Cisco WAN :: VLAN 310 - Apply Route-map / Send Traffic Back Down To Switch?
Sep 26, 2011
I have some specific traffic that I am attempting to pull off of VLAN 310 at the router, apply a route-map that sends this specific traffic back down to the switch on VLAN 55 (and the private address) and once it hits the switch apply a route-map on that VLAN 55 interface directing the same traffic over to the 72.x.x.9 address which goes through a FAP box back up to the router on another interface.
I have attached the config information, I know this isnt the best practice way to do this however right now this is how I have to do this.When runing a trace from the net traffic stops at .2 and when running a trace from my test /30 it stops at .2 as well. I am not sure what to do at this point
I have a 3560G that I cannot apply a policy route-map to one of the VLAN interfaces. I am running up to date software, c3560-ipservicesk9-mz.150-2.SE2 and it accepts the command, but does not show it in the sh run of the interface. I updated to this code as I had seen previously someone said it needed to be version 15 before you could apply route-maps to VLAN interfaces.
Here is my configuration below , i have upgraded my C-3750 switch IOS from IPbase to IPservices , after upgrading i have tried to apply PBR on my Vlan 4 and failed , when i am tying to apply route-map to Vlan4 the command was taking but i am unable to see the route-map when sh run , i am giving the command as "ip policy route-map TTSL" in my Vlan4 , below is the configuration.
In Vlan2 i have connected one ISP and Vlan4 I have connected one ISP , my local subnets are 192.168.1.x and 192.168.2.x , now i want to route the 192.168.1.x traffic from Vlan2 and 192.168.2.x Traffic from Vlan4 .
sh boot coreswitch#sh boot BOOT path-list : flash:c3750-ipservices-mz.122-35.SE5/c3750-ipservices-mz.122-35.SE5.bin
We recently extended our access layer using a pair of 5ks with extenders. We have a pair of 6509s at our core and they handle the intra-VLAN routing with SVIs. I recently noticed that access hosts connected to the extenders cannot pass traffic between each other if they are in different VLANs. The strange thing is these same hosts can ping devices in other VLANs as long as the other devices are not connected to the 5k environment.
For example, consider the following hosts. Each host has their gateway set to the appropriate SVI on our core.
HostA - VLAN100 - connected to 5k extender HostB - VLAN200 - connected to 5k extender HostC - VLAN100 - connected to 2960 off our core HostD - VLAN200 - connected to 2960 off our core
Each host can ping each other with the exception of HostA and HostB. As for specifics, we use HSRP (no VSS) between our cores.
When I ping between hostA and hostB, I see the egress packets on either 5k1 or 5k2. I then see ingress AND egress on Core1. There are no ingress packets on 5k1 or 5k2.The egress packets from Core1 show the correct destination MAC address of the target host. The mac address table shows the mac address on po31.
Just picked up a ISA550 and have been playing around with it a bit but seem to be having some trouble. I have two LAN subnets in my small business with approx 10 hosts per subnet. I'd like to use the ISA550 to route between them (and to the internet) but can't seem to figure out how. Is it just as simple as creating two VLANS? Can the ISA550 route VLAN traffic?With my old RV042G, I had the option to setup multiple subnets inside the setup menu but I don't see any such area with the 550.
i'm already has one internet connection is connecting directly to the Core Switch 6509,Vlan 500 (1921.168.1.0) and the Switch is route any internet request with default route:
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.170.10.10 10.170.10.10 is --> Next hop for the DSL router internal IP, and it's working fine.
The Problem: We have a new internet connection with new Vlan 600 (172.16.1.0) another ISP/ with another DSL router, so i need your kindly support and suggest how to connect both of them to exit from the Core Switch 6509. is it ok if i make another default route to the Next hop to the new DSL router as:
SW6509-conf)# ip route 0.0.0.0 0.0.0.0 10.80.10.10 10.80.10.10 is --> Next hop for the new DSL router internal IP.
is there any way like default route , route-map or any other features to :
route Vlan 500 (192.168.1.0) to exit from DSL 1 --> 10.170.10.10 route Vlan 600 (172.16.1.0) to exit from DSL 2 --> 10.80.10.10
My issue: I have installed a firewall within my network. Currently all my clients default gateway defaults to GW:192.168.1.1. I would like all my internet traffic to route to the firewall ip 192.168.1.30. My Primary switch ip is 192.168.1.10, which is a 3560G running 12.2(25)SEE2 IPBASE-M.
My main problem is, I do not have access to the gateway, so I am trying to route internet traffic from within my switch to the firewall. I have already tried Route-Map, but seems this version of the OS does not support. I have already tried Policy-Map, but same as above. I have also tried IP ROUT command, but it did not work either.
And remember, I would like to perform the routing from the switch, because I do not have access to the default gateway which is a router to perform forward internet traffic to the firewall.
I have a L3 core switch with multiple VLANs setup. Is there a way to place an IPS so as to monitor the traffic passing between, lets say, VLANS 1-3 and VLANs 4-10?
i want to apply a QOS for my trafic LAN, in my ASR 1001 , the LAN is connected with ge0/0/0 interface and it configured with the service instance to bridge vlan 1 ( i do that for OTV ) i put service policy in "service instance 1" to marking data with ef31 but i noticed that the class "plateform_datacenter" match the trafic and the ACL associate to this class not mach any trafic trafic !
tha policy-map march trafic for Datacenter : sh policy-map interface gigabitEthernet 0/0/0 service instance 1 GigabitEthernet0/0/0: EFP 1 Service-policy input: MARKING-OTV Class-map: Platforme_DC (match-any)
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
I am facing problem with ACE configuration. I want to redirect 443 traffic to my Proxy Server. But I am not able to do this. I want to redirect only subnet 192.168.80.0/24..Then only it is working but I dont have to have this policy to be applied on all the users only one subnet I want to have under HTTPS policy.
how can I apply the policy only on specific subnet so that port 443 traffic can be redirect and rest of all subnets can go direclty to Internet.
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20. At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
I have a situation where my Internet edge routers learn 0.0 from ATT (AS 7018) my provider. I then wish to advertise these learned routes via WAN. However my WAN MPLS provider is also ATT and they use AS 7018 for that as well. When I try to push 0.0 to my other WAN sites 0.0 is suppressed to avoid loops.What's the best way to tell the WAN routers to advertise 0.0 back to the same AS originally learned from?
I have a Netgear GSM7248R switch with 5 different Vlans including th management Vlan. Each of the vlans are connected to my layer 3 switch for routing. I want to access the management vlan form any of my Vlans so my layer two switch can be detected by my snmp manager.
I've been given the task to clean-up our network config, and have walked into a disaster zone.We have a 4510R on site with everyone using the default VLAN, VLAN 1.I have created 4 new VLANS, VLAN100, VLAN150, VLAN200, VLAN250 I have assigned interface addresses to each VLAN and configured Inter VLAN routing.I can route to and from each new vlan with no problem, i.e VLAN250>VLAN100 VlAN100>VLAN200 etc but I can't route to VLAN 1(Default VLAN) from any of them, I can ping the interface on VLAN 1 from any VLAN , but any hosts are unreachable. On the flip side , from VLAN 1 I can route to all of the VLANS.
is it possible to assign a loopback address to a typical switch port on a 2950 switch? I want to be able to have some devices connected to a switch to test access lists and VLANs.
I found this guide in order to send all traffic from RV042 branch office to the RV082 in the central office: [URL]
But that guide is for v2 hardware. I tried and did not work, so I wonder if there is newer info for v3 hardware (firmware v4.2)
I have a RV042 in a brach office connected via working VPN Tunnel to a RV082 central office. I want to route all traffic from the brach office to the RV082 in the central office.
I currently have 90 remote locations that have PIX501's. They are all running 6.3 on them. All of these locations are creating an IPSEC VPN to my ASA 5520 (8.4) at the data center. Web access at the remote locations is currently being handled with ACL thru split tunnels. This is getting increasingly not fun as I have to reach out and touch them one at a time whenever I have to allow more access to the net. Code...
I would like to keep my split tunnel (if possible) for ports 443 and 21. I allow access to "any" on those ports and have no plans to change it.
Can I send port 80 down the VPN tunnel to the Proxy/Web Filter and then return the results to the Remote Client.
’m somewhat new to Cisco routers this is my first attempt at getting one to work. I work in an environment with multiple locations, most are using the Cisco Model: 2911/K9 or the Model: 2921/K9 routers running IOS Version 15.0.We just added a new small office and all I had in the way of a router was a Cisco C1841-IPBASE-M router, running IOS Version 12.4.When setting up the C1841 I kept the configuration pretty much the same as the others allowing for the differences in the OS. I can remote into the 0/0 (outside port) from over the network, I can ping to that port without fail, but I can’t send or receive traffic from the 0/1 (inside port).
I cannot get my server to send outgoing traffic through my network. I.e. If i try to connect to any of my services i get a very weak connection. Now, i can still CONNECT, i just don't get any data flow. I cant even PING the server internally, it just times out. Now, regardless of whether i use my internal IP/external domain, i get the same issue. I logged onto my computer and tried a speed test the download was normal (around ~20mbit) but the upload times out.
Here is the fun part, if i connect to the server using a switch, everything works fine! Is it my router or some stupid configuration issue? Router is a WRV54G (I hate this thing). Server is running windows 2008 and has a virtual machine.
i'm going mad on following problem. I'm trying to get 2 networks seeing each other while one of the network is a non VLAN network and the other one is a VLAN network.They should use the same interface so i added VLAN e0/0.122 to the interface e0/0.Send a ping from my asa to both gw-IP's made me happy at first. In second in figured out that i cannot reach any client in the other network. For testing purpose i created an permit acl to any/any for both networks, but the packets still get dropped by the default implicit rule. (deny any/anyMaybe i'm to stupid for this
I have a RV220W (running fw version 1.0.2.4) that i am trying to configure for a client. They are set up on Comcast with 13 available IP's. I should note that this netowrk is now currently running without issue using a Cisco Pix 506e. Unfortunately, the Pix is almost impossible to configure using the GUI now as I have to load a 4-year old version of Java now just to get the PDM to load. But I digress.I've set up the RV using the identical settings as the Pix on bth the LAN and WAN side. When I do, computers on the LAN side can all reach the Internet ok. However, once I enable one-to-one NAT for an internal server, that machine can't send or receive ANY traffic to the WAN side. I've even tried setting access rules enabling ANY traffic in both directions, and that has no effect. Either I'm missing something, or this is just one more bug in this product.
Even though it was a bit of a step down going from the Pix to the RV220W, it was done for the ease of setting up VPN's as I was ready to purchase a second one for a new satellite office opening in a few weeks. It looks like we will be switching vendors on the router side as my faith in Cisco is waning at this point.
We have a customer using a 2911 router with 3 x DSL WAN links.
The customer runs a building with shared office space which people rent.
Customers in the building are experiencing a problem where they cant email other tenants i.e...
One tenants exchange server tries to make a connection to another tenants server by going out to the internet and back in via the same interface.I believe this might be called "Hair Pinning"
I have installed CSC-SSM-10 on cisco ASA 5520.I am facing two problems
1 : When I send traffic from ASA to SSM module then internet connection becomes slow and sometimes internet session disconnected. 2. When I try to manual update then following erros shows please see attachment .
I have a an ASA 5520 connected to a Layer 3 (3750) switch (Inside) and a connection to a 2960 switch (Outside) to get to the internet. . I have created vlan interfaces on the 3750 switch and enabled ip routing on the switch to enable the vlans to communicate with each other.
Vlan Interfaces on the switch: Vlan 100 172.17.1 Vlan 200 172.18.1 Vlan 300 192.168.3.1
I want the devices connected to the 3 vlans to be able to pass through the firewall and get out to the internet.I have connected the ASA to the 3750 by routed interfaces (10.10.10.1) --------- (10.10.10.2) and they are able to ping each other.I have also put a default route on the 3750 sending all traffic from the switch to the ASA inside interface (10.10.10.1)The issue that i am having is that the ASA also connects to a 2960 which has a connection to the Internet, and they are handing off an ethernet connection from the 2960 that sits in VLAN 55 (Vlan 55 is the Internet accessible vlan).How do I configure my ASA to send all traffic from my (3) vlans to the interfaces that connects to the 2960 switch?
We have configured following commands on switch to fallback to local Vlan if both radius server (policy persona's) is found dead. For test purpose we shutdown both servers (policy persona's) but fallback didn't work. We have 3750 switch running image 12.2(55)SE6 having following configuration.We do not know whether we configured switch in proper way or do we need to modify it. [code]
Configured cisco 881, WAN has static IP address and LAN is nothing fancy. I can ping out to url... or anywhere from the router but cannot from LAN client computers. [code]
I have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50 10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50 10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
I have a 2821 router with two T1 WICs and have the need to route FTP down one T1 and all other TCP traffic down another T1. All traffic is going to the same remote IP address. The remote sites are in different states, and I assume that the remote subnet is being bridged between the states. It's kind of a weird set up, but it's not my design.
Anyway, can I use a route map to split off FTP traffic to host A and send it down one T1 and have the rest of the IP traffic to host A go down the other T1? I also need to be able to have all traffic use one T1 in case the other T1 goes down.
My first thought was to static all IP down T1-1, then route map FTP traffic down T1-2, then have a floating static for all IP traffic down T1-2 with a higher metric. But something would have to track the T1 interfaces and I'm not sure if route maps or static routes can do that. Any thoughts on this?
I have a router that supports wireless network. I have 2 desktop computers that connect through LAN, 3 Laptops that connect using WiFi. Lot of them use utorrent. I want to block it. They use it to download movies. I have warned them of consequences but they simply dont listen. I dont know how to implement QoS in my router. Mine is UTStarCom.
How does a device attached to a Cisco IP Phone send data to the switch?a. As tagged (using the voice VLAN)b. As untaggedc. As tagged (using the data VLAN)d. As tagged (using the CoS value)The correct question is A in the book though it said that tagging is switch process PC's doesn't tag frames.
