Cisco WAN :: C3750G - VRF Lite Functionality
Jan 22, 2012
Using the VRF- Lite functionality on Cisco 3750G's (WS-C3750G-24T-S), I've got a situation currently with a set of 3750's running inter- v LAN routing for around 80/90 connected sub nets (140+ gig ports). I'm looking in the coming week at creating a new VRF and enabling OSPF for that VRF while leaving the existing routing arrangements in the Default IP Routing Table.
I'm in a situation where I can't replicate the live config into a lab to test the impact / implications of enabling / creating VRF's. I know the 3750's have a very small support for VRF's (24 if I recall) but I only plan on using 2 or 3 max currently.
View 6 Replies
ADVERTISEMENT
Feb 19, 2012
Is there any hardware difference between Cisco WS-C3750G-24T-E and WS-C3750G-24T-S or they are the same switch with different running IOS?I have an stack of some WS-C3750G-12S-S and want to introduce a new WS-C3750G-24T. My provider offers me only a WS-C3750G-24T-E and I do not know if i am going to be able to downgrade the IOS.
View 10 Replies
View Related
Mar 31, 2013
Can Cisco 3945E support VRF-Lite ?
View 4 Replies
View Related
Feb 14, 2011
Imagine organization has about 300 partners. Currently data center has 100 Cisco 1800 routers to accept P2P connections for each partner.
Now organization proposal is:
- Use MPLS and use an extranet network. Advertise a certain unique route to each partner..
- Grant unique VPN ID for each partner and VRF Lite at the data center. Then bring each partner with separate tagged VLAN to the data center via MPLS.
Can VRF Lite scale to more than 300+ partners OK?
View 1 Replies
View Related
Apr 2, 2012
How do I tell if my cisco 2960 has the Lan Base or Lan Lite image?
View 11 Replies
View Related
Apr 6, 2012
We want to deploy a NMS (Network Monitoring System), in this case SolarWinds, to monitor devices we have deployed at the customer site. We will make an IP VPN connection (ASA5510 with Cisco 800's) to the customer site. We have one primary NMS installation running in our datacenter. This NMS has to have a connection to all customer sites. We run into a problem when two customers use the same subnet. We want to use VRF-Lite to solve this problem but I am stuck in my design.
I have attached "VRF.jpg" to show the (basic) design I have made. The connection from customer to the router in the datacenter is not a problem. We can put the fa0.1 and vpn interface in the same VRF group. Via one physical cable we will go from router to NMS in which the NMS has multiple virtual interfaces. The datacenter router will route between the 192.168.x.x (NMS) and 10.1.1.x (Customer).What I can't seem to comprehend is how the NMS can decide how to get to Customer 1 or Customer 2. The customer can reach the NMS one-way but the NMS has no way to reply back because if it replies to 10.1.1.1 it can either use interface fa0.1 or interface fa0.2.
View 3 Replies
View Related
Nov 17, 2011
I'm having a rather bizarre and highly annoying problem with static NAT on an ME6524. I've created a virtual router (VRF CORPNET) which has one physical L3 interface, one SVI and one Loop back.This Virtual router has the sole purpose of Na Ting our internet-addressable IP addresses to another set of addresses on our Corporate WAN.
There are two NAT rules - a single 1-1 Static NAT, and an overload NAT for everything else, which uses the Loop back address. The 1-1 Static NAT is used to NAT our VPN ASA, which is used to establish a Site-Site VPN to one of our counterparts on the Corporate WAN. This works fine most of the time, however once or twice a day, the NAT just stops working, our Site-site VPN drops, and traffic is being seen on our counterpart's firewall with source address UN-NATed (They see 200.200.200.1, when they should see 30.30.30.65). When we go onto the 6524 and do a show ip Nat translations we get the following (200.200.200.1 is our VPN ASA - 200.200.200.10 is just user traffic):
ZR-BDG1-6524#sh ip Nat translations
Pro Inside global Inside local Outside local Outside global
udp 30.30.30.65:500 200.200.200.1:500 30.30.40.4:500 30.30.40.4:500
udp 30.30.30.65:500 200.200.200.1:500 30.30.40.4:500 30.30.40.4:500
[code].....
As you can see, for some reason we have multiple identical PAT entries for port 500. While this is the case, traffic from our VPN ASA is crossing the box without being Na Ted. If I issue a clear ip Nat trans * then the situation is immediately resolved, and the VPN reconnects without issue.
View 1 Replies
View Related
May 4, 2012
I am trying to “build up” a small home-network and using some of following Cisco equipment’s
ASA 5505 v8.4.3 witch base licenseCisco Catalyst 3750G with ipservices version 15.0.xand 1 qty of AP1142N I am not able to get internet access from any VRF’s.
From "MILAN (LAN) VRF, I am able to ping my gw: 10.45.45.1 but I am not able to ping for example: “linknett VRF”.
It seems that i am missing some NAT rules on ASA or ?
If i connect my laptop directly to the ASA, i am able to get internet access!
I am not feeling comfortable with a new ASA 8.4 code yet, so im not so sure which exact code's i am missing on ASA ...
attached digram including configuration files from ASA and 3750 sw.
View 17 Replies
View Related
Nov 2, 2011
choosing Ios for a funcionality.
We need to upgrade Ios in a 6509, the reason for we need to upgrade IOs is that we need implement the command xconnect in a interface. The current version of Ios not suport this comand.
How do we select the new IOS that suport this command?, ..we see a long list of IOS in the software download section of 6509, but not sure which one to choose..
View 2 Replies
View Related
Oct 19, 2010
With lms 3.2 during installation we can choose what to install i.e. not install DFM or IPM.
How can we do this in the new release 4.0 of the LMS bundle. I saw no options for it during installation of the new server.
View 3 Replies
View Related
Jul 1, 2012
Thinking of getting one of those 8-port 2960 for a CCNP study. Is the difference between the C2960-8TC-S and the C2960-8TC-L models in Hardware, or in IOS? or both? And if it's in IOS, is the S upgradable to L?
View 7 Replies
View Related
Apr 11, 2013
I am trying to test (if possible) the idea of having 2 6509-E switches connected directly to each other while using VRF-lite (Sup 2T). The idea is to have 3-4 separate networks. For example Net-A, Net-B,Net-C, Net-D. There is no PE router*, just these two switches. Also, there sin't any other access layer switches. All users connect directly to the 6509-E's via switch 48 port switch blades.
Net-A and Net-B on separate VRF's, but able to talk to each other. Net-C and Net-D* on separate VRF's without being able to talk to any other. Net-D* will have a PE since it comes from an external network. This is something I would like to test in a lab environment, but I am not familiar with VRF's.
View 1 Replies
View Related
Jun 6, 2013
we have inserted into a network with VTP a Cisco Switch 2960-S, not knowing that had installed IOS LAN lite.Now I discovered that it can handle up to 64 vlan. In the network there are currently configured 62 VLAN: what happens when we exceeded the max number (64) of VLAN for that switch?
View 6 Replies
View Related
Sep 1, 2007
I have a 1841 with 12.4(16) IOS.In my configuration I have to interfaces for internet access, without vrf:
interface ATM0/0/0
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
[code]....
This two interfaces are in the global route table because there is no vrf indication. These are for internet access (a simple adsl connection) Then, I have this interface in VRF named "lan123"
interface FastEthernet0/1.23
encapsulation dot1Q 123
ip vrf forwarding lan123
ip address 192.168.143.254 255.255.255.0
ip nat enable
Now the issue.If I write:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0
this works and, with nat, internet works. The question is why this works without the "global" keyword? I'm going from the vrf named "lan123" routing table to global table without the using of "global" keyword.
If I try to use:
ip route vrf lan123 0.0.0.0 0.0.0.0 Dialer0 global
there is an error indication.
View 3 Replies
View Related
Jul 21, 2011
i need to free up my 2811 router memory.so if i remove this package, it will cause impact or i will miss any functionality ?
View 2 Replies
View Related
Sep 30, 2012
I am currently looking at the suitability of replacing an 'airbreak' firewall with 2 new ASA 5505'S.One stipulation i have is that i require to connect the third party that is currently using the 'airbreak' solution using a secure iPsec VPN.I have both 5505's that were supplied by the third party, but i believe i may need a new fireware upgradeI am using ASDM 6.4.XX and the ASA's have firmware 8.4(2) and a basic licence.Am i correct in assuming that the VPN wizard functionality is missing because of th firmware installed currently on both of the ASA's? or am i looking in the wrong place?
I have done a fair amount of research an can see earlier versions of ASDM wit the VPN wizzard so can only assume it is down to the firmware.i see that the latest version for the ASA 5505's is 8.4.4 and was wondering if this will provide me with the functionality i require as it does mention in the documentation that it does support the clientless VPN options. What part number ASA5505-BUN-K9 relates too in relation to firmware for the ASA's? [code]
View 5 Replies
View Related
Jan 31, 2012
Well I have been back and forth on this a while now...I have a 6513E chassis that is getting prepped for prod. I am currently testing sso functionality and I can only get it to work using the following images on both Sup Cards.
s72033-adventerprise_wan-mz.122-33.SXI5.bin
If I try any other image, smaller or bigger in size...it forces my Sup card in mod 8 to recycle " proxy request from peer ". I have tried K9 images and non K9 images. Here is an output from sh redundancy.
Redundant System Information : Available system up time = 4 minutes Switch overs system experienced = 0 Standby failures = 0 Last switchover reason = none [code]...
View 2 Replies
View Related
May 31, 2010
the " password recovery functionality is disabled " service is running on the system .
im trying to access rommon in a Cisco 851, with not much success, i am sending a break after the image is loaded ( in the time frame that is allowed for that) .
View 13 Replies
View Related
Jul 31, 2012
We just purchased this device and was curious if the firmware 3.0.2.0 or 3.0.1.0 has the CLI functionality like the Sx300 models with 1.1.2.0. I find it easier to configure via CLI then the WebUI.
View 3 Replies
View Related
Apr 13, 2011
My Dell Studio 1558, specs: Core i5 2.4Ghz, 4GB DDR3, 640GB HD, Radeon 5470 has a very weird problem. Occasionly, either once a week or twice a day the network functionality will literally dissapear. The icon still displays on the tray but when I click it nothing happens. If I try and connect to the internet it will say there's no internet connection. Also if I try and open the Network and Sharing Centre explorer stops responding and has to be restarted. If I try and shutdown the laptop it will just hang on the Shutting Down splash screen and has to be forced off. The laptop is still IN warranty however I want to fix it myself as I cannot face Dell
View 4 Replies
View Related
Oct 18, 2011
I have a DIR-651 Router (I could not find one for the 651) and I would like to use it as a router only.Is there a way to disable the wireless functionality.
View 2 Replies
View Related
Nov 9, 2012
Unable to access switch from outside the local network. Can get to all routers and PC's
View 2 Replies
View Related
Feb 6, 2012
We ordered 4x cisco 2960 switch with LAN Lite software by mistake. Can we upgrade them to Lan Base?When I change boot image I get Error: hardware not supported by firmware.
View 3 Replies
View Related
Jan 4, 2012
We are trying to setup a new configuration with 2960S as access switchs and a 4507 as a core switch.I want to protect the management IP VLAN of the swich using vrf on the 4507 so we :
SHUT VLAN 1 on every switch (2960 + 4507)
CREATE A NEW VLAN 289 (management vlan) -> IP network : 10.32.126.192/26
L3 VLAN on every switch
VLAN 289 in the VRF XXX on the 4507
create tunk between the switch and the 4507 :
switch mode trunk allowed vlan 200-230
sw trunk native vlan 289
so with this configuration on the 2960 the vlan 289 is UP/DOWN and UP/UP on the 4507 I can access to the 4507 using the IP in the VLAN 289 but i cannot access to the 2960 behind the 4507 CDP connectivity is ok?
View 14 Replies
View Related
Feb 10, 2013
I need to buy a cheap Cisco switch with DHCP server.Can you confirm that 2960-24-S, 2960-24TC-S and 2960-48TC-S be a DHCP server?
View 3 Replies
View Related
Jul 18, 2012
A quick one because I'm scratching my head trying to figure the difference between the 2960 LAN Base and LAN Lite IOS installs. I want to put a 2960 into a site which has as layer 2 link on dark fiber taking it elsewhere. This part I'm not concerned about - the WS-C2960--24TC will do what I need without issue - but I don't know if I can get away with LAN Lite, or if I need LAN Base.
I basically need V LAN's with associated SVI's, and a routed link on the up link port (I don't care if it's a switch port with an associated SVI or a no switch port and IP address), but it's got to be able to run OSPF. Can I do this with LAN base on this series switch? Or do I need to go for a higher series (3560?). I *could* get away with static routes, but my boss is walking death on them unless I can 100% prove they're necessary, so I'd rather not right that fight!
View 5 Replies
View Related
Aug 15, 2011
We have an aging 2611 router that that we need to replace due to the fact that its 10Mb/s Ethernet ports are limiting our internet connectivity throughput (we have a 20Mb/s circuit).
The purpose of the 2611 router was to route traffic from multiple devices connected to a 2950 switch's VLAN X to the internet. Can we achieve this same functionality with only a 3750C-48TS-S switch? Could a static route statement on the 3750 replace the need for the router?
View 8 Replies
View Related
May 16, 2011
Im running a fairly simple server from my own desktop. However my desktop is connected to the internet via Wifi. When i make my static IP i am still conected to the internet. However I cant load any pages in mozilla firefox. Though! I can still talk to people on skype and Dolby Axon voice chat. how do i make the static IP without losing any functionality of my desktop, because it is my desktop, I use it for other things.
View 5 Replies
View Related
Nov 8, 2012
After years of flawless networking performance, computer cannot cannot detect, view or connect to available networks/devices. Wireless network icons/options not present. In "Network Connections", only Local Area Connection appears, and this is used to connect to the internet. Wireless functionality is enabled. Firewall disabled.
View 8 Replies
View Related
Feb 22, 2012
Aside from the obvious differences between these two NAS`s (processor speed, max users, max groups etc) what are the actual real world differences in functionality between the two?
I`m also wondering what the `turbo` bit refers to?Any pros/cons of each??
View 5 Replies
View Related
Apr 4, 2013
Do I need to run any special license (like IP SERVICES) on the Cisco Catalyst 4900M in order to run VRF lite?
View 4 Replies
View Related
Jun 20, 2012
I have some 2960 switches with Lan Lite ios in my infrastructure.And I try to configure them to support "trust device cisco-phone" and "switchport priority extend cos 0" on ports with cisco phones.But LAN Lite image does not support "mls qos trust device cisco-phone".can I use any workaround to trust cos of cisco phone and to remark PC traffic with cos 0?
View 1 Replies
View Related
Jun 27, 2012
I am upgrading the network equipment at my place of employment. We use Cisco C3560, 2960, 4506 and I was noticing that IOS 15.0.x is available. After doing some reading it appears that Cisco is going to a pay for the licensing functionality that you want. Do I need to purchase licenses to upgrade from IOS 12.X to 15.0.x to maintain functionality?
View 4 Replies
View Related
