Cisco WAN :: 6500 L2 Vlan Stretch Over L3 Dedicated Gig Link
Oct 19, 2011
We have a L3 gig link between 2 locations (6513 <-->4507). Each location got its own addressing scheme and vlan interfaces on the edge switches.For our new exchange servers, I received a requirement on having the possibility of single vlan at both locatons. so that the all the replicaton traffic between both location servers (Prod/DR). Ex: Create a new vlan at 6500 site with an addressing scheme 192.168.100.x and having the same addressing scheme vlan stretched over the L3 link to 4500. The link is not MPLS. I read few posts in the forum and seems it is possible if we have MPLS. OSPF is the routing protocol.
View 3 Replies
ADVERTISEMENT
Jan 2, 2012
I need to implement the shaping VLAN only on the trunk link between the 6500 and 3560. [code]
View 8 Replies
View Related
Feb 4, 2011
How far should the signal of the E4200 stretch? I am noticing some serious issues with signal strength on the far side of my house. I was under the impression that the E4200 was able to stretch much further distances than most N routers. Is there a setting i can adjust to increase the range?
View 9 Replies
View Related
Feb 28, 2013
i just bought a Netgear WNDR4000 router due to troubles with my current modem/router combo (D-Link DSL2730-B). The router doesnt have in built modem functionality obviously so I need to set up the modem/router as a dedicated modem.Also should I use the current modem/router as the dedicated modem or an older model i own (I think its a DSL 502T)? Because the current one often drops the internet connection. Don't know if its a problem with the modem functionality or something else. Will the older one serve better since i didn't have any problems with that one or will it be outdated? I only upgraded due it not having wireless capabilities. Otherwise it's fine.Or will I be even better off buying a dedicated modem? I really don't want to spend more money but if this is a far better alternative I guess i will.
EDIT: Ok so found out that I have to put the modem/router in bridge mode in order for this to be possible. However, looking up how to do this lead me to a dead end because i need to fill in some fields that i have no idea how to interpret.
VPI:
VCI: These 2 already came with presets. Should I just leave them?
Select DSL Link Type (EoA is for PPPoE, IPoE, and Bridge): Choices of EoA PPPoA and IPoA
Encapsulation Mode: Choices of LLC/SNAP-BRIDGING and VC/MUX
Service Category: UBR without PCR, UBR with PCR, CBR, Non Realtime VBR, Realtime VBR
[code]...
View 1 Replies
View Related
Oct 31, 2012
The customer has 4 6500 switches. 2 Physical locations, and 2 switches at each locations. The locations are connected via 1 200mpbs metro ethernet(layer 2). We ran into an issue during a DR exercise. We had created a VLAN for DR testing purposes, that did not have any SVI configured, but the VLAN did exist on one of the 6500s. When the customer restored a VM to the DR VLAN, we lost connectivity to the production server. After some troubleshooting, we found the cause to be the same mac address showing up, but in a different vlan. Once we removed the DR vlan from the 6500 all was well. It seems like switches are ignoring the VLAN in the mac address table, and forwarding to the incorrect ports. The switch is not reporting any mac flapping in the logs. No spanning tree topology changes are occurring. Code version is 12.2(33)SXJ2 on all switches.
View 1 Replies
View Related
Dec 11, 2011
Core: DC : 2- 6500 (PO Trunked) Configured L3 vlan interfaces with HSRP.
Vlans:
Servers - 192.168.5.0/24
PCs: 192.168.10.0/24
Phones : 192.168.20.0/24
Replica-exchange: 192.168.30.0/24
DR- One Core SW:
Vlans:
Servers vlan - 10.10.5.0/24
PCs: 10.10.10.0/24
Phones : 10.10.20.0/24
Replica-exchange: 10.10.30.0/24
OSPF is the routing protocol. Everything works fine.New requirement (exchange 2010 MAPI & DAG subnets)
192.168.5.0 <--> 192.168.30.0 & 10.10.30.0 : Communication should fail
10.10.5.0/24<--> 192.168.30.0 & 10.10.30.0 : Fail
Replica@DC <--> Replica@DC: work
Replicas --> Rest of the nw- not that of an issue.
Iam thinking of adding a Extended ACLs on Replica-Exchange (DC & DR) and servers Vlan interfaces to block bidirectional communication.
CORE1 &2:
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.30.0 0.0.0.255access-list 101 deny ip 10.10.5.0 0.0.0.255 192.168.30.0 0.0.0.255access-list 101 permit ip any any
!access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.5.0 0.0.0.255
[code]....
Similar to the same on DR as well. I wanted to see if ACL is the way to go or any other suggested methods with OSPF being the routing protocol.
View 2 Replies
View Related
Aug 6, 2011
Planing to implement ARP out in all interface vlan at switche(6500,3500).It's useful to avoid unicast floating in the Switch.What are precaution to be take care during the implementation?
View 5 Replies
View Related
Jan 29, 2012
Is it possible for me to create 2 vlan interfaces on the 6500 and have them both in the same subnet?
For a specific customer requirement I would like to have a vlan interface on the 6500 as default gateway, sat in it's own vrf, and then route all traffic inbound and outbound to this vlan through the FWSM interface, preferably in the same subnet. I don't think this will be possible so just looking for confirmation either way.
As I will be running EIGRP between a pair of central 6500's and 2 remote offices it will make things much easier for me advertise the connected FWSM interfaces in to EIGRP for access in/out of all my VRF'd subnets. If I need another subnet for each VRF FWSM next hop then I'll have to reditribute a list of statics which I don't really want to do.
The reason I am not just using the FWSM as gateway is because I need to run HSRP across 3 different devices (another 6500 in a second suite), and failover FWSM will only give me 1 level of redundancy for those gateways.
View 3 Replies
View Related
Nov 13, 2012
Catalyst 6509E Switch running IOS version 12.2. Created a new VLAN layer 2, created it layer 3 with an IP address. Issued the state active command and the no shutdown command. when doing a show vlan, shows in the list and active. When doing show int vlan xx, shows as down. Need to get it to be up, have attempted to assign a port to that VLAN in hopes it will come up, but still no go.
View 5 Replies
View Related
Apr 22, 2012
we have applied route-map on vlan interface in the form:
ip access-list extended TEST
permit ip 172.16.1.128 0.0.0.127 172.16.0.0 0.0.255.255
route-map TEST permit 10
match ip address TEST
set ip next-hop 172.16.111.1
interface Vlan11
ip policy route-map TEST
The problem is in the traffic matching by the rule - there is matches not only for 172.16.0.0/16 prefixes but for the whole traffic in that VLAN.
View 1 Replies
View Related
Dec 6, 2011
Vlan interface would be dropping packets on the input queue? Refer to the drops/flushes below. This is from a 6500 with a Sup720, there are a number of vlans on it. This 6500 and it's HSRP partner are exhibiting the same symptoms on all the vlans I bothered to check. This particular vlan is quite lightly used, there are only about fifteen user PC's (each with 100 Mb interfaces) on it.
There is a bit of information on input queue drops on Cisco, but this is focused on physical interfaces where I can understand some packets being dropped. I would think that Vlan interfaces would have different issues.I note the "no buffer" errors as well, that also concerns me, especially as that counter is quite close to the "flushes".
Vlan123 is up, line protocol is up Hardware is EtherSVI, address is 00d0.04fd.6000 (bia 00d0.04fd.6000) Description: Vlan123 Internet address is 10.123.123.7/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported ARP type: ARPA, ARP Timeout 04:00:00
[Code] .......
View 3 Replies
View Related
May 16, 2012
We have a need to access an VLAN at the main office( ie Core Switch 6500,switch 3750) from a remote site(Cisco3845 router, Switch3750) connecting by a SP through fibre link.
what is the easiest and quick way to do it and the user from the remote site just want to have access to that VLAN for a couple of days only.
View 6 Replies
View Related
Dec 6, 2012
can i have 4 links from an ESX server to 6500 , each link represents a trunk link carries each the same 2 VLAN , 100 and 101 , keep port-channel out of the picture , does it work well?
View 12 Replies
View Related
Jan 29, 2012
We have Nexus 7k running as my core with a 6500 manageing my server farm and IP services servers (call manager, IPTV ...)My edge switch are 4500s. We currently have RIP2 running between and the switchs and each 4500 is managing its own VLANs.The IPTV uses IGMP snooping and multicasting to broadcast the video feed. The problem that came up is that the we cannot configure a gatewar for the setup boxs for the IPTV system. They will only work on a single VLAN and they are spread all over the network.Can we configure only this VLAN to be propagated over our RIP network???
View 2 Replies
View Related
May 25, 2012
1 week ago, I got a call from a client that reported a network outage, the client told me that, 3 switch has crashed he try to console but it just hang. I ask him, did you change something? he said he didn't change anything, he just pluged a nortelswitch to the cisco switch number 9, but that switch doesn't crash like the others (3,4,8). I check the uptime, and yes the switch never been powered off..
the topology look like this
____ 6500 ____
/ / |
1 2 3 4 5 ...... 9
the vlan is end to end vlan, so vlan span between all those switches. transparant. this is collapsed topology, core and distribution is the 6500 itself all of the 1-9 access switch are in the same rack, with no loopguard, and bpdu guard configured. and connected to the core using etherchannel. the problem is there is no log available to start the troubleshooting/investigation.
View 3 Replies
View Related
Sep 8, 2012
I can see drops on one of our busy L3 vlan in the input queue and are going up very frequently.System image file is "sup-bootflash:s72033-psv-mz.122-18.SXD3.binHardware = 6509
View 1 Replies
View Related
Jun 19, 2012
I have ASA-SM failover pair in two Catalyst 6500 switches. I send from switch to ASA-SM management VLAN 1234 to admin context for management purposes. I have another 3 contexts on ASA-SM. Can I have same managemenet VLAN1234 on each ASA-SM context? Can it work?
View 1 Replies
View Related
Jan 20, 2012
I need adding a vlan to the trunks bundled in port channel. I know how to add v lans to a port channel with Cisco IOS but with CAT OS.
I have 2 ports bundled to form ether channel in switch which is running CAT OS. There are already few v lans allowed in the trunk of each interface. now I need to add one more v lan.
For Example:-
v lan 135 needs to be added in addition to the existing v lans.
clear trunk1/2 1-112,115,117-134,136-4094
set trunk 1/2 on dot1q 113-114,116,135
and similarly on the 2nd interface
so if I add vlan135 to the trunk one after another will it cause any service disruption?
View 3 Replies
View Related
Dec 9, 2012
We have a pair of 6500 switches, each having a trunk going to each access switch. We set the spanning tree priority on Core1 so it is the root bridge for all VLANs. We have two different types of access switches:
-3550 setup as VTP client and ISL
-2960 setup as VTP transparent and dot1q.
Pruning is disabled but we use "switchport trunk allowed vlan" to restrict which VLANs go through each trunk. When we need to permit a VLAN through a trunk, we simply run "switchport trunk allowed vlan add <VLANID>" on the access switch and both core switches. If it is a 2960 in VTP transparent mode, we must set the VLAN to active. Once this is done, a "show int trunk" will reflect the new VLAN in "Vlans in spanning tree forwarding state and not pruned" for Core1.
I recently went through this process to add VLAN 250 on a 3550 access switch, but the VLAN is not listed in STP forwarding state and not pruned. I tried removing the VLAN from the trunks and redoing it, but there is was no change. I tried adding VLAN 257, but the same behavior happened. I then tried trunking the same VLANs to a few other access switches. Three other 3550s experienced the same behavior, but I was able to trunk the VLAN to a few 2960 switches. At this point, I figured it might be related to some kind of limitation of VTP or the 3550 switches. I provisioned a new 3550 with the same IOS and settings (VTP client, ISL). To my surprise, all VLANs configured were in STP forwarding state and not pruned.
Running show spanning-tree on the core and access switch shows VLAN 250 as designated FWD. I confirmed we are not hitting the limits in "show spanning tree summary totals" on the Core or Access switches. I also confirmed we are not hitting the virtual port limit by running "show vlan virtual-port slot x."My next action might be to shut/no shut the uplink to Core1 from the access switch, but I'm not sure if that will fix it and even if it does, I have no clue what caused the issue.
View 11 Replies
View Related
Mar 5, 2013
I have a really weired thing happening on 6509 device with one of my customers.The device has a SUP 2 (MSFC2) with version 12.2.18SXF17B.
any VLAN interface once administratively down or simply down shows on "show interface status" output as VLAN.While it supposed to show "Routed". However once the port is up it is shows "routed" like it should.
View 5 Replies
View Related
May 9, 2013
I'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15)
STEP 1: Created extended ACL to allow bootpc/bootps through DNS
ip access-list extended EACL_DNS
permit udp any eq bootps any
permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15
permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting)
permit 10.100.50.0 0.0.0.255 (server VLANs)
permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10
match ip address EACL_DNS
action forward
vlan access-map VACL_15 20
match ip address SACL_15
action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
View 3 Replies
View Related
Jan 19, 2013
I want to add new vlan in existing firewall group in 6500. I am confused if it will add new vlan or overwrite.. I am using ASASM module with 6500.
View 3 Replies
View Related
Dec 29, 2011
how i can make my own hosting .. i own site and i need to make my own hosting?
View 7 Replies
View Related
Dec 14, 2011
I have leased line 2Mbps of TATA Teleservices, which i want divide 1 Mbps to server & 1 Mbps LAN.
View 2 Replies
View Related
Sep 22, 2012
I have been doing network and computer work for a small public library which will soon be needing to change internet providers. Our planned route will be to have a fiber connection directly from our local ISP, but we need to figure out the best network hardware to accommodate this network connection.We currently have two HP 1810-24G switches connected to a Sonicwall TZ100 firewall as the primary router. The firewall/router connects to the internet with Cat6 connected to a fiber optic media converter. The media converter is on lease from the current internet provider so it will be gone.Our new ISP has said that they can provide a fiber connection in our building to an SFP port termination, which is their recommendation. Ideally, this would be an SFP port in a router or firewall. However, there seems to be very few options for routers with SFP and they're all incredibly expensive compared to a network switch with SFP. While I imagine we could just terminate the fiber optic connection into a cheaper switch with SFP and connect to that with the firewall, our network is further complicated in that we have a CISCO LifeSize video conferencing system which ideally runs best without running directly through the firewall, which can cause some lag and glitches in the signal it seems. I don't believe it's possible to have the router WAN interface connect through to the ISP with a static IP and PPPoE sign on as well as another network devices using the PPPoE and a separate static IP address, am I correct?Have I just over-complicated this network issue, and everything should just be run behind the existing firewall, or should I be able to find a different firewall/router or switch that can connect with SFP to the ISP?
View 2 Replies
View Related
Jun 15, 2012
I currently have CenturyLink (Qwest) DSL (12Mbps/896Kbps) and Comcast Cable (12Mbps/2Mbps) going into a Cisco RV08. I redirected all DNS traffic to the DSL line as an experiment with no decrease in web browsing speed. e are rural and speeds fluctuate considerably during the day. It seems like it's more of a response issue than a bandwidth issue. I would like to order a 2Mbps dedicated line from Comcast to use for DNS and VOIP traffic only, the DNS resolution times should be faster on that connection. There would be several tenants in this building using it for that purpose. The secondary purpose of this line would be for backup internet connectivity
View 1 Replies
View Related
Oct 18, 2011
I installed a new SA540 and configured some NAT rules for my Exchange server. Everything worked fine untill I did a firmware upgrade.Now the NAT rules won't work on my dedicated WAN.On the Optional WAN (load balancing) the NAT rules work fine.
View 1 Replies
View Related
Mar 4, 2012
I have an ASA 5510 with a second internet connection on its way. I would like to have one internet connection dedicated to my Site-to-Site VPN traffic and the other left to handle public internet traffic. I know I can do this with a static route but I noticed today the "tunneled" option. How exactly does the tunneled option work and would it work better for my specific situation?
View 1 Replies
View Related
Apr 28, 2012
How do I open all the ports for ALL of the ips on my dedicated server. I opened all the ports for the main ip that I RDP (Terminal Connection) into, but I can't seem to open the ports for the other ips that I got from my dedicated server provider.
View 1 Replies
View Related
Jun 16, 2011
I have an old computer that is currently running XP at 2.1GHz Athlon AMD with 1.5 DDR RAM, would I be able to turn it into a dedicated server? More importantly, should I? all I have is a small home network running a couple desktops and a printer off one and connected by a wireless router to the internet, would it make a difference at all in processing speed or connectivity on any of them?
View 6 Replies
View Related
Apr 17, 2013
Recently moved into the hardware firewall space and have a ASA 5510. Having some issues trying to get traffic through the box to my 4 dedicated servers. all the servers have static IP's and are connected to a private switch into one of the ethernet ports on the firewall(0/2). Public internet connection into another(0/0). 1 of my servers has a connection to the management port, and the public switch, and this is the one im trying to do the configuration on.
Im unsure what to set the IP address of my "outside" interface as. need to have RDP,FTP, HTTP traffic going to each of the 4 servers independently, pretty sure i can get the rules in place to allow this, but cant seem to get any traffic to go through the firewall to any of the other 3 servers.
View 6 Replies
View Related
Jul 9, 2012
I have 2 6500 Core switches in VSS configuration. Redundant VSL links are configured between them in below fashion.
Te1/5/4 of switch1 is connected to Te2/5/4 of switch2 in Portchannel1 which is up. Te1/5/5 of switch1 is connected to Te2/5/5 of switch2 in Portchannel2 which is down.
My "show interface Te5/5","show int status","sh int te1/5/5 transciever" show SPF is detected but the port is down at both Layer1 and 2 I see light coming from Rx and Tx of SPF modules and cables.
View 1 Replies
View Related
Sep 5, 2011
I plan buy a virtual dedicated server, well as for anti-virus for it I am lost where to look for and what exist [what search]? any open source? url..is enough or needed additionally and other tools? Needed and software firewall to install?
View 5 Replies
View Related
