Cisco WAN :: 837 Routing Not Working
May 20, 2012
I have a 837 that I'm getting setup for a charitable cause. I copied most of another operation setup but am having issues with the routing, I think.
THe ATM appears to be correct using the "ping atm interface 0 0 35 end-loopback" command.
I have pasted the run-config below:
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers(code)
View 3 Replies
ADVERTISEMENT
May 21, 2013
I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
View 1 Replies
View Related
Nov 23, 2011
I am using a cisco 3750 in my network as a gateway, and above it I use a squid machine for caching my internet. My network is like this:
Basically I have two VLANs on my network which are VLAN10 and VLAN100, VLAN10 is the cooperate network of my office. VLAN100 is the management VLAN which i use for the switches. I keep the squid as well the client in VLAN10.
squid (192.168.1.50)---->cisco 3750(192.168.1.123)---->Distribution Switch(cisco 2960)---->client PC (192.168.1.5)
I have done nating on squid and internet is working pretty fine when I use the client gateway as the squid, but when I use the cisco 3750 as my gateway after adding route maps for forwarding the internet traffic coming to the cisco 3750 to squid it disconnects me from internet as well I cannot even reach the switches from the corporate network. These are the only Lines I used for the routing:
!
route-map proxy-redirect permit 10
match ip address 110
[Code]......
View 6 Replies
View Related
Jan 3, 2012
My network is like this:
Cisco 3750 (Core Switch)-----> Cisco 2960 (Distribution Switch)-----> Client (PC, Laps, Printers…etc)
Basically I have 3 VLAN’s. Office VLAN (for cooperative usage) which is VLAN 999 which has a defined IP address of 192.168.1.123 and Guest VLAN (for the guests who visits our hotel, most of it are wifi AP’s) VLAN 20 which has an IP address of 10.172.4.1. All these SVI are defined on the core switch.
Is there any way I can introduce a new VLAN lets say VLAN 40 and use PBR to route the packets going to VLAN 40 in the IP range 192.168.1.x to VLAN 999 and 10.172.4.1 to VLAN 20? I have tried this already and it is not working. Here are the configurations I have used.
Access-list 110 permit ip 10.172.4.0 0.0.0.255 any
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
route-map INT_RVLAN permit 10
match ip address 120 110
set ip next-hop 192.168.1.123 10.172.4.1
interface VLAN 40
ip policy route-map INT_RVLAN
Where have I gone wrong?
View 8 Replies
View Related
May 2, 2012
I want to police the traffic coming from host 10.0.0.10 that is connected to another switch via port-channel interface the port-channel have interfaces G2/049 and G2/0/50 , i have applied below config to the SVI 112 but this is not working, as the host is still able to go beyond the policed rate also in the "sh policy-map interface vlan 112" command everything is showing 0(zero).
class-map match-all CM_FTP_PORT_49
match input-interface GigabitEthernet2/0/49
class-map match-all CM_FTP_PORT_50
[Code]......
View 4 Replies
View Related
Mar 10, 2013
We bought a 3560 PoE switch to replace tons of PoE-injectors but when connecting the devices our logs were flooded with
Mar 11 15:09:20.725: %ILPOWER-7-DETECT: Interface Fa0/7: Power Device detected: IEEE PD
Mar 11 15:09:20.725: %ILPOWER-5-INVALID_IEEE_CLASS: Interface Fa0/7: has detected invalid IEEE class: 7 device. Power denied
Mar 11 15:09:20.968: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down
Mar 11 15:09:20.985: %ILPOWER-7-DETECT: Interface Fa0/7: Power Device detected: IEEE PD
Mar 11 15:09:20.985: %ILPOWER-5-INVALID_IEEE_CLASS: Interface Fa0/7: has detected invalid IEEE class: 7 device. Power denied
While the message seems quite clear im wondering if there's any workaround on the problem?
View 13 Replies
View Related
Jul 16, 2012
We are setup like a hotel style workers camp. We have wings full of rooms and residents with 3750 stacks in them. Those switches connect back to our core 6500's. The network is mostly all Layer 3, interfaces are routed with IPs.
When it was built before my time they included an ACL for each wing so that residents couldn't access internal devices (IE SSH to 6500) but I've come to notice it's not working.
I see hits on the ACL for accepts but nothing is hitting the deny rule at the top.Here is the configuration below:
mls qos aggregate-policer INTERNET1 24000000 80000 80000 conform-action transmit exceed-action drop
mls qos aggregate-policer INTERNET2 24000000 80000 80000 conform-action transmit exceed-action drop
mls qos aggregate-policer INTERNET 24000000 80000 80000 conform-action transmit exceed-action drop
[Code] ....
View 5 Replies
View Related
Jun 7, 2013
My network card do not work i am sending you the output.
View 7 Replies
View Related
Mar 14, 2013
I have created a PBR in 3650 switch to route traffic from a specific IP address to a specific next hop or IP address(Router)
ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
SW1 uptime is 6 weeks, 2 days, 16 minutes
System returned to ROM by power-on
[Code]....
View 6 Replies
View Related
Jun 4, 2012
I have an switch 2960 and i have made an SSH connection . But the problem is that whenever i try to open with my teraterm or putty it ask for username and after that password but does take the password. It shows an error of password what should be the problem.
Commands that i entered to make SSH
config# username admin password pankaj
config# ip domain-name home.local
config# crypto key generate rsa
config# 1024
config# ip ssh version 2
View 6 Replies
View Related
Jun 4, 2012
I have an switch 2960 and i have made an SSH connection . But the problem is that whenever i try to open with my teraterm or putty it ask for username and after that password but does take the password. It shows an error of password what should be the problem.
View 1 Replies
View Related
May 1, 2013
I have a 3945 router with two interfaces connected to my firewall, one to the management interface and another to my dmz. I'm running eigrp between all my network devices. The problem I'm running into is when I try to ssh to the management interface of the 3945 the traffice hits the firewall, then goes right to the management interface as it should, but the return traffic is trying to use the dmz interface since that is how the router knows to get back to my computers network. I created 2 route-maps to try and address this issue. [code] I've applied the MANAGE_IN route-map to all interfaces that might have inbound traffic destined for the management network and applied the MANAGE_OUT route-map to the management interface. The MANAGE_IN policy appears to be functioning correctly, the MANAGE_OUT doesn't appear to be functioning correctly. When I look at traffic from my host going to the management interface I see it still trying to return through the dmz interface.
View 11 Replies
View Related
Oct 8, 2012
I am having a switch 3750G (WS-C3750G-24TS-S) running a software version (c3750-ipservicesk9-mz.122-55.SE6.bin) and using the PBR with IP SLA.While, i am applying it on interface, it says not supported....
route-map TO-CAS-E0 permit 10
match ip address 125
set ip next-hop verify-availability 10.116.199.200 10 track 100 (if i change this command to set ip next-hop 10.116.199.200, it works)
!
WAN-L3-3750SW01(config-route-map)#interface GigabitEthernet1/0/11
[code].....
View 2 Replies
View Related
Jul 22, 2012
6509 - Not working
1 6 Firewall Module
2 8 Intrusion Detection System
3 1 Application Control Engine Module
[Code].....
The Policy applied to the interface is just completely ignoring the configuration.
I am sure it is related to the 6500 architecture in some way. Same config is fine on the switch with the higher version on the sup card.
View 3 Replies
View Related
Apr 28, 2013
I'm using 3640 router running on c3640-js-mz.124-25d.bin IOS. I'm using NM-1A-OC3SML= (ATM OC3, long reach single mode) interface card. Now my pc is connected an fast ethernet interface of the router. Need to know the ATM configuration on this cisco 3640 router in order to achieve the ATM over ethernet traffic get success. As of now i've confugred as below but it's not working it seems.
interface ATM2/0
bandwidth 120000
ip address 10.2.2.1 255.255.255.0
no atm ilmi-keepalive
pvc 0/36
protocol ip 10.2.2.10 broadcast
cbr 70000
encapsulation aal5mux ip
let me know the correct encapsulation type for the connectivity.
View 2 Replies
View Related
Feb 12, 2012
I have a Cisco 1941 router configured using Cisco Configuration Professional... SSH management works from the LAN IP 10.0.1.254 and 10.0.2.254 Also, SSH management works from the LAN using the external domain name which resolves to the public IP address.
The problem i have is if I try SSH from the internet to the public IP.. nothing happens.
cisco1941#show config
Using 18498 out of 262136 bytes
!
! Last configuration change at 13:57:49 PCTime Tue Feb 14 2012 by admin
[Code].....
View 2 Replies
View Related
Feb 28, 2012
I have three Cisco SG300-28 switches. I setup a test lab environment with a core (server) switch in Layer 3 mode and the rest are (clients) in Layer 2 mode. As I understand, these switches doesn't support VTP, only GVRP. And GVRP works the same with VTP. Whenever you create VLANs on the core or main switch, other switches will learn from the core switch and no VLAN creation for the client switches will be made. (Hope I got it right. I guess GVRP is more complicated than VTP). I want to use GVRP to create VLANs on the main switch so that I won't be doing it all over on the other switches. The following is my (so far) configuration through CLI only:I haven't use the web GUI. My SW version is 1.1.2.0.
1. I already enabled the GVRP globally.
2. I configured GE 12 & GE 24 as TRUNK ports for the core switch that connects both switches, I also configured GE 12 ports for both the client switches. All other ports are in ACCESS mode. (I am connected to GE 2 port)
3. I enabled GVRP on the TRUNK ports only for all switches.
4. I allowed all vlans on the TRUNK ports. (#switchport trunk allowed vlan add all)
5. All TRUNK ports registration mode is NORMAL and dynamic vlan creation is enabled on all trunk and access ports.
6. I created 3 VLANs without configuring its IP Addresses:
-vlan 2 = MGT
-vlan 3 = IT
-vlan 4 = MKTG
I don't know if I missed something on the configuration or the connection.
1. Is it necessary to enable all switches to layer 3 mode? Or depends on the network setup? Does this affect the GVRP?
2. Does switching ports to TRUNK mode means they are already 802.1q ports by default? Because I can't configure TRUNK ports to 802.1q (#switchport encapsulation dot1q) config like other switches. [code]
View 1 Replies
View Related
Jan 5, 2013
I'm experiencing strange issue with my WS-C3750X-48T-S.
Model number: WS-C3750X-48T-S
System image file is "flash:/c3750e-universalk9-mz.122-55.SE3/c3750e-universalk9-mz.122-55.SE3.bin"
This switch is situated on a remote site and on the 6th of January it was rebooted.
I still do not know the cause, but it might be power outage or smth. We are still checking. After the reboot I've noticed that one port on this cisco switch is in 'notconnect' state, while I'm pretty sure it should be 'connected'.
I've tried to shutdown the port adminstratevly and do the 'no shutdown' but this port remained in 'disable' state.
#sh run interface Gi1/0/5
Building configuration...
!
interface GigabitEthernet1/0/5
[Code].....
View 2 Replies
View Related
Nov 29, 2012
SSH has been enabled on our one and only 4507 switch for several months and working fine. A few weeks ago the switch had to be reloaded and when it was back online I couldn't SSH to it. When I connected via the console and typed "show ip ssh" it came back saying I needed to generate the keys. Did that and it starting working again. The same switch had to turned off and on the other day due to a power down in the server room and when it came back the same thing happened again!!
The version of IOS is: cat4000-i5k91s-mz.122.20.EW
View 1 Replies
View Related
Mar 3, 2013
My Cisco 871w still stops working once a week.Today I found it frozen, after the weekend, and I have executed few commands from the HyperTerminal .The commands were given by cisco coleagues in previous post :show logshow ip int briefshow interfaces counters errorsshow interface FastEthernet1show interface FastEthernet1 statshow interface FastEthernet1 summaryshow interface FastEthernet1 switching
View 4 Replies
View Related
Mar 27, 2013
I have applied below script and i can see the script successfuly exceuted but i cant see the file which should store on the flash.Below is script, event snmp oid 1.3.6.1.4.1.9.2.1.56 get-type next entry-op ge entry-val 60 exit-time 10 poll-interval 1
action 1.1 syslog msg "CPU Utilization is high"
action 1.2 cli command "en"
action 1.3 cli command "show proc cpu sorted | append flash:abc.txt"
action 1.4 cli command "show proc cpu history | append flash:cpu2info.txt"
action 1.5 cli command "show ip inter bri | append flash:cpu3info.txt"
action 1.5 syslog msg "cpu commands verification"
When I do show flash i cnat see the files in the flash.
View 1 Replies
View Related
Sep 17, 2012
I am trying to create an ACL that walls off a VLAN and only allows it to the internet. This is on a 3750G, currently the 3750G I am attempting this on is in a stack. I have another 3750G that is a standalone.
The first way I attempted this was to create two access-lists: access-list 101 permit tcp 10.249.1.0 0.0.0.255 any eq 80 access-list 102 permit tcp any 10.249.1.0 0.0.0.255 established
Let's call the 10.249.1.0 VLAN 2. I applied this to the VLAN2 interface, 101 out, 102 in. It didn't work. If I place a deny statement with nothing else, that works.
The second attempt was this: access-list 101 deny ip 10.249.1.0 0.0.0.255 any access-list 101 permit ip any any
I applied this to a VLAN I wanted to block VLAN2's traffic from reaching, let's call that one VLAN 3.
This lets all traffic from any VLAN (including the one I'm trying to block). If I remove the "permit ip any any", then all VLANs are denied. Which I understand is correct due to the implied deny all. What I don't understand is why it isn't applying the ACL to the specific VLAN.
View 3 Replies
View Related
Aug 19, 2012
I have a cisco 6509 switch in which i have 2 SUPs. I am using 3 Qty. of WS-X6748-GE-TX in the same switch. First 24 ports of module 1 and are not working. I replace the faulty moldule with the working one but now the new (good) module's first 12 ports stopped working. But when I insert the good card (the replaced one with the faulty) in other chassis it works fine.
View 2 Replies
View Related
Aug 15, 2012
We are using mac authentication, it is working fine on all of the other 3560's except this new one.
Mac address shows up completely different (very long hex, doesnt even look like a mac address) on ACS compared to what its showing on the switch in the mac address table.
Im stumped, config matches every other 3560 in the building, has something changed in the v2 software compared to the older 3560's ?
View 5 Replies
View Related
Sep 27, 2012
We have a metro Ethernet service, basically our WAN connection, that we use to connect 4 sites. This MOE service has a CIR of 200 Mbps, connected to a port on a 3550-12T running Version 12.1(22)EA5 at 1000 Mbps. We are exceeding our CIR at times during the day for short bursts which is causing the MOE switch to drop packets, which I suspect I am seeing manifest itself in some choppy VoIP conversations and dropped ICMP packets from our network monitoring software. I implemented policy maps to apply an outbound service policy to the interface connected to the MOE service, but I am not seeing any matches to the access lists or the service policy. I’m not sure if I am missing something or perhaps the IOS is not capable?
Below is the config for the service policy and some command output. Notice that there are hits on a statndard access list that is used for other purposes, but the extended access lists used for the class maps have no matches.
!
class-map match-all REALTIME
match access-group name REALTIME
[Code].....
View 4 Replies
View Related
Jul 10, 2012
This has been happening repeatedly time to time! we just replace the part! But now it has come to trouble us again.It happening only in one module like 6 to 10 ports wont work.
we run IOS cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin will there be any bug in it?
View 10 Replies
View Related
May 1, 2012
Nothing happens when we plug a USB Flash Drive into an SUP7L-E USB port.
View 4 Replies
View Related
Aug 28, 2011
I setup switch in layer 3 mode. I have a access port in vlan 10 and a access port in vlan 20. I am able to ping form vlan 10 client to vlan20 default gateway (192.168.20.1) I am able to ping form vlan 20 client to vlan10 default gateway (192.168.10.1) However, I am unable to ping from vlan 10 to vlan 20 client. If both the ports are in same vlan, then clients are able to ping each other. Proxy Arp in enabled.
vlan 10 client ip info
192.168.10.10
255.255.254.
[Code].....
View 12 Replies
View Related
Oct 10, 2012
How to get GLC-T sfp modules to be recognized by a Nexus 2232PP? [URL] GLC-T are supported, however I am getting:
"Ethernet102/1/1 is down (SFP validation failed)"
from a sh int eth102/1/1 for two different Cisco GLC-T sfp modules (30-1410-02 and 30-1410-03) and a third party GLC-T-JTS. I have verified that all three modules work when plugged into the NExus 5596UP that I have.I am running NXos 5.1(3)N1(1a)
View 1 Replies
View Related
Nov 10, 2011
I have configured the above switch with 2 vlans, with vlan interfaces and a default route that points to an internet router.
The switch is running in Layer 3 mode
================ ================
= = Vlan5 = =
= SGE2010 = ++++++++++++++ = Draytek = ------------------ INTERNET
= = = =
================ ================
192.168.0.254
Vlan 5 Data
Vlan 10 Voice
Int Vlan 5 192.168.0.253/24
Int vlan 10 192.168.10.253/24
0.0.0.0 0.0.0.0 192.168.0.254
The inter vlan routing works fine with the .253 addresses as the default gateway to the PC's but I cannot browse the internet.
When I change my gateway to the router .254 address, I get out on the internet fine.
View 5 Replies
View Related
Jan 11, 2013
Configuration of inter-vlan routing on ASA 5512 ver 8.6? I have everything configured (un-nat, access-list, etc.) but still not working. When i do a packet capture, it says the traffic is denied by the implicit acl. Here is my config:
interface GigabitEthernet0/0.100
vlan 100
nameif data
security-level 100
[Code]...
View 7 Replies
View Related
May 2, 2012
I'm on a Cisco 2955 switch and need to get ssh working which I have done on another 2955 (but don't have near me), what am I doing wrong?
2955-02-PJ-CamdT.LU#sh run Building configuration...
Current configuration : 4061 bytes!version 12.1no service padservice timestamps debug datetime msec [code]....
View 4 Replies
View Related
Feb 1, 2012
CEF concept working in cisco 3750 , 4500, and 6500 switch.If we implement in router how it s working...
View 1 Replies
View Related