Cisco WAN :: 3750G - Dynamic Routing Between Private Networks
Mar 13, 2011
how to redistribute routes between three independently managed private networks.
Currently: See attachment The two buildings managed by Company 1 are connected by 4x1GB fibre channel ports on Cisco 3750G Standard Image switches. Static routing is used between the two building and static routes are used to direct traffic to Company 2 and Company 3 via routers managed by their respective companies. No NAT is required as all three companies use separate private address schemes.
Network Improvements: See attachment To increase network resilience Companies 2 and Company 3 are planning on installing new routers in building 2. Companies 2 and 3 use Dynamic routing protocols on their internal network. Incoming and outgoing resilience is required in all three companies. There is no direct connectivity between Company 2 and 3.
I would like the following questions answered:
1. Is dynamic routing needed in Company 1?
2. Given that only 4 devices are managed by Company 1 will RIPv2 work? NB. Company 2 and 3 have very large networks (3000+ sites).
3. Would route redistribution be best performed on Company 2 and 3’s CE routers?
4. How can route redistribution be controlled by Company 1?
View 4 Replies
ADVERTISEMENT
Oct 23, 2012
We have many remote offices that we want to add public wifi and a couple of other services that would be completely outside of our internal network. Each office has a 3750 with plenty of open ports. How can I safely create a vlan for public access on these switches which currently have our internal network on. I have read that people are doing this to save on the cost of purchasing a dedicated switch. Some people are using access lists and one person mentioned creating a private vlan for the public network. I looked up private vlan and it seemed bit confusing.
View 3 Replies
View Related
Mar 6, 2013
I have RV110W connected in private network 192.168.5.0/24, I have redirected pptp port from adsl modem to the RV110W and VPN works OK. DDNS on the adsl modem is not available.I need to use Dynamic DNS functionality on my RV110W. The device supports several DDNS services (TZO.com, Dyn DNS.com, 3322.org and noip.com). For all but TZO the public "Internet IP Address" shows as 192.168.5.110, which also gets auto registered with the DDNS service.I have tested this with free noip.com account and this is obviously undesired behavior. I need the router to register my real public IP.For TZO it shows the proper public IP, but TZO service is no longer available on TZO.com.
View 8 Replies
View Related
Jan 15, 2012
Has any come across show ver memory details on 3750G-48PS as below, One of our Catalyst 3750G running software 12.2(44)SE2 shows unexpected DRAM as below:
cisco WS-C3750G-48PS (PowerPC405) processor (revision F0) with 0K/12280K bytes of memory. This would equate to around 11MB memory which does not seem right... Is it a known IOS bug?
View 1 Replies
View Related
Oct 29, 2011
i have two cisco 2800 routers , and i have three different networks , so can cisco routers supports more than one private network example,My First location i have one public connection of 200.100.100. 1 and private network of 192.168.1.x network and the second router i have one public connection of 200.100.100.10 and two private networks of 192.168.50.x and 192.168.60.x , So can i route my first location to this two different networks , because my router have only two FastEthernet connection , so how it's possible or not.
View 3 Replies
View Related
Dec 4, 2011
i have Cisco 5505 and i configured a remote VPN clients. here is my scenario
Cisco switch 2950 === holds two private network 192.168.8.x and 192.168.4.x
vlan 2 outside interface - Eth 0/0 155.155.155.x
Vlan 1 inside interface -- Eth 0/1 192.168.8.180
VPN pool ip address = 192.168.8.100 --110
I drag i cable from my Cisco switch and put in to Eth0/1. and i want to access this two private networks 192.168.4.x and 192.168.8.x . Now i can access to 192.168.8.x . But i can't access 192.168.4.x ..
View 3 Replies
View Related
Nov 2, 2011
I have two private networks and want/need to route traffic between them. I also have an ISP connection and want/need to provide internet to at least one of the private networks. Providing internet access to both is not required or desired.
Can this be accomplished with an RV042? If so, how?
P.s. The problem space, once again, in a non-narrative form with some addresses thrown in:
Private Network A: 192.168.200.0/24
Private Network B: 10.50.3.96/27
ISP Network C: 192.168.0.0/24 192.168.0.1GW 192.168.0.2 is WAN1 address on RV042
Required Traffic Flow
A <--> B
A ---> C
View 3 Replies
View Related
Jun 6, 2012
I have a new customer that needs to send data to us occasionally, we normally install the Cisco VPN Client on their PC, but this customer has the same private network we do.
I know this could be done with NAT Policy on my ASA 5510 with a site-to-site VPN, but the customer does not want to change the network hardware or addressing. They have cable router with no VPN capability, and they don't want to spend any more money on this project.
Can this work if their are no duplication of IP addresses?
View 25 Replies
View Related
Feb 24, 2013
its possible to have same dynamic translation within 2 different networks like:
interface gig 0/1
1.1.1.1 255.255.255.0 (LAN Connection w/ DHCP enabled)
inteface gig 0/2
2.2.2.1 255.255.255.0 (Wireless Connection w/ DHCP enabled)
Actually, the scenario was 1.1.1.1 is my LAN connection and 2.2.2.1 are my Wireless connection.
View 3 Replies
View Related
Jul 18, 2011
We have a private network, multiple vlans etc. for our domain users/employees across several amenities. We also have a Public network, that we have managed by a 3rd party for guests/conference rooms/attendees.Private network is all static ips, mac restricted port security, as strict as possible from a security and PCI Compliance standpoint. The public network is all DHCP with hundreds of users. Having them physically separate has always been the best option. Separate switches, server, and I even have the uplinks separated on a 3825 router. However, unfortunately it seems as though that luxury is coming to an end.One of the meetings that is taking place is going to be at one of our outer amenities so I've got to push that "public" network through my network, over my backhaul to the other side.
My suggestion was to create a new vlan on the switches with the shortest path possible to get where it needs to go. This way the traffic never goes through our ASA, and it has a small footprint on our network, it plugs into the switch access port with the dedicated vlan at the entry point into our network, and leaves from an access port on the other end. To me that seems to be the best/most secure way to handle it. We're also in the process of rolling out Public Wifi through the entire property and since we'll want to push both Public and Private vlans over it....merging the two networks to a point is only inevitable. Especially since it will be going through a controller and the property covers a good 7000 acres.
A good IDS/IPS...other than already having port security on every port, I'd definitely like to know if somebody inadvertently cross connects the two networks and it starts flooding whatever vlan access port it's plugged in to with dhcp...especially since a lot of the laptop users on the domain are set to DHCP first with a static in the alternate for working at the office and remote.
View 2 Replies
View Related
Mar 11, 2013
Currently a network consists of two subnets, one subnet is behind a ASA and the other behind a PIX, both connecting to the ISP's routers. If the PIX is retired, is it possible to create/consolidate the two networks protected by the ASA5510 with the default gateway being the ISP?
How can two private networks be protected by the ASA5510? One conceptual way is to create the VLANS on a layer 3 switch, on the "inside" interface of the ASA. In this senario what would the "inside" network's IP address? If the above is possible, how would natting occur?
Is there an efficient configuration to protect two networks protected by the 5510, other than creating a DMZ?
Is it possible to create two private networks with same level of security, 100 on a three network interface connections?
View 12 Replies
View Related
Apr 10, 2013
I am looking to create an office network with each person having internet access but on a private network. however everyone will need to be able to access a communal printer. would they be able to see it if they were all on a different subnet or would i need to set up vlans?
View 4 Replies
View Related
Jan 23, 2011
I'm going to move offices into a shared situation with 3 companies. Each company will want its own private network so there's no snooping between companies. I am planning on using VOIP for the phone system (Nextiva cloud based). Is it possible to set up the system so that each company has access to the VOIP system but yet remains sequestered in the their own network for everything else. I was hoping to do this with one data port at each workstation using Cisco SPA-303 phones. The way I understand this, is that the phone plugs in to the data port and you daisy chain the workstation off from each phone. Is this possible to do this while having the system I described? Another wrinkle is that I'd also like all the networks to be access shared printers.
View 7 Replies
View Related
Mar 30, 2013
I'm currently trying to configure a Site to Site tunnel between an IOS Router and an ASA 5505 running 9.1
When the private subnet of the IOS Router was 10.0.0.0/24 and the private subnet of the ASA was 172.16.1.0/24, it connected fine.
I'm now trying to set it up where both private networks are 10.0.0.0/24, and created network objects, edited the ACL for interesting traffic, and created the twice NAT translation rule, but the tunnels aren't coming up.
There is the IOS Router(R1) and the ASA(F2). In between them is one Internet posing router that is just set up to allow both sides to reach their WAN addresses.
R1 and F2 have private network (10.0.0.0/24) and need to communicate. Twice NAT can be done all on the ASA to allow this, but I must be doing something wrong. The way I understand it, is that the R1 should see the traffic coming from 10.51.0.0/24 and sending to that traffic. The ASA will take that traffic, and the inside network should see it come inbound as 10.50.0.0/24. So the F2 private network communicates with 10.50.0.0/24 and R1 private network sends traffic to 10.51.0.0/24.
I turned on "Debug crypto ipsec" and "debug crypto isakmp" but no output is showing up or giving any hint that it is trying to establish anything.
R1#show run
version 12.4
hostname R1
crypto isakmp policy 50encr 3desauthentication pre-sharegroup 2crypto isakmp key cisco address 10.2.0.254
[Code]......
View 3 Replies
View Related
Mar 4, 2012
I've one Cisco 3750G-12S with ip routing enable, the swtich is with IP Service firmware, with PRR support.Currently set my default static route 0.0.0.0 0.0.0.0 10.1.18.71 to my Firewall A Currently all of the VLAN for will be routed to 10.1.18.71
I've created a new VLAN 2 for my 10.1.2.0/24 network with the VLAN interface 2 ip address 10.1.2.10, my intention is to route 10.1.2.0/24 traffic to my 10.1.2.1 by creating the access list and route-map.
I've configure my test pc with a static ip and my gateway pointing to 10.1.2.10 (VLAN 2 gateway) , i'm not able to route to 10.1.2.1.
View 7 Replies
View Related
Jun 7, 2012
I've got a requirement to do Inter-VRF routing (need MP-BGP) using a private AS Number on a stack of 7 x 3750G's, my question ultimately is the performance overhead of doing such a change.
The stack will have no more than 300-400 routes even with the duplicates invoked from doing VRF leaking so I can't see much of an issue myself, we already have 2 VRF's and OSPF running in each VRF just don't have MP-BGP to do the VRF leaking.
Ultimately there will be about 4-5 VRF's (I know there's a Software limit of 26 VRF's on a 3750G).
View 3 Replies
View Related
Jan 1, 2012
I have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
View 2 Replies
View Related
Nov 7, 2012
Our network system has 125 different Vlans (Cisco) and I would like to be able to route between only 2 particular Vlans, I know with the command “ip route “ in our layer 3 switches (ws-c3750G -12S) I would be able to route among all Vlans but I need to be able to route between 2 Vlans to be able to access the PCs in vlan 1 from vlan 2 and wise versa
View 1 Replies
View Related
Nov 8, 2012
I have a couple of 3750G-24T-E switches running IOS 12.2 I would like to upgrade to IOS 15.x. Is this possible? Where do I find some information on the required licenses and costs? I must admit that the cisco search function did come up with a few pages but i was not able to extract the required information. I have not used the new software activation features yet.
View 1 Replies
View Related
Oct 2, 2012
I am trying to stack the following -
3750G 12S - 12.2.53(SE2 IP Services) Running EIGRP & OSPF
with
3x 3750X 48P-S - 12.2.53(SE2 IP Base License)
Doing some research, the IP Base does EIGRP on the 3750X, does it do OSPF?
If not I will have to get licence for the 3750X?
View 3 Replies
View Related
Oct 8, 2012
I am having a switch 3750G (WS-C3750G-24TS-S) running a software version (c3750-ipservicesk9-mz.122-55.SE6.bin) and using the PBR with IP SLA.While, i am applying it on interface, it says not supported....
route-map TO-CAS-E0 permit 10
match ip address 125
set ip next-hop verify-availability 10.116.199.200 10 track 100 (if i change this command to set ip next-hop 10.116.199.200, it works)
!
WAN-L3-3750SW01(config-route-map)#interface GigabitEthernet1/0/11
[code].....
View 2 Replies
View Related
Jan 2, 2013
I have one switch 3750G12S I joined the company new, I found that they want to replace it with Alcatel stack switches. I didnt configure this Cisco switch before. how to configure it. I have 4 other new cisco switches in the topology which is not created yet. the 4 switches are all 2960.
View 17 Replies
View Related
Nov 20, 2012
have 2 3750's one is an 3750E the other one is a G... Since they are 2 different versions Do I need to correct ios for each for example my 3750E switch i would have
IP BASE
c3750e-ipbasek9-mz.122-53.SE2.bin and for my 3750G switch should i use
IP BASE
c3750-ipbasek9-mz.122-53.SE2.bin
Which would be 2 separate images
View 4 Replies
View Related
May 26, 2011
I have a 3750G and bought a new 3750X. It possible to stack these two together?
View 5 Replies
View Related
Nov 18, 2008
I have a 3750g on which I am trying to configure the ip policy route-map command on each of the vlan interfaces. However after entering the command it does not appear. I'm not sure what to do at this point. I have changed the SDM template to routing and I am running the IPServices image.
View 2 Replies
View Related
Jan 23, 2013
I have just received a new Cisco 3750G Switch from my parent company. When attempting to install the switch, I discovered that it will not boot to CLI, only to the bootloader. After using the command boot, the switch attempts to boot the most current IOS version, but fails, stating "error loading XXXXXXXXXX.bin".
Obviously, I just need to get a functional version of the IOS onto the switch to boot, but the problem is exactly how can I do that? All (or most) the commands with which I am familiar are unavailable in the bootloader, so all methods known to me fail. Is there a simple way (maybe using the copy command?) to put the .tar or .bin file onto the flash?
View 2 Replies
View Related
Sep 17, 2012
I am trying to create an ACL that walls off a VLAN and only allows it to the internet. This is on a 3750G, currently the 3750G I am attempting this on is in a stack. I have another 3750G that is a standalone.
The first way I attempted this was to create two access-lists: access-list 101 permit tcp 10.249.1.0 0.0.0.255 any eq 80 access-list 102 permit tcp any 10.249.1.0 0.0.0.255 established
Let's call the 10.249.1.0 VLAN 2. I applied this to the VLAN2 interface, 101 out, 102 in. It didn't work. If I place a deny statement with nothing else, that works.
The second attempt was this: access-list 101 deny ip 10.249.1.0 0.0.0.255 any access-list 101 permit ip any any
I applied this to a VLAN I wanted to block VLAN2's traffic from reaching, let's call that one VLAN 3.
This lets all traffic from any VLAN (including the one I'm trying to block). If I remove the "permit ip any any", then all VLANs are denied. Which I understand is correct due to the implied deny all. What I don't understand is why it isn't applying the ACL to the specific VLAN.
View 3 Replies
View Related
Jun 2, 2013
I have a 3750G that used to be a Stack Master of a stack comprised of 2 identical switches. Since then, we have removed the stack from production, and I factory defaulted the stack MEMBER and that went fine. I just held the "Mode" button on the front until the lights all lit up and then issued the reload command and the switch came back with no configuration OTHER than the vlan database I issued the "del vlan.dat" command to no avail. I just manually removed all the vlans.
The stack MASTER on the other hand will NOT go back to factory defaults, and will also NOT erase the vlan database. Everything I try will NOT work. I've tried the following
1) Hold mode button & issue a reload after the lights start flashing
2) issue "Write Erase" then issue "reload"
3) issue "Write Erase", then issue "Write", then issue "reload"
4) issue "erase start" then issue "reload" (just in case the "write erase" command is being depriciated or something weird)
5) issue "erase start" then issue "copy run start" then issue "reload"
Is there a special way to reset a StackMaster back to factory defaults?
View 6 Replies
View Related
Apr 22, 2013
I have one 3750X with C3KX-NM-10GT, I need to interconnect using stackwise to 3750G-24TS. The 3750X needs IOS 15.0(1) to use C3KX-NM-10GT, and the latest IOS for 3750G-24TS is 12.2.55. How can I interconnect them using diferent IOS?
View 2 Replies
View Related
Jan 29, 2013
I have a 3750G switch that can't detect another switch or be detected through its stack ports. I tried the recommended test; looping a cable between the ports and rebooting. I get the following message as the switch boots: SM: Detected stack cables at PORT1 PORT2. However, if I connnect another switch, it won't detect it and can't form a stack.
View 4 Replies
View Related
Feb 20, 2012
I'm trying to upgrade the IOS ver on a 3750G stack (2 switches), but the img on the switch is too old.The stack is running IOS c3750-i9-mz.121-19.EA1d.bin, and when I tried to upgrade to a newer version, I tried to go to IOS ver c3750-advipservicesk9-mz.122-35.SE5.bin since I need to enable ssh on the switch, but the switch did not reload.
Here's a prtscreen of the switch ver:
Cisco Internetwork Operating System Software
IOS (tm) C3750 Software (C3750-I9-M), Version 12.1(19)EA1d, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Mon 05-Apr-04 22:40 by antonino
Image text-base: 0x00003000, data-base: 0x007CBC3C
[code]...
what IOS ver can I upgrade to that is not already deferred?
View 1 Replies
View Related
Jun 17, 2012
have one 3750G stack with 4 switches and this stack is presenting the follow log message:
%PLATFORM_UCAST-4-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded.
In this stack we are using the layer 3 with OSPF routing, and the current sdm prefer is default:
switch-01-3750#sh sdm prefer
The current template is "desktop default" template.
The selected template optimizes the resources in
the switch to support this level of features for
8 routed interfaces and 1024 VLANs.(code)
View 2 Replies
View Related
Feb 7, 2011
I have two 3750G switches that are in a stack, and I am seeing these errors in the log:
002258: Feb 4 17:06:06.355 UTC: %PM-3-INTERNALERROR: Port Manager Internal Software Error (vlanid >=0 && vlanid < PM_MAX_VLANS: ../switch/pm/pm_vlan.c: 1279: pm_vlan_get_vlan_data) (CBAC01-3750-2)
-Traceback= 190F078 19729A0 1972A64 1963764 110BC24 195F2F8 110BB9C 196D2C8 195ECD4 110BC24 19658B0 110BB9C 196D1D8 194C2B8 195D24C 110BC24 (CBAC01-3750-2)
002259: Feb 4 17:06:06.355 UTC: %BIT-4-OUTOFRANGE: bit 4096 is not in the expected range of 0 to 4095 (CBAC01-3750-2)
-Traceback= 10273BC 1027478 1972B50 1963764 110BC24 195F2F8 110BB9C 196D2C8 195ECD4 110BC24 19658B0 110BB9C 196D1D8 194C2B8 195D24C 110BC24 (CBAC01-3750-2)
002260: Feb 4 17:06:06.355 UTC: %PM-3-INTERNALERROR: Port Manager Internal Software Error (vlan > 0 && vlan < PM_MAX_VLANS: ../switch/pm/pm_vlan.c: 773: pm_vlan_set_portlist) (CBAC01-3750-2)
[code]....
View 9 Replies
View Related
