3550 Switch -Fiber interface VLAN question
Hello,
I will deploying two Cisco 3550 Switches and connecting them via a ordinary multimode fiber with GBIC 1000BASE-SX - transceivers installed on each switch. Here is my question: I will be configureing about half of the ports on each of the switches to be in one of two VLANS. I would like to configure the two vlans to run over the single fiber line. Is is possible to configure one fiber port, with the GBIC 1000BASE-SX - transceiver installed, with two vlans and/or subinterfaces each with half of the 1000mb of bandwidth, or will I need to run an additional fiber line connected to the second fiber interface on the 3550 to accomplish this. I really hope not to as I don't have the funds to run a second line at this time. If this configuration is possible could someone please point me to documentation on how to configure this and\or give some advice. Thank you.
Regards,
JPS
Just set up the link as a trunk , this allows you to send as many vlans across that link as you want . On each side just do the following.
switchport
switchport trunk encapsulation dot1q
switchport trunk mode dynamic desirable
Verify trunk status with the "show int trunk " command.
More info at http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00803a9af5.html#wp1200245
Similar Messages
-
I have a 24 port fiber 3550 attached to a 12 port copper 2950 via trunked gigastack interfaces. My router attaches to an interface on the 2950 that is a member of VLAN 40, my management VLAN. Both the 2950 and the 3550 have IP addresses associated with VLAN 40. My problem is that no switchports on the 3550 are members of VLAN 40 which is keeping the interface associated with VLAN 40 as "down down" and I cannot communicate with it. I have tried "no keepalive" on interface VLAN 40 but the interface does not come up. Is there a command that can be entered to force the interface to come up even though there are no ports associated with it? Thanks.
Hi Efairbanks,
If you have a trunk port configured between 3550 and 2950 and vlan 40 is allowed on that trunk port int vlan 40 will be up and up.
Please check 2 things..
1) Vlan 40 is present in vlan database. Check with command "sh vlan"
2) If it is present in " sh vlan " output check your trunk config and make sure you allow vlan 40 on the trunk port.
There is no specific command which can bring int vlan 40 up and up. Eithere there should be a active port for vlan 40 or trunk shoule be configured allowing vlan 40 on it.
HTH
Ankur -
Configure interface vlan on switch 3524 XL
Hi all,
I have an old switch C3524 running image "C3500XL-c3h2s-mz-120.5.2-xu". I had successfully created vlan 120 but when I config "interface vlan 120" as follows:
swicth # conf t
switch(config-subif)#interface vlan 120
switch(config-subif)#ip address 172.10.10.1 255.255.255.0
switch(config-subif)#no shut
then show run does not see this interface. Show vlan indicates vlan 120 is active.
Please help. thank you.you're right. I just shut down interface vlan 10 (interface vlan 1 is down already) then interface vlan 120 comes up. Question is: if I need to configure several ports: some in vlan 10 and some in vlan 120 then should I have interface vlan 10 up too ?
Thank you very much. -
Assign VLAN from freeradius to Cisco 3550 Switch
Hi All,
I am trying to assign VLAN from freeradius to the a cisco 3550 switch but it's not working.
I keep getting those lines in the cisco switch debug:
3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
What does it mean? Any idea how to solve this?
Below freeradius conf and switch debug.
Thanks.
Configuration on freeradius users file:
wassim Cleartext-Password := "wassim"
Tunnel-Medium-Type:1 = IEEE-802,
Tunnel-Type:1 = VLAN,
Tunnel-Private-Group-Id:1 = 100
Cisco Switch debug log:
3w6d: RADIUS: authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E 67
3w6d: RADIUS: NAS-IP-Address [4] 6 192.168.1.8
3w6d: RADIUS: NAS-Port [5] 6 50023
3w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: Called-Station-Id [30] 19 "00-15-F9-F8-4E-97"
3w6d: RADIUS: Calling-Station-Id [31] 19 "00-1A-80-3F-F6-A1"
3w6d: RADIUS: Service-Type [6] 6 Framed [2]
3w6d: RADIUS: Framed-MTU [12] 6 1500
3w6d: RADIUS: State [24] 18
3w6d: RADIUS: DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7 [???????^u^[?#:T?]
3w6d: RADIUS: EAP-Message [79] 69
3w6d: RADIUS: 02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04 [???C??????8?q???]
3w6d: RADIUS: BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61 [?????????c,????a]
3w6d: RADIUS: 64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4 [d!+???n??IPk????]
3w6d: RADIUS: 36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59 [6????w-?(?7??s?Y]
3w6d: RADIUS: F9 37 E6 [?7?]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0 [?Y????_x??Y?M?t?]
3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept, len 186
3w6d: RADIUS: authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92 C3
3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
3w6d: RADIUS: Tunnel-Private-Group[81] 6 01:"100"
3w6d: RADIUS: Vendor, Microsoft [26] 58
3w6d: RADIUS: MS-MPPE-Recv-Key [17] 52
3w6d: RADIUS: 86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A [??>tv????????.??]
3w6d: RADIUS: 12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76 [?;?????o?c?????v]
3w6d: RADIUS: 61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35 [a?j]b?r?x??M??T5]
3w6d: RADIUS: 40 DC [@?]
3w6d: RADIUS: Vendor, Microsoft [26] 58
3w6d: RADIUS: MS-MPPE-Send-Key [16] 52
3w6d: RADIUS: 8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE [?a??x??????u?p??]
3w6d: RADIUS: 71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E [q?Z!S5???????Cn?]
3w6d: RADIUS: AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8 [???VlB???????~l?]
3w6d: RADIUS: 56 58 [VX]
3w6d: RADIUS: EAP-Message [79] 6
3w6d: RADIUS: 03 06 00 04 [????]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: 82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33 [?Kd??dY??'?????3]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: EAP-login: length of eap packet = 4
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: Tunnel-GID, [01] 100
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to upI believe you should be using the numerical values in your fields, look at this one :
http://www.scribd.com/doc/75788651/52/X-with-VLAN-Assignment
Tunnel-Medium-Type:1 = 6
Tunnel-Type:1 = 13
Tunnel-Private-Group-Id:1 = -
Routing Issue with 3550 Switch
I am having an issue with routing with one of my Cisco 3550 switches. I know the 3550s are EoL but some of us have to work with what we have.
I am using a 3550 on either side of a Layer 2 link. The Layer 2 link is 2 Extreme Summit X-440 switches with Microwave between the switches. I have a VLAN configured on both switches and tagged on the ports connected to the Microwave. The 3550 switch on each end is configured for IP routing but I cannot pass traffic between the switches. If I unplug the switch on the local end and plug in a laptop, I can ping the switch on the remote end and access devices at the remote end.
I know this should work because I am doing the same thing over another Microwave link and Layer 2 link using another 3550 and a HP ProCurve at the remote end.
Here are the configs for each 3550:
Local end; Port Fa0/23 goes to the Remote Side. Port Fa0/24 goes to the rest of the network
Current configuration : 5417 bytes
! No configuration change since last restart
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
service sequence-numbers
hostname Brindley3550
enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring 1 Sun Apr 2:00 1 Sun Nov 2:00
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 10
mls qos min-reserve 7 65
mls qos min-reserve 8 26
mls qos
ip subnet-zero
ip routing
ip domain-name morgan911.net
ip name-server 1.2.150.11
ip name-server 1.2.150.5
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 18
switchport mode dynamic desirable
spanning-tree portfast
{Removed for Brevity}
|
interface FastEthernet0/7
switchport access vlan 13
switchport mode dynamic desirable
spanning-tree portfast
interface FastEthernet0/8
switchport access vlan 13
switchport mode dynamic desirable
spanning-tree portfast
{Removed for Brevity}
interface FastEthernet0/23
description To Gum Springs via Extreme P10
no switchport
ip address 1.2.147.1 255.255.255.252
speed 100
duplex full
interface FastEthernet0/24
description To Flint via Ceragon Eth 2
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
mls qos trust cos
auto qos voip trust
wrr-queue bandwidth 20 1 80 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
spanning-tree link-type point-to-point
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/2
switchport access vlan 10
switchport trunk native vlan 50
switchport mode dynamic desirable
spanning-tree portfast trunk
interface Vlan1
ip address 1.2.145.2 255.255.255.0
ip default-gateway 1.2.145.1
ip classless
ip route 0.0.0.0 0.0.0.0 1.2.145.1
ip route 1.2.165.0 255.255.255.240 1.2.147.2
ip route 1.2.166.0 255.255.255.240 1.2.147.2
ip http server
snmp-server community public RO
snmp-server community public/RO RO
snmp-server location Brindlee Mountain Tower Site
snmp-server contact Jamey Wright
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps envmon fan shutdown supply temperature
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps mac-notification
snmp-server enable traps vlan-membership
snmp-server host 1.2.150.100 public tty envmon syslog snmp
control-plane
ntp clock-period 17180143
ntp server 1.2.150.21
end
And this is the config for the remote end. Port Fa0/24 is the port for the link back to the local end.
Current configuration : 5058 bytes
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
service sequence-numbers
hostname GS3550
enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring
mls qos map cos-dscp 0 8 16 24 32 46 46 56
udld aggressive
ip subnet-zero
ip routing
ip domain-name morgan911.net
ip name-server 1.2.150.11
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 21
switchport mode dynamic desirable
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 21
switchport mode dynamic desirable
power inline delay shutdown 20 initial 300
spanning-tree portfast
{Removed for Brevity}
interface FastEthernet0/23
switchport access vlan 22
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
spanning-tree portfast
interface FastEthernet0/24
description To Brindlee via Extreme P10
switchport mode dynamic desirable
(Is a member of VLAN 1)
speed 100
spanning-tree portfast
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/2
switchport mode dynamic desirable
spanning-tree portfast
interface Vlan1
ip address 1.2.147.2 255.255.255.252
interface Vlan21
ip address 1.2.165.1 255.255.255.240
ip helper-address 1.2.150.11
ip helper-address 1.2.150.5
interface Vlan22
ip address 1.2.166.1 255.255.255.240
ip helper-address 1.2.150.5
ip helper-address 1.2.150.11
ip default-gateway 1.2.147.1
ip classless
ip route 0.0.0.0 0.0.0.0 1.2.147.1 10
ip http server
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps envmon fan shutdown supply temperature
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps mac-notification
snmp-server enable traps vlan-membership
snmp-server host 1.2.150.100 public envmon syslog snmp
control-plane
ntp clock-period 17180192
ntp server 1.2.150.21 key 0 prefer
Ideas? Anything stand out as grossly wrong? I have worked on this for 2 days and am at a loss.
Thanks
JameySorry for the delay in replying. Other items at the office took priority over this project. I tried that and no change. I pulled the switch from the remote site and took it back to the local end and connected the switches with a crossover cable and everything works fine. I have pretty much determined that it is an issue with the config in one of the Extreme switches. The config in those look pretty normal but there are a few things I am unsure of. Guess I'll see if there is a similar site for Extreme gear.
Thanks
Jamey -
My apologies if this has been asked before, but I have some questions regarding the setup of my new switch and network. I have never worked with switches before, so this is quite a learning experience. The picture above describes the current layout of my network. Here is how I have tried to set it up, so far.
VLAN 1 [Ports 1-4, Untagged, Trunk] (172.16.1.1/24)
Workstation A (Wired)
172.16.1.2/24
Server B (Wired)
172.16.1.3/24
VLAN 2 [Ports 5-8, Untagged, Trunk] (172.16.2.1/24)
Server C (Wired)
172.16.2.2/24
Server D (Wired)
172.16.2.3/24
Server E (Wired)
172.16.2.4/24
Server F (Wired)
172.16.2.5/24
VLAN 3 [Ports 9-10, Untagged, Trunk] (192.168.1.1/24)
Laptop G (Wireless)
DHCP via Router
Laptop H (Wireless)
DHCP via Router
Laptop I (Wireless)
DHCP via Router
Wireless Router
192.168.1.254/24
Now, my goal is to have all 3 VLANs be able to talk to each other but also have VLAN 1 access the internet, through the wireless router. In the future I would also like Server B to be able to expose services (http & ssh) to the outside. VLAN 2 shouldn't have internet access at all. I know I can add static routes to the wireless router, if need be. All three laptops, can access the internet through the wireless router, without any problems.
So my questions are:
1) Is there anything inherently wrong with the design of this network? If so, what could be changed?
2) Is VLAN 3 really necessary?
3) What would I need to do, to get the 3 VLANs communicating with each other?
4) What should the gateway be, to get VLAN 1 internet access?
5) What would I need to do, to expose Server B services to the outside?
6) What static routes do I need to add?
Thanks in advance!
JerHello Jeremy,
Thank you for your interest and patience.
You are on the right track here. However, several important changes must be made. Consider the following concepts:
The concept of a native VLAN. The link between the router and the switch must be part of VLAN 1. Otherwise, information from the router will not be distributed correctly on the switch due to the current PVID of 3.
The VLAN IP Interface (VLAN IP Address) identifies the subnet for the VLAN. Therefore, thinking of the switch as a router, you are correct that the default gateway for each client should be the respective VLAN interface on the switch. The switch will automatically route between directly connected IP Interfaces and their subnets.
However, in order for your clients to get to network that the switch doesn't know about, (the internet), there must be a default route to the router.
Additionally, in order for the router to forward information from the internet back to the VLANs on the switch, the router must know how to reach the different VLANs.
The folloing linked figure (Fig. 1) describes an appropriate sample setup. See here.
In this scenario, a SG300-10 is configured with 3 VLANs:
VLAN 1 - Default VLAN, used for management - 192.168.1.x/24 - Ports 9-10 - 1U - Trunk Mode
VLAN 2 - Servers - 192.168.2.x/24 - Ports 5-8 - 2U - Trunk Mode
VLAN 3 - Workstations - 192.168.3.x/24 - Ports 1-4 - 3U - Trunk Mode
VLAN 1 is used to communicate to the router. Therefore, the following default route must be added to the switch's configuration:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
The switch will automatically build the routes between the VLANs local to the switch. Visualize Server C going togoogle.com. Its IP address is 192.168.2.2. Its default gateway should be the VLAN 2 IP Interface on the switch (192.168.2.254 in this example). Because the default route is configured, the switch will forward the internet request to the router. The router will then forward the request to your ISP out the WAN where it will eventually reach Google.
However, when the request comes back into the router, the router must know to route it to the 192.168.2.x subnet. So, in order for this to work, routes that accomplish the following must be configured on your router:
Subnet IP Mask Gateway Interface
192.168.2.1 255.255.255.0 192.168.1.254 (SG-300 IP Interface) LAN
192.168.3.1 255.255.255.0 192.168.1.254 (SG-300 IP Interface) LAN
As you have already discovered, there are several limitation to using a router that does not support 802.1Q tagging. Chiefly, your clients will not receive either DHCP or DNS automatically from the router. To mitigate this, you can do either of the following:
Run a DHCP server with multiple DHCP scopes on a device connected to your switch. You can then use Option 82 on the switch to route DHCP requests and DNS info between VLANs on the switch.
Statically configure IP and DNS information. You could enter Open DNS Servers or Google's DNS servers on your clients.
Ideally, you would want to use a router that supports 802.1Q tagging. In this figure here (Fig. 2), you can see the VLANconfiguration page for a Cisco RV180W, a very capable and affordable small business router that I highly recommend. Port 1 on the RV180W is configured as a trunk port and carries VLANs 1-3 to the switch. The clients automatically receive IP addresses and DNS information from the correct DHCP pool on the router.
Do not hesitate to contact us. We are always happy to help.
All the best,
-David Aguilar
Cisco Small Business Support Center
1-866-606-1866 -
WLC 5508 , AP client dhcp address different from WLAN interface VLAN subnet?
Hope the title makes sense, here's my situation: I have multiple businesses on 1 WLC 5508, there's a LAG to my core switch with seperate interfaces for each, broken up by vlans.
My question is: if i have a WLAN setup to use interface "Company A" which is vlan 10 with an ip of 10.0.1.5 which then points to 10.0.1.10 for dhcp.
Can the WLAN client connecting to the Company A WLAN use an IP in a different IP range?(192.168.1.10?) can the wlc route? from the perspective of the DHCP server where doers the request come from? (10.0.1.5?)
Can the DHCP server 10.0.10.10 on vlan 10 respond back with and ip on a different subnet to assign to the client to use and still be fully fonctioning? would the default gateway for the client need to be 10.0.1.5? So the clients ip would be 192.168.1.10 /24 with a gateway of 10.0.1.5 (ip adress fo vlan10 interface on WLC) And if multiple clients on the same subnet wanted to talk to each other woudl the WLC know how to route them to each other without passing through the default gateway?
Sorry if this is confusing I'm having a bit of a hard time explaining it in works, i can try and draw somethign up if it makes more sense.
thanks
EricI think if you want these clients to stick to a WLAN configured on a VLAN that has a different IP addressing you could configure your VLAN with the normal IP addressing then add on the SVI the 2nd IP_Class_default_gateway.
E.G.
Vlan 10
interface vlan 10
ip address 10.0.10.1 255.255.255.0
ip address 192.168.1.1 255.255.255.0 secondary
Clients that receive IP address from 192.168.1.0/24 network will be able to reach 192.168.1.1 and all traffic will pass right. -
I am replacing a standard set of switches out with ones that can support PVLAN's. All our switches currently have their ip address on vlan 1 and that is the subnet which the default gateway resides. The second switch acts as a redundant switch and will need the same vlans as the primary. Currently they are etherchanneled together. I want to setup a single private vlan with one isolated vlan and several community vlans. My question is where do I put the IP address? Do I still setup a vlan 1 interface as I have done all along? Or do I put the addrss on the primary private vlan? And I assume I will need to setup a trunk between the two switches, vs. etherchannel?
Private VLANs provide Layer 2 isolation between ports within the same private VLAN. There are three types of private VLAN ports:
PromiscuousA promiscuous port can communicate with all interfaces, including the community and isolated ports within a private VLAN.
IsolatedAn isolated port has complete Layer 2 separation from other ports within the same private VLAN except for the promiscuous port. Private VLANs block all traffic to isolated ports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports.
CommunityCommunity ports communicate among themselves and with their promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities or isolated ports within their private VLAN.
PVLANS are also knows as secondary vlans, they are always associated to primary vlans so they can communicate to other devices outside their subnet through the default gateway. The management ip address or sc0 if it's CAtOS will always be in primary vlan or if native IOS and it's interface vlan it will always be the primary vlan. so, to answer your question, the management ip address will be in primary vlan.
You cannot use the inband port, sc0, in a private VLAN.
Note: With software release 6.3(1) and later releases, you can configure the sc0 port as a private VLAN port; however, you cannot configure the sc0 port as a promiscuous port. -
SG300/SG500 remove interface vlan
Hello!
The issue is following:
I add an vlan interface for testing IP connectivity in this vlan by adding an IP to this vlan interface and ping an host.
eg
interface vlan 5
ip address 192.168.0.251 255.255.255.0
Afterwards i can remove the ip address with "no ip address", but I can't remove the "interface vlan 5".
Even when i delete the vlan itself from the vlan database. There is no "no interface vlan" command. I only can shutdown the vlan interface.
So does anybody know, how to remove vlan interfaces from the cli of SG300/SG500 switches.
Thanks, WoegerHello,
I just attempted this with my lab switch here.
I created VLAN 10 and gave it an IP address.
Then I did a no ip address on the VLAN interface, and then a no vlan 10.
At this point there is no interface VLAN 10 listed in my running config or when I do a show ip interface.
So removing the VLAN did actually delete the interface for me, which brings me to my question.
Which version of the firmware/bootcode are you currently using? It may be that this has been fixed, because I am currently running 1.3.7.18 firmware with 1.3.7.01 bootcode.
If you are on a lower one go ahead and upgrade it, remember to upgrade the bootcode as well, it is required for the newer firmware versions.
Hope that helps, but if not just let me know and we can take another look,
Christopher Ebert - Advanced Network Support Engineer
Cisco Small Business Support Center
*please rate helpful posts* -
Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet
I've about pulled what little hair I have out of my head on this one, and need some configuration help.
I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached. All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly. I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet. I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong. When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work. Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers? Here's what I am looking for:
INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESSThe Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
HTH,
John -
SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN
Hi Everyone,
Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
I just got the new SG-300 28P switches. My Bios ordered for me. I did not know how it runs until now... not an IOS based. I really do not know how to configure it.
I have 2 VLAN are Data and Voice.
- Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
- Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
- I created two vlans, in switch, Data and Voice.
- On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
- On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
- On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
- Port settings No.1
I set it up as Trunk with Data vlan 2 untagged, and 200 Tagged (voice vlan). I plugged in a phone with a pc attached. But the PC will get to the vlan 200 to get the DHCP address, but no from vlan 2. The Phone works with correct vlan ip.
- Port settings No.2
Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
- Port settings No.3
Access with 200U...of course the phone will work... and the PC could not get to its own vlan. Instead, the PC got an ip from the voice vlan. Not from VLAN 2.
I have Linksys phone I’m not sure if this help.
For more information I setup in switch,
- enable voice vlan
- set the port on auto voice vlan
- enable LLDP-MED globally
- create a network policy to assign VLAN 200
- assign this network policy to the port the phone is connected to.
I hope this information help to help me to setup Data and Voice vlans, to plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).I just got done setting up voice VLANs on an SF 300-24P and verified working. This was working with Cisco 7900 series phones connected to a Cisco UC setup.
Here's my sample config.
Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work. However, this should give you a clue. Also, don't take this as 100% accurate or correct. I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years. I'm a CCNP/CCDP.
VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
VLAN 149 is the data/computer VLAN here.
VLAN 111 is the voice/phone VLAN here.
VLAN 107 does nothing.
interface range ethernet e(1-24)
port storm-control broadcast enable
exit
interface ethernet e1
port storm-control include-multicast
exit
interface ethernet e2
port storm-control include-multicast
exit
interface ethernet e3
port storm-control include-multicast
exit
interface ethernet e4
port storm-control include-multicast
exit
interface ethernet e5
port storm-control include-multicast
exit
interface ethernet e6
port storm-control include-multicast
exit
interface ethernet e7
port storm-control include-multicast
exit
interface ethernet e8
port storm-control include-multicast
exit
interface ethernet e9
port storm-control include-multicast
exit
interface ethernet e10
port storm-control include-multicast
exit
interface ethernet e11
port storm-control include-multicast
exit
interface ethernet e12
port storm-control include-multicast
exit
interface ethernet e13
port storm-control include-multicast
exit
interface ethernet e14
port storm-control include-multicast
exit
interface ethernet e15
port storm-control include-multicast
exit
interface ethernet e16
port storm-control include-multicast
exit
interface ethernet e17
port storm-control include-multicast
exit
interface ethernet e18
port storm-control include-multicast
exit
interface ethernet e19
port storm-control include-multicast
exit
interface ethernet e20
port storm-control include-multicast
exit
interface ethernet e21
port storm-control include-multicast
exit
interface ethernet e22
port storm-control include-multicast
exit
interface ethernet e23
port storm-control include-multicast
exit
interface ethernet e24
port storm-control include-multicast
exit
interface range ethernet g(1-4)
description "Uplink trunk"
exit
interface range ethernet g(1-4)
switchport default-vlan tagged
exit
interface range ethernet e(21-24)
switchport mode access
exit
vlan database
vlan 107,111,149,199
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 107
exit
interface range ethernet e(21-24)
switchport access vlan 111
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 111
exit
interface range ethernet e(1-20)
switchport trunk native vlan 149
exit
interface range ethernet g(1-4)
switchport trunk allowed vlan add 149
exit
interface range ethernet g(1-4)
switchport trunk native vlan 199
exit
voice vlan aging-timeout 5
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
voice vlan oui-table add 108ccf MyCiscoIPPhones1
voice vlan oui-table add 40f4ec MyCiscoIPPhones2
voice vlan oui-table add 8cb64f MyCiscoIPPhones3
voice vlan id 111
voice vlan cos 6 remark
interface ethernet e1
voice vlan enable
exit
interface ethernet e1
voice vlan cos mode all
exit
interface ethernet e2
voice vlan enable
exit
interface ethernet e2
voice vlan cos mode all
exit
interface ethernet e3
voice vlan enable
exit
interface ethernet e3
voice vlan cos mode all
exit
interface ethernet e4
voice vlan enable
exit
interface ethernet e4
voice vlan cos mode all
exit
interface ethernet e5
voice vlan enable
exit
interface ethernet e5
voice vlan cos mode all
exit
interface ethernet e6
voice vlan enable
exit
interface ethernet e6
voice vlan cos mode all
exit
interface ethernet e7
voice vlan enable
exit
interface ethernet e7
voice vlan cos mode all
exit
interface ethernet e8
voice vlan enable
exit
interface ethernet e8
voice vlan cos mode all
exit
interface ethernet e9
voice vlan enable
exit
interface ethernet e9
voice vlan cos mode all
exit
interface ethernet e10
voice vlan enable
exit
interface ethernet e10
voice vlan cos mode all
exit
interface ethernet e11
voice vlan enable
exit
interface ethernet e11
voice vlan cos mode all
exit
interface ethernet e12
voice vlan enable
exit
interface ethernet e12
voice vlan cos mode all
exit
interface ethernet e13
voice vlan enable
exit
interface ethernet e13
voice vlan cos mode all
exit
interface ethernet e14
voice vlan enable
exit
interface ethernet e14
voice vlan cos mode all
exit
interface ethernet e15
voice vlan enable
exit
interface ethernet e15
voice vlan cos mode all
exit
interface ethernet e16
voice vlan enable
exit
interface ethernet e16
voice vlan cos mode all
exit
interface ethernet e17
voice vlan enable
exit
interface ethernet e17
voice vlan cos mode all
exit
interface ethernet e18
voice vlan enable
exit
interface ethernet e18
voice vlan cos mode all
exit
interface ethernet e19
voice vlan enable
exit
interface ethernet e19
voice vlan cos mode all
exit
interface ethernet e20
voice vlan enable
exit
interface ethernet e20
voice vlan cos mode all
exit
interface ethernet e1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e5
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e6
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e7
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e8
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e9
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e10
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e11
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e12
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e13
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e14
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e15
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e16
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e17
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e18
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e19
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e20
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e21
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e22
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e23
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e24
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g1
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g2
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g3
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet g4
lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
exit
interface ethernet e1
lldp med notifications topology-change enable
exit
interface ethernet e2
lldp med notifications topology-change enable
exit
interface ethernet e3
lldp med notifications topology-change enable
exit
interface ethernet e4
lldp med notifications topology-change enable
exit
interface ethernet e5
lldp med notifications topology-change enable
exit
interface ethernet e6
lldp med notifications topology-change enable
exit
interface ethernet e7
lldp med notifications topology-change enable
exit
interface ethernet e8
lldp med notifications topology-change enable
exit
interface ethernet e9
lldp med notifications topology-change enable
exit
interface ethernet e10
lldp med notifications topology-change enable
exit
interface ethernet e11
lldp med notifications topology-change enable
exit
interface ethernet e12
lldp med notifications topology-change enable
exit
interface ethernet e13
lldp med notifications topology-change enable
exit
interface ethernet e14
lldp med notifications topology-change enable
exit
interface ethernet e15
lldp med notifications topology-change enable
exit
interface ethernet e16
lldp med notifications topology-change enable
exit
interface ethernet e17
lldp med notifications topology-change enable
exit
interface ethernet e18
lldp med notifications topology-change enable
exit
interface ethernet e19
lldp med notifications topology-change enable
exit
interface ethernet e20
lldp med notifications topology-change enable
exit
interface ethernet e21
lldp med notifications topology-change enable
exit
interface ethernet e22
lldp med notifications topology-change enable
exit
interface ethernet e1
lldp med enable network-policy poe-pse
exit
interface ethernet e2
lldp med enable network-policy poe-pse
exit
interface ethernet e3
lldp med enable network-policy poe-pse
exit
interface ethernet e4
lldp med enable network-policy poe-pse
exit
interface ethernet e5
lldp med enable network-policy poe-pse
exit
interface ethernet e6
lldp med enable network-policy poe-pse
exit
interface ethernet e7
lldp med enable network-policy poe-pse
exit
interface ethernet e8
lldp med enable network-policy poe-pse
exit
interface ethernet e9
lldp med enable network-policy poe-pse
exit
interface ethernet e10
lldp med enable network-policy poe-pse
exit
interface ethernet e11
lldp med enable network-policy poe-pse
exit
interface ethernet e12
lldp med enable network-policy poe-pse
exit
interface ethernet e13
lldp med enable network-policy poe-pse
exit
interface ethernet e14
lldp med enable network-policy poe-pse
exit
interface ethernet e15
lldp med enable network-policy poe-pse
exit
interface ethernet e16
lldp med enable network-policy poe-pse
exit
interface ethernet e17
lldp med enable network-policy poe-pse
exit
interface ethernet e18
lldp med enable network-policy poe-pse
exit
interface ethernet e19
lldp med enable network-policy poe-pse
exit
interface ethernet e20
lldp med enable network-policy poe-pse
exit
interface ethernet e21
lldp med enable network-policy poe-pse
exit
interface ethernet e22
lldp med enable network-policy poe-pse
exit
lldp med network-policy 1 voice vlan 111 vlan-type tagged
interface range ethernet e(1-22)
lldp med network-policy add 1
exit
interface vlan 199
ip address 199.16.30.77 255.255.255.0
exit
ip default-gateway 199.16.30.3
interface vlan 1
no ip address dhcp
exit
no bonjour enable
bonjour service enable csco-sb
bonjour service enable http
bonjour service enable https
bonjour service enable ssh
bonjour service enable telnet
hostname psw1
line console
exec-timeout 30
exit
line ssh
exec-timeout 30
exit
line telnet
exec-timeout 30
exit
management access-list Management1
permit ip-source 10.22.5.5 mask 255.255.255.0
exit
logging 199.16.31.33 severity debugging description mysysloghost
aaa authentication enable Console local
aaa authentication enable SSH tacacs local
aaa authentication enable Telnet local
ip http authentication tacacs local
ip https authentication tacacs local
aaa authentication login Console local
aaa authentication login SSH tacacs local
aaa authentication login Telnet local
line telnet
login authentication Telnet
enable authentication Telnet
password admin
exit
line ssh
login authentication SSH
enable authentication SSH
password admin
exit
line console
login authentication Console
enable authentication Console
password admin
exit
username admin password admin level 15
power inline usage-threshold 90
power inline traps enable
ip ssh server
snmp-server location in-the-closet
snmp-server contact [email protected]
ip http exec-timeout 30
ip https server
ip https exec-timeout 30
tacacs-server host 1.2.3.4 key spaceballz timeout 3 priority 10
clock timezone -7
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 199.16.30.1
sntp server 199.16.30.2
ip domain-name mydomain.com
ip name-server 199.16.5.12 199.16.5.13
ip telnet server -
SF300 Daisy Chain VLAN Question
OK, this is a complicated setup, and myself and my fellow IT staff have been beating our heads on a wall trying to get this to work, at this point we do not even know if we have this configured right, so any input on this would be most appreciated.
We are in the process of adding some new buildings to our network via some AirMax wireless bridges. On the either end of the bridges will be a series of SF300 switches.
For clarification, here is how our setup will go equipment wise....
Cisco 3550 Switch -> SF300-08 Switch -> Airmax Bridge ---------- AirMax Bridge -> SF300-08 -> SF300-24
The 3550 is "inside" our corporate network, from the first SF300-08 to the 2nd SF300-08 will be "outside" our network, and the final SF300-24 will be consiered "inside" our network.
For all intents and purposes, we are trying to build this out correctly without the AirMax bridges in place at the start since they are just a bridge and should function as a cable once in place. Since the segment from one SF300-08 to the other will be considered external equipment, we need to have the feed from the 3550 to the SF300-24 as an isolated VLAN through this chain to be able to give the remote office network access. We want the SF300-24 to think that it is basically trunked directly into the 3550 once all is said with all our internal VLANS available at the opposite end.
Right now, based on documentation and things we have read in various forums, we have it currently setup as follows :
IN OUT
1) 3550 dot1q Trunk
2) SF300-08 Customer QinQ Trunk (vlan 3000) SF300-08 Trunk (vlan 3000)
3) SF300-08 Trunk (vlan 3000) SF300-08 Customer QinQ Trunk (vlan 3000)
4) SF300-24 Trunk
So, we are trunking the 3550 into the SF300 chain, passing the internal information over vlan 3000 while in transport, then coming out the other end on the SF300-24 trunk port.
Is this in any way remotely correct for what we are trying to do? I know that if we stuck with all 3550s throughout the chain that we would have some dot1q-tunnel ports configured for an easier setup, but from the limited knowledge I have on these 300 series switches they are not capable of being configured this way, and I may well be totally wrong in that.
I will be happy to clarify more on certain parts if needed, but with so many pieces of equipment in this chain screenshotting everything would be a hellish mess.
Any suggestions or input on this would be greatly helpful at this point.check the mtu's of the AirMax Bridges, lol... this made us beat our heads for way too long
-
Interface Vlan is not installed in routing table
Dear All,
Today I faced a strange problem and I want to share it with you to find what is the problem ?
we have a VRF for one customer and we use interface vlan to define customer's branch.
The customer interface is VLAN 422 and it is defined under customer VRF probably .
PE#sh running-config vrf V3056:RIYADHBANK
Building configuration...
Current configuration : 1321 bytes
ip vrf V3056:RIYADHBANK
rd 65000:3887
maximum routes 1400 80
route-target export 65000:5405
route-target import 65000:5405
route-target import 65000:5406
interface Vlan422
description By *****
ip vrf forwarding V3056:RIYADHBANK
ip address 172.29.12.97 255.255.255.252
service-policy input 2M_IN
PE#sh vlan id 422
VLAN Name Status Ports
422 422 active Gi3/0/11 efp_id 422
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
422 enet 100422 1500 - - - - - 0 0
Remote SPAN VLAN
Disabled
Primary Secondary Type Ports
PE#
we can see the interface vlan is up
PE-L3Agg-Khu-107-2#sh int vlan 422 description
Interface Status Protocol Description
Vl422 up up ****
PE#
and we can see the vlan 422 belongs to the correct VRF
PE#sh vrf V3056:RIYADHBANK
Name Default RD Protocols Interfaces
V3056:RIYADHBANK 65000:3887 ipv4 Vl627
Vl775
Vl422
PE#
when we tried to troubleshoot the customer routing we found :
PE-L3Agg-Khu-107-2#ping vrf V3056:RIYADHBANK 172.29.12.97
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.29.12.97, timeout is 2 seconds:
Success rate is 0 percent (0/5)
PE-#
we could not ping the ip address of interface vlan 422.
PE#sh ip route vrf V3056:RIYADHBANK 172.29.12.97
Routing Table: V3056:RIYADHBANK
% Subnet not in table
PE#
PE#show ip route vrf V3056:RIYADHBANK connected
Routing Table: V3056:RIYADHBANK
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.111.16 to network 0.0.0.0
172.29.0.0/16 is variably subnetted, 338 subnets, 2 masks
C 172.29.12.44/30 is directly connected, Vlan627
L 172.29.12.45/32 is directly connected, Vlan627
PE-L3Agg-Khu-107-2#
PE-L3Agg-Khu-107-2#
My question is: Why the interface vlan 422 is not installed in VRF Table as it is UP ??
thanks in advance!
Rashed Wardi.what platform is this? can you please paste the output of show version and show run?
Also when you tested this was int Gi3/0/11 up/up?
Best Regards,
Bheem -
802.1x, 350AP, 3550 Switch, and ACS 3.0
Yikes!
Whatta mess I got myself into! Im trying to implement a couple of security features (at the same time) due to higher corporate directives. I am trying to implement Radius, 802.1x port authentication on a Cat 3550 switch, and mac address athuentication for wireless clients. The idea was:
1. The 3550 has port based authentication on it and should authenticate access points as well as any workstations that will/may connect to it.
2. The wireless clients will be MAC authenticated via the access point passing requests to the radius server.
Confused? I am too, help!
ThanksNilesh, Thanks for the reply.
But I do have a few further questions if you are willing:
1. Getting the AP to use 802.1x and talk with the radius server seems to be the big problem. I have not been able to find clear enough instructions on how to set the AP to do 802.1x through the switch. I do realize the LEAP is just cisco's implementation of 802.1x but we are trying to use non-proprietary protocols.
2. We already have the clients MAC addresses in the AP's but want to get away from this (network mgt issues) by using the ACS server.
I guess what makes this confusing for me is the chain of events and if they are possible to do. Here are the steps as I see them, please advise if this is not possible to do.
1. Access point is plugged into 3550 and uses 802.1x authentication with radius through the switch. Once the switchport is authorized, then the wireless clients can try to associate with AP. To do this the MAC address of the client , is sent to ACS for authorization and when authorized allowed to communicate. Then the wireless client retrieves an IP address through DHCP.
Whew. -
I have three 3550 switches and want to define a DNS server on one of my switches (172.16.2.10). I have done the following in the DNS switch:
3550(config)#ip domain-lookup
3550(config)#ip host Setad 172.16.8.2
3550(config)#ip host MAVAD 172.16.5.2
3550(config)#ip domain-name cressnet.com
I have done the following on the 172.16.5.2 (MAVAD) switch (one that is not a DNS):
3550(config)#ip domain-lookup
3550(config)#ip name-server 172.16.2.10
3550(config)#ip domain-name cressnet.com
In normal operation I can telnet from 172.16.5.2 to 172.16.8.2; but in this situation, when I issue the "Setad" to telnet Setad (172.16.8.2) from the 172.16.5.2, nothing happens.
Please help!
Thanks.Thanks for your reply.
My DNS server switch hostname is "MUT-FIBER-SWITCH" and its IP address is 172.16.2.10. Look at the DNS configuration in this switch:
MUT-FIBER-SWITCH#sh hosts
Default domain is not set
Name/address lookup uses domain service
Name servers are 255.255.255.255
Host Port Flags Age Type Address(es)
Setad None (perm, OK) 44 IP 172.16.8.2
MAVAD None (perm, OK) 0 IP 172.16.5.2
I have set the following configuration in the MAVAD switch:
MAVAD(config)#ip domain-lookup
MAVAD(config)#ip name-server 172.16.2.10
and
MAVAD:#ping 172.16.2.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
and
MAVAD:#ping 172.16.8.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.8.2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
and
MAVAD:#telnet 172.16.8.2
Trying 172.16.8.2 ... Open
Welcome To Master Switch In SETAD
Username: Malek
Password:
SETAD>exit
but
MAVAD:#Setad
Translating "Setad"...domain server (172.16.2.10)
% Unknown command or computer name, or unable to find computer address
and
MAVAD:#ping setad
Translating "setad"...domain server (172.16.2.10)
% Unrecognized host or address, or protocol not running.
Maybe you are looking for
-
Error 2755, please help!
Iv just downloaded SDK v1.4.2, and after i tried to install it, i got "internal error 2775. 1624 http://forum.java.sun.com/webapps/download/getfile/1.4.2_01-bo6/windows-i586/java 2 sdk, SE v1.4.2_01.msi" Please help
-
Can we create a PO then post invoice prior to GRN being performed
Can you please advise if there is a way to make the following scenario possible: Using t-code ME21N we create a PO for goods or services with limits (using po type NB) We would like to post the invoice and match it to the PO when it arrives even if t
-
Problem in refreshing page after role assignment
My requirement is that as soon as the user logs in, a role should be assigned to him dynamically followed by refreshing of the browser window post which the role should be visible on Top Level Navigation. I've implemented it using JSPDynpage. I am ab
-
Setting default values for item in opportunity mgmt(crmd_bus2000111)
Hi All, I need to set default values for the field Fiscal Quarter in item level using BADI CRM_CUSTOMER_I_BADI .This Field is created using EEW. The default value is like if the date is nov-2007 the value for this fiscal period is FQ4-2007 . Any clue
-
Hi.. we are using Dev Express Tree List in SharePoint 2013 Visual Web Part, after adding when we change any value or move the asp.net controls and add any new control, we are getting Initialize control with remaining controls missing error. what co