Cisco WAN :: 3750X / Isolating Traffic On Different Subnets?
Apr 19, 2012
What I have is two Cisco 3750X switches, 10 bridges, and 10 routers. What I'm doing is throughput testing. The problem is all of the routers have identical subnets because in the real world there won't be two of them in the same place. The 10 bridges were the easy part. I have one switch dedicated to LAN side and one dedicated to WAN side. Since the bridges themselves allow any traffic through because they are bridges I set all of the individual ports to essentially be their own subnet by making them L3 ports. Then, I set the switch to route the traffic based on subnet through the correct port using the ip route command in the CLI. I'm using a Spirent to generate traffic and the spirent lets me wrap traffic on different streams in different IP addresses. I made the uplink have a subnet of 10.0.28.0 and I made every port have a subnet starting with 10.0.5.0 being incremented by 1. This allowed me to send traffic from source address 10.0.5.5 to destination address 10.0.28.5 and vice versa by telling the switch to route any traffic with a 10.0.5.0 subnet to port 1 (first device) and any traffic with a 10.0.28.0 address to port 24 (uplink). The reason this works is because bridges don't care what the traffic is or where it is going so everybody is fine and happy. Now I have to introduce 10 new devices that are all routers while maintaining the previous set up and I'm stumped. I've tried everything I can think of, different Vlans, trunking, routing, L3 ports, etc. If i try to isolate everything by Vlan they can't talk to each other. If i try to isolate everything by Vlan and trunk the uplink port it won't work because you need to do Vlan tagging and my device doesn't do that and I don't think the switch can do that for you. The routing doesn't work because the uplink port has to be it's own subnet and when that subnet tries to send traffic to the router it's considered foreign and gets dropped. With L3 ports you run in to the same problem, you can isolate all of the individual ports with their own subnet but the uplink port has to have a different subnet which automatically causes the router to drop the packets. The only configuration that works is a completely default dumb switch configuration and that is unacceptable because I need all of this traffic to be isolated because of the bridges. Without the isolation, all of the data will go through the nearest easy hop which will be one of the bridges, even if that isn't the right path the switch doesn't know any better. I can change the subnet on the routers but I can't deviate too far from the original subnet which is 192.168.0.0. I tried setting up different subnets by incrementing the third octet by 1 every time, 192.168.0.1, 192.168.1.1, 192.168.2.1, etc. and think this setup will work I just don't know how to set the switch up. Setting up the switch to route the traffic properly without changing the subnet on any of the devices would be ideal.
View 1 Replies
ADVERTISEMENT
Oct 1, 2012
I have a pair of Core VSS 6509E SUP 2T. Two different LANs, two diff. Subnets. larger LAN has been connected to the VSS pair usng normal SVI and Post-Channles (has lots of closets 3750 stacks) and no problem. Second LAN, two closets, stacked and connected to each other via Port channel and trunk + SVI interfaces. Now, I have SVI interfaces for both LANs on teh VSS pair and that is causing traffic from one LAN to jump over to the other VLAN and rightly so because the VSS pair see both subnets as directly connected subnets. I was wondring if I delete the SVI for the second LAN and only keep the L2 VLAN this will be resolved> The reason for the second LAN to connect to the VSs pair is only that It has to go through the VSS pair to get to the WAN router (both LANs will go out through this Same WAN router) but WAN router is not my concern at this time. I need to isolate these two LANs/subnets traffic so no one VLAM traffic jumps over the other.I have also thought about VRF but at this point I am not sure if teh 3750 stacks supports VRF and if it does how to implement VRF on the second and samller LAN to just allow it go through the VSS pair in order to get to the WAn router.
View 13 Replies
View Related
Apr 27, 2012
My home network is up to now all hard-wired, nothing shared etc.I just got an ipad though, so do want to have wireless available now. I would like the ipad wireless router to be isolated so that the desktops run no risk from getting a virus via the ipad wireless connection.So, I was going to buy another router - would I be able to plug that into the wired router, and the desktop also plugged into the wired router, would that keep every part of the network isolated from the others?
View 8 Replies
View Related
Feb 2, 2012
I have to configure failover Active/Standby on my ASA 5510.I am wondering how i could do for the outside interface, i mean, actually the ASA1 outside interface is linked directly to our Internet router.So now if i have to add ASA2 connecting to that router i will need a switch between them.I have already a switch for DMZ & LAN.The thing is that i will have to allow 3 switchs ports to communicate with each others.
- 1 for ASA1--outside
- 1 for ASA2--outside
- 1 for Internet router
How could i isolate these 3 ports to make them communicate alone ? Should i use VLAN for that ?And if i use VLAN, will this require to make any change of configuration on my firewalls (ASA1 & ASA2) outside interface ?I am a bit lost with this, if i am correct i will not have to do some "vlan tagging" on the firewall itself ?
View 1 Replies
View Related
Feb 12, 2013
I was given a task of creating a vlan and isolating one pc to access an internal website (192.168.90.15) on a specific port (port 8080)The pc is connected in the following manner:
PC--> HP Switch --> Cisco Small Business SG200 switch --> 3550 Catalyst 1, 3550 Catalyst 2 and 3550 Catalyst 3.
I have created a vlan 110 on the Main 3550 Catalyst switch and successfully added the pc to that vlan.However, that PC must be able to access the internet and an internal website on port 8080.I have placed an access-list on the main 3550 catalyst switch which is connected to our router as below:
Client ip address: 192.168.100.2
VLAN 110: 192.168.100.3
access-list 110 permit tcp host 192.168.100.2 host 192.168.90.15 eq 8080access-list 110 permit icmp host 192.168.100.2 anyaccess-list 110 deny ip 192.168.100.0 0.0.0.255 ? I was unable to access the webserver even after many attempts.
View 2 Replies
View Related
Aug 15, 2012
I need to NAT some subnets to one IP and other subnets to another IP. The range command want work because some of the subnets are out of order.For example subnets 192.168.1.0 - 192.168.7.0 and 192.168.25.0, 192.168.28.0 nat'd to 1.1.1.1. subnet 192.168.26.0-192.168.27.0 nat'd to 1.1.1.2
View 2 Replies
View Related
Apr 12, 2012
I have a home network. There are a total of 3 PCs. Each runs Server 2008 32 bit. One PC - Lets say Server A has 2 NICs with Ip addresses, 10.0.0.10/30, 10.0.0.2/30. Other two computers Server B and Server C have single NIC with addresses 10.0.0.1/30 and 10.0.0.9/30 resp. So as you can see that there are two subnets 10.0.0.2 - 1 and 10.0.0.9 - 10. I can ping B and C from A. I want that B and C can also ping each other and if I run tracert on B or C, it should give me the route to the destination via A. All this without any other hardware. Like using route add... etc eg. if I write tracert 10.0.0.9 on B, it should return a route like 10.0.0.1-----10.0.0.10------10.0.0.9.
View 3 Replies
View Related
Aug 24, 2012
I have two subnets, that need to share a common link, and each with its gateway at the opposite end. What kind of switch do I need for the two red boxes?
View 7 Replies
View Related
Nov 20, 2012
I have an exercise with picture you find below. The question is: Will the network shown in the diagram work correctly when you consider that the MAC-addresses PC0 and PC8 are the same, and why?
View 1 Replies
View Related
Mar 26, 2013
I have 2 DSL Lines going into a load balancing router. The load balancer is set up to distribute the traffic equally on the two lines, hence doubling the bandwidth. Though great at load balancing, it cannot handle DHCP for the 50+ users on our network, and therefore we are using another router for DHCP, which is running DD-WRT firmware.DSL 1 - 10.1.0.1DSL 2 - 10.2.0.1Load Balancer - external 10.1.0.2, 10.2.0.2 internal 192.168.10.1. DHCP Router - external 192.168.10.2, internal 192.168.1.1All other devices - 192.168.1.xThe load balancer has many options to direct traffic to one WAN port or the other based on IP address, which we would like to implement. But right now, since all my devices are on the 192.168.1.x subnet, it can't see anything but the DHCP router. So essentially it thinks it has only one client.
View 1 Replies
View Related
May 5, 2011
I recently added a post lately referring to drawing a topology of a large network with a high number of hosts. Now with project itself, I'm designing a network for a large organisation with a different number of hosts at each location.These are, 500,18,52,236 and 12. The location with 500 hosts is the head office, to which every other branch has a wide area network connection through a serial link.How many subnets would I require? I wrote down subnet details, but only for 5 subnets, a subnet for each location. Is that all I need? Or do the WAN connections count as subnets
View 9 Replies
View Related
Sep 13, 2011
I am working on a Cisco 5510 with multiple interfaces and requirements. I have experience with Cisco IOS, but not too much with the ASAs. I seem to be getting a bit confused on the NATing and ACLs on a firewall that was started by another employee, who is no longer here. With my current config I can get the firewall in place (we are currently using an older PIX) and most basic functions work except for two key things: 1) communication from the finance interface to the inside interface. The finance subnet has some restrictions that you will see in the ACL- we are trying to limit connections to the those systems, but they need to be able access an e-mail server on the inside. 2) communication from the DMZ interface to the inside interface. Maybe related to the first problem?
View 2 Replies
View Related
Mar 2, 2012
I've currently got my ASA (5505) serving a /28 public subnet. I've ran out of IPs, so my DC has issued me an additional /24 subnet that they have routed to my ASA. What needs to be done on my ASA so be able to use these new addresses? I've been trying to search and not been able to find a good answer (some say I shouldn't have to do anything, everything else references NATing, which I currently don't do and would rather not do).The servers I assign these to, I'd like them to have the public ip assigned directly to them.
View 5 Replies
View Related
Mar 11, 2012
I purchased an ASA 5505 and placed it between my Cable Modem and Cisco 3745 router. The outside interface on the ASA is dhcp, the inside interface is 192.168.100.1. The outside interface of the 3745 is 192.168.100.2 and the inside is 192.168.1.1. The VPN pool is 192.168.200.10 - 192.168.200.10.
1. When I establish a VPN session to the ASA, I can ping and access any resources dierectly connected to the ASA's interfaces and on the ASA's internal 192.168.100.0 network. However, I cannot access any resources behind the 3745. I cannot even ping 192.168.1.1. Even directly connected hosts on the ASA cannot access Hosts in the 192.168.1.x subnet. There appears to be no traffic between 192.168.100.0 and 192.168.1.0.
2. Although I believe that I sent up split-tunnel, I cannot U-Turn back to the internet once connected to the VPN.
Here is my network topology as well as my ASA config and Router config.....
ASA ......
ASA Version 8.2(5)
!
hostname poog-fw1
domain-name poog
[code]....
View 7 Replies
View Related
Mar 31, 2012
I have 1 Cisco switch 24 ports and 12 computers. The 12 computers are divided in three groups and every group is a different network segment.
question 1: I need that every group has communication with its own set of computers but no communication with the computers on the other segments.If I connect the computers to any port on the switch, can they communicate within its own groups? Can the switch pass the network traffic for all of them?
question 2; What I need to do on the switch to have them to reach the internet?
View 9 Replies
View Related
Feb 12, 2013
I have a cisco 2921. I have 2 networks that has its own router
192.168.1.0 network is connected to watchguard firewall 192.168.9.0 network is connected to the cisco 2921 router.
I want to connect the 2 subnet using one of the interface of the cisco router. How I can get this work? It is not connected via vpn tunnel but we want to have LAN speed when accessing resources on both network. Each network is connected to a dell switch.
View 22 Replies
View Related
Nov 8, 2011
I have a 5508 controller that has 14 APs connected to it. I installed them without an issue. The 2 new APs are on a different subnet. I can ping them from the 5508 controller ping command, but they do not self discover from the web interface. The 2 new APs are at a differnet physical location.
View 21 Replies
View Related
Jun 18, 2012
I am coming to this forum because TAC and several CCIEs are having trouble finding me a solution to my problem.
I have Two 5520s each running 841 connected in two different data centers with two different internet providers. I have 100+ 5505s that have the capability to connect to either 5520 via EZVPN to either 5520. Up to now there has not been a need for a 5505 connected to one 5520 to talk to another 5505 on the other 5520. Each 5505 accesses network resources as in any enterprise network. Our company recently started telecommuting and I have been giving 5505s and a VOIP phone out to people. What was discovered is, if you are on one 5505 connected to a 5520 and the other 5505 is connected to the other 5520 the audio in voip does not work. If both the 5505s are connected to the same 5520 than everything works fine. Conversely a 5505 on one 5520 cannot ping a 5505 on the other 5520. 5505s on the same 5520 can ping each other no problem.
My problem: All 5505's are configured for a 172.18.xxx.xxx 255.255.255.224 subnet. This subnet is not used anywhere else. So I have a 100 Class "C" subnets carved up into 255.255.255.224 networks. If I look at a specific route for a subnet on one 5520 I see it pointed to the outside interface via RRI. I can look for the route in the 5520s connected CORE switch and I see the route pointed to the 5520. We have a fiber connection to the CORE in the other data center. The route is in this CORE switch as well. When I look for the route in the 5520 connected to this core it is not there. I have all other routes visible but not this particular route which should show on the inside interface. All I show on the 5520 are the 5505s connected to this ASA. So the 5520 is not processing the RRI subnets from the other 5520 and vise versa. Thats why a 5505 on one 5520 cannot ping a 5505 on the other 5520. I only see 172.18.0.0/27 on the outside interface of both 5520s. I do not see any 172.18.0.0/27 on the inside interface on either.
I have had numerous TAC cases open on this and no one seems to either understand my problem or have a solution for me. My local sales rep CCIE says the problem looks like a bug in 841 (which I am running) and that the ASA is not processing RRI from eigrp which I am running as well. The whole network is running the same instance of EIGRP including the 5520's.
My questions:
1) Is it possible the 5520 is not allowing 172.18.0.0/27 on both the outside and inside interface? Even though all subnets are masked proper the ASA maybe thinks it is being spoofed? I have not been able to confirm this using the real time log.
2) Could this really be a bug? I have looked at all the release notes and have not found anything resembling my problem. TAC has not recommended that I upgrade or downgrade my IOS.
View 6 Replies
View Related
Oct 6, 2011
I have 2 sub nets and 2 up links
port g1 = 211.122.10.x
port g2 = 210.211.10.x
Can use 1 switch (sf-300 24)
assign port 1-12 up/down to g1
assign port 13-24 up/down to g2
View 1 Replies
View Related
Jan 12, 2012
Is it possbile to NAT to other subnets with the RV082. It is on a 192.168.41.x and I have a phone system on a 192.168.20.x. After searching all over others are saying no.
View 4 Replies
View Related
Jul 29, 2012
Is it possible to use a 2504 wifi controller to manage compatible AP's across different subnets ?
View 2 Replies
View Related
Oct 9, 2012
I need to split a network: 10.0.4.0/24 into 3 subnets with the following hosts per subnet:
Subnet 1: 80 hosts
Subnet 2: 10 hosts
Subnet 3: 120 hosts
split into 3 subnets?
Im thinking something like this:
Subnet 1
Network 10.0.4.0
Subnet Mask 255.255.255.128
[Code].....
View 1 Replies
View Related
Jul 7, 2011
if some gave me an IP address and subnet mask, and they told me to identify the range of valid subnets I have no clue how to do it. I know how to work out the total number of subnets and hosts, you just look at how many subnet bits have been borrowed and use the 2^ formula. For example with the IP 172.28.123.0/25 I know the default mask for a classs B address is 255.255.0.0/16 so in this example we have borrowed 9 subnet bits to give mask of 255.255.255.128/25 and 7 host bits remain. In order to find the total number of subnets you do, 2 to the power of 9 because we borrowed 9 bits, which tells us that there's 512 subnets and to find out how many hosts we do, 2 to the power of 7 because we have 7 host bits, so that gives us 128 hosts in each subnet. Now this is where I get lost, how do I find out the number of the first and last subnet? I know there's 512 subnets and each subnet has 128 hosts. But I don't know the number of each subnet, the range to be more precise. How do I workout the first, second, third, fourth etc subnet address
View 3 Replies
View Related
Jul 2, 2012
I have :
- two different subnets (S1, S2)
- these subnets are connected to an IP backbone via wirelles acces points
I would like to physically connect these subnets together so the networks devices in S1 could directly communicate with the devices in S2 and vice versa without going through the backbone.
The obvious solution seems to interconnect these subnets with a router or a switch L3. But I would like to connect these subnets and stay at layer 2.
So, is it possible to connect S1 and S2 with a switch L2 ? If I do that, what is going to happen? Can I create just one subnet S3 from this two subnets when I connect them together and have my two separate subnets back as soon as I disconnect them?
View 1 Replies
View Related
May 11, 2012
our office has 2 branches recently the static ip of the branch was changed to a different subnet. earlier it used to be
111.170.150.140 subnet mask (255.255.255.128) main branch router (1) ip which forwards all request to server (dmz) - unchanged
111.170.150.141 subnet mask 255.255.255.128 sub branch (2) router ip changed to 111.170.150.61 subnet mask 255.255.255.224
after this change i am not able to access shared folders on the dmz server (1) (111.170.150.140). i am able to ping the ip and also able to open remote desktop connections from sub branch (2).i suspect that it is because of subnet change as i was earlier able to access shared folders?How can we access the shared folders across the subnet? what settings to change?
View 7 Replies
View Related
Dec 4, 2012
You have to make 4 subnets for 4 VLANs, the router interface assigned to each VLAN is the LAST usable host on the subnet.so unless I'm really bad at networking the graph should be:
NET ID // HOSTS // BROADCAST ADDRESS // VLAN
192.168.0.0 // 192.168.0.1 - 192.168.0.62 // 192.168.0.63 // VLAN1
192.168.0.64 // 192.168.0.65 - 192.168.0.126 // 192.168.0.127 // VLAN2
192.168.0.128 // 192.168.0.129 - 192.168.0.190 // 192.168.0.191 // VLAN3
192.168.0.192 // 192.168.0.193 - 192.168.0.254 // 192.168.0.255 // VLAN4
So if I'd have to write down a single host configuration for VLAN2..I think it should be:
IP: 192.168.0.65
subnet mask: 255.255.255.192
default gateway: 192.168.0.126
Is this correct? I'm not sure whether the default gateway should be 192.168.0.255 (as would with normal subnets) or as I wrote down 192.168.0.126, this is the first time i've ever gotten assignments including VLANs and I havn't really gotten a solid explanation.
View 1 Replies
View Related
May 21, 2011
I just installed a new ASA 5505 for an office with three internal subnets.* The three networks can each get online fine and ping eachother, but cannot browse to shares on the two internal networks other than their own.* How do I configure the ASA to allow all traffic between these three inside networks?
192.168.152.0
192.168.152.0
192.168.154.0
[code]....
View 8 Replies
View Related
Aug 26, 2011
I am setting up my home lab to practice and play around.I have VMWARE ESXi environment with two workstations as my servers.I would like to setup two domains with two domain controllers but i want each domain to have its own subnet.So this is my setup. I have Cable modem from cablevision , thay connects to my router which is Apple Airport which acts as the DHCP server. DNS server and default gateway. The network on the router is 10.0.1.xThen i have two switches . One is a 5 port unmanaged switch that connects to the three physical desktops .Then i have a Cisco small business switch SG200-08 that connects to my ESX servers and NAS. Now currently all is good and working but like i said all my machines physical or virtual get an IP that is 10.0.1.x and they get all this from the router. And i think i can setup two domains with two domain controllers without an issue and they will all get an IP address of 10.0.1.x. This is all good but i want to have one domain on one subnet and other on another so for example one domain will have 10.0.1.x and other 10.0.2.x. I am just not sure what i need to to get this setup like this. I know my SG200-08 supports vlans and i am pretty sure on the apple router you can only have one subnet i think. So can i do this with my current setup by setting up a DHCP server with two scopes ?
View 3 Replies
View Related
Dec 21, 2011
I have a static DSL connection and my ISP is giving me 4 static IP's. I have connected my RV042 to the DSL modem and I have now 1 subnet at 192.168.0.0. What I want to create is a WEB server/ Email server, but to sit on a different subnet - 192.168.5.0. For now I have connected the server to the DMZ port, but I am unable to to access it from WAN, only from LAN. How to configure properly the 2 subnets (192.168.0.0 and 192.168.5.0) and how to forward my static address to the server which I which to be on the 192.168.5.0.
View 4 Replies
View Related
Mar 26, 2013
I have an ASA5510 that is connected to outside for WAN, inside for LAN (10.22.254.0/24), and a iSCSI switch plugged into Ethernet 0/3 (10.22.244.0/24). I can ping the Eth0/3 interface (10.22.244.1) but I can't ping across that interface from WAN or LAN side.
START CONFIGURATION
ASA Version 9.1(1)
!
hostname ASA5510
[Code].....
View 7 Replies
View Related
Jun 23, 2011
NAT command on 8.4? I am trying to PAT multipule Inside subnets to an IP address. With the example I found I can only PAT one subnet. If I do it the way I have below, it will end up with the last subnet (3.3.3.0) stay in the config. What is the best way of doing it? I have about 20 inside subnets I need to PAT.
object network obj-Inside-sub1
subnet 1.1.1.0 255.255.255.0subnet 2.2.2.0 255.255.0.0subnet 3.3.3.0 255.255.0.0nat (inside,outside) dynamic 199.246.5.2
View 5 Replies
View Related
May 27, 2013
I have problem of Site to Site connectivity I have 2 sites (Site 1' public ip. 115.119.120.X, local ips are 192.168.1.0, & Site 2' public ip 115.119.187.X, local ips are 192.168.2.0)Both sires are having different locations & using routers are Maipu 800.At present both sites are running with internet (each router are configured for DHCP, NATING & DNS for intenet)guide my with complete config, both local systems has to communicate...My preperance is existing routers & If it is nessary to change the routers, what will be the config.
View 1 Replies
View Related
Aug 31, 2011
i just got an extra public subnet from our ISP (co hosting center) But I can't figure out how to use them on my ASA.
New:
IP-adresses: 87.1.1.194 - 87.1.1.254
Default gateway: 87.1.1.193
Subnetmask: 255.255.255.192
Old:
IP-adresses: 200.1.1.34 - 200.1.1.46
Default gateway: 200.1.1.33
Subnetmask: 255.255.255.240
Config:
route wan 0.0.0.0 0.0.0.0 200.1.1.33 1
And statics like:
static (interface,wan) tcp 200.1.1.37 3389 192.168.3.100 3389 netmask 255.255.255.255
View 22 Replies
View Related
