Cisco WAN :: 3560 Switch Configuration - Setting Up As Edge Router
Nov 27, 2011
I have a cisco 3560 switch set up as my edge router. It is working as my external demarc switch and edge router. It is sitting between the ISP's switch and my ASA firewall. It's a very basic configuration with port 1 set up with a fixed ip and switchport turned off which is connected to the ISP switch. VLAN2 is configured with an IP address and 3 ports, two of which go to different firewalls.
I found that I cannot ping a specific address from the inside interface (VLAN2), but I can from the outside interface Gig0/1. I have a few deny commands in an access list, but they don't apply to the network i'm trying to access, and I haven't had any other inaccessible networks otherwise.
Here's my config minus passwords and full IP ranges. There are two ranges, one with xxx and one with xx. The xxx is set as secondary, but is the one we really use.
Current configuration : 4808 bytes!version 12.2no service padservice timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname my-rtr-ext!boot-start-markerboot-end-marker!enable secret 5 !
!!no aaa new-modelsystem mtu routing 1500ip routing!
[Code] ............
View 4 Replies
ADVERTISEMENT
Feb 10, 2012
In our new Head office we have to set up a Network connectivity.Total our office 4 floors.In each floor we kept three cisco 2950 switch.We have L3 switch(cisco 3560) to connect the all the other switch.In our office total 5 departments.we have to create VLan for each departments in the switch.
We want to all user to communicate to each other.We have WAN connectivity in the router(cisco 2900) to connect the other office.First i want know how to physically connect all the swiches and finally with the L3 switch.How to configure the VLAN in both L2 and L3 switch.In our other client office one router to connect the both office.In the router how to configure and which protocol to use to communication.
Ip address:10.10.40.0/22
WAN IP :192.168.214.65/30
View 3 Replies
View Related
Aug 21, 2011
Apart from the ability to participate in BGP, is there any reason you should use a router on an internet edge rather than the SG-300 switch?
View 4 Replies
View Related
Apr 15, 2012
I recently ran into some problems concerning the use of a Cisco layer 3 switch (3560) as an Internet edge device to perform a simple static route between the customers network and the ISP POP router. Although this device can perform the routing at the edge for Internet traffic, I am concerned that this device has limitations when it comes to functions such as traffic shaping to the subscribed bandwidth of the Metro Ethernet access to the Internet. Since the 3560 could not conform to the 20 Mbps of subscribed bandwidth, any traffic beyond 20 Mbps was dropped causing performance issues with applications that use TCP. I am trying to find design documents or white papers that would either support or not support using a layer 3 switch as an Internet perimeter device instead of a router. I would like to know if Cisco has a specific perspective on this subject and whether or not they would ever recommend actually using a layer 3 switch model that is a 37XX or below?
View 3 Replies
View Related
Mar 18, 2013
I have a 3560 switch with 1 VLAN (VLAN 10) where I need to make ports:
1-10 as isolated (can't contact each other)
11-20 as community (need to contact each other like a normal VLAN)
23 as promiscuous (server that ports 1-20 need to get to)
24 as promiscuous (WAN router where ports 1-20 need to get to and the remote servers).
[Code]...
View 26 Replies
View Related
May 26, 2013
how to recover password and retrive configuration on Cisco switch 2950 and 3560.I know the way to press and hold the mode button and then plug in the power cord can reset the switch to factory default but it will reset everything to nothing. As such, it is not what I want and I want to keep the configuration file and able to use the configuration on the switch.
View 2 Replies
View Related
Aug 23, 2011
setting up an ASA 5505 to be used as a firewall between a BT internet router(BTNet service) and a Cisco 3560 Lan switch. BT have presented me with a cisco 3800 series router with the following details:
Network Address Network Mask BTnet NTE Router LAN Address
There are 2 Gigethernet ports on the back of the router port Ge0/0 is connected to the BT NTE and the status light is flashing green. Int ge0/1 is connected into port int e0/1 of the ASA but i am unable to get any connection.
View 21 Replies
View Related
Jan 10, 2013
I've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
View 4 Replies
View Related
Oct 22, 2011
how do i configure cisco switch Edge
View 1 Replies
View Related
Sep 4, 2012
i have a problem with a cisco cat. 4507 edge switch as when i have a login ssh session to the switch the supervisor engine restart and the redundant Sup. engine becomes the active and so on this problem mainly happen when i have multible SSH session to the switch and it happened very rarely with a single ssh login
the ios version i use is cat4500-entservicesk9-mz.122-54.SG which im using on all my edge switch and they are all working fine excpt this one
View 1 Replies
View Related
Jul 31, 2012
I am trying to upgrade my 2960 edge switch through tftpd...i have configured vlan 1 with IP address 172.16.10.1 and tftpd as 172.16.10.2 I am trying to ping tftpd, but I couldn't, but when I try to ping vlan 1 from tftpd, i can?
View 6 Replies
View Related
May 20, 2012
i'm having some trouble setting up the correct NAT configuration of a Cisco 1921 router. The NAT is not working as I want - I think my configuration is wrong somewhere. All clients in 172.16.0.0/24 have the correct outgoing address of 1.1.1.3. But the NAT for 10.10.0.4 (and 10.10.0.5, 10.10.0.6) is partially broken: Ping and ssh from the outside world to 1.1.1.4 is "natted" to 10.10.0.4 and works as expected. But from inside (172.16.0.0/24) ssh to 1.1.1.4 should be "natted" to 10.10.0.4, but doesn't work (ping works). ssh from 172.16.0.0/24 to 10.10.0.4 (without doing NAT) works.
network design:
===============
172.16.0.0/16: network for normal use
192.168.64.0/24: network for specific clients and servers
[Code].....
View 1 Replies
View Related
Nov 18, 2011
I have a Cisco network on a ship where I work, I have an Ericsson GSM Access point which picks up local GSM 3G signal and broadcasts it onboard. I have two of these units and they are connected to a D-Link Load balancing router which is in turn connected to a Cisco 3560 Series 8 poe switch. Each unit is on a different subnet. The Cisco is on the DHCP server from my AD server (Windows 2003 Server) The Load balancing router has no DHCP and the Ericsson units have their own DHCP servers.On the Cisco switch if I plug in with a laptop I get an IP address for the DHCP on my server. I cannot ping the load balancing router from it. If I connect to the Load balancing router and set a static address for that subnet I can access the internet via the Ericsson units. And if I connect to the Ericsson I can access the Internet.
View 22 Replies
View Related
Jul 23, 2012
I have a cisco 3560 24PS and its connected to two ADSL broard band routers.one is a personal broadband line using a Billion ADSL broadband router, and the other is a business broardband line using BT's 2wire broadband line.on the Billion routers i have various things attached like a NAS and a printers, both wired connections. then i have laptops and phones that connect over wifi, so its configured to act as a DHCP server
the only thing conncted to my 2wire router is my company's laptop (wired or wifi depending on where i'm working from), so again i have it working as a dhcp server.The switch is configured with multiple vlans, with dhcp scopes assigned for each vlan.I have a static route pointing all traffic to my Billion ADSL for internet connectivity.
The problem i'm having is that when i turn on the cisco switch, all wifi conected devices loose their conection. only 2 things get it working again, a reboot of the router, or disabling then enabling the DHCP service on the router.upon further analysis i was able to find out that the devices were not able to pick up an address from the router. again i looked deeper into this and i can see the following on logs of my router: [code]
so it seems that the router tuns off its DHCP capabilities because it detects that my Cisco switch is running DHCP services. I need to figure out how to keep the billion routers DHCP running when ever the switch is turned on.is there a way of filtering out any DHCP chat from the switch to the router?
View 7 Replies
View Related
Jun 28, 2012
I have a problem, i would like todo MACSEC betwwen two switches cisco catalyst 3560-x but I know that for this operation i needed ACS server 5.1 is it possible to encryp dataflow without ACS server and if you have the configuration
View 7 Replies
View Related
Jan 17, 2012
If i want to setup a router and switch in my small business... 11 computers. Can i run 2 switches into one router or is it better to run one larger switch into one router. Second is when I set it up do I need to assign addresses to each computer or do I just need to plug them in and setup the network with windows network wizard. I will have a shared drive on one of the computers or possably some network storage.
View 1 Replies
View Related
Mar 3, 2013
i am currently using 2 DSL WIFI modem and wants to combine them to my RV042 dual wan router but as i set them up using WAN1 and Wan2 as "Obtain IP Automatically" there is no internet connection?
View 2 Replies
View Related
Feb 26, 2012
what's the meaning of the output:
Interface Speed Local pair Pair length Remote pair Pair status
--------- ----- ---------- ------------------ ----------- --------------------
Gi0/40 100M Pair A 2 +/- 4 meters Pair A Normal
Pair B 2 +/- 4 meters Pair B Normal
Pair C 2 +/- 4 meters Pair C Short
Pair D 2 +/- 4 meters Pair D Short
From the command
test cable-diagnostics tdr int gi 0/40
It's normal?If not, then. the problem is on the cable or on one of the interfaces?The interface is connected between a fastethenert on a 2811 router and a 3560-48 switch.The cable is a straight through cat 5e cable. (I have changed several cables with same result).
View 4 Replies
View Related
Apr 15, 2013
I have a 2 cisco switches that are at different sites one is a Cisco CAT4500 and other 3560. The connection between the switches is a layer 2 fibre link. CAT4500 and 3560 both have VLAN interface ip addresses in order for me to connect to the switches.
I have PC A connected to CAT4500 and PC B connecting to 3560. All these devices are the same VLAN and in the same subnet. I do have trunk links all the way though allowing this vlan as we run vlans. From PC A, I can ping CAT4500, 3560 and even PC B. This tells me everything is fine regarding Layer 2 & 3.
As soon as I move PC B and connect it to the other switch CAT4500 or move the other PC vice versa (this happens in both directions). Both switches learn that the mac address has moved locations and updates its mac address table accordingly. So when I do a show mac address table and show arp, everything has learned and moved fine. However when I try to ping any other device from PC B I cannot. So the 3560 switch PC B was originally connected to, I can no longer ping, the switch cannot see the pc also. It is as if PC B has not learned anything from the switch and cannot respond or reply to any icmp. I have tried this with different end devices, same thing. I am now thinking it has something to do with the switch.
View 14 Replies
View Related
Jan 24, 2013
configuring a switch or a router to limit the bandwidth for a specific user/IP when need it. Most of my remote offices are configured like this:
Users ------ 3560 switch ------- 2801 router -------- T1 to NOC -------- 7204 router with channelized DS3
I use Netflow Analyzer for high bandwidth usage alerts and can see the user's IP right away when someone is clogging our T1s. My goal is to be able to temporarily limit the bandwidth of the user taking over the T1. Whatever is best switch config or on the router.
View 2 Replies
View Related
May 29, 2013
The Cisco 3560 uses a relatively simple classification scheme, assuming you consider only what happens when the forwarding decision has been made. These switches make most internal QoS decisions based on an internal DSCP setting. The internal DSCP is determined when the frame is forwarded. What internal DSCP setting means?
View 5 Replies
View Related
Jul 30, 2012
We are having two sites seperated by half a mile and we are using dedicated 100 Meg link at the moment for intranet traffic, and now we got new 1 gig link and I am working to set it up, Service Provider came on site installed two circuits on both sites and fiber connectivity is tested succesfully betweeen sites, now I need to connect the circuits to our network and make the 1 gig link active to make traffic flow between sites and as well bring 100 meg as standby.
So to brief the issue:
Connectivity at the moment SiteA: Switch1(3560)------100Meg--------.SiteB: Switch 2(3560)
I Want to configure SiteA: Switch 3(4507)------1gig (Active)--------.SiteB: Switch 4(3560) SiteA: Switch1(3560)------100Meg(Standby)--------.SiteB: Switch 2(3560)
simple as connecting a fiber or ethernet link from external circuit on both sites to respective switches on their interfaces and configuring hsrp to enable redundancy. A
View 7 Replies
View Related
Apr 15, 2013
I am trying to set up a network that has 1 internet connection, requires a local LAN for the business, and another LAN for public wireless access. Here is what I have and details on what we want to do.
1- Cisco ISA570 Router no WIFI
1- SG500-52P switch
6 - WAP321 Access Points
We have the main LAN set up and all is working well, internet access, 6 WAP's connecting and all is working like a charm. Internal IP range is 192. 168. 0.0/24.We have all 6 WAPs on the internal network, with 2 SSID's on each WAP and each SSID is assigned to a VLAN. One SSID is internal for staff, the other is for guest access for members. The internal staff wireless access is working fine.
We want the guests to be able to access the internet, but not the internal network, but we need to access them for administration from the internal network.
We created a second VLAN on the switch and added the 6 WAP ports to it as tagged for VLAN2. These 6 ports are also on VLAN1 (default). We have a second VLAN on the router, have it handing out DHCP addresses for the 192.168.25.0/24 range with DNS servers.
Where we are having trouble is with getting the guests wireless access to work. Guests can see the wireless, log onto the access point but that's it. They don't appear to get a 192.168.25.0/24 IP, or any IP actually, and thus cannot do anything.
View 5 Replies
View Related
Jun 26, 2011
We have cisco 3560G switch I need to configure QOS in this switch. video & vice Is it possible to configure port wise policy ?
View 1 Replies
View Related
Sep 15, 2011
If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 3 Replies
View Related
Dec 18, 2011
If my ISP brings ethernet into the building via duplex LC multimode fiber can I use the ASA5550 as the first device from the WAN or do I need some type of router for this? I realize I'll need an SFP to get to duplex LC, but I'm not sure if I need a router, or if the ASA can function as a router for this application.
View 9 Replies
View Related
Apr 9, 2011
How to configure an Asa that will have a default gateway to an edge router that will be doing PBR? We would like Internet surfing to go out one ISP while internally hosted services in the Asa DMZ would go through the other ISP. configuration examples for both the edge router and the Asa?
View 3 Replies
View Related
Dec 22, 2011
We are replacing a DS3 Internet connection with a 100 Mbps fastE connection from a Tier 1 Provider. I currently have a Cisco 7204VXR with 512 Mb DRAM and 128 Mb of Flash and two 10/100 ports that is connected to the DS3. I also have a 3845 with 1 Gb of DRAM and 256 Mb of Flash with two 10/100/1000 ports available.
We are currently running BGP, below is the summary
BGP table version is 88880414, main routing table version 88880414
379041 network entries using 44347797 bytes of memory
379043 path entries using 19710236 bytes of memory(code)
View 4 Replies
View Related
May 8, 2012
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
View 9 Replies
View Related
Mar 6, 2013
My company has purchased a second ASA for fail over reasons and I'm needing to attach it to my core router (ASR 1001). Currently I'm running the connection between my ASA and my Core as a /19 ie. ASA-10.10.10.2/19 -- ASR-10.10.10.1/19. I know the 2nd interface on the ASR will need to be on a different network segment then the first connection (10.10.10.1/19). What would be the best way to segment this out with out breaking up my /19?
Run /30 segments for each interface? Use a VLan ?
I don't want to use up my Internet rout able IP's on /30 segments. Attached diagram.
View 1 Replies
View Related
Jul 26, 2012
Any router (I'm considering ASR 1002 with 10GE SPAs) that can support the following:
-10GE interfaces
-can handle 1.5Gbps but scales up to 5-6Gbps different seasons
-take on full internet routes from 2-3 providers
-will live on the internet edge
View 7 Replies
View Related
Sep 15, 2012
I have 2 locations, at a distance of 600KM.These two locations are well connected by Point to Point L2 VLAN with a speed of 2 MBPS and supported by CISCO 3560G switches.Location A has a VLAN to communicate to the other VLAN at Location B. Location B has also got 3 VLANS which are inter connected with Location A.Now the hardware in one of VLANs in Location B has moved to Location A for obvious reasons.
For further refernce am giving the VLAN IP address here....
Location A
VLAN1 for communicatng to Location B
IP Range 172.20.44.210
Subnet Mask 255.255.255.0
Default Gateway 172.20.44.210
VLAN2 for the desktops in Location A
IP Range 192.193.194.1-255
Subnet Mask 255.255.255.0
Default Gateway 192.193.194.1
[code]....
View 3 Replies
View Related
May 1, 2013
We have ASA 5520 firewall.For broadband Internet access, we have T1 Router(edge router provided by ISP) which provides public IP's 198.24.210.224 / 29. We have usable public IP's 198.24.210.226 - 198.24.210.230 with default gateway 198.24.210.225. We assigned 198.24.210.230 255.255.255.0 to the outside interface.
If we connect the ASA 5520 outside interface directly to T1 router, can all packets with destination addresses 198.24.210.224/29 reach the outside interface without using other device like another router or switches?I just assume that only packets with destination address 198.24.210.230(outside interface ip) can reach the outside interface from the edge router.Is it wrong assumption? If it is correct, then is there any way to route all packets with destination address 198.24.210.224/29 to the outside interface?
View 3 Replies
View Related
