Cisco WAN :: 6509E - Extending VLan Through Layer 3 Connection?
Feb 12, 2013
in our environment we have a 6509E as a core switch which is connected to five 3750G installed in remote sites and are layer 3 routes. the routing protocol is ospf. i am just wondering if we could possbily create a vlan in the core switch and extended it to the remote site throug layer 3 connection. The reason we are thinking to do this we want to have a server redundancy if one of the server goes in the core site we can just turn on the server which is in the same vlan in the remote site so that we can limit the downtime .
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50 10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50 10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
Q: If i m going to do a Bonjour Gateway deployment, do i still need the vlan select feature on the wism's or is enabling multicast enough?
Details of the Q: I m working with WISM s and WISM2;s, 1130 and 3602 ap;s. Cores are 6509-E's.
i m going to implement a Bonjour gateway (which is an Aerohive ap, no wifi enabled, its just a Bonjour gateway) This ap is connected with a trunk port (to a 6509-E) and has the wifi client vlans on the trunk as allowed vlans. It also has an allowed vlan for AppleTV;s which will be wired devices. The Aerohive gateway gets an ip address in every wifi subnet, so far so good.
I was thinking that if i enable multicast : - globally on the wisms, with mcast-mcast distribution - on the SVI's for the wifi client vlans - on te SVI's of the vlans for cisco aps - on the SVI for AppleTV - SVI for wism management - SVI for the Bonjour gateway
then do i still need vlan select? Maybe a stupid question, but i m not sure how to interpret some things in this document.
I am currently working on a project which requires extending a VLAN over WAN. The equipment I currently possess are:
-2 CISCO 1720 Series Routers (1 Serial & 1 10/100 Ethernet per router) -2 Paradyne DSL Modems (1 Serial & 1 RJ-11 per modem)
The two sites are about about 1 KM apart.Trunking between the two sites is not possible since:
- Maximum available length of CAT 5, 5e and 6 are 100m. - Laying a Fiber Optic cable of any kind is not possible since the terrain is extremely rough and would not allow it. Also, there is no existing infrastructure to allow re-using of old Fiber Optic Cables. - Using a Microwave Transmitter & Receiver did not work. Atmosphere is too humid and too dusty to allow it. A minor success was achieved but only limited to small ICMP packet exchange. Data transfer failed immediately.
I am well aware which routing protocols are used to achieve trunking and inter-VLAN routing. Also, I am also aware that this question might not have an answer because a router would BY DEFAULT not forward any packet to the WAN whose destination address is currently connected to its LAN. It would either drop the packet or just won't pay any attention to it.
I have a design hurdle that I cannot seem to cross. I have two sites and I need the same VLAN to span both sites. I have accomplished this using L2TP but my issue is that I can no longer assign a gateway for this VLAN on the router. The 2 routers are 2821's and are connected with a dedicated fiber run.
Ant recommendation for how this could be accomplished? It would be great if I could have the same gateway at both sites by leveraging some sort of bridged interface (BVI so I've heard) but I am at a loss as to where I should start with this. Also, this is not the only VLAN that needs to traverse the link.
My first question is I have an access layer switch which is a single VLAN and I am trunking that VLAN to a distribution layer switch, I can ping the gateway on the distribution layer switch for THAT VLAN, But cannot ping the gateway address for the second VLAN I have on the distribution layer switch. I know it is simple, But I have forgotten and just need a push
Also I have a third VLAN set to route traffic not bound for those 2 VLANs out to a router is the statement "ip route 0.0.0.0 0.0.0.0 172.16.252.2" good enough and do I actually need to create a VLAN for that traffic? and if so, is an access switchport the best option?
I just inherited a network and feel like.I am missing something. We use ATT&T Opt-E-Man which limits the MAC address to 50 for the connection or you have to pay.Hence the routing VLAN is the only access across the two sites.I have a VoIP vendor who insists on using the same VLAN for all sites. Upon exam the VLAN is at the remote site but it does not work.
I got a different scenario from one of my client.My client have two different branch offices and have 50Mbps point to point connectivity between them. All users in both braches using same series of IP pool ( 192.168.224.0/24) in both branches.Both branches he had only Cisco 2960S series switches only. And in both branches he is using IP cameras. He will monitor the assets by accessing IP cameras through the browser.His requirement is, he wants to prioritize the Video traffic( monitoring through the browser) over the normal data traffic.Note: He had a single VLAN only.
I have a Cisco Aironet c where it is configured as an AP. I use a Pocket PC to access the AP, but after a period of use, the Pocket PC loses communication with the AP for a short period of time and the application that is utilized in the pocket closes. After a few seconds it automatically connects. Searching the logs of the AP found the following warning: "Packet to client 0017.2302.8a5e Reached max retries, removing the client", but this is not always alert appears.
I am migrating an a group of workstations that run a fire system from one software to another. The current workstations run the following info:123.123.123.xxx 255.255.255.0The new workstations run:100.100.100.xxx 255.255.255.0There is a central switch location using a GE-DSG-244 Layer 2+ Managed switch. There are two remote location using GE-DS-82 Managed Switches.The two networks must remain isolated, yet use the same fiber communications. The central switch connects to the two location using MM Fiber. From my research I believe I need to use the 802.1q standard to allow port trunking between the two switches.
I cant find the v LAN-membership command on my 3700 layer 3 switch, I've searched Google on whether the command has upgraded to a new syntax to no avail, I'm using GNS3 and the IOS is c3725-adventerprisek9-mz.124-25d.bin
I've turned up a new layer 2 WAN link between two data centres and i'm having some trouble trying to logically figure out how things should be configured.As you can see from the diagram i've created, I have the link connected on port 13 on one switch and port 14 on the other. Both ports have an IP address assigned to them and they can both ping each other..
The problem comes when I need to add routes in order to get traffic flowing over the link.I added an IP address to switch 2 on the link interface (port 14) as: 192.168.4.10
I then added an IP address to switch 1 on the link interface (port 13) as:
192.168.1.10 192.168.2.10
When I tried to add 192.168.3.10, it said "192.168.3.0 overlaps with VLAN2626". This would be correct as Vlan 2626 has an IP address of 192.168.3.15.
However, if I remove the IP address from vlan 2626 and add 192.168.3.10 to vlan 2 (the link port VLAN), I would surely lose remote access to the switch. (I'm telnetting into the switch from a machine on vlan 2626).
I started to tinker with this by manually adding a route to a server in each location and seeing if I could get traffic to flow:
On server 1: route add 192.168.4.0 MASK 255.255.255.0 192.168.1.10 METRIC 1 On server 2: route add 192.168.1.0 MASK 255.255.255.0 192.168.4.10 METRIC 1
If I try to tracert 192.168.1.20 from server 2, the first hop is the default gateway instead of 192.168.4.10.
The ultimate goal is to add the static routes to the Layer 3 router/firewall, but before I do that, I need to be sure of what to add to that router (It's a manged firewall from the data centre, so I don't have access to it and I need to raise firewall change requests to get the work done, so want to ensure it's right first time.
I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right? Doesn't this limitation significantly reduce the usefulness of the DVA feature?
I am in the process of installing a new wireless network in our offices and I was wondering if I can add an extension to the cable that connects my AIR-ANT-1728 to my AIR-CAP-3502e AP to get better coverage in our offices?
I understand the vlans on the catalyst side of the house on 2900 to 6500 Catalyst switches.
This 7010 running nx-os 5.1(3) I did not setup, but have to manage it. Hasn't really been a proble till now.
My nexus 7010 has a Layer 2 only vlan 11. It is "Active" but the interface is "shutdown". Yet, it is passing traffic across the directly connected ports on the nexus 7010 and to other switches in my network. Vlan 11 is being set out via VTP to all my switches and things are running fine.
I need to create another L2 only Vlan. I can't seem to find any docs that indicate that a Layer2 vlan Interface on nx-os should be in "shutdown" mode as part of the setup. I do see in the docs where it has to be set "Active" as part of the process.
Is this the correct way to seutp a L2 only vlan on nex-os? Leave the interface in "shutdown" but make it "Active"?
Mystery Vlan 4 and 6 The mystery deepens. I have other L2 vlans ,Vlan4&6 that are NOT defined as "Interface Vlan4" in the nexus config, yet it is applied to GigE ports on the nexus and these Vlans 4/6is also being sent out VTP to all switches. Even weirder is that these vlans have names associated with the numbers. These are valid Vlans that were configured on the old 6509 before the Nexus was installed.
I have checked all switches, NONE are running in Server mode for VTP, all are in CLIENT. The nexus 7010 is the only device running in VTP Server mode.
We have 20+ VLANs on our main network, we have an offsite connected by metro GIG fiber ethernet. Right now, we have a layer 2 connection to there with the core at the main site as the gateway. We have had problems occationaly with the metro ethernet's spanning tree which then we would see our own network and cause an outage, not only for the offsite, but since the VLAN would see itself (not on our equipment but the metro ethernet carrier's) it would effect the main network as well.
What I was going to do to resolve this was change the connection to a routed network, however I need to still send some VLANs over the routed network (there are some applications that require to be on the same subnet as the server). Is there a way to Map the Vlan 10, and 11 at the main site to a vlan 10, and 11 at the remote site using a routed network? I noticed there is something about bridging, would I bridge the VLAN accross the routed MAN connection? Then would I bridge back the other way as well?
now we have 2 switches: SF300-24..on one SF300-24 we config it at layer 3 mode with VLAN configuration same as following [code] And we use port 26 on 2 switches SF300-24 is trunk mode then we connect both SF300-24 switches.But on SF300-24 layer 2 cann't inderstand VLAN from Sf300-24 layer 3..How to config VLAN on 2 switches SF300-24 Layer 3 and SF300-24 layer 2?
I have some problem in my small network.I have 2 SF-300 48 port switches and connected to 847 router for intervlan routing. I configure 7 vlan in SW1 and uplink to SW2 with trunkport.
The problem is that if i used default gateway for users ip address of interface (vlan interface) is ok. I bring two adsl modem and connected to vlan1 and vlan2 for internet access. When i connected this two modem vlan 1 and vlan 2 are not going to access other vlan 3,4,5,6,7 and wise versa.
vlan1 users getting default gateway from adsl modem ip, how i can permit this two vlan should to access other vlan 3,4,5,6,7 and 3,4,5,6,7 should access to internet also.
I am on the LAN attached to fa0/0 on R1 and I need layer 2 connectivity to a device on fa0/0 on R2. I'm not sure if this is possible with 1841's or not? I made a GRE tunnel between the two and was going to add a BVI and bridge the tunnel at each end with fa0/0 at eah end, but the 1841's don't support BVIs so I'm a bit stumped here! Would L2TP work here?
R2 is a remote router running C1841-SPSERVICESK9-M. R1 is local running C1841-ADVENTERPRISEK9-M. I can't change the remote router so if the answer is not support in C1841-SPSERVICESK9-M I won't be able to do this.
The module just won't come up. Stays in off-line state. On two identical 5Ks, so its not hardware failure.Have the licenses and running code 5.0(3)N2(2).
I have at the core a CISCO 4503 and need to connect various 3COM 3300/4400/4900 access switches thru fiber. The problem is that the Cisco core 4503 switch fails to recognize only the 4900 3com switches ie the link status shows down. The fiber multitude link is tested and OK.The modules on both the switches ie 1000baseSX are also tested and ok.
The Cisco switch has a 6port gb ic with 1000baseSX moules and the 3COM 4900 has a 4-port 1000baseSX module.
I am taking an introduction class to CCNA and we are focusing on the Application Layer,and I'm having some difficulty in understanding what is an Application Layer Service. Is the Application Layer Service the same as Application Layer Software?
I have Switch 6509E wich is the core of the network, and we have 4 llink form 4 ISPs, all the link will work at the same time?how can I confiugure the BGP , as I know if I configure bgp it will work with one ISP as an active link,if that link goes down it will automatically begin to work with other ISP. My question is that how can configure the network so that,some vlans work with one ISP, some vlans with the others and so on.If configure it with route map I will have to track every time to change the confiration if the links goes down, but I do not want to track it, Can I do anything with BGP to implement this task?The core of the network is Switch 6509E, intervlan routing is implemented on it, no dynamic routing is enabled.The firewall module installed on it the implementing the NAT processes.
I am having two 6509E working in VSS and both are working fine. But the configuration register of command "remote command switch show boot" is 0x8000 which is different from that of RP (0x2102) .Now i want to change the value of configuration regsiter of SP to 0x2102.
I multi homed to dual ISPs using a single 6509e. Currently, I am only receiving a default from wash ISP and marking one with a higher local pref. most of my traffic flow is inbound, so this config meets my need. The issue I have: if either ISP has has an outage upstream from my directly connected peer, my router does not detect that and continues to send traffic out thru that provider only to be black holed. My 6509 will only support 256k routes, so full route tables isn't an option. I could receive partials from each ISP. Is there any other method to detecting this upstream ISP issue and then adjusting my local pref on my default to use the alternate provider path?
We want to provide an end to encryption service using an ACE02 in a CAT 6509E. This is covered in the ACE config guide so should be OK. The issue is that we want to include traffic inspection using an IDSM2 so we need to seperate the decrypt and encryption stages and send cleartext traffic to the IDMS2. The Security and Virtualization in the Data Center pdf page 18/19 suggests that it might be possible. The design depicted there though is only doing SSL termination, then sending the clear text onto a WAF, and onto IPS but it does say end-to-end encryption is also possible.So in essence what we want to do is have traffic from clients destined for the server farm decrypted by the ACE and sent to the IDS. We then want the traffic to return from the IDS to the ACE to be encrypted and sent onto the server farm.
I have a new 6509E with 2 sup 2T cards. The 10GE ports on both sup cards will connect to 2 5548s. Can i connect the management interface on the new 6509E to the old 6509 until i free up space to bring the line cards over?
I multi homed to dual ISPs using a single 6509e. Currently, I am only receiving a default from wash ISP and marking one with a higher local pref. most of my traffic flow is inbound, so this config meets my need. The issue I have: if either ISP has has an outage upstream from my directly connected peer, my router does not detect that and continues to send traffic out thru that provider only to be black holed. My 6509 will only support 256k routes, so full route tables isn't an option. I could receive partials from each ISP. Is there any other method to detecting this upstream ISP issue and then adjusting my local pref on my default to use the alternate provider path?
