Cisco WAN :: 7010 Adding Or Removing Vlan On Existing VPC
Feb 16, 2010
we have 2xNexus model 7010 (let's call them Nexus1 and Nexus2) connected via VPC to a couple of catalyst 6509 switch.Trunking has been enabled on the port-channel defined on both Nexus allowing some vlans.Below the config applied on both port-channel interfaces on both Nexus which are members of the same VPC number: [code]
supposing I'd need to remove some vlans from that trunk (e.g. vlan 100,200 and 300) using command "switchport trunk allowed vlan remove 100,200,300" and that I'll run that command on Nexus at a time (that means there'll be a condition for a short period of time where Nexus1 has removed vlan 100,200 and 300 from the trunk, while Nexus2 is still carrying those 3 vlans on its port-channel which is a VPC member) , could it cause any VPC inconsistency condition suspending VPC interfaces and therefore affecting the service for all remaining Vlans or only Vlan 100, 200 and 300 will be suspended when that condition will be detected?
adding/removing/re-adding a workstation to a domain and Active Directory. We use DHCP at work for our addressing scheme. The problem I had when naming a new workstation the same as the one I am replacing on the domain was that I noticed the new pc with that same computer name as the previous pc was still trying to use the IP address that was assigned to the workstation before by dhcp, so the new workstation was not showing it assigned an IP address. I would try pinging the computer name but there was no reply because it was still showing the ip address of the computer disconnected that had the same name.
- remove the faulty workstation from the domain to workgroup, then restart
- then from Active Directory do I need to reset the Computer name
- then do a ipconfig /release on faulty workstation that has been removed from the domain to release the leased ip address in dhcp
- then disconnect the faulty PC and connect the PC I am using to replace the previous PC
- Name this workstation the same as the one I just disconnected and removed from the domain
I have a frustrating issue with a dynamic VPN head end running IOS 15.2 on 2900's. I have existing keyrings, and isakmp profiles (both main and agressive) running. When I add in a new peer, by adding in a keyring prechared statement and a match identity in the isakmp profile, phase 1 biulds but phase 2 only gets right to the end and the Cisco side resets the connection because it did not get back a response to it's Phase 2 proposal.I have tried a number of soft clear commands to remedy this (I do have 16 other production tunnels I do not want to take down) and no avail. This is very consistent. We had this happen last week in the same manner, and the TAC finally said I must reboot the system. So I removed the cmap from the interface, and reapplied it (using notepad to do it all at once). All the tunnels dropped, and after a few manual restarts on the far end for thos etunnels that are tempermental, all tunnels came back up, including my new add.I have a pair of 3900's running 15.1 code in the US that terminate the same tunnels, and I can add and remove PEERS all day long without resetting anything. Could there be a more polite way of resetting what ever it is that removing the CMAP does to allow my new peer to get the full treatment here?
I am a bit confused by the output of 'show run' and 'show run switch-profile' that pertains to a port-channel interface configured in a switch-profile. My main gaol is to find out how can I add/remove the allowed vlans the port-channel (configured as trunk) carries. The setup is like this. I have 2 N5k in vPC domain and Etherner1/11 on both switches is configured as trunk vPC that connects to a core switch. When I issue ‘show run’ for the port-channel and physical interface I get the following output. [code] From above it seems the switch-profile configuration is missing the 'switchport trunk allowed vlan' in the port-channel interface. If want I to remove vlan 30 from the allowed vlan, should I go under the switch-profile mode and remove vlan 30 from the allowed list even though the switch-profile configuration seems to be missing this.
I have a Cisco SG300 switch on which trunks are configured. I have a server which sits on the switch via a trunk link of four network cables (4 Gbps total)on which LACP is enabled. I'm having trouble connecting to the server using VNC from a computer on the network. It doesn't happen all the time though, it's just random.
On looking at the logs of the switch, I saw something unusual. The trunk that connects the switch to the server is constantly removing all the member ports and adding them back again after a few minutes interval. That causes the trunk link to flip on and off all the time. What could be the reason that's causing it to happen? I know it could be the network cable but I'm using brand new cables and the server also is brand new.
I currently have a wired network which starts with a cable router downstairs which is a virgin media netgear box with firewall and DHCP turned on. I have a NAS server and a smart tv which run off ethernet connections to this router.then have a cable run upstairs to a TPlink gigabit switch which is connected to a PC and a printer (in my study). All this works just fine, no configuration needed.I have a TPlink wireless router, a TL-WR743ND. I want to use this to connect to the switch upstairs (not downstairs - my stone walls limit any wireless access point) to provide wireless network coverage for my house.So I figured I should configure it with a dynamic IP address (ie it gets it from the netgear DHCP), turn off the TPLink's DHCP and firewall, and then any wireless devices attached to the TPLink by wireless should have access to printer and NAS
We currently have out T1 attached to a 5505. We have IPsec site to site tunnels that also terminate on the outside interface of the 5505.
We are getting rid of the T1 and bringing in a manged MPLS circuit which will run off of a 1841 ISR. I would like the 5505 to pretty much work as is with little change. Whats the easiest way to accomplish this? Of course the MPLS will come with new external IP.
Current Design ---> T1<------>[asa5505]<------->[LAN] New design---------> Mpls<------->[1841]<------>[asa 5505]<------->[LAN]
Questions:
1. Whats the easiest way to drop in the 1841 without having to change all my ASA acl's.
2. How would I terminate my ipsec site to site tunnels on asa outside interface. Now that the WAN interface is on 1841 and not ASA how would I terminate the other side of tunnel? Can I leave my tunnel end points on ASA or do they now have to terminate on 1841?
3. How would I configue outside interface on ASA to communicate out 1841 MPLS?
I have a working 3800 router which runs on bgp pretty well. Existing setup has 2 serial ports for the bgp and 1 gigabit port for the LAN.Now, i want to add another 3800 as a standby router making it clustered - ACTIVE/STANDBY via hsrp protocol.
1.) What are the implications in adding another 3800. Do i need to reconfigure the ip addresses on my serial? or just the LAN
2.) Are there any additional requirements like firmware versions etc?
We have an ASA5520 version 8.3(1) We have an existing VPN tunnel between us and our partner site. We need to add a new vlan to our existing VPN tunnel.
Where do we need to add the new vlan to in ASDM interface? Looking through using ASDM, I found 3 places.
I need your input on how to appropriately introduce an N5K with Jumbo enanbled to a prexisting Core Network (Stack of Cisco 3750G Switches) without making any major alteration on the Core configs (everything is happy). The idea is to move two High I/O servers to the N5K during a transitional phase. I already have a fair understanding of what Jumbo-Frames are and what it does. Keep Jumbo-Frames within the N5K ONLY.
Conditions:
- Traffic is Data traffic, not storage/iSCSI - The servers host our ERP applications and MySQL that is accessed heavily by users - N5K to C3750G connectivity is a Port-Channel consisting of 4x1GB ports - The servers are to remain on VLAN 2 (Data VLAN) - The Core Switch is L3 and the boundaries reside here
We have a Cisco 3845 router for Site 2 Site VPN tunnels to external business partners. The IOS is (C3845-ADVIPSERVICESK9-M), Version 12.4(15)T8.One of our partners is doing a DR test and needs to have us swing the VPN traffic to another peer in a test location temporarily. I plan on adding the test hosts to our existing encryption ACL, but instead of building another crypto map, I was wondering if I can add a secondary peer to the existing one?
My ISP comes in via phone line to modem then to wireless router.I want to run 200' direct burial line to WAP so that I can access wireless internet at the far point. I have modem and wireless router. what do I need to do the create the distant wireless access?
My wife has a home office with her office computer connected to our modem via a cisco router. Our home computer is connected via this router as well. I want to add a wireless router (netgear) so I can use my laptop anywhere in the house.
I have a Airnet 1600 Series that I want to add as another repeater to our 1200 series 802.11g network. We already have 2 AP's running fine as Repeater and BR, I just need to a this 1600 AP to the existing wirelss. Everytime I try to change the 1600ap as a repeater, I get the below error.
cannot set role in radio network to when another radio is set to one of the above roles
I need to add two additional 2960S switches to my stack. I saw a diagram that showed how a 4 switch stack can be connected, but I couldn't find much detail on adding a switch to an existing stack (besides master election). The output below shows how the existing stack is connected and its state
SW#sh switch detail Switch/Stack Mac Address : 0011.2222.3333 H/W Current
[Code].....
I will need to break one of the stack rings between SW1 and SW2 in order to connect the new switches. Does it really matter which ring I break to connect the additional switches? Does one ring act as primary? If so, I'd rather not break that ring so this process is transparent as possible. Also, is there any benefit to disabling the stack port vs just disconnecting the cable?
Moblie WLAN range 192.168.1.0/24.Default Gateway: 192.168.1.1 - Firewall..Next available range to add more addresses are 192.168.11.0/24..Current range is having IP address issues..I have seen a feature in 4402 controller that I can assigne second address range to exisgint SSID Mobile.What should I set the default gateway for 192.168.11.0/24 range?How can I point all mobile users traffic to the firewall as default gateway without creating additional interface on the firewall?I really do not want to create another vlan and interface in the network to just add another 255 addresses if tehre is any option?
I have a 3750 stack as our core switch. On the core switch I have 2 VLANs. One VLAN is for WAN and one is for LAN. The WAN VLAN has our internet router, and the outside interfaces of two ASA's set up as failover. The LAN VLAN has everything else, including our MPLS router for the remote offices. Execs are cheap and want to increase internet bandwidth by purchasing a local home internet service like COX or Time Warner cable to add to our Business internet service with TelePacific which is a bonded T1 at 3 meg. Execs dont seem to care about SLA's and simply will not spend big dollars to increase the pipe. I was looking at those Mushroom Networks appliances but its too expensive for us also. Any way to add additional low cost bandwidth with out current setup? Maybe prefer to keep important internet traffic to the SLA circuit, and then put low priority traffic to the cheap non SLA cable modem if possible.
Here's the deal. My internet provider provided me with a shitty router with a lot of settings locked. I can't change DHCP settings or add custom static IP addresses. This sucks. The wireless function on it sucks also.I added an extra router to the network so I have good Wifi in my living room. I turned off the NAT, firewall and DHCP on that one, so it's a simple switch with a wireless access point now.Now here's the deal. The DHCP server of the provider's router hands out IP's from 192.168.2.1 to 192.168.2.253 (192.168.2.254 is the router's own IP address).I gave the added switch/access point the IP address 192.168.1.1 in its own settings. The original router doesn't 'see' the switch now anymore because it's out of the DHCP's range. When I gave it an IP address within the DHCP's IP range, I got all kinds of conflicts (as expected).
I guess this is a solution since it works, but I'm open to other suggestions since it doesn't seem to be the best way of doing things. Besides, I can't access the access point's web interface anymore since it doesn't have an IP address within the network now. It isn't important because I don't need to change any settings anymore, but still.I'm going to add a second wireless router to replace the built-in wireless function of the provider's router. For some reason it sees its own wireless network as a separate network or something. When I roam from the new access point wifi to the provider router's wifi, everything gets confused because it tries to give the laptop a new IP address.
ive got 2 laptops on my wireless network and have just bought a pc. it dosnt seem to be finding my connection so i cannot get it onto my wireless network?
I have an existing wireless working network with WIN 7 - 2 laptops, two desktop PC's. Can I add a security code/password without setting up a new network?
in our network we were using three 3750-48-s switches with stacking one of the switch due to some hardware failure power problem,
now i want to add a new switch 3750-48-s in the existing Stack two switches , the old two switches ios version is = 12.2(25r)SEC the new Catalyst 3750 io verion is = 12.2(35)SE5
how to add this switch in the existing two stack switches , with documentation
I have looked on notes to add a switch to an existing stack and haven’t identified answers on how the IOS will be affected on the new switch – will it downgrade to the current stack version or will the current stack upgrade to its version. At this moment in time I would prefer if the new switch IOS downgraded to the current stack IOS version.The new switch is a 3750V2 – will this affect how it joins the stack?The new switch has the image of IPBASEK9-M – again will this affect how it joins the stack?
I have to add a 2960s PoE switch to an existing stack of two 2960s PoE switches. If The new switch has no configuration on it and the existing stack is broken by pulling te stack cables and then new cables are added and everything re-cabled correctly will the new switch assume the configuration from the stack without any issues?
I am having an issue with adding a c3750x switch to an existing switch stack Currently there is 2 x WS-C3750X-48P and I am trying to add another WS-C3750X-48P to this switch I have cabled the switch to the stack using the stack cables and added the command to provision the switch on the exisitng stack. However when I turn the switch on it just goes on its own stack.
I noticed the new switch had a later version of IOS so have downgraded this to the same version as the other switches but still no joy Here is the sh ver from the exisitng stack
uptime is 4 weeks, 4 days, 23 hours, 30 minutes System image file is "flash:/c3750e-universalk9-mz.122-53.SE2/c3750e-universalk9-mz.122-53.SE2.bin" License Level: ipbaseLicense Type: PermanentNext reload license Level: ipbase cisco WS-C3750X-48P (PowerPC405) processor (revision A0) with 262144K bytes of memory.Processor board ID FDO1448Z0FJLast reset from power-on21 Virtual Ethernet interfaces1 FastEthernet interface156 Gigabit Ethernet interfaces6 Ten Gigabit Ethernet interfacesThe password-recovery mechanism is enabled.
I am attempting to add and Catalyst 3750 - 12 port Gigabit switch to an existing stack of 3750 48 port switches (non-X fabric). I am not sure how to proceed. These are the two questions/thoughts I have. Any additional perspective I should have before proceeding.
What kind of configuration should I apply to the Gig switch before adding it to the stack?I am sure I will need to assign priority to the new switch, ideally, it will act as master.
Add wireless conection that can't see network. I have an existing working hard wired network. I want to add a wireless connection that has access to the internet, but not to the other devices on the original network.
Added a wireless router to our office here so that people with laptops could get on the net without having to physically plug in. Right now it is ok, but the router is acting as it's own DHCP server instead of our server here assigning out the IP's.
The main gripe I have is I can only login to the router through my phone and not through my computer. How can I achieve this. We have multiple offices that all connect through a VPN. I would like our sys admin to access the router at his location as well.
Do I just turn off DHCP on the router and thats it? The model is Netgear WNDR4500.
I need to tear down an existing port-channel on a 3750X running c3750e-universalk9-mz.150-1.SE3.bin. This port channel is currently down down. It has three ports in it that will be added one each to three existing port-channels, I am assuming as long as the "channel-group" command is exactly the same as it is on the three existing port-channels I should be ok just adding the new port. One point to note is that the three existing port-channels all have three ports so this will be adding the fourth port to each port-channel. I know after reading that it is a best practice for load balancing to use either 2, 4, or 8 ports for a port-channel. Also what is the command to see all ports that are in a port channel?
current topology is build from 4 6500 switches connected in a ring topology. Using Port channel (2x 10Gbit) links to connect left side top and bottom 6500's (DC1), 10 G bit link to connect right side 6500's (DC2) In between a 1 G bit link is used to connect top 6500's (DC1-DC2) and the same for bottom 6500's (DC1-DC2).
Path costs are 5 and 6 so the T5/4 from bottom right is blocking. Bandwidth demands are increasing, so thinking about adding extra 1 G bit links to the existing ones and create ether channels. Path costs here are 4 and 5, so T5/4 from bottom right is still blocking, but when the bottom 2 G bit port-channel is loosing one 1 G bit link the path costs of both directions become equal. So I am worried that STP will not re converge and leave me with a congested 1 G bit link. I cannot test this setup in a lab, are there any options for STP to re-converge here?
I have an existing wireless network using a Cisco/Linksys WRT400N wireless router (which in turn is connected to a cable internet provider). I need to extend my wireless coverage and so purchased a Cisco/Linksys E1000 to act as an additional access point. Purchased from BB, the local 'geek squad' rep instructed me to follow the users guide for the set up. After login into the admin service on my E1000, I followed the 'Advanced Routing' instructions and disabled the 'NAT' option and subsequently enabled the 'Dynamic Routing (RIP)' option. Everything worked like a charm to this point, but now I'm stuck. What steps do I need to follow to allow clients to log onto my wirelss network via the E1000 (secondary access point)? I've established WEP security keys on the WRT400N (primary access point) and want to use the same network security parameters on the E1000.
