Protocols / Routing :: Running Out Of Private IP's?
Nov 1, 2011
Our network at work is running out of IP addresses to lease and we are looking at the best solution of providing more addresses for clients machines on the network.What I was hoping to do was configure our Wireless AP�s through the switches (NetGear GS724T/P) so they provide a different IP to wireless clients on a separate range but still allow full communication with other devices on our network such as servers etc so they can access resources and services as normal.Currently our standard laptops connect automatically to our AP if in range and most of these are also connecting via Ethernet as well so each laptop is being leased two IP addresses which is a waste.The current config for clients is on the range 10.7.1.1-254, subnet 255.255.254.0Servers/Printer and networking devices on 10.7.0.1-254, subnet 255.255.254.0DHCP is controlled via Windows Server2003 DC
View 4 Replies
ADVERTISEMENT
Jul 28, 2012
i have used hierarchical addressing in my tcl program. when i run the code, it produces the error, str2addr:Address 146672855 outside range of address field length 1024. what's his error?
View 2 Replies
View Related
Jan 1, 2012
I have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
View 2 Replies
View Related
Jan 15, 2013
Why I got below error message when config Private VLAN?
Error: while enabling/disabling service: private-vlan, err: Private-vlan is not allowed in F2 VDC (0x40e4005d)
View 2 Replies
View Related
Aug 20, 2011
why the WAN protocols like Frame-relay, HDLC and PPP are called Layer2 protocols?What is the address scheme they use?
View 5 Replies
View Related
Sep 5, 2012
Is this supported on a 3750X ?? A router has two VRFs and its lan interface is a trunk with 2 VLAN IDs, let say VLAN 10 and VLAN 20. The ip address subnet of these two vlans is the same (therefore , they are in different VRFs)
fa0/1
VLAN 10 = 10.15.4.9 (VRF A)
VLAN 20 = 10.15.4.10 (VRF B)
This router is connected on a 3750X switch. There is a firewall connected to this switch also, which is default gateway for several VLANs including VLAN 10 (10.15.4.1)
The goal is that VRF B ip can talk to 10.15.4.1 and VRF A can talk to 10.15.4.1 but VRF B can't talk to VRF A (10.15.4.9 <-> 10.15.4.10)
FW |--- TRUNK VLANs 1,2,3,4,10 ---------| SWITCH |----- TRUNK VLAN 10,20 -----| ROUTER (vlan 10 = VRF A, vlan 20 = VRF B)
I think this is not supported on the C3750, as my promiscuous port is located on a trunk.
View 1 Replies
View Related
Mar 13, 2011
how to redistribute routes between three independently managed private networks.
Currently: See attachment The two buildings managed by Company 1 are connected by 4x1GB fibre channel ports on Cisco 3750G Standard Image switches. Static routing is used between the two building and static routes are used to direct traffic to Company 2 and Company 3 via routers managed by their respective companies. No NAT is required as all three companies use separate private address schemes.
Network Improvements: See attachment To increase network resilience Companies 2 and Company 3 are planning on installing new routers in building 2. Companies 2 and 3 use Dynamic routing protocols on their internal network. Incoming and outgoing resilience is required in all three companies. There is no direct connectivity between Company 2 and 3.
I would like the following questions answered:
1. Is dynamic routing needed in Company 1?
2. Given that only 4 devices are managed by Company 1 will RIPv2 work? NB. Company 2 and 3 have very large networks (3000+ sites).
3. Would route redistribution be best performed on Company 2 and 3’s CE routers?
4. How can route redistribution be controlled by Company 1?
View 4 Replies
View Related
Feb 9, 2012
We need to connect several DSLAMs on the 4900 switch, every DSLAM has 4 VLANs configured (VOIP service, MGMT, ADSL Private, ADSL Public), and sends the traffic for each service tagged with appropriate VLAN id according to the table:
VOIP: 608
MGMT: 594
ADSL PRIVATE: 2900
ADSL PUBLIC: 2930
On the DSLAM side it is very simple configuration, just a normal trunk with 4 VLANs transversing the link. On the 4900 I need to isolate the traffic for ADSL PRIVATE & PUBLIC service so DSLAMs connected to the same switch do not have L2 connectivity between them. For VOIP and MGMT they must communicate with each other. DSLAM acts also as a VOIP GW so it must communicate with other DSLAMs for VOIP service. Also VLAN 200 is configured on ME 4900 for switch management traffic.
This 4900 Switch connects to MPLS PE router, which offers L3 VPN service for VOIP & MGMT service, and L2 VPN for ADSL service (PPPoE traffic to BRAS). Fortunately we have ES+ linecard to support many ethernet features. I tried this config:
1) VOIP, DSLAM-MGMT, MPLS-MGMT configured as normal VLANs
2) ADSL PUBLIC & PRIVATE configured as isolated secondary VLANs, primary VLAN for ADSL PRIVATE is 2008, for PUBLIC 2308
3) Configure DSLAM facing ports on ME 4900 as private-vlan trunks
4) Configure ME 4900 uplink port to MPLS PE as a private-vlan promiscous trunk
5) Configure ethernet services on MPLS PE for each tag that comes from ME 4900 (ES+ cards are awesome, i love them:D )
6) Apply L3 VPN service for VOIP and DSLAM-MGMT, and L2 VPN for ADSL service.
But at least this last command should list on spanning tree forwarding state also the ADSL VLANs or not?
Here is the output of the show interface switchport.
View 1 Replies
View Related
Aug 28, 2012
We have a requirement for private VLANS for DMZ hosting within one of our datacentres. I just want to query how private VLANs would work in our environment.We have physical servers connected to fex ports (2 fex per rack for each 5k) of a 5548UP switch, virtual servers using the nexus 1000v (vmware hosts connected to fex ports) Out firewalls and load balancers are connected to an upstream pair of nexus 7ks using vPCs.My question is this, ordinarily the firewall would be in a promiscuous port but as these reside on a physically separate switch will the normal vPC trunk still be sufficient or would the "switchport mode private-vlan trunk promiscuous" be required on the vPC up to the northbound 7k.As these connections are already in production I do not want to affect the existing traffic that doesn’t use private VLANs.
View 3 Replies
View Related
Mar 13, 2013
I have 2960 cisco switch. I want to configure private vlan. But it is not getting configured in cisco 2960. Is there any other way to configure that in switch.
View 1 Replies
View Related
Dec 29, 2011
I have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports - and I tried to implement this setup: [code]
The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.
the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct .We are running NXOS: [code]
View 1 Replies
View Related
Dec 10, 2012
know if Private Vlans are supported on the Cisco 4900m switch when set in VTP version 3 and VTP disabled?Most documents just specify VTY transparent mode without mentioning the version, trying not to assume since this is production.
View 1 Replies
View Related
Aug 13, 2012
regarding PVLANs and the Nexus, my understanding is that we cannot configure Private VLANs on a FEX trunk port with a NX-OS release older than 5.1(3)N2(1) for the Nexus5548... Is there any known workaround for this limitation (appart from performing a SW upgrade)?
View 2 Replies
View Related
Apr 5, 2011
I have got a PC at work (Windows XP Pro SP3) that is on two networks with the IPs 10.20.30.167, subnet 255.255.255.0 (internet enabled) and 10.0.0.20, subnet 255.255.255.0 (no internet). On the 10.0.0.X network there is a gateway with the IP 10.0.0.200 allowing access to another network; 192.168.60.X, subnet 255.255.255.0 (no internet). I have added the route on my work PC to access the 192.168.60.X network via this gateway and I can access all PCs on all three networks from this PC.Now, I am using LogMeIn Hamachi so that I can access the networks at work from home. The PC at work is the 'gateway' PC on the Hamachi network. When installing Hamachi it created a new network connection and bridged this connection with my 10.20.30.167 network adapter to allow access to the 10.20.30.X network from an external PC when connected using the Hamachi VPN connection. I have manually configured my Hamachi connection on my PC at home to the IP 10.20.30.169, subnet 255.255.255.0, with the default gateway set to 10.20.30.167. I can ping all computers on the 10.20.30.X network from my PC at home.
I then added a route on my PC at home for 10.0.0.X to go via 10.20.30.167 (the 'gateway' on the Hamachi network). I also enabled IP forwarding on the 'gateway' PC (my PC at work). I can not ping any PC on the 10.0.0.X network from my PC at home apart from 10.0.0.20 (the other NIC in the Hamachi gateway PC) and 10.0.0.30 (another PC on the 10.20.30.X network that is also on the 10.0.0.X network).Now, with IP forwarding enabled on the Hamachi gateway PC I would assume after adding the route on my PC at home for 10.0.0.X traffic to go via 10.20.30.167 that I would be able to ping all PCs on the 10.0.0.X network...I also tried adding a route on my home PC to send all traffic for the 192.168.60.X network via 10.20.30.167 which has a route via 10.0.0.200 to the 192.168.60.X network, but this also did not work.I then tried adding the 10.0.0.20 network adapter into the network bridge that the Hamachi connection made, also keeping both IPs (10.20.30.167 and 10.0.0.20) on this network bridge by adding them into the 'IP Settings' in the 'Advanced TCI/IP Settings'. I also added the 10.0.0.200 gateway for good measure. I still cannot ping any PC on the 10.0.0.X or 192.168.60.X networks from my PC at home.
I have also added the route to the 10.20.30.X network on a PC on the 10.0.0.X network to go via 10.0.0.20 and tried pinging a PC on the 10.20.30.X network but this also has not worked. Also setting the default gateway on a PC on the 10.0.0.X network to 10.0.0.20 does not allow this...Surely bridging the networks 10.20.30.167 and 10.0.0.20 on my work PC would allow another PC on the 10.0.0.X network to access the 10.20.30.X network after adding the route or setting 10.0.0.20 as the default gateway?
View 2 Replies
View Related
Nov 12, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature?
View 1 Replies
View Related
Nov 29, 2011
We currently have a HP blade platform which has two Cisco CBS30X0 switches built into it running Version 12.2(55)SE. These are connected to two Cisco C2960 aggregation switches running Version 12.2(44)SE6. According to this article I need to upgrade these to 12.2(25)FX: url...
1.)This will according to that article only allow me to create edge ports on them, is this a hardware limitation or am I just not finding what firmware I need to upgrade them to, in order to allow the creation of community VLANs? We have these aggregation switches conncted directly to multiple types of firewalls which take care of each of our clients networks including internet access etc. We are wasting many VLANs and IP addresses with our current setup so I am hoping to move over to using private VLANs. The setup of the private VLANs looks simple enough.
2.)When the private VLAN's try to communicate, all info will be sent directly to the layer 3 device I gather, which will not need to know anything about the private VLANs?
View 12 Replies
View Related
Nov 11, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?
what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature
View 7 Replies
View Related
Apr 14, 2011
Having problem pinging from Host A on ESX1 to Host B on ESX2. Each host are assigned the same port-profile. If I put 2 host's on the same ESX machine using the same port-profile, they are able to ping each other.
n1kv-vsm# sh port-profile name xxx-prod-40port-profile xxx-prod-40 description: type: vethernet status: enabled capability l3control: no pinning control-vlan: - pinning packet-vlan: - system vlans: 1 port-group: xxxl-prod-40 max ports: 32 inherit: config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown evaluated config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown assigned interfaces: Vethernet3 Vethernet4
System-uplink profile is trunking all vlans.
View 2 Replies
View Related
Nov 30, 2012
we have configured SSh on our primary and secondry core switch , SSH is working on primary Switch but we are unabme to access secondry Core switch through SSH .
Error are as under :
ov 28 09:14:15.380: SSH1: starting SSH control process
ov 28 09:14:15.380: SSH1: sent protocol version id SSH-2.0-Cisco-1.25
ov 28 09:14:15.396: SSH1: protocol version id is - SSH-2.0-PuTTY_Release_0.62
ov 28 09:14:15.396: SSH2 1: send: len 280 (includes padlen 4)
ov 28 09:14:15.400: SSH2 1: SSH2_MSG_KEXINIT sent
[code]...
View 1 Replies
View Related
Dec 27, 2012
I have a stack of 2 x 3750X switches these are running 12.2(55)SE5. I needed to add some static IP routes and found that the ‘ip routing’ command is not supported. I came across a document that stated “On switches running the LAN base feature, static routing on VLANs is supported only with Cisco IOS Release 12.2(58)SE and later.” So I have upgraded to 12.2(58)SE2, but ‘ip routing’ is still not a valid command.
The release notes state:“On the Cisco Catalyst 3560-X and 3750-X Series, it adds support for 16 static IPv4 routes in the LAN Base image.”
I have read other posts that talk about running the ‘sdm prefer routing’ command which I have done, but I am still unable to add any routes or run the ‘ip routing’ command.
View 4 Replies
View Related
Jun 11, 2013
I have 30 switched in my corporate network it’s all up and running all switches running by default configuration and connected to WS-C4506 core switch our dhcp server pooling 192.168.100.1/27 network. Now we need to configure new Vlan for finance department this department has more than 200 users. If my server distributes 192.168.200.0 range ip can vlan2 automatically assign ip 200.0 addresses to finance department.All switches running default config no ip address assigned.
View 9 Replies
View Related
May 7, 2013
I need to replace an existing ASA 5540 with a new ASA 5525X. I would like to pre-stage and configure the new box with the existing config, migrate license and export certificate files before swapping it with the old one during a change window. The new firewall will run 9.1 on deployment. Now the same 7.2(4) cannot just be copied over to 5525X running the minimum 8.6 version. There is a Web based tool available at [URL] according to Cisco documentation but the page does not load for me (Cisco intranet only tool ?). Is there another tool for automatic conversion ?
View 3 Replies
View Related
Dec 17, 2012
Is it possible to assign 2 ports to a vlan on this switch and have the 2 machines connected to those ports be able to see each other without having to go off of the switch? If so, how would it need to be setup on the switch?
View 4 Replies
View Related
Oct 23, 2012
We have many remote offices that we want to add public wifi and a couple of other services that would be completely outside of our internal network. Each office has a 3750 with plenty of open ports. How can I safely create a vlan for public access on these switches which currently have our internal network on. I have read that people are doing this to save on the cost of purchasing a dedicated switch. Some people are using access lists and one person mentioned creating a private vlan for the public network. I looked up private vlan and it seemed bit confusing.
View 3 Replies
View Related
Nov 3, 2012
Need to confirm if WS-C3750-48TS-S supports Private vlans and IPV6?
Also need to know which stack cable like part number i can use for stacking them .
View 3 Replies
View Related
Jan 7, 2013
We have a cisco 2911 router configured with password for telnet login, but I always failed to login use telnet, does any one know any place need to be modify?
View 6 Replies
View Related
Dec 12, 2012
We have a 24 port and 48 port 3560 E switches with identical IOS the 48 port switch supports private vlan while 24 port switch doesnt
configure private vlans on 24 ports 3560e and is it best practise to configure private vlan on this platform(3560)?
IOS version : C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9-mz.122-55.SE3.bin
View 3 Replies
View Related
Jan 11, 2012
I have defined a trunk between a nexus 5k and cat 3750 as a pvlan trunk - now I would like to add redundance and performance and tried to establish a vpc between my par of nexus's and the 3750 stack - but the nexus tell me that the port-channel doesn't support pvlan's - and then - ehh - do I get any benefits of running the trunk as a pvlan trunk at all?
interface Ethernet1/4
switchport mode trunk
speed 1000
switchport private-vlan trunk allowed vlan 550-552
switchport private-vlan mapping trunk 550 551-552
[code]...
View 5 Replies
View Related
Sep 2, 2012
I have two computers. Computer A is connected to the internet through GSM network. Computer A also have NIC adapter which is connected to local network with IP 192.168.33.10/24.
Computer B in connected to internet with DSL connection.
On both machines I use TeamViewer to make VPN secure tunnel between this two computers. Computer A gets IP:7.200.100.2 Computer B gets IP:7.200.100.3
How can I access from computer B to specific device with IP 192.168.33.250 which is on local network of computer A?
Is it possible to route traffic from VPN to other local network, or it is some possibility to use port forwarding from VPN connection to specific IP address on the local network to specific port number?
View 1 Replies
View Related
Apr 5, 2013
We have a PPPoE DSL link with a dedicated IP providing by a small ISP(ISP A) in Canada. We are having trouble reaching a small group of IPs in the US to be able to access some client resources.We have eliminated all possible local issues by removing the firewall and making a direct connection to the ISP. We have also had numerous tests prove successful when we use other local ISPs.
Trace routes show that the packets get dropped a few hops from the destination on a US ISP(ISP B).The routes even appear to be very similar to the other ISPs we tested. We escalated to ISP A and they say that everything is working properly on their end and the problem is with ISP B. They claim they "have no partnership with ISP B and therefore cannot create a ticket to get it resolved". I tried calling ISP B but I get nowhere because I am not a customer of theirs.
My solution is to give ISP A the boot, but management has denied that request because of the amount of effort required to switch over. How I can escalate this? Is there anyway to go over and above the ISPs?
View 4 Replies
View Related
Feb 9, 2011
I'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
1. Private vlan mapping on the SVI;
2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
3. All Vlans are trunked between switches
4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration.
View 3 Replies
View Related
Mar 7, 2012
I am looking into the possibility of using private vlan's for some dmz implementations however I do have what may be some very rudimentary questions. It seems straightforward how to configure the primary/secondary vlan configuration as well as associating them. However in my case I would be looking to configure the PVLAN on a 6500-vss platform acting as the router while all of the hosts which I would desire to have in the isolated vlan would be spread out across a number of older Cisco switches which only support "protected port" setup or Procurve switches all of which I do not have budget to replace with something newer. So in my scenario I would have a 6500 connected by trunk to multiple switches which only support a protected port setup such as a Procurve (top of rack) or a Cisco 2950. As the Procurve or 2950 would not support Private VLAN setup, do I then just configure the secondary vlan to be allowed across the trunk from the 6500, configure that vlan on the Procurve or 2950 (as vtp will not foward the info for the secondary vlan) and assign that vlan to the host port as well as setting it as a protected port and this will communicate just fine across the trunk to the router as well as stopping the protected port in top of rack switch 1 from being able to communicate to a protected port in top of rack 2,3,etc? If the above scenario is what needs to be done, do I just use a regular trunk or do I have to use a PVLAN trunk?
View 2 Replies
View Related
Sep 5, 2011
I have an skill exercise with 4 Routing Protocols Default Route,Static Route,Eigrp, Ospf. I have about 6-7 routers, and each of them has an routing protocol. But the problem is the Main router INTERNET, which it has to use Static in a direction, and default in the opposite path. This is the scheme of routers and how the r.protocol have to be configured.
View 19 Replies
View Related
