What are the pros and cons of configuring a Switch Virtual Interface (SVI) versus a routed physical port between layer 3 switches?For example, if I have two 4506s and have a need to run HSRP and route between them which feature is better and why?
switch_a
!
interface vlan 25
ip address 10.10.10.1 255.255.255.0
!
interface fa0/1
switchport mode trunk
[code].....
I have five 877 routers connected to ADSL circuits provided by Vodafone. Each has a VPN tunnel back to a PIX.
Occasionally one of the sites will lose it's connection to the PIX.
When we check the log, we find entries like these:-
Apr 5 01:31:54.085 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to downApr 5 01:33:19.344 UTC: %CRYPTO-
[Code].....
As you can see, the physical interface (ATM0) is not being reported as changing state to down, neither is the Dialer interface.
When the router is in this state we have to SSL to the public IP address of it and manually restart the ISAKMP SA.
When the router sees the ATM interface go down and subsequently come back up, the VPN connection to the PIX also recovers.
So - in a long winded way I think I'm asking....why does the Virtual interface go down and is there anything I can do to stop it happening?
can we create VRF on Cisco 3550 EMI switch so that we can create mutiple virtual switch on physical switch.
View 4 Replies View Relatedthe difference between Virtual Servers and Port Forwarding on the DIR-825? I'm transitioning my router setup for a Tomato/MLPPP router to the DIR-825 and I'm a little confused on when you would use "Virtual Servers" and when you would use Port Forwarding? In the past, I've always relied on port forwarding to allow access to specific services on my LAN (ie. VPN, Apple Remote Desktop, etc.), so again, unsure what the Virtual Servers is used for?From what I can tell, Virtual Servers is for services that require a single port for communication (ie. a basic SSH setup on port 22) while Port Forwarding allows for the setup of services that require multiple ports (ie. VPN on ports 500 [UDP], 1701 [UDP], 1723 [TCP] and 4500 [UDP]). Is that the differences between the two configuration pages? It just seems odd to me to have two separate windows for just this difference? If that's the case, is there any reason I couldn't just use port forwarding, even for services that only require a single port (just to keep everything on the same configuration page, under Port Forwarding)?
View 2 Replies View Relatedwe are using the catalyst 3550 L3 for BGP routing. For e.g. Gi 0/4 is our internal interface tha we want "switch".
We need on Gi 0/5 the same network that is on gi 0/4.
How is it possible? Make it like a 2 port mini switch. Or make a bridge of these 2 interfaces without any complicated reconfiguration needed?
We are looking for a solution that to use Sub-interface on a routed port on 6509, instead of using a SVI on it.Are there any different when using Sub-interface?
View 3 Replies View Relatedhow to configure this. I did it in the past but kind of forgot how I did it.I have a stacked 3750 (two physical switches) connecting to a 2960.
I am creating trunk ports with limited access to VLAN 300, 600, and 700.
There is two interfaces connected from the 3750's(one on each physical stack member) to the 2960.I have the physical interfaces configured exactly the same.
3750 Config:
interface Port-channel2
!
interface FastEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1, 300,600,700
switchport mode trunk
speed 100
[code]....
Should I keep the configuration on the physical ports and not configure the Port-Channel Interfaces? Do I need to configure port-channel load balancing? Is the channel-group mode sufficient? Goal is to basically create 2 links to the 2960 to double the bandwidth and provide redundancy.
On a router I can use IP Accounting or Netflow to see what kind of traffic is moving over an interface. Are there any tools on a 3750 switch with a routed interface which would tell you who is hogging the bandwidth on that interface?
View 2 Replies View RelatedWhat the different between using hsrp on vlan interface and on physical port (routed port) on Cisco 3750 Switch? Wha the benefits?
View 3 Replies View RelatedI've Nexus 7010 switch installed in my DC. I've conncected Cisco router to one of the Ports. On the same port I'm getting following error message and hence, unable to form EIGRP neighborship.
DR-CORE-SW-S01-NEXUS7K %MODULE-2-MOD_SOMEPORTS_FAILED:
Module 1 (serial: JAF*******NGK) reported failure on ports 1/2-1/2 (Ethernet) due
to R2D2 : Speed patch failed - no frames transmitted in device 143 (error 0xc8f0
1273)
I understand routed vs bridged mode configuration fairly well, however, I do not understand the pros/cons between using them.
View 6 Replies View RelatedI need to have some (maybe four) virtual network interfaces, one face of them connected to my laptop and another face bridged to one of my physical network interfaces.How can i do that?Ive tried VirtNet and Microsoft Loopback Adapter but no success.
View 1 Replies View RelatedI've been using a WRT120N on a local area connection.The WRT120N acts as a gateway and also to connect to the PPOE connection, via a bridged adsl modem.I've noticed that the LAN port 1 was flashing although the network cable was disconnected from the physical port. I've restarted a few times but to no avail as well. Ever since that, I've noticed that connection through cable are unstable and hard.Now, I'm not able to reset or upgrade the router's firmware.Is there any other way to be done so that I can get this router working as normal again.
View 6 Replies View RelatedI have a network with Two 3800 Cisco Routers as Central and many Cisco 2811 Router as Branches. Now I set two Tunnel on each router connection Interface FastEthernet from each 2811 to SubInterface Fastethernet on 3800. I set OSPF as Routing Protocol and I configure QOS on Tunnel connections. Then I have a safe connection with backup connection between 3800 Router and each 2811 Router. Now I want to set VPN with IPSEC and Certification Authentication with CA Server for Security all connection. I set IPSEC and ISAKMP and Certificate on each Router and Set Dynamic VPN on Cisco 3800 Router and Static VPN on each Cisco 2811 Router. Now when if I configure tunnel with Crypto map, it works correct and all packets are encrypt. But if I try to set crypto on physical Interface(because I want to set qos on tunnel then protect packets on physical interface) however all packets are routed but crypto and encrypt d o not work. Set qos on tunnels and crypto on fastethernet interface.
View 4 Replies View RelatedI am preparing configuration (currently in lab) for Per-Tunnel QoS in DMVPN on ASR 1002F for one of our customers, and I came across one issue. According to restrictions for this feature, I cannot apply per-tunnel QoS in conjunction with interface based QoS. This means, I can provide shaping with hierarchical CBWFQ for each spoke, but I cannot guarantee anything on physical interface! What if there are services in native MPLS? I am also unable give reservations for BGP which is used on PE-CE link! How about monitoring spoke PE-CE links natively? I can only apply policy-map with class-default on physical interface. When I add anything related to queuing for that class (or any other non-default class) I get the message:
R1(config- pmap)class routing
R1(config- pmap-c)#bandwidth 16
service-policy with queuing features on sessions is not allowed in conjunction with interface based
[Code] ........
I enabled snmp config ASA 5505 with Version 7.2(4), the NMS/reporting system can give graphs for CPU & Memory usages. But I can't see any elements about physical interfaces.
View 1 Replies View RelatedI have my wan connection on the eth0. The bandwidth is 2mbps. I am running qos on that interface saying 192.168.200.0/24 can use 80% of the bandwidth and 192.168.201.0/24 can use 20% of the bandwidth. I Also have vtun VPN inteface to our branch office. I also wan to run some qos on that interface. How do i go about allocating the bandwidth on this interface? it is actually going via the eth0 interface, but the system actually see's it a an independent interface on its own right, so it requires it's own qos policy.
View 3 Replies View Relatedwe have 100 Cisco 881 routers in our network and they all work fine to Linksys, 3Com, etc switches. The problem we have encountered is interfacing to Netgear switches. Netgear switches use autosensing on their ports and it does not seem to be compatible with MDIX autosensing on the Cisco 881 4 port LAN hub that is standard on the 881 router. Would a cross over cable resolve the problem? Since both run autosensing MDIX they never synch - so likely a cross over would not do much. I see this with all types of Netgear smartswitches. If you put a small switch between the Netgear switch and the 881 Cisco router everything works fine except for getting port 9000 traffic through.
View 5 Replies View RelatedI have my main branch router (3825) and two remote routers (2821's). They are connected through leased lines that do not touch the internet. For various security reasons I have to ensure that the traffic from the remote's are encrypted in a VPN tunnel even though it is still part of a private network.I have went ahead and created the tunnels and I can verify that they are up. I have applied the cryptomap to the correct interfaces, etc.So the question is - How do I ensure that traffic is not just being router out of the interface from the remote sites back to the branch router with or without using the VPN tunnel? I've taken down the tunnels and of course, the traffic is still being passed back and fourth.
View 1 Replies View RelatedI have a subnet (vlan 104) working great across a WAN. At site 1, Router A (3745) has the L2TPv3 tunnel configured while Router B (7204) has a routed interface on vlan 104.
The only thing router A is doing is the tunnel, so I'd like put the tunnel on Router B and eliminate Router A.
The trouble is, when I move the configs to Router B, the tunnel comes up, but the far side does not receive traffic over the tunnel.
Router B shows sending and receiving packets (per the 'sh l2tun session all' command). The far end router shows sending packets but receiving 0.
Is it a problem to have both the vlan 104's L2TPv3 xconnect interface and the vlan 104's routed inteface on the SAME router?
I have a pair of router Cisco 2800 running in HSRP, now I want to configure one sub interface with another sub net, Will my current IP on physical interface work or do I need to create two Sub interfaces for each network. Do i must need encapsulation on sub interface
Current Config:-
Router 1:-
interface FastEthernet0/1description Connect to LAN_SW1 Gi1/0/1ip address 192.168.1.13 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 90standby 1 preempt
Router 2:-
interface FastEthernet0/1description Connect to LAN_SW2 Gi1/0/1ip address 192.168.1.3 255.255.255.0no ip redirectsduplex autospeed autostandby 1 ip 192.168.1.1standby 1 priority 110standby 1 preempt
For second network I do not require HSRP
Router 1:-
interface FastEthernet0/0description Connect to LAN_SW1 Gi1/0/1no ip addressduplex fullspeed 100
[ code]...
Router 2:-
interface FastEthernet0/0description Connect to LAN_SW2 Gi1/0/1no ip addressduplex fullspeed 100
[Code]...
We have to enable FIPS 140-2 on our ASA5520's for all our IPSEC VPN connections. We currently have failover on our 5520's. I found a lot of information out there but some seems to conflict one another.What are the things I need to look out for - caveats? Does the clients that connect to the VPN had to use different clients once the FIPS was enabled.Do we need to recreate logical interfaces for each physical interface we have?
View 1 Replies View RelatedASA have two context groups say admin and and x. Its interface gi0/2 has 6 subinterfaces from 1 to 6.3 subinterfaces ----0/2.1 to 3 are in admin and last 3 are in context x.when i went to system context it does not show where interface gi0/2 belongs to it only shows up up.how can i find which context group physical interface gi0/2 belongs?
View 4 Replies View Relatedvlan interface and physical interface (that is serving for this vlan ) have different input/output counters, there is only one physical interface in this vlan .
sh int vlan 64
30 second input rate 9000 bits/sec, 9 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
[Code]....
how to configure vlan tag on routed layer 3 interface in cisco 3945 device?
View 2 Replies View Relatedwe have cisco 6500 series switch and configured port channel on both switches with 2 gig interfaces on both switches.
When we enable the port channel mode to as desirable to the interfaces on both side and applied the port channel to physical interfaces switch will go down and if we remove on any one side switch will come up. we have enabled globally the following commands. [code]
Can I configure two voice vlans on the same physical port?
View 2 Replies View Relatedwhat is physical diffrance between switch and router?
View 1 Replies View RelatedI have an old Nortel network with a bunch of servers attached. Connected to it is the new Cisco core, by way of a routed port. My task is to migrate servers over to the Cisco side of the network, with minimal downtime, and have full network connectivity, retain IP addresses/remain on the same subnet, and retire the Nortels. The Nortels are running VRRP, so I can fail the gateway over by becoming part of that group and later dropping the Nortels, but I can't seem to get a host on the Cisco side to participate in the original subnet. The routed port kills VLAN traffic, so I tried bridging the VLAN with the routed port, to no avail.
View 7 Replies View RelatedI have 2 3550's connected across a wireless link. [code] However, from Switch A, I cannot reach 10.1.3.9Can this 3550 not route traffic between 2 routed ports?
View 8 Replies View RelatedI have a problem in my Cisco 1841 in Virtual-Access Interface all interfaces is UP Except Virtual Access is Down . [code]
when i want recover the virtual access to up ,should i do shut & no shut to the ATM interface.What is the cause of the problem, and how I can solve this issue?
During an installation, we plugged a Ruckus wireless bridge (powered by a PoE injector) into G0/0 on the 1941. The port status remained down/down. We then tried connecting it to G0/1. Again, the port status remained down/down. We took another wireless bridge, plugged it into G0/0 and the port changed to up/up status within a few seconds. The same happened when connected to G0/1. Both ports are have speed/duplex set to auto/auto.We took the cable from the first wireless bridge and connected it a 3550 switch, the FastEthernet port went up/up. We then took the cable and connected it to a switchport card (HWIC-4ESW) that was installed in the 1941 router. The port came up/up.We connected to wireless bridge back to G0/0 in the 1941 and manually set the speed/duplex to 1000/full. The link light on the router became illuminated after a few seconds but no console message was displayed (nor did any events appear in the log) and a "show int g0/0" showed the port status as down/down. This was could not be duplicated as this only happened one time The wireless bridges sit atop of a water tower and are connected each via a shielded ethernet cable. The cable that we're having trouble with is cat5e STP and about 310feet in length. I should note that we have not yet swapped the PoE injector but it seams to be functioning properly as power is getting to the wireless bridge and its accessible. Also because if the wireless bridge for some reason didn't come back up after a power cycle it would potentially mean climbing the tower to perform a hard reset. We tried another 1941 with same results however we have not tried another router model to rule out a potential platform issue. Can you recommend any troubleshooting steps to determine why the port status of the gig interfaces on the 1941 don't come up?
View 4 Replies View RelatedWe have a 3745 LNS router, currently there are less number of users connected.when a user dials request authenticated and one virtual-access interface is formed in LNS router.Now the user is disconnected the vpn and connected to VPN again in this case, whether the user is connected to the same virtual-access interface which was assigned before disconnecting or different virtual-access interface is created.
View 0 Replies View Related