Access Layer Routing

Similar Messages

• 802.1x Guest Vlan and Routed access layer design

  Hi!
  For many reasons, I have to re-design my campus network in a more ISP like way. The plan is to move to a routed access layer in the next two years. I have 802.1x with guest vlan on my access ports(3750). I was reading on the subject and I found that the guest vlan feature was not availeble with internal vlan(routed port).
  Is this limitation realy there, is there a way I can get around it without complicating my design even more. Do cisco have plan to lift this???

  You cannot use/configure 802.1X on a routed port today. Typically, 802.1X is to be used for LAN edge ports.
  The Guest-VLAN should work with a routed access design though. If your Guest-VLAN is chosen to be separate from say otherwise statically configured access VLANs, you would need to configure it via separate SVI with corresponding IP info (in a routed access model).
  Hope this helps,

• Layer 3 to the Access Layer and MPLS Design Considerations

  Hi,
  We are about to install a new network consisting of Cat 4500s with Sup7E at the Access Layer, with Nexus 7000 at the Distribution and Core layers.
  We have 14 floors with at least three 4500s on each floor. Within the office block where the Access Layer and Distribution Layer reside we need to support secure borderless networking using 802.1x to place users from different parts of the business into segregated networks at layer 3.
  All switches will have the feature sets to support MPLS/ VRF / OSPF / EIGRP / BGP etc.
  We quickly dismissed the idea of using VRF-Lite due to the sheer number of Vlans we would need to managage and maintain,  the point to point links alone just to get one additional VRF on each floor required far too many Vlans.
  As a result we are now considering deploying MPLS. The obvious benefits include scalability and manageability, the fact that all switch to switch links can now be routed, instead of having to using SVIs.
  My query is one of design surrounding MPLS and how this maps to an enterprise network with a routed access layer. Do Cat 4500s become the CEs and take part in MPLS / BGP and Label Distribution, or does the BGP peering and Label Distribution only occur between the Distrubtion - Core - Distrubtion layers, mapping to the PE - P - PE topology in an ISP environment, the access layer simply uses the IGP (OSPF in this case) to learn routes ?
  Any help would be greatly appreciated.
  Chris.

  Hi Andy,
  Thanks for your response.
  I have been doing a little bit more research it seems the Cat 4500s do not support MPLS!! Nor do Cisco have any plans to support it on this platform. I find this a little rediculous considering the level that Cisco are pitching this platform. With the Sup 7E only VRF Lite is supported, with plans to support EVN (which still uses trunk links for logical separation).
  So it looks like we are going to have to go back to the drawing board.
  (perhaps we should have gone HP or Juniper!)
  Chris.

• Bandwidth from Access Layer to Distribution Layer

  Folks:
  I am currently on Chapter 12 of “CCNP Switching 642-813, Official Certification Guide” ISBN: 978-1-58720-243-8. I am currently not grasping the three layers entirely, and I was hoping someone could offer insight in a different way.
  I believe I understand, that switches in the Access-Layer can be layer2 devices (2950, etc), and devices in the Distribution Layer should be Multilayer devices such as Layer-3 switches (3750) and inter-vlan routing takes place at the Distribution layer. But what I do not understand – how does one account for bandwidth and traffic from the Access Layer switches to the Distribution Switches?
  Let use a 24 port 2950 switch located at the Access-Layer. If everyone was online and communicating, the total traffic for the switch would be 4.8 Gbps. The latter is due to each port providing 100 Mbps but in Full-Duplex, so (100*2)*24. So, how does an engineer spec out the required uplink ports from the Access Layer to the Distribution?
  I am sure this is easy; however, I am not getting the concepts. Any insight is great.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  As noted by Peter, edge hosts don't generally all concurrently push/pull their full port bandwidth for substained periods.  However, host bandwidth usage often varies much by "kind" of host.  For example, many server hosts are "busier" than most user hosts, so when designing networks you normally design for lower oversubscription ratios for server hosts than for user hosts.  Old rule-of-thumbs ratios suggest oversubscription ratios of about 8:1 to 4:1 for servers, and about 48:1 to 24:1 for users.
  Keep in mind that oversubscription ratios can be "skewed" by what the host is doing, i.e. not all server or user hosts have similar bandwidth demands.  For example, your primary mail server or primary file server might be much "busier" than other server hosts.  Likewise, some user hosts might be much "busier", for example, years ago I supported a LAN segment of CADD (20) workstations which had more traffic on their local LAN than the (2,000 user) corporate backbone.

• 6500 access layer QoS

  I have 6506E Sup32 PFC3B 12.2(18)SXE device at the access layer of the network and would like to implement QoS (for access ports) for Voice, Video.
  I suppose that untrusted microflow policing is best for me. But documents say that such kind functionality works for L3 MSFC routed traffic. For PFC3b I can use "mls qos bridged" for bridged traffic on specified vlans. Does it really work for input service policy on access ports for traffic from user ports (if I use this command on user's int VLAN)?
  Distribution and core layers of my networks are MPLS based.
  Config:
  interface FastEthernet2/1
  switchport
  switchport access vlan 10
  switchport mode access
  switchport voice vlan 30
  no ip address
  spanning-tree portfast
  service-policy input IPPHONE+VIDEO
  interface Vlan30 ! also for Vlan 30
  ip vrf forwarding VOICE
  ip address 10.168.8.254 255.255.255.0
  ip helper-address 10.168.2.33
  ip helper-address 10.168.2.34
  ip pim sparse-dense-mode
  mls qos bridged
  policy-map IPPHONE+VIDEO
  class VOICE
  police flow mask src-only 320000 8000 conform-action set-dscp-transmit ef exceed-action drop
  class VIDEO-INTERACTIVE
  police flow mask src-only 2400000 8000 conform-action set-dscp-transmit af41 exceed-action drop
  class CALL-SIGNALING
  police flow mask src-only 32000 8000 conform-action set-dscp-transmit cs3 exceed-action policed-dscp-transmit
  class class-default
  police flow mask src-only 5000000 8000 conform-action transmit exceed-action policed-dscp-transmit

  This URL should help you:
  http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801c8c4b.shtml

• WRT54G firmware failure leaving no access to router config

  I have a WRT54G router.  Running Vista SP2 64-bit on a laptop wired to router.  When I first tried to upgrade the firmware I was connected wirelessly.  (I know, please just think it but don't type it)  During the upgrade the internet connection disconnected and the upgrade failed.  I am connecting right now wirelessly using someones unsecure network.  I attempted to upgrade the firmware to 8.00.7.  Since then I am unable to access the router config using IP 192.168.1.1.  I have read as many posts as I can handle.  I have checked and that is the IP showing in Vista, (Network & Sharing, view status, properties) however I cannot ping that IP.  It times out every time.  I have done all the resets (10 seconds and up to 1 minute) on the router and power cycle etc.  Nothing.  I downloaded the firmware utility and I get an error message everytime that it is unable to get responses from the server.  I have tried my password, which I think is gone due to all the resets, and am using admin as the password.  I have disabled my firewall.  I do have Network Magic and when I checked control internet access it says I am able to do so.  Is there a way to disable Network Magic?  Can that be the issue?  When all this started I had my own internet connetion.  I'm in the process of moving so I have disconnected my internet service.  Since I'm only trying to connect to the router locally, do I really need to have a live internet connection?  Please, HELP!  I don't want to buy a new router.  This one has been very reliable.  If I do have to buy something new, can you recommend something just as reliable. 
  There have been 2 or 3 times where it looked as though I was going to be able to connect to config interface and the firsrt basic screen loads with minimal data and no clickable links to allow me to change screens.  The "&" from one of the links that is supposed to appear but does not,  is the only thing that appears in that area and if I click it, I either get a error from IE that it cannot connect, or, it takes me to the Ports screen with minimal data and I cannot progress from there.  In the top right corner of the screen, it does show the firmware version is 8.00.7.  ?????
  P.S.  Obviously, I'm not very computer savvy so excuse me if I'm missing the obvious.
  Message Edited by Steviegt on 09-29-2009 08:38 AM
  Message Edited by Steviegt on 09-29-2009 08:43 AM
  Windows Vista Home Premium SP2 64-bit
  Internet Explorer v8
  Office 2007 SP2 Home and Student
  Outlook 2007 Standalone
  ESET Smart Security
  WRT54G v8.00.6
  Solved!
  Go to Solution.

  Its Great that your issue has been resolved now...

• I cannot access my router's web configuration interface since Firefox 4. It does not let me enter a password with the username blank (as specified by the router manufacturer). Is there a workaround for this?

  since updating to Firefox 4, I cannot access my router's configuration page (http://192.168.x.x). When prompted for the username and password,Firefox's log in window does not accept a blank username field (The router does not require a username, only a password, and it's the default password). If I click OK, the password entry just comes up again. This works fine in other browsers. Is there anything I can do about this?

  I had this issue, too, and fixed it by turning off the option "Tell Websites I do not want to be tracked" under Options->Advanced->Browsing.

• Need help accessing the router web page.  I have been tol...

  Need help accessing the router web page.  I have been told my router is acting like a switch and the IP address is not in the proper range.  I have tried reseting the router (hold for 30 sec and unplug for 5 mins).  Didn't work.
  thanks

  What router are you using?  Almost all Linksys routers use 192.168.1.1 as the default local IP address, but there is at least one that uses 192.168.16.1 , namely the WTR54GS  (not the WRT54GS).
  You need to try again to reset the router to factory defaults.
  To reset your router to factory defaults, use the following procedure:
  1) Power down all computers, the router, and the modem, and unplug them from the wall.
  2) Disconnect all wires from the router.
  3) Power up the router and allow it to fully boot (1-2 minutes).
  4) Press and hold the reset button for 30 seconds, then release it, then let the router reset and reboot (2-3 minutes).
  5) Power down the router.
  6) Connect one computer by wire to port 1 on the router (NOT to the internet port).
  7) Power up the router and allow it to fully boot (1-2 minutes).
  8) Power up the computer (if the computer has a wireless card, make sure it is off).
  9) Try to ping the router. To do this, click the "Start" button > All Programs > Accessories > Command Prompt. A black DOS box will appear. Enter the following: "ping 192.168.1.1" (no quotes), and hit the Enter key. You will see 3 or 4 lines that start either with "Reply from ... " or "Request timed out." If you see "Reply from ...", your computer has found your router.
  10) Open your browser and point it to 192.168.1.1. This will take you to your router's login page. Leave the user name blank (note: a few Linksys routers have a default user name of "admin" (with no quotes)), and in the password field, enter "admin" (with no quotes). This will take you to your router setup page. Note the version number of your firmware (usually listed near upper right corner of screen). Exit your browser.
  If you get this far without problems, try the setup disk (or setup the router manually, if you prefer), and see if you can get your router setup and working.
  If you cannot get "Reply from ..." in step 9 above, your router is dead.
  If you get a reply in step 9, but cannot complete step 10, then either your router is dead or the firmware is corrupt. In this case, use the Linksys tftp.exe program to try to reload your router with the latest firmware. After reloading the firmware, repeat the above procedure starting with step 1.
  If you need additional help, please state your ISP, the make and model of your modem, your router's firmware version, and the results of steps 9 and 10. Also, if you get any error messages, copy them exactly and report back.
  Please let me know how things turn out for you.
  Message Edited by toomanydonuts on 01-21-2008 04:40 AM

• Cannot connect using Accessing the Router's Web-Based

  I'm trying to update firmware, I have done all the step to access the router's web-based.. I connected DSL to the Ethernet port on the router, from the router I used another Ethernet cable to connect the router to my laptop.. I can't get an internet connection.  The reason why I'm doing the update I have been using WRT54G2 V1 with no problems, all at once I can't connect to the internet using the router.  I was told that I need to perform a firmware update.
  Thank you for the help

  What' s the ip address and the default gateway are you getting on the computer ?
  Connect the DSL modem to the Internet port of the router then use port number one on the router to connect the computer.
  Click on Start > Run > type CMD hit Enter command promt window will appear on the screen.
  In the command promt window tupe "ipconfig" hit Enter. Now you will see the ip address and the default gateway on the screen. Use the default gateway to open the setup page of the router.

• WRT54GX4 - Difficulties Accessing the Router's Web-Based Setup Page

  WRT54GX4 - Difficulties Accessing the Router's Web-Based Setup Page.
  I have tried everything posted to the forums and the Knowledge Base for several weeks now with no luck.  I can power push router and gain access to router's web-base interface but only for a few minutes than it quits loading part way through and or does not load at all.  If I turn off the wireless side I can access the router at will with no problems. My warranty is almost over. I am at my wits end. I would like to get it replaced under warranty if I can. (^8
  Solved!
  Go to Solution.

  Thank you for your recommendations peanuts. (^8
  I bought the router back in December 10, 2006. 
  I updated the firmware to v1.00.20 back in June 2007. After I did a successful firmware upgrade I reset the router to factory default settings and then reconfigured it. It has worked Ok till a couple of months ago.
  I have read everything I can find here on the support forum and in the Knowledge Base several times.
  I have tried changing all the different settings to the different recommendations posted here and in Knowledge Base with no success. Each time I would do a long reset back to factory defaults, let it soak for a few hours and then make one change at a time and let it soak.
  I have been monitoring 6 other wireless AP(s) around me (none mine) for a couple of months too. None of them are strong enough to connect to. My SSID is different from them. I have tried all the channels. My router is passworded and MAC'd.
  It is looking like it is time to call support and try to get a replacement under warranty while it is still in affect.

• Can't access my router's setup page (wrt54g)

  I can't access my router's setup page (wrt54g) after setting it up. The router is working fine, but everytime I try to log on at 192.168.1.1 it says the password is incorrect. The first time I set it up I changed the default user name and password and I thought I had just forgot it, so I reset the device. This time I didn't change any of the defaults and I still can't log on. I already had to reset it several times, and it's just annoying. Does anyone knows how to keep it from happening? I thought it could be a firmware problem, but I can't find any downloads for my route'rs version (V8). I'm using a macbook pro, osx 10.9.2.
  Solved!
  Go to Solution.

  I had the same problem.. After trying the userid and password from my previous WRT54G2 without success and admin admin multiple times, I used the "router name"  ==> Linksys as the user name and the security code that I used to set up the new router  as the password and it let me in..  I was on the phone with LINKSYS technical suport during this 1 hour process and they were as much surprised as I was that this worked..  After gettin on and changing the config, (thanks to Honey), I was able to access the internet from the new E2500 THAT i HAD JUST INSTALLED..  success

• What is the easiest way to access the router from an iPad?  I have no problems accessing it from my laptop.  Even though I am entering the address in the left address box, not the Google search box, it wants to do either a search, or add www beginning of

  What is the easiest way to access the router from an iPad?  I have no problems accessing it from my laptop.  Even though I am entering the address in the left address box, not the Google search box, it wants to do either a search, or add www to the beginning of the IP address.
  I usually can eventually access the router, but it is way to much trouble.  However, I use my iPad hundreds of times more often than my laptop.

  Are you typing http:// in front of the IP address of the router? e.g. http://192.168.0.1
  Sometimes, and with some routers it doesn't seem to like it if you miss off the http://

• Port Forwarding and Accessing my Router

  Well, I'm an idiot! I set up my router and now can't get back into it so I can open some ports for my PS3. I tried 192.168.1.1 but that takes me to my modem (Westell). I am in desperate need of some help and have also tried .0.1 to no luck. Does anyone know how I can access my router. Thanks if so.

  Depending on your opertating system open  start>run> type in CMD <enter>. That should take you to your DOS prompt and from there type in ipconfig /all <enter>.  That will show you a few IP address's and there should be a Gateway IP.  It may be 192.168.1.2 or something like that.  That is your routers IP so when you try to access your router type in http://192.168.1.2 or the addy it lists as your gateway.
  Richard Aichner (Ikester)

• Calculating oversubscription on access layer

  So, the situation is that we have about 240 users (max, no further expansion to this figure) on each floor of a building, spanning across 10 floors. As I understood from the basic calculation, for every 240 users @ 100/1000, I need to deploy 5(48 port stacked switches within each IDF on each floor) (5x48) will share 2x1GigE uplinks(etherchannel) terminated into two different cores with a redundant 2x1G uplink (passive).
  Someone tells me that this will result in an oversubscription ratio of 120:1 in the best case scenario when we fully utilize both uplinks in an active/active setup. Is this ratio unacceptable at access layer?
  Should I consider dual 10GigE uplinks from the access layer to core, to start with, irrespective?
  I currently am working with 1G uplinks and don't see any major hassles. My applications though utilise 3D and CAD drawings but I still feel that 2-4Gig uplink would be more than sufficient for me as I can link aggregate further upto 8Gigs using Cisco Cat 3750E.
  Should we go for 10Gig uplink straightway?
  Your thoughts!!

  You really need to look at your traffic endpoints to determine what the possible bottlenecks are. If most of your users are only going to a couple of servers, then it's likely the bottleneck will be the server links, not you access uplinks.
  With that in mind, a 10 gig link works better than channeled gig links. First, you don't have the problem of multiple flows using the same saturated gig link of a bundle while others are not being used. Second, you don't need to concern yourself that the correct channel hash method is being used.
  Although 10 gig ports are more expensive than gig ports, if you factor in the possible need for additional cable runs and the cost of multiple gig modules, 10 gig might becomes less expensive sooner then you might expect.
  You note you don't have any problems with gig uplinks today. Assuming your moving users from 10/100 to 10/100/1000 and they will be using 1000, unlikely performance will be any worse, but possible it won't improve much either.
  PS:
  Deja-vu - reminds me of moving from 10 to 100 Mbps for users and 100 to gig for uplinks

• Object services - manual implementation of database access layer

  Hello,
  this is my first time with object services. I read a lot but can't find the information which I really need to implement my requirements.
  I have build a persistent class, clicked to "persistence", mapped my persistent attributes. I want to use a table-like attribute in my class, which contains references to another class. I added this attribute manually to the attribute list in the class builder. Consequently, GET and SET methods were generated automatically. Then I changed the generator settings by activating "manual implementation of database access layer".
  So, my first notice is - If I choose manual implementation a call of create_persistent-method will not work. Nothing will be inserted into the mapped data base table.
  Can anybody give me a example which shows how I can implement the database access layer manually? What do I have to do to write object attributes into data base table?
  Which methods do I have to enhance?
  Thanks a lot for any help in advance!
  Anne

  Thanks for your answer, but I would not be sure if you really got my problem.
  I really really read much stuff (including SAP help, sappress "object services in ABAP" by Assig, Fobbe, Niemitz, sappress "abap objects" by keller), I googled a lot. But I couldn't find detailed information about this manual implementation of database access which you can activate in persistence settings.
  This is the only extract out of SAP Help regarding this topic:
  "If you prefer to carry out a manual implementation of the database access layer, select  to change the generator settings and select the field of the same name. In this case you can implement your own database read routines, through which you can redefine the generated SET and GET methods for access to the database. This is particularly recommended if you want to improve performance by providing these routines with their own buffer mechanism. "
  And some information about so calles Structure mapping which means the same idea in my opinion
  "Structure Mapping
  In this case, you map ABAP Dictionary structures, rather than database tables or database views to persistent objects. The application developer must therefore program the type of persistent data storage in the appropriate methods of the class actor.
  You will need to map a structure (or structures) if you want a persistent object to contain table-like attributes. Database tables can only have flat structures, which prevents your mapping the object to a table in this case. You must still use structure mapping, even if you want to store the data in a different form u2013 such as in a file on the application server."
  I used the debugger to get the idea of the SAVE method. But I couldn't find the difference between manual and automatic implementation in the code.
  I tried to use implicit enhancement, but was not successful. Right now I am trying to redefine the SAVE method of the interface IF_OS_CA_SERVICE. But I can't believe that I have to implement the whole attribute-table-mapping on my own now. That can't be the idea of object service and their manual implementation. In my opinion it must be possible to use predefined algorithm to map business key etc. to corresponding table fields and to implement own ideas just for those table-like attributes..
  Or am I totally wrong with this thoughts?
  Thanks in advance!!
  Anne