Management ip address on a different vlan/bridge

Similar Messages

• 1300 bridge with native and management vlan in different vlans

  Hello,
  We are going to set up a wireless bridge between two 1300 accesspoints. In our network the native vlan and the management vlan are different vlan's. Will we be able to manage the ap and switch at the "remote" site? Do we have to set up two ssid's, one for native and one for management?
  regards,
  Rutger

  Too answer my own question:
  I don't think it is possible. Things work fine by making our management vlan the native vlan on switches and ap's involved. Management IP address on the BVI1 interface and everything works!
  Rutger

• How to change IP addresses of APs and WLC to the ones from different VLAN

  I'm trying to figure out what is the best practice to change IP addresses on all my access points connected/managed by the WLC.
  I have one WLC2504 controler and three AIR-LAP1041N access points the idea is to change management IP of the WLC from 192.168.2.100 (vlan1) to 192.168.12.100 (vlan79) and all access points accordingly:
  ap1 192.168.2.101 (vlan1) to 192.168.12.101 (vlan79)
  ap2 192.168.2.102 (vlan1) to 192.168.12.102 (vlan79)
  ap3 192.168.2.103 (vlan1) to 192.168.12.103 (vlan79)
  FYI all my APs obtain IP from DHCP server which sits in the vlan1 and each AP is connected to trunk port on Catalyst switch, trunk port (vlan1, vlan79, vlan80, vlan81, vlan82) carries traffic for different WLANs, so my question is what is the best way to change management IP on each device with the minimal downtime.
  Thank you for your advice,
  Luu Manioro

  Well, you will have downtime anyways, but how I would do this is the following:
  Make sure the WLC trunk port has vlan 79 being allowed
  Change the high availability on each AP to point to the hostname of the WLC and the new ip address, you don't need the old ip address anymore
  Console into the WLC or use the service port and change the management ip address and at the same time if possible, move the AP's to the new vlan 79, since they have already joined the WLC, they will know of the ip address of the WLC
  Reboot the AP by shutting down the PoE port or powering off/on the AP
  The AP will find the WLC since you have defined the high availability and also since the AP and WLC are on the same subnet.
  Scott

• Can router dhcp different addresses to different vlans for wireless clients

  is it possible for the router to hand out different ip's to wireless clients on different vlans?

  Yes, the router needs to have a dhcp pool on each subnet and have an "interface Vlan x" for each vlan. It will then assign ips to clients in different vlans.
  One vlan per SSID.

• Can I have multiple different vlans in one Single Mode Transparent Firewall

  Hi,
  I am about configuring Data Center FW (ver 9.2) to protect multi tier Servers Farm; Web, Applications & Data Base. There is a requirement to set the FW in Transparent Mode, while the license is the base 2-contexts, only.
  I wonder if One Single Transparent Context, with different bridge-groups, one for each vlan is a workable solution. I have pasted the configuration of the FW, it may help in understanding the setup.
  ======
  firewall transparent
  names
  interface TenGigabitEthernet0/8
   description To Nx7K-1 Port-8
   channel-group 9 mode passive
   no shutdown
   no nameif
   no security-level
  interface TenGigabitEthernet0/9
   description Nx7K-1 Port-9
   channel-group 9 mode passive
   no shutdown
   no nameif
   no security-level
  interface TenGigabitEthernet1/8
   description Nx7K-2 Port-8
   channel-group 9 mode passive
   no shutdown
   no nameif
   no security-level
  interface TenGigabitEthernet1/9
   description Nx7K-2 Port-9
   channel-group 9 mode passive
   no shutdown
   no nameif
   no security-level
  interface BVI1
   desc Services Zone
   ip address x.x.41.250 255.255.255.0
  interface BVI2
   description WEB-APPS Zone
   ip address x.x.42.250 255.255.255.0
  interface BVI3
   desc Oracle management
  ip address x.x.43.250 255.255.255.0
  interface BVI4
   descr Oracle DB
   ip address x.x.44.250 255.255.255.0
  interface Port-channel9
   description ECLB Trunk to NX7Ks
   duplex full
   port-channel load-balance src-dst-ip-port
   no nameif
   no security-level
  switchport mode trunk
  switchport trunk allowed vlan 41-44,141-144
  interface Port-channel9.41
   vlan 41
   nameif Services-Outside
   bridge-group 1
   security-level 0
  interface Port-channel9.141
   description Services-Inside
   vlan 141
   nameif Services-Inside
   bridge-group 1
   security-level 100
  interface Port-channel9.42
  description WEB_APPS-Outside
   vlan 42
  nameif WEB_APPS-Outside
   bridge-group 2
   security-level 0
  interface Port-channel9.142
   description WEB_APPS-Inside
   vlan 142
   nameif WEB_APPS-Inside
   bridge-group 2
   security-level 100
  interface Port-channel9.43
  desc Oracle management
   vlan 43
   nameif Oracle_Mgmt-Outside
   bridge-group 3
   security-level 0
  interface Port-channel9.143
   description Oracle management Inside
   vlan 143
   nameif Oracle_Mgmt_Inside
   bridge-group 3
   security-level 100
  interface Port-channel9.44
  desc Oracle DB
   vlan 44
   nameif Oracle_DB_Outside
   bridge-group 3
   security-level 0
  interface Port-channel9.144
   description Oracle DB Inside
   vlan 144
   nameif Oracle_DB_Inside
   bridge-group 4
   security-level 100

  it is possible but it is not scaleable.  If I remember correctly you can only have a maximum of 8 BVI interfaces...so this means you can only have 8 subnets going across the ASA.  You would also need seperate VLANs for the inside interface and the outside interface since you can not configure two interfaces to be in the same VLAN, and then assign these interfaces to the appropriate BVI group.
  Please remember to select a correct answer and rate helpful posts

• How to use different Vlans outside another gateway in sg-300 28?

  dear all
  how shall i use different vlans outside another gateway in sg-300 28?
  Example:
  vlan2 192.168.2.0/24 gateway 192.168.2.1 outside router gateway 192.168.2.254
  vlan3 192.168.3.0/24 gateway 192.168.3.1 outside router gateway 192.168.3.254
  should me doing in sg-300 28?
  thanks.

  Hi Amin,
  Leave the switch in Layer 2 mode 
  Cable  VLAN2  to the to the outside router gateway 192.168.2.254 interface
  cable  VLAN3  to the to the outside router gateway 192.168.3.254 interface
  Excuse the rough diagram
  Make the port going to the outside router gateway,  untagged in the vlans they will be transporting. (I am assuming that the router gateway is not vlan aware.)
  IP hosts will most likely get DHCP from the router gateway.  The IP hosts will then automatically send IP traffic to the router gateway.
  VLAN 1 in my switch,  could  then be the only interface within the switch  that has a IP address associated  with it,  for management purposes.
  I can see from you post,  that English is not your first language,  if you want to speak to someone,  you can ask a question by going to;
  www.cisco.com/go/sbsc
  regards Dave

• Assign management ip address with SCVMM 2012 R2 for hyper-v converged network?

  Hi,
  I am setting up a converged network for our Hyper-V clusters using vNICs for the different network traffic including management, live migration, cluster-csv, hyper-v etc.
  Problem is, how do I assign the hyper-v hosts a management IP address? They need a network connection on the management network for scvmm to manage them in the first place. How do I take the existing management IP address that is directly assigned to the
  host and transfer it directly to the new vNIC so scvmm has management of it? Kind of in a chicken and egg situation here. I thought about assigning a temp ip address to the host initially but am worried that assigning the address will cause problems as then
  the host would then have 2 default gateways configured. How have others managed this scenario?
  Thanks
  Microsoft Partner

  Rule of thumb: Use one connected network for your Fabric networks (read the whitepaper), and use VLAN based networks for your tenant VMs when you want to associate VM Networks with each VLAN.
  -kn
  Kristian (Virtualization and some coffee: http://kristiannese.blogspot.com )
  We don't have tenants as such due to this being an environment on a private company LAN for sole use of the company virtual machines.
  What I have so far:
  I created "one connected network" for Hyper-V-Virtual-Machine traffic.
  Unchecked "Allow new VM networks created on this logical switch to use network virtualization"
  Checked "Create a VM network with the same name to allow vms to access this logical network directly"
  This logical network has one site called UK.
  Within this site I have defined all of the different VLANS for this site.
  Created IP pools for each VLAN subnet range.
  I hope I understand this correctly. Started reading the whitepaper from cover to cover now.
  Microsoft Partner

• Management IP Address inquiry in UCS

  We are starting to grow our UCS environment.  Due to that we are using more and more IP's in the pool we set aside for Management IP addresses.  Presently, our fabric interconnects reside in the same subnet (class C) as the pool we are using for Management IP's.  It looks as though each blade uses two IP's out of the Management Pool so we are exhausting the IP's that we set aside pretty quickly.  When I went to setup the UCS environment initially I went to use a subnet for the Management Pool that was different than the subnet being used for the fabric interconnects.  Unfortuantely, I was unable to connect to the KVM functionality with the Management Pool in a different subnet that the fabric interconnects.  When I changed the Management Pool IP's to the same subnet as the fabric interconnects the issue went away.  So I take it that the KVM functionality comes through the management interfaces of the fabric interconnects.
  My question is how do I provide a different subnet for my Management Pool.  I will run out of IP's in this one subnet eventually and will have to add another one in that is different from what the fabric interconnects are using.  Do I have to set the ports that the fabric interconnect management interfaces are plugged into for vlan tagging and then change the network configuration of the fabric interconnects?

  Russ,
  In the current version (up to 2.1) the Management IPs for blades are required to belong to the same subnet as the Management Interfaces of the Fabric Interconnects.  This is due to the way we proxy the KVM request from Management Interfaces to the Blades CIMC.  In a future release we're investigating breaking the blade IPs into their own subnet/VLAN but this is a ways out - no committed date at this time.
  We understand this puts quite a requirment on the size of the Management Subnet, but with proper design it shouldn't be much of an issue.
  Regards,
  Robert

• Map 300 different VLANs to a SSID?

  Hi Everyone,
  I've just come across a situation where the customer requires to have their 300 different VLANs (they got 300 stores across AU) to be mapped to the same SSID. I know this is doable by creating an interface group on the WLC that contains all 300 VLAN interfaces, then map the interface group to the SSID. However, is there a better way to do it? I meant I don't think creating 300 interfaces on the WLC is a good idea from a managment point of view.
  Thanks you in advanced for your time and for sharing your wisdom.
  Regards,
  Nhan.

  Hi Nhan,
  This post in Small Business Forum and you need to address this in Enterprise Level Forum.
  Thank you.

• Ip address on created Mangement VLAN shuts down 255 VLAN 1.0 subnet

  My predecessor created a VLAN 255 to replace VLAN 1 as the Management VLAN.  I noticed a some of the switches had there IP's on Fas0 out of band interface. To me it made more sense to put that ip address on a int vlan 255 on all the switches. As I did to my 4th Core Switch I added the ip address *.1.24 and it shut down the entire 255 vlan with affect the .1.0 subnet.  I for the life of me can can't figure out what is causing the problem. It is not like any other device is using the 1.24 ip address and even if it was it should affect access to that device not all other devices on the 1.0 subnet.
  The message in the log (doing the show log command) only shows interface 255 going up and down. The subnet mask is 255.255.255.0 (/24).  I just put the ip in the interface again and pinged devices in the 1.0 subnet when I brought the interface back up yet I could not access any services on the 1.0 subnet from my workstations. I shut the interface again and could access services In that subnet again.

  The VLAN is in the trunk. shouldn't that be enough as for as putting it in the port goes?  I already have the interface shut and configured. When I unshut the entire .1.0 subnet does down. To me it's just so unlogical.

• AP On Different Vlan Than Controller

  I have a 5508 controller at our headquarters and am installing some 3502 AP's at a remote branch.  Unfortunatly, the remote branch has a different Vlan setup for some reason and the vlan that is used for the WLC (90) is designated for telephony at this branch.  Can I put the AP's on a different VLAN (10) without having any issues?  I will still use DHCP option 43 to point them back to the controller. Below are the configs for the WLC interfaces and what I am proposing for the AP interfaces:
  WLC Config
  interface GigabitEthernet1/1/38
  description WLC01
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 90
  switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
  switchport mode trunk
  channel-group 5 mode on
  interface GigabitEthernet1/1/39
  description WLC01
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 90
  switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
  switchport mode trunk
  channel-group 5 mode on
  interface Port-channel5
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 90
  switchport trunk allowed vlan 1,10,50,90,91,390,410-413,610-613,800,810,811
  switchport mode trunk
  AP Interface Config
  interface GigabitEthernet1/0/1
  description *** Access Point AP001 ***
  switchport access vlan 10
  switchport mode access
  spanning-tree portfast
  Will this work? 

  Hi Pat,
  When deciding to do LOCAL mode or CENTRAL SWITCH mode you need to consider a few items:
  1) NAT -- If there is a NAT between both locations almost all customers would rather LOCAL mode. Reason being is the ability to access local resources without nat issues. Remember, central model has all traffic and IP addressing coming from the main office.
  2) Internet / Main office connection - If the remote office is on a MPLS for exmaple. Using local switching is reartly used becuase if you lose the conenction with the main office you have bigger issues then having wireless access.
  These are the 2 questions my customers always look at ...
  I hope this helps...

• Wireshark capture on access port displays different vlan traffic

  Hi Guys,
  i have a nexus 4001i Blade Center Switch where i have a server connected in mode access to a particular vlan.
  when i use wireshark on this port, i see different traffic conversations of different servers in different vlans which seems strange to me.
  anybody have an idea why a server in mode access with wireshark is able to view different vlan traffic? I also see non multicast and non broadcast converations.
  the port the server is connected to is not a monitor port but only in switch port mode access.
  thanks in advance for you feedback

  Hi,
  So it looks like you're getting unicast traffic flooded to all ports. There are a couple of reasons I've come across that can cause this.
  Asymmetric routing: See Unicast Flooding in Switched Campus Networks and/or Case Study #8: Asymmetric Routing and HSRP (Excessive Flooding of Unicast Traffic in Network with Routers That Run HSRP) for details of why it happens and how to prevent it.
  Microsoft Network Load Balancing. As per the Microsoft Troubleshooting NLB:
  In unicast mode (the default Forefront TMG cluster operation mode) NLB induces switch flooding, by design, relaying packets sent to the VIP addresses to all cluster hosts. Switch flooding is part of the NLB strategy for obtaining the best throughput for any specific load of client requests. However, if the NLB interfaces share the switch with other (non-cluster) computers, switch flooding can add to the other computers' network overhead by including them in the flooding and consequently have a detrimental effect on network and/or server performance.
  Regards

• 4506 & SUP V Management IP address question.....

  Hello all, I have two questions. The new 4506 SUP V engines don't have the good old SCO interface that I'm used to. So, since it's running an IOS now instead of the old CATos, I figured I'l create a new vlan and then make it the management IP address by using the 'MANAGEMENT' command (like in the old 2900's). Well, that didn't work either, so my question is...on what int. do I configure the mgnt. IP address?
  -thank you....

  Russ,
  In the current version (up to 2.1) the Management IPs for blades are required to belong to the same subnet as the Management Interfaces of the Fabric Interconnects.  This is due to the way we proxy the KVM request from Management Interfaces to the Blades CIMC.  In a future release we're investigating breaking the blade IPs into their own subnet/VLAN but this is a ways out - no committed date at this time.
  We understand this puts quite a requirment on the size of the Management Subnet, but with proper design it shouldn't be much of an issue.
  Regards,
  Robert

• Multicast Does not work between different VLANS

  Hi,
  I have problems with multicast. On the same VLAN i can see the SAP announcement in VLC and play, but on different VLAN i can see SAP but i cant play it. The play turn to pause and the video doesn´t appear.
  I have 2 Cisco 6500 switch CORE with GLBP configured but not working. In the second switch i have all interfaces in shutdown. The first core switch have L3 routing enable.
  The Global configurations:
  ip multicast-routing.
  I have the transmitter PC on vlan 51 i transmit to 230.0.0.50 group an im trying to recive on vlan 80. The vlans configurations are:
  Vlan 51
  ip address x.x.31.254 255.255.255.0
  ip pim sparse-dense-mode
  Vlan 80
  ip address x.x.80.1 255.255.255.0
  ip pim sparse-dense-mode
  I have 2 Cisco 2960 (L2 only) for the access.
  The principal commands outputs are:
  CORE1#show ip mroute | inc 230.0.0.50
  (*, 230.0.0.50), 01:50:50/00:02:21, RP 0.0.0.0, flags: DC
  CORE1#
  CORE 1
  interface Vlan1
  ip address x.x.1.1 255.255.0.0
  ip access-group 101 out
  no ip unreachables
  ip pim sparse-dense-mode
  mls rp ip
  interface Vlan51
  ip address x.x.31.254 255.255.255.0
  ip access-group 151 out
  ip helper-address x.x.x.x
  ip helper-address x.x.x.x
  no ip unreachables
  ip pim sparse-dense-mode
  mls rp ip
  interface Vlan80
  ip address x.x.80.1 255.255.255.0
  ip access-group 150 out
  no ip unreachables
  ip pim sparse-dense-mode
  glbp 80 ip x.x.80.254
  glbp 80 timers 5 18
  glbp 80 timers redirect 600 7200
  glbp 80 priority 254
  glbp 80 preempt delay minimum 60
  glbp 80 authentication text glbpkey
  glbp 80 forwarder preempt delay minimum 60
  CORE2
  interface Vlan1
  ip address x.x.1.4 255.255.0.0
  ip access-group 101 out
  no ip unreachables
  ip pim sparse-dense-mode
  mls rp ip
  interface Vlan51
  ip address x.x.31.2 255.255.255.0
  ip access-group 151 out
  ip helper-address x.x.x.x
  ip helper-address x.x.x.x
  no ip unreachables
  ip pim sparse-dense-mode
  shutdown
  mls rp ip
  glbp 51 ip x.x.31.254
  glbp 51 timers 5 18
  glbp 51 timers redirect 600 7200
  glbp 51 preempt delay minimum 60
  glbp 51 authentication text glbpkey
  glbp 51 forwarder preempt delay minimum 60
  interface Vlan80
  ip address x.x.80.2 255.255.255.0
  ip access-group 150 out
  no ip unreachables
  ip pim sparse-dense-mode
  shutdown
  mls rp ip
  glbp 80 ip x.x.80.254
  glbp 80 timers 5 18
  glbp 80 timers redirect 600 7200
  glbp 80 preempt delay minimum 60
  glbp 80 authentication text glbpkey
  glbp 80 forwarder preempt delay minimum 60
  end
  Someone can help?
  Thanks,
  Alfredo

  Hi johnd...
  Im using VLC 1.1.2 (i can not update because i have a DVDT2 card to capture the digital terrestrial television and it only work in this version). I have all the firewalls down.
  This is the output for the show ip igmp snooping groups on the 2960.
  80        230.0.0.50               igmp        v2          Gi1/0/21, Gi1/0/24
  Port G1/0/21 is where the receiver is conected and the 24port is the trunk.
  Jon, i revert and this is the output. I put the ip pim rp-address the same of the lookpback that i create previously.
  (*, 230.0.0.50), 00:37:46/00:02:19, RP 192.168.230.230, flags: SJC
    Incoming interface: Null, RPF nbr 0.0.0.0
    Outgoing interface list:
      Vlan80, Forward/Dense, 00:09:52/00:00:00
  The strange thing is that I have more than 40 vlans and it only fail in some vlans like 80.

• How to manage IP address assignment for laptops?

  Dear All,
  I'm looking for an efficient way to manage IP address assignment for laptops.
  I have a DHCP server with reservation for all my devices.
  Laptops usually have 2 NICs: LAN and WiFi card.
  So, how can I manage the IP assignment for these devices?
  If I make a DHCP reservetion with two different IP addresses, I can have problems with DNS round-robin.
  Should I enable the DNS secure dynamic update for domain members and then reserve two different IP addresses on DHCP?
  I don't want that user needs to manually change their NIC configuration.
  What you suggest?
  Thanks

  The best way to manage it would be to "not" manage it.  DHCP by definition is supposed to be "dynamic".  DHCP Reservations are great for a few devices that live under "special circumstances" but you never want to set Reservations for everything,...if
  you do that then just don't have DHCP to start with and statically assign everything.
  The combination of DHCP with dynamically updated DNS in AD means you never have to know or ever care what the IP# is.  Everything is referred to by it's hostname.
  Some things to keep in mind:
  Every interfaces has a different MAC,...meaning the Laptops have two MACs. Therefore it is impossible to reserve the same IP# for both. So they end up with a different IP# depending on which Nic they use.  Running two laptop nics on the same LAN at
  the same time is always bad.  Either always use the wireless,...or always turn off the wireless nic when laptops are local within your facility and can use the physical nic.   In other words pick one,...or the other,...never allow both to work
  at the same time.  This is a responsibility and education issue of the user,...you can't do this for them.
  User can not change their own network IP Specs unless they are Local Administrators on their machines,...and they should never be allowed to be Local Administrators.