3550 switches - STP or HSRP ?
Hello,
My network consist of the following components :
- 4 3550-48 switches where all workstations reside on.
- GBIC links between the 4 switches (daisy-chained)
- GBIC link to 2 other switches where my servers reside.
- Servers all use 2 NIC's wich are teamed to provide fault tolerance.
The workstations are in a different ip-segment than the servers, so both of the switches uplinked to the switches where the servers reside must be able to route traffic fault-tolerant.
Reading all of the documentation, i understand i need to be able to use STP or HSRP on these 2 switches to be able to create fault-tolerance to the 2 other switches...
To be able to use STP, i need to configure a VLAN on the switches.
To be able to configure this vlan i understand i need to stack the switches so they will be able to understand that the vlan exists on both switches and routes to the same ip-segment.
To "stack" the 4 switches i am able to purchase 4 GigaStack modules, but will i be able to "stack" the switches together to address and configure them as 1 device ?
see attached file for network schematic
Yes, you can configure STP or HSRP for the scenario mentioned. Check the following link for more information on configuring HSRP :
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00801cdea2.html
and configuring STP :
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00801cdee4.html
Similar Messages
-
Routing Issue with 3550 Switch
I am having an issue with routing with one of my Cisco 3550 switches. I know the 3550s are EoL but some of us have to work with what we have.
I am using a 3550 on either side of a Layer 2 link. The Layer 2 link is 2 Extreme Summit X-440 switches with Microwave between the switches. I have a VLAN configured on both switches and tagged on the ports connected to the Microwave. The 3550 switch on each end is configured for IP routing but I cannot pass traffic between the switches. If I unplug the switch on the local end and plug in a laptop, I can ping the switch on the remote end and access devices at the remote end.
I know this should work because I am doing the same thing over another Microwave link and Layer 2 link using another 3550 and a HP ProCurve at the remote end.
Here are the configs for each 3550:
Local end; Port Fa0/23 goes to the Remote Side. Port Fa0/24 goes to the rest of the network
Current configuration : 5417 bytes
! No configuration change since last restart
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
service sequence-numbers
hostname Brindley3550
enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring 1 Sun Apr 2:00 1 Sun Nov 2:00
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos min-reserve 5 170
mls qos min-reserve 6 10
mls qos min-reserve 7 65
mls qos min-reserve 8 26
mls qos
ip subnet-zero
ip routing
ip domain-name morgan911.net
ip name-server 1.2.150.11
ip name-server 1.2.150.5
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 18
switchport mode dynamic desirable
spanning-tree portfast
{Removed for Brevity}
|
interface FastEthernet0/7
switchport access vlan 13
switchport mode dynamic desirable
spanning-tree portfast
interface FastEthernet0/8
switchport access vlan 13
switchport mode dynamic desirable
spanning-tree portfast
{Removed for Brevity}
interface FastEthernet0/23
description To Gum Springs via Extreme P10
no switchport
ip address 1.2.147.1 255.255.255.252
speed 100
duplex full
interface FastEthernet0/24
description To Flint via Ceragon Eth 2
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
mls qos trust cos
auto qos voip trust
wrr-queue bandwidth 20 1 80 1
wrr-queue min-reserve 1 5
wrr-queue min-reserve 2 6
wrr-queue min-reserve 3 7
wrr-queue min-reserve 4 8
wrr-queue cos-map 1 0 1 2 4
wrr-queue cos-map 3 3 6 7
wrr-queue cos-map 4 5
priority-queue out
spanning-tree link-type point-to-point
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/2
switchport access vlan 10
switchport trunk native vlan 50
switchport mode dynamic desirable
spanning-tree portfast trunk
interface Vlan1
ip address 1.2.145.2 255.255.255.0
ip default-gateway 1.2.145.1
ip classless
ip route 0.0.0.0 0.0.0.0 1.2.145.1
ip route 1.2.165.0 255.255.255.240 1.2.147.2
ip route 1.2.166.0 255.255.255.240 1.2.147.2
ip http server
snmp-server community public RO
snmp-server community public/RO RO
snmp-server location Brindlee Mountain Tower Site
snmp-server contact Jamey Wright
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps envmon fan shutdown supply temperature
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps syslog
snmp-server enable traps mac-notification
snmp-server enable traps vlan-membership
snmp-server host 1.2.150.100 public tty envmon syslog snmp
control-plane
ntp clock-period 17180143
ntp server 1.2.150.21
end
And this is the config for the remote end. Port Fa0/24 is the port for the link back to the local end.
Current configuration : 5058 bytes
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
no service password-encryption
service sequence-numbers
hostname GS3550
enable secret 5 $1$3A.n$lzBUQg.fn4hJ7f0jEOqe71
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring
mls qos map cos-dscp 0 8 16 24 32 46 46 56
udld aggressive
ip subnet-zero
ip routing
ip domain-name morgan911.net
ip name-server 1.2.150.11
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 21
switchport mode dynamic desirable
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 21
switchport mode dynamic desirable
power inline delay shutdown 20 initial 300
spanning-tree portfast
{Removed for Brevity}
interface FastEthernet0/23
switchport access vlan 22
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
spanning-tree portfast
interface FastEthernet0/24
description To Brindlee via Extreme P10
switchport mode dynamic desirable
(Is a member of VLAN 1)
speed 100
spanning-tree portfast
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet0/2
switchport mode dynamic desirable
spanning-tree portfast
interface Vlan1
ip address 1.2.147.2 255.255.255.252
interface Vlan21
ip address 1.2.165.1 255.255.255.240
ip helper-address 1.2.150.11
ip helper-address 1.2.150.5
interface Vlan22
ip address 1.2.166.1 255.255.255.240
ip helper-address 1.2.150.5
ip helper-address 1.2.150.11
ip default-gateway 1.2.147.1
ip classless
ip route 0.0.0.0 0.0.0.0 1.2.147.1 10
ip http server
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps envmon fan shutdown supply temperature
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps syslog
snmp-server enable traps mac-notification
snmp-server enable traps vlan-membership
snmp-server host 1.2.150.100 public envmon syslog snmp
control-plane
ntp clock-period 17180192
ntp server 1.2.150.21 key 0 prefer
Ideas? Anything stand out as grossly wrong? I have worked on this for 2 days and am at a loss.
Thanks
JameySorry for the delay in replying. Other items at the office took priority over this project. I tried that and no change. I pulled the switch from the remote site and took it back to the local end and connected the switches with a crossover cable and everything works fine. I have pretty much determined that it is an issue with the config in one of the Extreme switches. The config in those look pretty normal but there are a few things I am unsure of. Guess I'll see if there is a similar site for Extreme gear.
Thanks
Jamey -
Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet
I've about pulled what little hair I have out of my head on this one, and need some configuration help.
I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached. All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly. I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet. I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong. When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work. Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers? Here's what I am looking for:
INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESSThe Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
HTH,
John -
802.1x, 350AP, 3550 Switch, and ACS 3.0
Yikes!
Whatta mess I got myself into! Im trying to implement a couple of security features (at the same time) due to higher corporate directives. I am trying to implement Radius, 802.1x port authentication on a Cat 3550 switch, and mac address athuentication for wireless clients. The idea was:
1. The 3550 has port based authentication on it and should authenticate access points as well as any workstations that will/may connect to it.
2. The wireless clients will be MAC authenticated via the access point passing requests to the radius server.
Confused? I am too, help!
ThanksNilesh, Thanks for the reply.
But I do have a few further questions if you are willing:
1. Getting the AP to use 802.1x and talk with the radius server seems to be the big problem. I have not been able to find clear enough instructions on how to set the AP to do 802.1x through the switch. I do realize the LEAP is just cisco's implementation of 802.1x but we are trying to use non-proprietary protocols.
2. We already have the clients MAC addresses in the AP's but want to get away from this (network mgt issues) by using the ACS server.
I guess what makes this confusing for me is the chain of events and if they are possible to do. Here are the steps as I see them, please advise if this is not possible to do.
1. Access point is plugged into 3550 and uses 802.1x authentication with radius through the switch. Once the switchport is authorized, then the wireless clients can try to associate with AP. To do this the MAC address of the client , is sent to ACS for authorization and when authorized allowed to communicate. Then the wireless client retrieves an IP address through DHCP.
Whew. -
I have three 3550 switches and want to define a DNS server on one of my switches (172.16.2.10). I have done the following in the DNS switch:
3550(config)#ip domain-lookup
3550(config)#ip host Setad 172.16.8.2
3550(config)#ip host MAVAD 172.16.5.2
3550(config)#ip domain-name cressnet.com
I have done the following on the 172.16.5.2 (MAVAD) switch (one that is not a DNS):
3550(config)#ip domain-lookup
3550(config)#ip name-server 172.16.2.10
3550(config)#ip domain-name cressnet.com
In normal operation I can telnet from 172.16.5.2 to 172.16.8.2; but in this situation, when I issue the "Setad" to telnet Setad (172.16.8.2) from the 172.16.5.2, nothing happens.
Please help!
Thanks.Thanks for your reply.
My DNS server switch hostname is "MUT-FIBER-SWITCH" and its IP address is 172.16.2.10. Look at the DNS configuration in this switch:
MUT-FIBER-SWITCH#sh hosts
Default domain is not set
Name/address lookup uses domain service
Name servers are 255.255.255.255
Host Port Flags Age Type Address(es)
Setad None (perm, OK) 44 IP 172.16.8.2
MAVAD None (perm, OK) 0 IP 172.16.5.2
I have set the following configuration in the MAVAD switch:
MAVAD(config)#ip domain-lookup
MAVAD(config)#ip name-server 172.16.2.10
and
MAVAD:#ping 172.16.2.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
and
MAVAD:#ping 172.16.8.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.8.2, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
and
MAVAD:#telnet 172.16.8.2
Trying 172.16.8.2 ... Open
Welcome To Master Switch In SETAD
Username: Malek
Password:
SETAD>exit
but
MAVAD:#Setad
Translating "Setad"...domain server (172.16.2.10)
% Unknown command or computer name, or unable to find computer address
and
MAVAD:#ping setad
Translating "setad"...domain server (172.16.2.10)
% Unrecognized host or address, or protocol not running. -
Ssh activation on 3550 switches
I run 12.2(25)SEB2 across my 3550 switches but I am unable to activate ssh?
I have read that my ios will suffice for ssh yet I see no ios commands relating to ssh? Please point me in the right direction? Maybe I need to pursue an ios upgrade?You need to have a crypto image.
http://www.cisco.com/cgi-bin/tablebuild.pl/cat3550-archives-crypto
Once you have the crypto image, the following page should help you in setting up SSH.
http://www.cisco.com/warp/public/707/ssh.shtml -
3550 Switch -Fiber interface VLAN question
Hello,
I will deploying two Cisco 3550 Switches and connecting them via a ordinary multimode fiber with GBIC 1000BASE-SX - transceivers installed on each switch. Here is my question: I will be configureing about half of the ports on each of the switches to be in one of two VLANS. I would like to configure the two vlans to run over the single fiber line. Is is possible to configure one fiber port, with the GBIC 1000BASE-SX - transceiver installed, with two vlans and/or subinterfaces each with half of the 1000mb of bandwidth, or will I need to run an additional fiber line connected to the second fiber interface on the 3550 to accomplish this. I really hope not to as I don't have the funds to run a second line at this time. If this configuration is possible could someone please point me to documentation on how to configure this and\or give some advice. Thank you.
Regards,
JPSJust set up the link as a trunk , this allows you to send as many vlans across that link as you want . On each side just do the following.
switchport
switchport trunk encapsulation dot1q
switchport trunk mode dynamic desirable
Verify trunk status with the "show int trunk " command.
More info at http://www.cisco.com/en/US/products/hw/switches/ps5528/products_configuration_guide_chapter09186a00803a9af5.html#wp1200245 -
Assign VLAN from freeradius to Cisco 3550 Switch
Hi All,
I am trying to assign VLAN from freeradius to the a cisco 3550 switch but it's not working.
I keep getting those lines in the cisco switch debug:
3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
What does it mean? Any idea how to solve this?
Below freeradius conf and switch debug.
Thanks.
Configuration on freeradius users file:
wassim Cleartext-Password := "wassim"
Tunnel-Medium-Type:1 = IEEE-802,
Tunnel-Type:1 = VLAN,
Tunnel-Private-Group-Id:1 = 100
Cisco Switch debug log:
3w6d: RADIUS: authenticator 99 15 53 A6 AB B7 0B 75 - 9F A7 5F 27 8F F1 2E 67
3w6d: RADIUS: NAS-IP-Address [4] 6 192.168.1.8
3w6d: RADIUS: NAS-Port [5] 6 50023
3w6d: RADIUS: NAS-Port-Type [61] 6 Eth [15]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: Called-Station-Id [30] 19 "00-15-F9-F8-4E-97"
3w6d: RADIUS: Calling-Station-Id [31] 19 "00-1A-80-3F-F6-A1"
3w6d: RADIUS: Service-Type [6] 6 Framed [2]
3w6d: RADIUS: Framed-MTU [12] 6 1500
3w6d: RADIUS: State [24] 18
3w6d: RADIUS: DB C1 1C E7 DE C7 09 5E 75 5E 5B 0F 23 3A 54 E7 [???????^u^[?#:T?]
3w6d: RADIUS: EAP-Message [79] 69
3w6d: RADIUS: 02 06 00 43 15 00 17 03 01 00 38 BF 71 FC FA 04 [???C??????8?q???]
3w6d: RADIUS: BE DC FD CC 03 D2 7F 8B 09 63 2C B2 AE D8 AC 61 [?????????c,????a]
3w6d: RADIUS: 64 21 2B 00 ED 0E 6E E8 B0 49 50 6B 99 B8 88 A4 [d!+???n??IPk????]
3w6d: RADIUS: 36 C6 FD B9 F0 77 2D 82 28 0A 37 D1 D4 73 B4 59 [6????w-?(?7??s?Y]
3w6d: RADIUS: F9 37 E6 [?7?]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: A2 59 A3 DE A6 98 5F 78 25 12 59 BB 4D B8 74 F0 [?Y????_x??Y?M?t?]
3w6d: RADIUS: Received from id 1645/123 192.168.1.57:1812, Access-Accept, len 186
3w6d: RADIUS: authenticator C0 31 7F D7 A6 D4 1F C8 - 27 AA F0 99 EA 1F 92 C3
3w6d: RADIUS: Tunnel-Medium-Type [65] 6 01:Unsupported [6]
3w6d: RADIUS: Tunnel-Type [64] 6 01:Unsupported [13]
3w6d: RADIUS: Tunnel-Private-Group[81] 6 01:"100"
3w6d: RADIUS: Vendor, Microsoft [26] 58
3w6d: RADIUS: MS-MPPE-Recv-Key [17] 52
3w6d: RADIUS: 86 8B 3E 74 76 E7 CB 9A 8F EF F5 9C 16 2E 88 1A [??>tv????????.??]
3w6d: RADIUS: 12 3B 80 A6 E9 9B B6 6F E6 63 C8 AA B0 DB 0E 76 [?;?????o?c?????v]
3w6d: RADIUS: 61 C1 6A 5D 62 BD 72 BE 78 C8 9D 4D A7 3F 54 35 [a?j]b?r?x??M??T5]
3w6d: RADIUS: 40 DC [@?]
3w6d: RADIUS: Vendor, Microsoft [26] 58
3w6d: RADIUS: MS-MPPE-Send-Key [16] 52
3w6d: RADIUS: 8A 61 97 87 78 FD CA 16 8D F0 ED 75 C0 70 93 AE [?a??x??????u?p??]
3w6d: RADIUS: 71 EF 5A 21 53 35 A4 88 F9 84 16 83 10 43 6E 9E [q?Z!S5???????Cn?]
3w6d: RADIUS: AB A7 8B 56 6C 42 0D AB 09 1D 82 D3 CB 7E 6C B8 [???VlB???????~l?]
3w6d: RADIUS: 56 58 [VX]
3w6d: RADIUS: EAP-Message [79] 6
3w6d: RADIUS: 03 06 00 04 [????]
3w6d: RADIUS: Message-Authenticato[80] 18
3w6d: RADIUS: 82 4B 64 0F 07 64 59 18 0F 27 07 95 A5 15 09 33 [?Kd??dY??'?????3]
3w6d: RADIUS: User-Name [1] 8 "wassim"
3w6d: RADIUS: EAP-login: length of eap packet = 4
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: Tunnel-GID, [01] 100
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: RADIUS: Tunnel-MType, [01] 00 00 06
3w6d: RADIUS: TAS(1) created and enqueued.
3w6d: RADIUS: Tunnel-Type, [01] 00 00 0D
3w6d: RADIUS: unrecognized Microsoft VSA type 17
3w6d: RADIUS: unrecognized Microsoft VSA type 16
3w6d: RADIUS: TAS(1) takes precedence over tagged attributes, tunnel_type=vlan
3w6d: RADIUS: free TAS(1)
3w6d: RADIUS: no appropriate authorization type for user.
3w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/23, changed state to upI believe you should be using the numerical values in your fields, look at this one :
http://www.scribd.com/doc/75788651/52/X-with-VLAN-Assignment
Tunnel-Medium-Type:1 = 6
Tunnel-Type:1 = 13
Tunnel-Private-Group-Id:1 = -
Eigrp support for Vrf-lite on 3550 switches
Folks,
Cisco has added support for EIGRP for Vrf-lite on Sup 720's and Metro 3750 swithches. Just curious if anyone knows timeline when Cisco would be doing the same for 3550 series switches.
ThanksNo current plans at this time for EIGRP for Vrf-lite on 3550 since 3750 platform supports it. Contact your account team for feature request who can contact the business unit with a business case.
-
VoIp settings for replacing a Cisco 3550 switch with a SF300-24P
I am adding the SF300-24P to an existing set of switches. My backbone switch is a 3560.
The 3550 I am replacing has this config for each port that supports a Shoretel phone
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
global settings include
spaning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,200 priority 28762
vlan internal allocation policy ascending
all other settings are at default
Any ideas how to replicate this on this new switch? I added the Shoretel mac address range (00-10-49) into the Telephone OUI. The phone gets power, I think it gets a 192.168.6.x address (local subnet), but then it should get an IP 10.6.0.xx on its VLAN - but it doesn't.
Some configs from the backbone are attached. I did not need to configure any of this in the 3550.
Any ideas?
FredHi fred,
The shoretel phone sounds like it is not attaching to tagged vlan 200 on my switch, the shortel voice vlan as per your screen captures.
The Voice VLAN should be tagged on my switch so that phones attach to a Voice VLAN and PC's connected on the back of the VoIP phones attach to the Data Vlan .
I scoped out, excuse the pun, the shoretel site and have attached a white paper on setting vlans and shoretel.
They mention setting option 156 on the DHCP server, so the phone can get vendor specific information etc... But the phones are not attached to the voice vlan , but the untagged data vlan. You gotta figure how to get the shortel phones to attach to vlan 200, or if you are not daisy chaining PC on the back of the phone, make vlan 200 untagged on these FastEthernet switch ports..
I have attached my SF300-48P version of my configuration and some configuration screen shots i took along the way.
Please review carefully that attached shortel document and my screen shots and a real configuration done on my SF300-48P. The configuration should be almost identical to your configuration.
I added vlan 200. and made sure that all ports were in trunk mode, even the Gigabit uplink ports.
All ports by default are in VLAN1 as you can see below
I then added all ports as tagged ports to vlan 200 as you can see below.
For the sake of Spanning tree, I then made all fast ethernet (phone or PC) ports fastports except for the uplink Gigabit ports.
If you are not sure what portfast does , here's a little tutorial I grabbed from cisco.com
Spanning-tree PortFast causes a port to enter the spanning-tree forwarding state immediately, bypassing the listening and learning states. You can use PortFast on switch ports connected to a single workstation or server to allow those devices to connect to the network immediately, instead of waiting for the port to transition from the listening and learning states to the forwarding state.
Caution PortFast should be used only when connecting a single end station to a switch port. If you enable PortFast on a port connected to another networking device, such as a switch, you can create network loops.
When the switch powers up, or when a device is connected to a port, the port normally enters the spanning-tree listening state. When the forward delay timer expires, the port enters the learning state. When the forward delay timer expires a second time, the port is transitioned to the forwarding or blocking state.
When you enable PortFast on a port, the port is immediately and permanently transitioned to the spanning-tree forwarding state.
Your tasks I guess should be , making sure that vendor specific options for the shoretel phones are included in the DHCP configuration and that you somehow attach the shortel phones (even manually) to vlan 200.
For some reason this site adds a zip extension to the end of my running configuration. I used wordpad to look at the file
I am using firmware version 1.0.0.27 on my unit and the userid=admin password i used was admin
I hope this helps.
regards Dave -
RPS and Cisco Catalyst 2950 and 3550 switches
We are doing experiments with RPS and CC 2950 and 3550. When we unplug the main power, the RPS takes over and feeds the switch with power. But when we plug the main power back again, the switch contiues to take power from the RPS. How is the power reduncancy achieved with CC 2950 and/or 3550s?
Thanks in advance,
DardanYou will need to press the active/standby button on the RPS for the internal power supply in the switch to take over. Note that this can cause the switch to reload and do it in your maintenance window if this switch is in production.
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdx81023 -
Cisco 3550 SMI switch for security setup ?
I have a 3550 SMI IOS 12.2 switch, I want to setup http, https, dns services for internet. I do not need to set up any mail or web server.
The connection as follows:
Internet ---------Modem----------3550-----------Computer
Modem has no security function, all the security setting will be on 3550 switch. So what is the best approach ?
Is it layer 2 or layer 3 security ? and can I run VPN for the internet surf ? Please kindly advise.
Thanks,
SusanThanks for the Reply.
When I config the switch I find out some interesting things, I am no sure if the
configuration is correct or I miss something ? Please help take a look.
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny tcp any any eq bgp
access-list 101 deny eigrp any any
access-list 101 permit udp any any eq domain
access-list 101 permit tcp any any eq www log
access-list 101 permit tcp any any eq 443 log
access-list 101 deny ip any any log
int fa0/1
switchport
switchport access v 10
switchport mode access
access group 101 in
int vlan 1
no ip add
That work normal
But if when I put access list 101 to vlan interface 10, my computer can access the internet. ???
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny tcp any any eq bgp
access-list 101 deny eigrp any any
access-list 101 deny ip any any log
int vlan 10
ip add 192.168.1.1 255.255.255.0
access group 101 in
int fa0/1
switchport
switchport access v 10
switchport mode access
int vlan 1
no ip add
For both case, Vlan 1 is down, I connect nothing and assign nothing to vlan 1.
So is the configuration has problem ? or
Something to do with vlan 1 ?
or something I miss ?
Thanks -
Setting 3550 and 3560 Switched to Non-Negotiate
On some of the older models of the 3550 switches I was able to set the SFP interface to non-negotiate. I do not notice that command available in the documentation anymore. Does it still exist?
Hello,
Do you have access to any of the switches in question? You can always use the context help under the interface
(config-if)#switchport ?
On my 3550 the nonegotiate is an option.
HTH
Regards,
James -
Hooking up a cisco 3550 48 port switch to my E2500 router
I am trying to assign an IP to my 3550 switch so I can telnet into it from my computers upstairs but, when I assign the IP to a vlan on the switch and set the port going to the router to access that vlan I still can't see anything pull in the DHCP table on the E2500. The other thing I am not sure about is what I should be setting my default route to is it the 192.168.1.1 or is that just the management IP for the E2500 router? I am pretty sure this is just a case of the E2500 can't deal with the Vlans but with it being set to access it doesn't seem like it should matter it should just live in that Vlan. I can always put a 2600 in front of the switch but I rather not put in a 3rd piece of equipment if I can help it. Any advanced routing information would be appreciated.
If the swtich is a managed switch, it maybe in compatible with the LAN switch on the router as most "home" class routers do not have manged LAN switched for connectors.
I recommend that you contact Cisco about this and see if they have any help and information regarding this. If the management or "smart" features can be disabled on this switch if the has these features, it maybe still usable with the router.
Let us now how it goes. -
Can not add HSRP standby switch
Hi all,
I have added successful two Cat3560 switch that run HSRP for temporary.
Now they were replaced by two new Cat4506 switch that have the same IP address. But I can add only the active HSRP, not successful for standby HSRP. The message notify is IP address of that switch already in database although I deleted all information related.
Pls help me in this case, tks anyway.
Vo Khoa.Hi all,
I have added successful two Cat3560 switch that run HSRP for temporary.
Now they were replaced by two new Cat4506 switch that have the same IP address. But I can add only the active HSRP, not successful for standby HSRP. The message notify is IP address of that switch already in database although I deleted all information related.
Pls help me in this case, tks anyway.
Vo Khoa.
Maybe you are looking for
-
APEX and CLOB value in trigger
Hi, I am using APEX 3.2.1 with Oracle 11gR1. I have two tables: CREATE TABLE "TSI"."ATT_TEST2" ( "ID" NUMBER NOT NULL ENABLE, "TITLE" VARCHAR2(250 BYTE), "TOPIC" CLOB and CREATE TABLE "TSI"."ATT_TEST2" ( "ID" NUMBER NOT NULL ENABLE,
-
Please, How do i get the values from a h:selectManyCheckbox ?
How do i get the values (selected or not) of a <h:selectManyCheckbox> tag and show them .For instance i have the folowing options : <h:selectManyCheckbox id="cartas" layout="pageDirection"
-
Problem with serial number reinstalling Acrobat
I purchased CS6 a few month ago, including Photoshop, Acrobat etc., which used to work fine. A few days ago, I had to reinstall Acrobat (starting with my CD Rom). Since then, Photoshop etc. work normally, but Acrobat keeps on asking me for my serial
-
Difference between oracle business intelligence and discoverer.
hi all. can anyone help me that what is the difference between oracle business intelligence and discoverer. any suggestion? sarah
-
Have had Elements 9 on a laptop for several years, would like to install on a new laptop. Have no account info other than my Adobe ID. How do I do this?