TC-L)
1. I am working to setup a few Cisco 2960 switches for HP iLO access to our servers. We are going to segregate the iLO network (VLAN 40) from the data network (VLAN 10) by using a different VLAN. All of the HP servers will be configured with static addresses. My question is, how do I set all the ports to VLAN 40 so that untagged devices will automatically go onto VLAN 40? I don't want to have to configure the VLAN on each iLO port on the server. I tried to set the port to: "switchport trunk native vlan 40", but that didn't work.
2. Also, how do you access the web GUI for these switches? I get a login box, but putting in the enable password doesn't work. I have the following commands in the config: [code]
View 9 Replies
View Related
Jun 6, 2013
we have inserted into a network with VTP a Cisco Switch 2960-S, not knowing that had installed IOS LAN lite.Now I discovered that it can handle up to 64 vlan. In the network there are currently configured 62 VLAN: what happens when we exceeded the max number (64) of VLAN for that switch?
View 6 Replies
View Related
Apr 17, 2011
I would like to configure a guest-vlan and restricted-vlan on a 2960 switch, but I can not.
I am trying to configure the interface using the following commands: [code] similar result is obtained while trying to configure a auth-fail vlan. the full configuration file is attached.
View 4 Replies
View Related
Jul 26, 2010
I am a complete novice at networking, but I was tasked to have an ASA 5520 do inter VLAN routing (since my shop doesn't have a layer 3 router).As a basic setup, I am trying to have three workstations on three different VLANs communicate with each other. The attached screenshot shows the topology. I am unable to ping from a PC to the ASA...therefore I can't ping to other VLANs.
ROUTER CONFIG:
ciscoasa#ciscoasa# show run: Saved:ASA Version 8.3(1)!hostname ciscoasadomain-name nullenable password ###### encryptedpasswd ###### encryptednamesdns-guard!interface GigabitEthernet0/0no nameifno security-levelno ip address!interface GigabitEthernet0/1no nameifsecurity-level 100ip address 10.10.1.1 255.255.255.0!interface GigabitEthernet0/1.10vlan 10nameif vlan10security-level 100ip address 10.10.10.1 255.255.255.0!interface GigabitEthernet0/1.20vlan 20nameif vlan20security-level 100ip address 10.10.20.1 255.255.255.0!interface GigabitEthernet0/1.30vlan 30nameif vlan30security-level 100ip address 10.10.30.1 255.255.255.0!interface GigabitEthernet0/2shutdownno nameifno security-levelno ip address!interface
[code]....
View 30 Replies
View Related
Mar 11, 2013
Using Cisco 2960 series switches (Have 8 . 2 stacks of 4) to replace 6 old switches. 4 old switches had IP ranges of 192.168.6.*** and all new switches have 10.1.*.* addresses. Core switch has 10.1. as well as 192.168 ip addresses but i need to configure one vlan (5?) to route to 192.168 address. PC's on 10. address taking a long time to access 192 range.
View 2 Replies
View Related
Jan 19, 2011
Cisco Catalyst 2960 series,i want do a SNMP request over OID. When the output should be like this: Portnumber and VlanID. Is there a OID for this output?
View 1 Replies
View Related
Aug 6, 2012
When did this wonderful feature get introduced? Is it going to moved down to the 3560s/2960s type switches?
View 0 Replies
View Related
Nov 1, 2011
Based on my diagram, my computer A (192.168.100.11) can ping and access my computer B (192.168.10.14). But, when i'm home and i use remote access vpn (192.168.200.x) in cisco asa 5520 to connect to my computer A is okay. But, when i try to ping my computer B is not okay. I already do the exemption for 192.168.100.x and 192.168.10.x in nat rules for inside interface (192.168.100.2) ...
Should i put routing from outside 1.1.1.2 to 192.168.10.x by using 192.168.100.1 as a gateway?
View 1 Replies
View Related
Dec 25, 2012
I have trunk etherchannel ports 47,48 which both have Vlans allowed on trunk 70,71. Everything works pretty fine. Now I am trying to add a new VLAN 72 to these ports.
conf t
interface FastEthernet0/47
switchport trunk allowed vlan add 72
exit
exit
So far so good. But when making the same command for port FastEthernet0/48 my switch stuck.
View 8 Replies
View Related
Nov 14, 2011
I have a 2960 that I need to limit the uplink port to 50Mbps for 3 vlans and 350Mbps for another vlan. Would the following config achieve that or is this even possible for the 2960?
class-map match-any VLAN50-51-52
match vlan 50-52
class-map match-any VLAN53
[Code].....
View 1 Replies
View Related
Jul 5, 2012
I have a 2960 switch connected to another. The I need to verify that vlan0010 on one switch is forwarding tagged traffic between the other switch it is hooked up to through the Gi0/1 port. How do I verify this? I have a server that's multihomed (Broadcom) on the other side an it is supposed to be on this vlan with one of it's network interfaces. We had a pwer outage and now it cannot communicate on this vlan. However, everything else on the vlan can reach all the other nodes accept this server in the front of my building. All the devices in the same room are linked to the same switch which has one port (fa0/17) on vlan0010 and can ping eachother just fine. The server is hooked to port 24 on my server room switch and Gigabit port one goes to a fiber converter all the way to the back. It then gets converted from fiber to cat5e again and links into the switch (2960) in the backroom.
View 5 Replies
View Related
May 21, 2012
We're going to be switching some of our gear from Foundry to Cisco, and were looking at the WS-C2960S-48TS-L. We currently have 3 different VLAN's, and I wanted to have 1 uplink back to our firewall (ASA 5550) and then let the firewall do the routing between the subnets. I realize that 1 link will carry the traffic twice then, but is that possibly with those switches to have all three vlans assigned to one port and then just let the firewall do the routing between the vlans or would I need to have 3 uplink ports back to the 5550?
View 1 Replies
View Related
Oct 31, 2012
How can I configure Cisco 200 (SG200-08P) to learn Voice VLAN and CoS/DSCP from upstreamCatalyst 2960?
The Cat 2960 is today used together with LLDP-MED to announce config to Aastra IP Telephones. In some cases I need to use a small switch inbetween and plan to use the Cisco SG200-08P for this. However, I would like to avoid manual config of the Cisco 200 switch.
View 3 Replies
View Related
Dec 29, 2011
Setup is like this: Poly com IP phones -> Cisco 2960 switches -> Cisco 2621XM router running 12.28(r). A Windows 2003 server running on HP Proliant DL380 G4 with the correct DHCP scope is configured for the IP phones, also sitting on a Cisco 2960 switch.
A typical port config on the 2960 is:
interface FastEthernet0/1
switchport mode access
switchport voice vlan 60
mls qos trust cos
auto qos voip trust
spanning-tree portfast
spanning-tree bpduguard enable
Relevant section of the config on the 2621XM router:
interface FastEthernet0/0
no ip address
no ip redirects
no ip proxy-arp
ip pim sparse-dense-mode
[Code] .......
This used to work on a Windows 2000 server which sat on different piece of hardware, but stopped immediately after the migration to Windows 2003 server was done. There was no change on the router or switches prior to or after the server migration. I see DHCP server log on the 2003 server giving DHCP NACK because the phones are apparently asking for IP's in the data VLAN.
View 14 Replies
View Related
