I have made a seperate VRF for management.But have a strange problem with a Cisco 3750 and a Cisco 3550.When I added these to the VRF, I can not reach them on tools like Network Assistant and web interface.Telnet works, no problems there.And there is no ACLs on the device restricting this.
View 6 Replies
I'm trying to separate my management traffic from regular traffic by splitting the management and "outside" interface to separate vlans but I'm hitting a routing issue. Say I have have a management network of 192.168.1.0 255.255.255.0 running across vlan 1 and I want to use 192.168.2.0 255.255.255.0 running across vlan 2 for the outside interface to send all the other traffic excluding the management traffic across. Tag both vlans on the external interface, say Eth0/0 Default route of route outside 0.0.0.0 0.0.0.0 192.168.2.1, With this, you can not hit the management interface because there is no route defined for the 192.168.1.0 network. However of course if you try to set one, you'll get the "connected route exists" error. How can I set the default route or gateway of the 192.168.1.0 network on the ASA. Switches just don't complain like the ASA does.
View 8 Replies View Relatedis it possible to Manage the 2504 Controller over a separate Interface. Exmaple: Port 1 is used as controller management interface (untagged) - AP's are connected to the same VLAN Port 1 is used for Guest Traffic (VLAN 3 tagged) Port 2 should be used to manage the WLAN Controller from the internal LAN. (tested with untagged, tagged, same issue)
with this Setup it is possible to ping the Port 2 IP-Address from the internal LAN but if you try to connect to the controller, the Browser shows "Site not reachable".
I also enabled "Management via Wireless" but without success. I also tried to add the "management" VLAN as tagged on the management Interface with the same effect, the controller is not manageable from the internal LAN. On 5508 WLAN Controller i have an similar setup, but with LAG Port enabled. There this works.
The only interface were i can manage the WLAN controller is from the management Interface.
Currently we have an Ava ya IP Office switch running on the same network as our PC clients. I would like to seperate the two network into 2 V LAN's.
We have a mixture of Catalyst 3750 switches and some older 3500 models.Where do I start? Should I leave the PC's and servers on the default V LAN and just move the IP handsets?
As I understand Cisco Catalyst 3750-x supports stackwise and stackpower technology.Do I need to purchase a seperate module to enable stackwise and stackpower? Or are stackwise and stackpower modules included be default on the switch already?
View 4 Replies View RelatedI have an issue with a Cisco 3750 switch stack which is connected to two seperate upstream Cisco 3750's which are administered by an ISP. The ISP is experiencing MAC address flapping from one of my VLAN SVI's i am using to route traffic upstream
[code]...
As you can see I utilise a VLAN SVI to route traffic to the upstream 1.1.1.2 (illustration only) IP. As per the diagram of the topology attached, the ISP is receiving a MAC address flapping error confirming the SVI MAC address from my switch stack is being learnt on the trunk port connecting switch 1 and switch 2, and also the port (Gi1/0/48) directly connected to my switch stack. As these are all Layer 2 links essentially being passed upstream and then connected between the two ISP switches, we have a 3 way triangular loop formed.
If I was to remove the port channel configuration from the two ports associated with the VLAN SVI, am i right in suggesting this would still form a layer 2 loop? The two ports would still be a member of the SVI VLAN, and it is the VLAN MAC address which is being learnt by the two ISP switches on different interfaces.
I would like to push route for admin services (Vlan20) to bypass the firewall via an other connection (CSI to CSE). So my first choice was to create a route-map in (CSI) but I don't know how to do it. On my Firewall ASA, I don't have any Context License, that is why I would like to do it like this.
I have included some part of my initial configuration CSI and CSE and diagram.
CSI configuration (Switch L3 3750) {
interface GigabitEthernet1/0/1
description To ASA
no switchport
[Code]....
I've got a bunch of 3750-X switches all running IP Base and acting as a routed access layer. They run OSPF in a totally stubby area with the distribution layer (Nexus 7K) as the ABR. We also have a physically separate management network into which the fa0 management interface of the 3750-X is connected. The management network itself runs OSPF and has multiple subnets and external access.
On the 3750-X, I'd ideally like to be able to run some sort of separate OSPF process for the management network or at the very least have a static default route for management traffic pointing out the fa0 interface, but clearly not have it interfere with the main default route for data traffic coming from the N7K ABR. Normally I'd just create a management VRF, sling the fa0 interface into it and run a separate OSPF process in that VRF. The problem is you can't create VRFs in IP Base! Surely there must be a way to do this? Cisco don't really expect customers to upgrade to IP Services just to have a working OOB Management network, do they?!
I an aware the SR520 is no longer made, But we use the VPN Remote aspect of it (For site to site UC540 installs), is there anything else that has the same VPN functionality, and what would i be looking for in regards to terms for the client to be on the router itself?
View 0 Replies View Relatedany place I can find how many tunes does the cisco 2900 series made? site to site?
View 1 Replies View RelatedIs this this possible to set up two as a redundant pair as you can do with say a pair of 5510s?
View 3 Replies View RelatedI had an unusual circumstance come up on an older PIX 525 (6.3(5))
On a recent remote site visit we made a connection to our main office using ver 4.9 of the Cisco VPN Client for OS X. While we were working on a server, the macbook went to sleep shutting down the network interface the VPN Client was using.
From that point forward we were unable establish any layer 3 connectivity to the LAN in out main office using that PIX as a VPN head end. Any connections that were attempted to that firewall would complete and be assigned a client IP from the correct pool but without access to the LAN on the inside interface.
We tested this from multiple external locations using multiple systems, cleared SA's and even debugged IKE and IPSEC using an alternate connection method. There were no errors reported on the firewall but there was also no connectivity.
I am having problems with the Cisco VPN Client software version 5.0.07.0290 installed on a Windows 7 x64 Client.When attempting to connect through the VPN client I am being prompted with the following error: [code]
The client did not match the firewall policy configured on the central site VPN device. Cisco Systems Integrated Client Firewall should be enabled or installed on your computer.
The backend infrastructure used is a Cisco VPN 3000 Concentrator which has a Cisco PIX 525 Firewall.When the Firewall is disabled, the connection is made with no errors. But obviously, this is not good practice.The problem seems to lie with the Local Client Firewall?
My fiance recently signed up for the Screen-wise Panel for Google research. Basically they monitor your TV usage and your internet usage. As part of the program they installed a Cisco WIFI router. I've got no issue with them logging the sites visited etc but I'm a little worried about them possible collecting private information (banking / work related stuff) that I don't want going out there. According to what I've read what's supposed to happen is they replace your router with the new Cisco router.The "technician" who came in and installed the router was actually a builder and not an IT technician and rather than replace our router he connected the Cisco router into port 4 of our router... I wasn't in at the time.
What I was looking to do is separate Port 4 of my router into a separate VLAN that can access the internet, but not access anything on ports 1-3, or the wireless. However, I want to be able to see everything on port 4 from the other side (in other words I want to see "into" the port 4 VLAN, but don't want them to see out). I also wanted DHCP to assign IP addresses correctly depending on where you were plugged in. In this example the first VLAN (your current router ip address) is going to be on 192.168.1.1, and the second VLAN (the new on we create on port 4) is going to be on 192.168.2.1.This is exactly what I'm looking to do, I could then connect the kids machines / tablets / ipods to the Cisco router and have the main machine and my work laptop on the main router... but I don't have a clue how to do it. </quote> Is this something that I am able to do with the Netgear router I own and is it hard to set up?
I try to make changes or save changes from the web page on my BEFSR81 nothing changes and everything revert back to the original setting made a long time ago. cancel changes works fine as the page reloads, but save changes won't make it save or reload the page with saved settings. i updated java and used 3 different browser and always get that error.
View 1 Replies View RelatedHow do I find out who made the last configuration change on a 6509 CAT switch with the following Show VER
WS-C6509 Software, Version NmpSW: 8.5(9)
Copyright (c) 1995-2007 by Cisco Systems
NMP S/W compiled on Apr 16 2007, 21:23:23
[Code].....
I'm currently using DynDNS for my Dynamic DNS Provider with the RVS4000, but I'm looking at upgrading to the RV180 and switching my Dynamic DNS provider over to DNS Made Easy since I can get all my DNS hosting under one roof. Does the RV180 support DNS Made Easy in its Dynamic DNS client? If not, could it be added in a firmware update?
View 3 Replies View RelatedOur desktop is connected to a cable modem and I always connected wireless with my laptop. When I changed my linksys wireless adapter I tried to get on the internet and it would not connect to the linksys router, so I then do not know exactly what I did,but the result was that i finally had a connection. That was a month ago and I finally looked at the network mapping after I noticed the desktop was on a lan network and the cable connection was flagged. Apparently, I created something called a switch with the router and now I have a whole new network in my name that has the cable connection.
View 2 Replies View RelatedDo I need the Universal image to perform stftp on a 3750 or 3750-X?
View 8 Replies View RelatedWe have CISCO ASA 5505 in our office , right now port 0 has configured for outside and port 1 for inside (I believe it is the default configurations) now for security reason I want to separate the Network traffic from inside (office LAN) and WIFI , I believe since i have 6 ports in vlan1 (inside) if I make the port which has the connecting to our switch and the port which i m going to connect to my wireless router (same vlan1) protected / isolated then this should work , but here is what is happening , the minute I save the configurations port 3 which is supposed to be my wifi port will lose its connection to the Internet.
i tried to make another vlan for wifi to separate the trafic from vlan1 , but I m not getting internet connection on that port which is been assigned to new vlan for wifi.
I have 2 PCs at home. Lets name one of them as PC 1 which has two onboard LAN Ports. Now, PC1 has to connect to PC 2, just a home network for easy transfer on files and stuff, and it also has to connect to the internet via a network. The problem is both of them use static ip and when I tried configuring PC 1, it allows only one of the connections to remain active. I simply get an error otherwise saying "Multiple Gateways" will cause conflict and I will be stuck with only one connection. After much study I "somehow" connected both. I vaguely remember using the "route" command in cmd to achieve this. But now, I am getting an error when I try to access PC 2. My Internet is working fine.I am not network savvy at all. run both these connections from PC 1. I should add that I can in no way modify/change/or do anything else to my internet network since it is out of my control. I can do anything, however, for my Home Lan with PC 2. I run windows 7. Both the connections are wired, by the way.
View 2 Replies View RelatedWhat I am looking to do is separate my lan traffic from my wan traffic. The amount of Lan traffic is slowing my Internet connection. The media server is the host of all my music and movies and photos and well just about everything, Some of the files are excessivly large and just kill the throughput for the other machines. I'm wondering if it's possible to put 2 NICS in each machine and have all file transfers on one subnet and all internet activities on another. I have heard it's possible to put multiple addies on a single nic but doesn't this defeat the purpose of thru put?
Network 1 - one line diagram
Internet
Cable modem
Router/wifi
Switch 1
6 PC's 1 Media/file/print server.
All pc's and wifi use this to access internet, and all outside connections like remote desktop.
Network 2 - one line diagram
Switch 2
6 PC's, 1 Media/file/print server.
All pc's use this to stream audio and video from the media server as well as print functions and file storage.I have most of the hardware already except the additional nics for each machine. so if it's not feasible I'll not waste the extra monies.
Our VMware guys want to use shared networking infrastructure to create a DMZ on a network.
[ASA (subif;VLAN 4)] <-trunk-> [DMZ Switch] <-trunk-> [LAN Core Switch] <-trunk-> [ESX vSwitch] <-VLAN 4-> [VM]
The DMZ Switch does not participate in VTP with the LAN but will have a VLAN ID created (same VLAN ID used from VM to ASA) No vlan interface will be created for the vlan
Is this a bad idea from a security or otherwise point of view? i.e. Best practices that should be followed here? Should I configure the link between the LAN Core Switch and DMZ switch as access ports so the port on each switch is forced to be on one specific vlan? I was going to use allowed vlans command to limit the vlans that can pass on it and possibly vtp pruning for all vlans.
is it possible to have the ASA connected to two ISP's and use the one ISP connection for Client/S2S VPN and Internet Access and the second ISP connection just for the WebVPN Traffic? How would you manage the Routing, as the default route is pointing to the first connection or is that not an issue here?
View 6 Replies View RelatedI am planning the following network setup.Get a server with 2 NICs, a router and a switch ,1st NIC is connected to Internet2nd NIC is connected to a router,A router is connected to a switch,All the client workstation are connected to Switch to access the server.I believe with this setup all my client workstations can browse the internet on their local machine via server.
View 11 Replies View RelatedMe and my girl friend both work from home doing freelance work using the internet. The company we do freelance work for allows one agent per ip address and checks the ip address for multiple agents I guess.I only have one modem, router, and two computers, but I believe they are on the same ip address.Is there a way to have two different ip addresses so we wouldn't have any issues with our work here?
View 19 Replies View RelatedI have 2 wireless devices. The first is the modem itself and the wireless is setup on that with WPA and all that fun stuff. The second one is a wireless access point. I would like to have a WiFi that can access ONLY the internet. I don't want it to be able to access the local network at all. Is this possible?
View 1 Replies View RelatedI would like to set up two separate networks from one internet connection(modem), with the goal being to have a public network(Network A) that would have a small server on it, and then having a second secured network(Network B) that would have my personal computers on it. And both networks having connection to the internet. (The idea being that if the server somehow became compromised that my personal computers and their data would be safe)I have done some research and found that many people claim this can be done with just two or three routers, but none of them go into any detail about how to configure the routers. Below are the physical setups of the two options that I have come up with in my research, which if either would you recommend? And how would I configure each of the routers?
--------------
Modem/router 1 (Network A public)
--Internet-in WAN port
--port 1 to WAN of router 2-------------l
--port 2 server
[code]...
i have computer A with 2 NICs.... NIC 1 has ip 192.168.x.x which has access to internet and NIC 2 10.0.x.x which as access to server files and other docs....i have computer B with ip 192.168.x.x but want to be able to access 10.0.x.x using computer A as a router is this possible and how do i go about doing that. i was thinking about bridging NIC 1 and NIC 2 adding static route on computer A and adding a second ip 10.0.x.x to computer B NIC (i know it is possible to add 2 ips on one NIC in windows) so i can have access to the file server...is what i mention possible
View 1 Replies View RelatedI have two subnets at my home and both run through my Cisco router. One is my private LAN with access to the Internet, ie your standard home network. The other is a semi-public network that I share with friends through an encrypted GRE tunnel system(DMVPN) over the Internet. I have a server on that semi-public network and I can access my friend's servers from my server, but not from my main PC on my private network.
Is there a way I can access both networks from only my main pc using two nic's?
how I can setup two separate networks on a Westell 327w modem/router. I know this question has been asked to death and I've utilized the search function, but I still don't know how to make this work. I have a computer that I plan on using for important business and my sibiling has my other computer that he uses for gaming and downloading stuff. His computer is connected wirelessly to the Westell 327w. My computer has no internet access at this point. I would like to have both connected wirelessly to the internet, but keep them completely separate and as secure as possible, as he downloads some questionable things.
View 1 Replies View RelatedSometimes I need to administer the server, but always need to VPN. Can RDP be active while a separate VPN is active?
View 3 Replies View RelatedHow to get wireless to a separate location from the house.I have the virgin media home hub in the house and I have a cabin out the back roughly 20m away which I require wireless to run in...i need the wireless for a ps3, mac mini, mac-book, ipad and other little wireless gadgets.I have tried using the devolo dLan 200 AV wireless n starter kit with very limited success. short of actually running an Ethernet cable along the ground and using an Ethernet switch is there anything else i can do? or are there better products with a bigger/better range than the devolo that would do the job?
View 1 Replies View Related
