Cisco WAN :: WLC 3750 With 41 APs Web With Layer 2 - Clients Get Deauthenticated
Jan 30, 2012
I have a WLC 3750 with 41 APs. We use Web Authentication with the combination of a layer 2 security feature (WPA/WPA2 with PSK). With this combination some clients have the problem that they get deauthenticated and have to authenticate again while being in an active session. For testing I disabled the layer 2 security feature i.e. I set it to "none" but I left the Web Authentication enabled. With these settings none of the clients has any more problems with getting deauthenticated. They stay online for the entire session.
View 5 Replies
ADVERTISEMENT
Nov 15, 2011
I have a question if I Stack a Catalyst 3750 L3 with a Catalyst just L2, will we able to use all L3 capabilities?
Switches are
WS-C3750G-24TS-E1U
WS-C3750V2-24PS-S
View 4 Replies
View Related
Sep 12, 2012
Cisco 3750 with IP Service Image 12.2.55, Trying to enable Web Authentication on Layer 3 interface:
!
ip auth-proxy name bp_auth_proxy http inactivity-time 60
!
interface GigabitEthernet1/0/5
no switchport
ip address 192.168.1.27 255.255.255.0
ip access-group 101 in
View 1 Replies
View Related
Jan 13, 2013
I've created a scenario using a 3750 cisco as core switch ad other 6 switch model 2900 in access level.my problem is this, the router is not a cisco router, and this router is not able to make NAT on more than one subnet.Into the core switch I've created 4 VLAN and I must to give internet access to 3 of them, 192.168.0.0/24 (vlan1), 172.16.0.0/24 (vlan2), 172.17.0.0/24 (vlan3).I've connected the switch to router via gigabit ethernet 0/1 and I've assigned to this interface ip address 192.168.10.2, the router ip address is 192.168.10.1, Switch ip default-gateway is router ip address 192.168.10.1, ip default route is 0.0.0.0 0.0.0.0 192.168.10.1 I've enabled ip routing feature and I've set no switchport feature to interface gigabit ethernet 0/1.From core switch I can ping router ip address but I can't make it from all other user, and the users not able to have internet access.
Below the switch configuration (only necessary strings)
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
[code].....
View 6 Replies
View Related
Feb 28, 2008
We are looking for a solution to avoid VPNs to encrypt data between HQ and Bldgs (point-to-multipoint) Gigabit fiber(untrusted media).Is there any cisco's product providing layer2 encryption over Giga fiber?The HQ has a 6509s and remote bldgs have mixed of 3750s,4500s in trunks.
View 2 Replies
View Related
May 7, 2012
Is it possible to establish a interface dialer on a layar 3 switch?Or is it only interface for routers?I have a c3750 switch (WS-C3750G-24T), and when i try to establish a dialer interface i get an error message:
[code]...
View 2 Replies
View Related
Feb 4, 2011
I'm setting up a Cisco 3750 layer 3 switch with several vlans. I thought enabling routing would route between the vlans, but no such luck.What I want is to share the internet access of vlan 100 with the other vlans/ip-nets.How can I do that?
View 2 Replies
View Related
Mar 1, 2012
I Like To Intentionally Create A Layer 2 Loop in My LabI have 2960 and 3750 switches and servers with multiple NIC's and also Some PC's and Hubs. Connections and Commands And Features Which Sould Be Disabled or Enabled)
View 4 Replies
View Related
Nov 23, 2011
As we know there are three layer in cisco Network Model:
-Core
-Distribution
-Access
So my question is in Core / Distribution layer should i use Etherchannel between switches or use Stacking if switches are stackble.For ex: suppose I have two cisco 3750 switches . so should i use etherchannel between them or use stacking in core layer?What are the advantages and disadv of both.
View 5 Replies
View Related
Aug 14, 2012
I've got a bunch of 3750-X switches all running IP Base and acting as a routed access layer. They run OSPF in a totally stubby area with the distribution layer (Nexus 7K) as the ABR. We also have a physically separate management network into which the fa0 management interface of the 3750-X is connected. The management network itself runs OSPF and has multiple subnets and external access.
On the 3750-X, I'd ideally like to be able to run some sort of separate OSPF process for the management network or at the very least have a static default route for management traffic pointing out the fa0 interface, but clearly not have it interfere with the main default route for data traffic coming from the N7K ABR. Normally I'd just create a management VRF, sling the fa0 interface into it and run a separate OSPF process in that VRF. The problem is you can't create VRFs in IP Base! Surely there must be a way to do this? Cisco don't really expect customers to upgrade to IP Services just to have a working OOB Management network, do they?!
View 4 Replies
View Related
Apr 9, 2012
My colleague and I have been having a discussion about using rapid spanning tree in the access layer. Most of our infrastructure has been migrated to a routed access layer with 3750s.
The idea was brought up to configure the switches with rapid PVST. On the surface, it seems like a better idea, faster convergence, in the event that spanning tree ends up being used for some reason. My colleague prefers sticking with standard PVST. His argument is that, in the event of a layer 2 loop, some consumer-level switches filter out BPDUs and if the control plane is overwhelmed, the shorter timers of rapid PVST just puts that much more of a burden on the CPU trying to regain control, whereas with standard PVST it will have around 20 seconds before it starts to engage. (It may still be overwhelmed, but the longer timer delays the additional burden.) He says he's seen this problem with rapid PVST and that his opinion is backed up by our Cisco rep. (I haven't spoken to him yet.)
In our model, it should be very rare -- pretty much never -- that we would layer 2 span another switch off of our access stack.
One suggestion I saw is to use BPDU Guard, which is a good suggestion as well.
But we have had experiences with overloading the control plane on a 3750. I believe that concern is valid. If the CPU can't service spanning tree. But I'm interested in hearing about other experiences people have had in terms of rapid spanning tree in the access layer, end users plugging in unauthorized devices and creating loops, and the effects when using rapid spanning tree vs standard spanning tree.
View 6 Replies
View Related
Sep 29, 2012
I configure 3750 stack switch as core and 2960 stack switches as access layer switches.I connected my laptop to one of my core stack in VLAN 10 and I am pinging to one of my server in VLAN 1. What will be the minimum latency at the time of inter VALN routing
View 2 Replies
View Related
May 17, 2011
I need to move the client machines off of the 3750 (and their DHCP dependency on it) to the SGE2010 and absolutely route their internet traffic out through the outside interface on the 5505. They must also be able to communicate back into the internal environment in order to communicate with the production servers.
The clients currently use .254 addressing through a dumb dell switch to the 3750 but I am trying to migrate them over slowly to the .253. I know that the 2010 will not do DHCP, so I am putting a DHCP server on that switch right now. The 5505 won't let me add an additional nameif statement onto one of the other eth0/x interfaces and I'm not sure if that has anything to do with it's capabilities to act as a DHCP server (it's not an option in the ASDM) or it's ability to serve as the internet gateway for the 2010 clients. (Side notes: The 5505 has a base license and is currently also connecting 1 site to site VPN. As is the 5520, so all of it's interfaces are used as well).
I statically assigned a moved client with a .253 address and plugged it into the 2010. I have tried giving the 2010 both a .4 address and a .253 address but neither will allow me to ping any of the addresses on the 5505. The 2010 shows automatic routes to the two subnets and I set it's default route to 253.1. The link between the 2010 and the 3750 works - clients receive a .254 address from the 3750 and can get out to the internet via the 5505 and reach the production servers as well.
Why won't the 2010 see the 5505 as a gateway and allow clients to get to the internet and also traverse the 3750 when they need access to the production network?
The reason why I dont' just connect the two swtiches and call it a day is because I also need the production servers to ALWAYS go out/receive web requests via the 5520 outbound/outside interface. I'm having such a hard time wrapping my head around why i can't get my clients moved over to the new switch, I haven't even grasped how I'm going to do that yet.
View 4 Replies
View Related
Mar 18, 2012
I want to setup VLAN with the switches SG300 and SLM2024. What is the suggestion to connect these 2 switches. We have the Juniper net screen.
View 1 Replies
View Related
Apr 3, 2012
I am taking an introduction class to CCNA and we are focusing on the Application Layer,and I'm having some difficulty in understanding what is an Application Layer Service. Is the Application Layer Service the same as Application Layer Software?
View 3 Replies
View Related
Jun 18, 2012
I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
:
ASA Version 7.2(4)
!
hostname ASA
domain-name default.domain.invalid
[code].....
what I need to add to get the vpn client to be able to ping the router and clients?
View 3 Replies
View Related
Nov 5, 2012
We currently have an ASA 5520 communicating with 10 ASA 5510's, all on static outside addresses. I was asked to add 5 additional 5510's on dynamic address. All worked well in testing until it was decided that some of the dynamic clients needed to talk to each other.
My testing shows packets just dying in the 5520.
View 1 Replies
View Related
Feb 1, 2011
I have 4 desktops cat5 to Dlink DIR 615 router. All work fine. Any wireless clients, laptop or netbooks, see the desktop computers for a while then disconnect somehow. All machines can see the Internet through the router at all times. The desktops disappear from the laptop/netbooks but the wireless machines can be seen from the desktop computers but clicking on them gets 'Access Denied' message after a wait.3 desktops = XP, 1 98SE. All laptop/netbooks = XP
View 2 Replies
View Related
Jul 6, 2012
I have a Netgear WNDR4500 running the stock firmware, acting as a router for my home. I also have 2 routers that are flashed with DD-WRT (Linksys WRT54G and Asus WL-520GU) running as client bridges. The Netgear is 192.168.1.1 and the other 2 client bridges are 192.168.1.2 and 192.168.10.3. The Netgear router is performing DHCP giving addresses from 192.168.10.100 to 192.168.10.254. I have numerous machines connected to the Netgear, wirelessly and wired, and numerous machines wired to each client bridge. All machines have IP addresses that are 192.168.10.100, 192.168.10.101, 192.168.10.102, etc... Everything is working fine, but I have one question: When I access the Netgear router, it shows the client bridges as clients, machines that are wired and wireless to the Netgear router are listed as clients, but the client list does not show any clients that are connected to the client bridges. I assumed that since the router is performing DHCP that all clients would show up.
View 2 Replies
View Related
Feb 29, 2012
I have a strange issue on my ASA 5510 (8.4). I can't ping or connect to the VPN clients but the VPN clients can ping/connect to any inside resources. I have checked all the NAT extemtion entries.
View 3 Replies
View Related
Jun 30, 2012
Do I need the Universal image to perform stftp on a 3750 or 3750-X?
View 8 Replies
View Related
Apr 29, 2013
SM-ES3-16-P works as a layer 3 module which means that the uplink which connects to router ( Internally ) is a layer 3 interface . Is there a way we can use it as a layer 2 switch and connect the uplink as a trunk port ?
View 1 Replies
View Related
Apr 30, 2012
I need a ≥ 8 port layer 3 managed switch. What would be the cheapest solution for this?I've been looking at some stuff like Cisco 4908G, but that only supports 1000base-X. I need something that supports the standard 1000base-T. I've also looked at a Cisco WS-C3508G-XL-EN, but correct me if I'm wrong, this is only layer 2?
View 11 Replies
View Related
Mar 18, 2013
i am trying to do EoMPLS using microwave as my Layer 1. i am doing the same thing using Fiber as my layer 1 and it is working. the minute i use microwave its not working. the EVC will be showing as up, but no traffic will be moving. i am using 2 3750Metro series swicthes. i have tries to tweek the MTU to be above 1500 and below 1500 but nothing is working. LDP is establishing, OSPF is working, but the EVC is just not forwadign traffic from end to end.
View 4 Replies
View Related
Feb 9, 2013
I have a question about QoS and how, or if, it functions between a layer 2 switch and a router. My question is, can a frame's COS sent from a layer 2 switch to a router be recognized and converted (mapped) to a DSCP setting without the use of a vlan (not the native vlan1), and can the reverse be done from a router to a layer 2 switch? Can QoS be preserved as it passes through the different devices? I know, pretty basic, but I have to start somewhere.
View 12 Replies
View Related
Apr 22, 2011
can i use normal two L3 Switch(3560) for BGP Multihoming with 2 different isp
View 4 Replies
View Related
Mar 19, 2012
N5K will be running on Layer 2 mode. vPC configured between N5K and N2K Servers are part of Vlan 10, 20, 30 and Juniper SRX firewall is the gateway for all the servers. SRK firewall is Active/Standby mode.
Questions are
1) Is there any non-vPC link required between N5K in this scenario?
2) N5K will pass in/out traffic to juniper SRX firewall durining SRX failover as well as normal operation
View 9 Replies
View Related
Mar 10, 2011
Here is a second paragraph from official BCMSN book page 93:
View 6 Replies
View Related
Jul 2, 2012
I have :
- two different subnets (S1, S2)
- these subnets are connected to an IP backbone via wirelles acces points
I would like to physically connect these subnets together so the networks devices in S1 could directly communicate with the devices in S2 and vice versa without going through the backbone.
The obvious solution seems to interconnect these subnets with a router or a switch L3. But I would like to connect these subnets and stay at layer 2.
So, is it possible to connect S1 and S2 with a switch L2 ? If I do that, what is going to happen? Can I create just one subnet S3 from this two subnets when I connect them together and have my two separate subnets back as soon as I disconnect them?
View 1 Replies
View Related
Dec 18, 2011
What does a firewall block at the transport layer?
View 1 Replies
View Related
Apr 24, 2012
I know I can bring up a tunnel up-and-up without any layer 3 address, without any ipv4 or ipv6 address (apart from tunnel source/destination of course). And I don't have to use "ip unnumbered <interface>" either. But what good is a tunnel interface with no address? Can you bridge them or something?
View 5 Replies
View Related
Apr 15, 2012
I have two MLS conected by 2 fast ethernet links f0/11 and f0/12 on both sides.I am trying to set up a layer 3 etherchannel using these two links . But when i see etherchannel summary, they dont show up as layer 3. Instead they show as layer 2.
View 19 Replies
View Related
Apr 11, 2011
With most of my Layer2/Layer3 switches, I'm accustom to giving them a SVI on my management VLAN, and calling it a day. I can't find in the Cisco Nexus guides how to do something similar; everything points to the mgmt0 physical interface, which seems like I need to uplink it to an access port on another switch. Can somebody point me in the right direction for how to do give the Nexus an IP that I can ssh/snmp into it across a trunk for management? I must just be missing the keyword.. NX-OS is still quite a different beast.I see in the manual it says: "SSH has the following prerequisites: You have configured IP on a Layer 3 interface, out-of-band on the mgmt 0 interface or inband on an Ethernet interface." Cisco Nexus 5000 Series Switch CLI Software Configuration Guide page 284, How do I configure an IP on a Layer 3 interface on a Nexus?
View 16 Replies
View Related
