Cisco WAN :: 3560 - How To Route Segmented LAN
Jul 13, 2011
The traffic flow on the network is fine, but we are not able to access our remote locations.Using the example in that thread:Let's use your example. If your Vlan interfaces are configured on the 3560:
interface Vlan10
description LAN A
ip address 10.20.102.1 255.255.255.0
interface Vlan 104
description LAN B
ip address 10.20.104.1 255.255.255.0
Device A has his default gateway set to 10.20.102.1 (interface Vlan10) and device B has his default gateway configured to 10.20.104.1 (interface Vlan104). If device A (10.20.102.55) wants to talk to device B (10.20.104.25), the traffic would have been routed on the 3560 between Vlans 102 and 104.
As for DHCP, if there is a server on a separate network (let's give the DHCP server an ip: 192.168.2.15) you would configure an 'ip helper-address' on each vlan, which will forward each DHCP Discover broadcast to the DHCP server as a unicast packet. This is done because by default the router (3560) will not forward broadcasts.
interface Vlan10
description LAN A
ip address 10.20.102.1 255.255.255.0
ip helper-address 192.168.2.15
interface Vlan 104
description LAN B
ip address 10.20.104.1 255.255.255.0
ip helper-address 192.168.2.15
Now lets say LAN A and LAN B are located in SITE1. A second site, SITE2, has the address of 10.20.128.1. I can't ping the Site2 location from the LAN B (10.20.104.x) segment in Site1. I think I should set a static route on our switch with something like this:
ip route 10.20.0.0 255.255.0.0 10.20.102.10
The address 10.20.102.10 would be a wan router in this example.
View 42 Replies
ADVERTISEMENT
Nov 15, 2011
I have been researching a way to remove this subnetted route from my L3.There is an extra subnetted route that should not be there when I execute the command: show ip route
Below if part of my Show Run and the Show IP Route commands. You will see the 10.0.0.0/24 subnet as subnetted. I dont know why the L3 uses the 10.0.0.0/24 when I enter 10.10.10.0/24? But thats a whole different questions.
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 10.10.10.1 255.255.255.0
!
interface Vlan3
[code].....
View 5 Replies
View Related
Jan 15, 2011
I have a really weird issue with my cisco catalyst 3560G.
-device: cisco catalyst 3560g
-ios: 12.2-53(SE) IP SERVICES
scenario: configured IPv6 iBGP link between this switch and a router. the router is announcing 1 (test) route. the switch sees the route properly, but doesn't add it to routing table (the route never gets to be "best path", although it should be).
View 15 Replies
View Related
Jul 4, 2012
A check out a network segment and want to know why SwA has a static route to SwB if SwA already has a Default GW to Core?
(SwA, SwB - Catalyst3560, Core - Catalyst4948)Note, there are distribute list on SwA - it does not has any OSPF route (exclude O*IA).
Does this mean when SwA send out packet with DA 10.5.64.0/26, Core will use only L2 switching (instead of L3)? Is this more effectively for Core Switch?
Pleace check my reasoning:
1. When use a static route: SwA receive packet from Vlan 20 with DA 10.5.64.0/26 it will strip out Dest. MAC and replace it with MAC of SwB. Core will switch this packet to SwB based on mac add. table (l2 switching)
2. When SwA has only Default gateway and receive packet from Vlan20 with DA 10.5.64.0/26 it replace Dest. MAC with Core MAC. Core receive this packet, lookup route table for 10.5.64.0 entry and forward packet base on this.
View 6 Replies
View Related
Jan 14, 2012
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
View 15 Replies
View Related
Feb 25, 2013
We have two catalyst 3560 switches running c3560-ipbasek9-mz.122-58.SE2.bin They are connected using etherchannel using gi 0/21 - 24 interfaces.
on 3560-1 switch, there isn't any ip-default gateway or ip route configured. It only have 1 interface vlan configured.
on 3560-2 switch, there is ip default gateway configured along with 1 interface vlan.
What i dont understand here is that, i can reach out to other subnets from 3560-1 switch in which the routing is not enabled?
View 4 Replies
View Related
Jun 24, 2011
I've enabled antispoof on all interfaces on asa 5510.If you start a traceroute to a network on the default route, everything works, since replies comes to an interface with route 0.0.0.0/0 defined.If you start a tracer route to a network that is NOT on the default route (let's assume coporate MPLS), you only get response from first carrier router, the other are discarded because of anti spoof violation.
I have ICMP inspection and icmp-error inspection enabled.
View 1 Replies
View Related
Aug 6, 2012
I have a NAT/Port Forwarding going on for which I need to deny all traffic except the one mentioned in my ACL/route-map, So, port forwarding from host A to host B, all else, deny. The port forwarding works, but for some reason.
View 2 Replies
View Related
Dec 8, 2011
I'm trying to setup an 877 to sit in front of a firewall. As the firewall has a public IP I do not want to use NAT. The problem I'm having is I can't seem to route through the 877. From the 877 i can ping 8.8.8.8 From the internal network I can ping the dialer0 interface of the 877 but cannot ping 8.8.8.8
View 2 Replies
View Related
Aug 29, 2012
why a subnet wouldn't be passed on to just one participating OSPF device?
I have two routers and an ASA, all of which are in area 0, it's a pretty simple config. The two routers are connected to some other devices (also in area 0) that pass of an external route to a particular subnet, let's call it 192.168.4.0. The routers are getting it just fine, but the ASA is not:
View 8 Replies
View Related
Jan 20, 2013
I have a Cisco 819 router and it's the first time I've configured any Cisco product. Starting from scratch, I have managed to get 3G working and the VPN to connect but so far no packets can route down the VPN tunnel (the other side is openswan/shorewall on CentOS5).I've been pawing over lots of guides and forum discussions but seem to be a bit lost. I suspect I'm missing some access-list definitions but don't really know how to go about it. I want the network behind the Cisco 819 (10.x.x.0/20) to be able to access the internet through the interface Cellular 0 but also the VPN remote network (192.y.y.0/24)When I ping from the other (non-cisco) end I see on the Cisco 819.
View 9 Replies
View Related
Jan 4, 2013
I am a bit green with IOS and have exhausted everything I can think of with this. The router passes the WAN test in CCP?Undoubtedly there are probably a few things in the config that are either redundant or totally unnecessary, but I have been trying a few things to solve this with very little success.I have no security stuff in here because I have triewd to keep the config as simple as possible to start with. I will add that after I get the routing working.
Here is my most recent config:
Cisco871W#show config
Using 2631 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
[codde].....
View 4 Replies
View Related
Nov 15, 2012
Configured cisco 881, WAN has static IP address and LAN is nothing fancy. I can ping out to url... or anywhere from the router but cannot from LAN client computers. [code]
View 4 Replies
View Related
Mar 2, 2011
I am attaching my current network topology, My problem is that i am having mpls & p2p link terminated on the 7206 router left side of diagram. now my problem is if i apply PBR on this 7206 router & tracer any host which are on right side of the diagram, it drops on IP 10.1.1.1..ideally it should go to my Core switch on right of the diagram.
View 8 Replies
View Related
Jun 19, 2011
We have a 3560 on our head office acting as an aggregare switch as well as Hub terminating remote wan links(one trunk link from provider terminated on FE port with several SVIs for remote location) and routing via OSPF. We have 1800 series at remote locations.
Now, If I want to prioritize say SQL traffic outbound from our head office to each remote brach I cant seem to do it with 3560 as it says... cannot apply service policy out blah blah.
How can I achieve my goal with 3560, Is it a good design to use 3560 as a Hub? our port utilization isnt that much..Wouldnt it be better to use 1800 or 2800 series?
View 5 Replies
View Related
Feb 27, 2013
I configured dns on the router on this command ip name-server 4.2.2.2when i tried to ping www.google.com showing no valid routeTranslating "www.google.com"...domain server (4.2.2.2) [OK]Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2800:3F0:4001:807::1013, timeout is 2 seconds:
View 9 Replies
View Related
May 7, 2012
I am trying to track down a device that's blocking a certain port I know there are programs out there than will do a trace-route that's on TCP but is there any programs that allow you to specify a port?
View 6 Replies
View Related
Jul 3, 2012
Is there any way to route inject with RRI only when the VPN is formed on an ASA ?
View 5 Replies
View Related
Jul 1, 2012
I want to leak default internet route to CE VRF as common service.Since we having two ASBR, can I point next hop to PE itself instead of either of the ASBR?I tried to point NH to loopback of the PE itself but it failed.
View 6 Replies
View Related
Aug 2, 2012
a) one router with two ethernet interfaces (LANs) and a serial interface. The serial interface is connected to the internet, dynamic nat is used for hosts in the two lans. A web server has a private address of 172.168.50.10 and it is being translated to the internet with serial's interface 68.32.x.x (public ip) with static nat. Clients in the internet type the public address to access the web server.
b)Problem: clients inside the LANs cannot access the web server by typing the public address, they use the server's private address instead, this create a problem with DNS static entries in the HOSTS file in the OS. It is a test server and is only available to authenticated users (lock and key ACLs), so no need to make a real DNS record. The entry in the HOSTS file points to the public address.
c)Question: how can a create a route map to change the public address in the HOST file to the private address of the test web server everytime a user in the LANs type the domain name.
View 6 Replies
View Related
Mar 4, 2013
I am advertising the 172.16.10.0 network from R5 to R1 via EBGP. The problem is that on the Router R1 I see the route 172.16.10.0 whith show ip bgp command but in the show ip route don't appear.I thinked that the problem was SYNCHRONIZATION,so that will activated synchronization on the routers R1 and R4 but don't work. Furthermore the routers R2 and R3 neither receive the route via OSPF.
View 11 Replies
View Related
Nov 6, 2012
I know RD is used to make an IPv4 address unique in an MPLS VPN system.I don't understand why a PE sends the RD when advertises a route via BGP.I thought RD were only local significant. But I made a packet capture and the RD is actually sended inside the MP_REACH_NRLI attribute:
(from packet capture)
Label Stack=19 (bottom) RD=12:1, IPv4=172.16.22.0/24
MP Reach NLRI Route Distinguisher: 12:1
Why the RD is sent? I suppose that the PE receiving the update checks the Route Target Extended Community to know to which VRF associate the update and not the RD.I made a test between PE1 with RD 12:1 and PE2 with RD 13:1 and there was full routes exchanges, the same when both PEs were using the same RD(all this configured in the correct VRFs). The only difference is that PE2 now shows in their corresponding VRF BPG table "Route Distinguisher 13:1".
View 19 Replies
View Related
Dec 13, 2010
We have a Cisco 1841 router and checked something an unnusual (never seen before) routing table having L - local routes. if this an IOS bug or same as C - connected local routes.
1841#sh verCisco IOS Software,
1841 Software (C1841-IPBASE-M),
Version 15.0(1)M3, RELEASE SOFTWARE (fc2)Technical Support: [URL] ... Copyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Sun 18-Jul-10 01:16 by prod_rel_team
[Code] .....
View 6 Replies
View Related
Dec 23, 2011
I have a 2801 with dual ISP connections, and I have configured route-maps to direct voice traffic over ISP1 (working just fine), and I'm attempting send all other traffic over ISP2 (traffic is load-balancing instead). The connection to ISP2 is DHCP, and I have configured a route-map to route this traffic using the 'ip next-hop dynamic dhcp' command, but when I look at the route-map, it states the following: ip next-hop dynamic dhcp - current value is UNKNOWN..Is there something that I need to enable in order to see the next-hop, and properly send traffic over the ISP2 connection? [code]
View 9 Replies
View Related
Nov 1, 2012
I have pix firewall 525, configured with ospf process. We are also performing route filetering in ospf process using route-map. Now we want to remove this route-map from ospf process. Any step-by-step process for removing route map as per below list. How to remove route-map without having any impact as per above configuration.
View 1 Replies
View Related
Apr 10, 2012
We have had to replace a Cisco 877 with a Cisco 877VA (DSL & VDSL). Router connects using its DSL interface to the ISP and works ok, from the router if I ping 8.8.8.8 for google it works ok.If I use an IP NAT and Access list (See Below) from the internal network I can ping and get out OK.If I use a route map, which is required for getting around some of my VPN / Static NAT issues I currently can not ping or get out. The config works ok on the old 877 model router which is running an older version of code and is an older model.
View 2 Replies
View Related
Feb 6, 2013
I'm trying to sort out someone else's 800 series router config IOS 12.2 that was just added onto for years and never cleaned up. There are about 10 route map statements near the end. As far as I can tell, only two are being used. Doesn't a route map statment have to be called(referenced) in another statement in order to actually be used such as either under an interface or in a nat statement?
View 2 Replies
View Related
Oct 23, 2012
I have route-map defined on my ASR 1002 12.2(33)XNE and applied to my gi0/0/1 interface. I need to change the IP address defined on the "set ip next-hop ..." line. My question is, when I make the change in just the route-map definition, does the change take effect immediately, or do I need to remove and re-apply the "ip policy route-map ..." statement on the interface? If I do have to remove and re-apply, will this be service-affecting for all the traffic flowing through the interface? I'm just not sure what to expect.
View 2 Replies
View Related
Sep 7, 2011
I have a router with 2 WAN (MPLS) connections to two different IPSs.One connection is a 3mbs MLPPP connection and the other is a 10mbs MetroEthernet connection.Both use BGP to peer up with the ISP with private AS numbers (65001, 65002, etc)I want the router to always prefer (use) the BGP connection through the 10mbs link, but here are my considerations:I can't change the prefix length for the peers. In other words, BGP 65001 is going to advertise 192.168.21.0 /24 to its peer, and BGP 65002 is going to advertise the same network with the same mask.What is the best way to make sure the 10mbs link is always preferred? Can I do local preference?
View 6 Replies
View Related
Nov 28, 2012
I am trying to get the Cisco 1921 to route between 2 LANs. I can ping from the router itself, but cannot ping across either, is there something I am doing wrong here:
version 15.1
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
[code]....
View 10 Replies
View Related
Feb 21, 2012
VPN 1841, and static nat. I have to create VPN to connect to remote network, but problem is that they already use same subnet as mine. How to configure static nat on cisco 1841 so static nat will work and address will be translated in different IP when connection trough VPN.I have address 192.168.235.1 and I want to translate to 192.168.100.1,This 1841 is border router, and all VLNAs and VLANs routing is on 3650.
View 12 Replies
View Related
Feb 1, 2011
I need to use a 3750 switch running 12.2 code to route between two networks in a test setup.Switch#sh verCisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2006 by Cisco Systems, Inc. The idea for the test setup is 3750 emulates a client's live network which is two routers having a site-to-site tunnel connecting from their ISPs. This will allow me to test the tunnel configuration with the router configs that are in production but replacing one of the routers with an ASA.
View 3 Replies
View Related
Mar 16, 2012
how to tag static routes on ASA. I have static routes that I want to redistribute into EIGRP on ASA. I can't find any tag option when defining a static route or under set command in route map... am I overlooking something?
View 1 Replies
View Related
