Asa connection to switch

Hi,
We have a set of users on the cisco 3750 switch. This needs to be connected to an asa where the gateway resides.
I am bit confused on the connection configuration between asa & 3750.
Should i just configure a port on 3750 to vlan 100 & physically connect it to an interface on the asa , while the asa interface gets the layer 3 ip address.
3750:-
int gig1/0/1
des Connection to ASA
switch mode access
switch access vlan 100
ASA:-
interface GigabitEthernet0/1
nameif LINK1
security-level 100
ip address 172.30.10.1 255.255.255.0
Is the above correct? What else would i need to do if the users connected to 3750 need access via the ASA.
Thanks in advance.

Hi,
Are you saying that you only have Vlan 100 on the 3750 and no other Vlans? In that case it would seem fine presuming you have the free ports on the ASA to support this setup.
In the long term its not a good idea since you are going to run out of ASA ports pretty soon (if you do this for many Vlans on multiple switches perhaps). If you have several Vlans which L3 gateway should be on the ASA you would need to have a Trunk to the ASA to conserver ports on the ASA (unless ofcourse some Vlan alone requires a Gigabit link to the ASA with no other Vlans on that link)
The most common problem I see here on the forums related to a setup where there might be a L3 configured 3750 on the internal network and ASA in front of it at the edge of the network is the fact that users have activated routing on the L3 switch and configure Vlan interface (SVI) for their Vlans on the 3750 which are used as gateways for some of the networks and then start expiriencing problems with asymmetric routing with the ASA.
I guess you can avoid such problems by setting up the network in one of these ways
A L2 Switch network with different user Vlans which all have their L3 gateway on the ASA. Provided that the ASA models throughput will not be a problems.
A L3 Switch or router in the LAN acting as the L3 gateway for all the user traffic. This would naturally mean ASA could not control traffic between the networks like in the first setup.
A L3 Switch or router in the LAN acting as the L3 gateway for all the user traffic. Furthermore different LAN/DMZ networks are divided in their own VRFs (own Routing Tables instead of the global routing table). This would enable you to attach each Vlan interface (host gateway) to a specific VRF (routing table) on a single L3 device and therefore separate their traffic and bring it through the ASA (as each VRF could have their own default route and link to the ASA)
There are other options naturally that mix these up with eachother but I would say that the above are the most common ones that I have seen.
But to shortly answer your question again, the configuration you suggest seems to be fine (but perhaps not optimal in the long run)
Hope this helps
- Jouni

Similar Messages

Telnet to ASA from Nei Switch

Hi Everyone.
I have ASA connected to Switch.
This is outside connection.
I was trying to Telnet to ASA from Switch which has outside connection to ASA.
I config the command
telnet 192.168.0.0 255.255.0.0 outside
Still from Switch i am unable to telnet to ASA ?
ASA has default route to switch with route outside command
Need to know things below
1>Is this possible to Telnet to both outside and inside interface of ASA from the nei switch which is on outside interface of ASA ??

Hello,
So this means that outside interface is never allowed telnet by design right?
Correct,
As I mention on my previous post
Also you cannot access a distant-interface, this means from an inside user you will be able to access inside interface but traffic to outside interface ip address will be denied no matter what ( Security desing meassure)
Regards
Remember to rate all of the helpful posts

Failed while creating virtual Ethernet switch. Failed to connect Ethernet switch port

Hello Folks
I am completely stuck with the configuration of my virtual networks. I have one logical switch left to add to one of my Hyper-V 2012 R2 hosts when I started getting the error below when I try to add logical switches to either Hyper-V Host. I have been using
the document. 'Hybrid Cloud with NVGRE (Cloud OS)' to implement the virtual networking. Basically using the exact configuration that is in the document. I have added the PA Logical Network and the Network adapters and added the logical switch for it to my
hyper-v 2012 R2 host and everything was fine. I am now trying to add my ISCSI Logical Switch to the host and this is the error I get. My other Hyper-V host I get this error for any logical switch I am trying to add. Can someone help me with this error. I haven't
been able to find any information about it.
Also a some quick info on tracing an error like this so I can figure out what is causing it.
Thsi is my configuration so far
So as far as I know everything is peachy untill the error below. Dead stop now
Error (12700)
VMM cannot complete the host operation on the 08-NY-VHOST01.accounts.ccac-ont.ca server because of the error: Failed while creating virtual Ethernet switch.
Failed to connect Ethernet switch port (switch name = '******', port name = '88C16766-ED02-4AC0-8CD7-660AC9D424DD', adapter GUID = '{FAF431D8-0124-4E40-BB3B-9234BAA02973}'): The system cannot find the file specified. (0x80070002).
Unknown error (0x800b)
Thank you for your time
Christopher
Christopher Scannell

notice your GUID? you may want to consider ensuring that is the same GUID associated in your database. Sometimes during data corruption theres a smidge of a chance your sql database kind of either pulls old guids esp if this was reverted to snapshot
without it being powered off etc.
I would try that first. then i would consider if you get to configure that with your current liscense associated with the host. I would need way more info to help any further

How to connect SGE2010 switches

I have purchased a SGE2010 and a SGE2000P switches. I wish to connect these two switches together. Do I need to buy a MGBT1 mini-GBIC and connect them that way, or can I just use a switch port on each switch and connect them that way?
Is the MGBT1 really just a module to connect non-gigabit switches via a gigabit trunk with Cat5?
Solved!
Go to Solution.

There were no modules mentioned to connect the switches together, with what I have read from the Cisco or Linksys help page. However, you may want to check out the link I have provided below. It's an article from the Cisco website which discusses stacking SFE and SGE switches. Not as simple as we may think though.
http://www.cisco.com/en/US/products/ps9967/products_qanda_item09186a0080a362e3.shtml

Connecting a Switch to the E4200

Have a Linksys E4200 router located in my basement and I am experiencing a puzzling wired connectivity issue as follows:
Port 1 on the router is for my study, I have no problem getting connection regardless if I use my study's Ethernet jack or if I run a 5 ft. cable (hereinafter THE CABLE) from the router’s port 1 to my laptop (i.e., cabling does not make a difference).
I then connect to router port 1 an EZXS55W Linksys switch (using port 1 on the switch and THE CABLE) and then connect my laptop to port 2 on the switch using a second cable. I am unable to connect to the network/internet even after rebooting both the cable modem and router.
I then reconnect my study to port 1 on the router, I go to my study and connect the study’s Ethernet jack using THE CABLE to port 1 on the switch and using a second cable from port 2 on the switch to my laptop. …. I get an network/internet connection immediately !
Can someone assist with this puzzle ? Has anyone seen this before ? FYI, I have had the exact problem with switches EZXS88W and SE2500 (no longer own this).
Thanks,
Zach
Solved!
Go to Solution.

Sorry but the description of the problem is quite vague and a bit confusing.
To get the switch working properly make sure the router is connected to the uplink port of the switch. Take note: When Uplink port is used, the port adjacent to it becomes inactive (port5) because they are shared. Switches are really pass-through devices so nothing is to be configured.
"Also be aware that on the outside of the box for the EZXS88W switch, there is a picture showing a "Broadband Router" connected to port #1 of the switch. The Uplink is shown as being connected to another switch." The picture shown outside the box refers to how you could connect the switch to other networking devices; router, switch or a hub to expand your network.
Check out these links, hope it could help;
Connecting a Linksys switch to a router
http://homekb.cisco.com/Cisco2/ukp.aspx?pid=93&vw=1&articleid=22996
Checking if the router is working properly when connected to a switch
http://homekb.cisco.com/Cisco2/ukp.aspx?pid=93&vw=1&articleid=22996

Hi, I recently got myself an apple iphone 5s (factory unlocked) phone from the US. However on using the same in India with Vodafone, i am facing a problem where the connectivity keeps switching to EDGE most of the time. Any solutions??

Hi,
I recently got myself an apple iphone 5s (factory unlocked) phone from the US. However on using the same in India with Vodafone, i am facing a problem where the connectivity keeps switching to EDGE most of the time. I have a 3G plan but most of the time it switches automatically to EDGE. Thats when i have to either switch Airplane mode - On/Off and then it acts normal. Any permanant solutions to fix this problem?

Return the iPhone personally or via friend/relative/co-worker who is in
the US. The warranty is valid only in the country of original purchase - the USA
in this case. Apple will not accept international shipments for evaluation nor
will Apple ship out of the country after repair/replacement.
How did the iPhone from the US get to you in India? Reverse that process to
get it back to the US so someone can take it into Apple.

Networking Best Practices - Connecting Two Switches

Connecting two switches together is an easy task, which makes it so frustrating when it doesn’t work. Here we will outline a basic scenario of connecting two switches and achieving connectivity. In these scenarios we will be using commands and settings that will work for most modern PowerConnect switches. However this does not cover all possible scenarios and the commands may differ slightly from switch to switch.
For instance, in most cases you can use General or Trunk mode when connecting two switches. However, on the PowerConnect 62xx series switches, you must use General mode if you want to allow management traffic onto the switch over the PVID. If you use Trunk mode, you will not have the default VLAN on those ports. The ports will only allow tagged traffic.
For more details on the difference between Access, General, and Trunk modes, follow this link.
http://en.community.dell.com/support-forums/network-switches/f/866/p/19445142/20089157.aspx#20089157
It is always a good idea to have the user and CLI guide for your switch, to reference any possible changes in command syntax.
http://support.dell.com/support/edocs/network/
Layer 2
Layer 2 switches operate at the data link layer of the OSI model. Layer 2 is responsible for error checking and transmitting data across the physical media. MAC addressing sources and destination protocols are layer 2 protocols. Layer 2 switches use the MAC address of data packets to determine where those packets should go. It learns the MAC addresses of all devices and creates a segment/forwarding table.
When a switch receives a frame with a destination address that isn't in its forwarding table, the switch forwards the frame to all other ports. If the destination machine responds to the server, the switch will listen to the reply and learn which port the destination machine is attached to. It then adds that MAC address to the forwarding table.
The Dell PowerConnect Layer 2 switches have ports that all operate in VLAN 1 by default. If it is acceptable to have all traffic on the same broadcast domain, then you can simply leave the default alone, connect the two switches and traffic will flow.
If you do not want all traffic on the same broadcast domain, then we need to look at adding additional broadcast domains through the use of VLANs.
We will use 3 VLANs for the following scenario.
VLAN 1=Management
VLAN 2=Client
VLAN 3=Server
To create these VLANs we do the following commands (VLAN 1 is already created by default)
console(config)# vlan database
console(config-vlan)# VLAN 2
console(config-vlan)# VLAN 3
console(config-vlan)# exit
We can then name the VLANs to help keep things organized.
console(config)# interface vlan 2
console(config-vlan)# name Client
console(config-vlan)# exit
console(config)# interface vlan 3
console(config-vlan)# name Server
console(config-vlan)# exit
Once we have the VLANs created we can place a device in that VLAN by placing the port it plugs into, in access mode for the specific VLAN.
So we have a workstation on port e2 we want to be placed in VLAN 2, we would issue the following commands.
console(config)# interface ethernet 1/e2
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 2
console(config-if)# exit
The next port plugs into a server on port e3 we want on VLAN 3, we would issue these commands.
console(config)# interface ethernet 1/e3
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 3
console(config-if)# exit
For the ports connecting the two switches together, we place the ports in trunk mode and specify the native VLAN and allowed VLANs.
For the port e1 that connect the two switches to each other would be configured like this.
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 2,3 tagged
console(config-if)# switchport general pvid 1
console(config-if)# exit
Once these VLANs and port settings are made on both switches. A server connected to switch A on VLAN 3 should be able to communicate with another Server connected to switch B that is also in VLAN 3. Without the use of a router the devices in VLAN 3 will not be able to communicate with devices that are outside of their broadcast domain (i.e. VLAN 2 devices could not reach VLAN 3 devices)
Layer 3 + Layer 2
Until recently, routers were the only devices capable of layer 3 protocols. Switches capable of routing are now available and in widespread use. In most cases we will connect our layer 2 switches to a Layer 3 capable switch to perform our routing for us.
On the layer 3 switches we will use the same VLANs and setup that we did with the layer 2 switches. Then we will add to the configuration.
We can assign an IP address to each switch with the following command.
Switch A
console(config)#ip address 172.16.1.1 255.255.255.0
Switch B
console(config)#ip address 172.16.2.1 255.255.255.0
Then we will enable routing only on Switch A
console(config)# ip routing
Switch A we assign an IP address to VLAN 2 and enabling routing on the VLAN.
console(config)# interface vlan 2
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.20.1 255.255.255.0
console(config-if-vlan2)# exit
Switch A we assign an IP address to VLAN 3 and enabling routing on the VLAN.
console(config)# interface vlan 3
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.30.1 255.255.255.0
console(config-if-vlan2)# exit
On both switch A and switch B we will keep things simple and use interface 1/e1 for the connection between each switch. Setting both switches 1/e1 to general mode, allowing the additional VLAN 2,3, and keeping the PVID of 1.
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode general
console(config-if)# switchport general allowed vlan add 2,3 tagged
console(config-if)# switchport general pvid 1
console(config-if)# exit
We will have one client computer connect to switch A on port 1/e2 and one client connect to switch B on port 1/e2. These ports will be in access mode for VLAN 2, and the config should look like this on both switches.
console(config)# interface ethernet 1/e2
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 2
console(config-if)# exit
We will have another client computer connect to switch A on port 1/e3 and one client connect to switch B on port 1/e3. These ports will be in access mode for VLAN 3, and the config should look like this on both switches.
console(config)# interface ethernet 1/e3
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 3
console(config-if)# exit
On Clients connected to Switch A we will assign an IP address and gateway based on the VLAN they are in access mode for.
Client connected to access port for VLAN 2.
IP Address:172.16.20.11
Default Gateway:172.16.20.1
Client connected to access port for VLAN 3.
IP Address:172.16.30.11
Default Gateway:172.16.30.1
On Clients connected to Switch B we will assign an IP address and gateway based on the VLAN they are in access mode for.
Client connected to access port for VLAN 2.
IP Address:172.16.20.12
Default Gateway:172.16.20.1
Client connected to access port for VLAN 3.
IP Address:172.16.30.12
Default Gateway:172.16.30.1
External Connection
At some point we may want traffic to have an external connection. To do this we can create a new VLAN for our point to point connection from Switch A to our router. We will use VLAN 7 for this and assign an IP address.
console(config)# vlan database
console(config-vlan)# VLAN 7
console(config-vlan)# exit
console(config)# interface vlan 7
console(config-vlan)# name WAN
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 10.10.10.2 255.255.255.0
console(config-if-vlan2)# exit
On our router we will assign an IP address of 10.10.10.1
Then place the port connecting the switch and router into access mode for VLAN 7. In this case we use port e4.
console(config)# interface ethernet 1/e4
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 7
console(config-if)# exit
We will then need to put in a default route with the next hop as the router IP address. This allows the switch to know where to route traffic not destined for VLANs 2, 3, or 7.
console(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1
Next on the router we’ll need to add a route back so the router knows about the networks attached to switch A. Generally adding a static route on most routers is done with the following command:
ip route {Network} {Wildcard Mask} {Next Hop-IP}
In our case here are the 2 static routes we could use.
Ip route 172.16.20.0 0.0.0.255 10.10.10.2
Ip route 172.16.30.0 0.0.0.255 10.10.10.2
The routing that we enabled on Switch A will enable traffic from the other VLANs to traverse over port 1/e4 to the router, connecting us to external traffic. The routes we added to the router allow the traffic to flow back to the switch over port 1/e4.
Layer 3 + Layer 3
In some situations we have two switches, each setup to route for its own broadcast domain, which we want to connect together. In this situation we no longer have a need to use Trunk or General mode between the switches. Instead we can create a common VLAN that will be used for the connection between the two switches.
To create this VLAN we will run the following commands on both switch A and B
console(config)# vlan database
console(config-vlan)# vlan 6
console(config-vlan)# exit
console(config)# interface vlan 6
console(config-vlan)# name Connection
console(config-vlan)# exit
On switch A we assign an IP address to VLAN 6 and enable routing on the VLAN.
console(config)# interface vlan 6
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.60.1 255.255.255.0
console(config-if-vlan2)# exit
On switch B we assign an IP address to VLAN 6 and enable routing on the VLAN.
console(config)# interface vlan 6
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.60.2 255.255.255.0
console(config-if-vlan2)# exit
On both switch A and B we place the connecting ports into Access mode for VLAN 6.
console(config)# interface ethernet 1/e1
console(config-if)# switchport mode access
console(config-if)# switchport access vlan 6
console(config-if)# exit
We then need to make some changes to switch B now that it is layer 3 and not layer 2 and has its own broadcast domain.
We will enable routing on Switch B
console(config)# ip routing
What used to be VLAN 2 and 3 will now be VLAN 4 and 5 for our separate broadcast domains.
Switch B we assign an IP address to VLAN 4 and enabling routing on the VLAN.
console(config)# interface vlan 4
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.40.1 255.255.255.0
console(config-if-vlan2)# exit
Switch B we assign an IP address to VLAN 5 and enabling routing on the VLAN.
console(config)# interface vlan 5
console(config-if-vlan2)# Routing
console(config-if-vlan2)# ip address 172.16.50.1 255.255.255.0
console(config-if-vlan2)# exit
On Clients connected to Switch B we will assign an IP address and gateway based on the VLAN they are in access mode for.
Client connected to access port for VLAN 4.
IP Address:172.16.40.11
Default Gateway:172.16.40.1
Client connected to access port for VLAN 5.
IP Address:172.16.50.11
Default Gateway:172.16.50.1
The end result should look like this.
Troubleshooting
If we are having issues with connectivity, we may need to place some static routes in place to help traffic to the next hop in the network.
On switch A we configure a static route to help traffic to the next hop in the network, which is the router.
console(config)# ip route 0.0.0.0 0.0.0.0 10.10.10.1
The external router will also need a path defined back to all networks/VLANs.
To check the status of a port we can use the command. Show interfaces detail, this will help us see the port status. For example to check the status of port 48, we would run this command.
console# show interfaces detail ethernet 1/g48
To check routing paths:
console# show ip route
The IP address of the network for each VLAN should be listed as C – Connected. Then also a path or default route to your upstream router.
We can use basic ping commands from a client to help test where connectivity is dropping off at. By doing this we can narrow down where in the network to start troubleshooting.
-Ping from client to default gateway, being the VLAN the client is in access mode for. If this fails then we may need to double check our client settings making sure the proper IP and gateway are being used.
-Ping from client to the ip address of the switch the client plugs into. If this fails we may not have VLAN routing enabled on the VLAN the client is in.
-Ping from client to another client on same VLAN, same switch. If this fails we need to check on client settings, IP address and gateway.
-ping from client to another client on different VLAN, same switch. If this fails we need to double check the VLAN routing commands are in place.
-ping from client to the ip address of the next switch in the network. If this fails then check Trunk port configuration from switch to switch, ensuring the VLAN is added to the Trunk port.
-ping from client to another client on same VLAN, different switch. If this fails, check Trunk port settings.
-ping from client to another client on different VLAN, different switch. If this fails then check trunk settings and VLAN routing configuration.

Derek,
I tried to draw my prefered setup for this network configuration.
I would create a Team with the two 1 GBit NICs and use it for Domain, DNS, Backup and any SystemCenter Agents.
I would also Team the two 10 GBit NICs and than assign it to a Hyper-V Switch for the VMs. In Windows Server 2012 it is posible to create vNICs for the Management OS that use this Hyper-V Switch (Converged Network Design). I would create two vNICs SMB1
and SMB2 to use them for Cluster and Livemigration traffic with SMB Multichannel. If your storage system supports SMB Multichannel you can also use both as storage NICs (but this depends wich vendor you have).
Hope this helps.
Grüße/Regards Carsten Rachfahl | MVP Virtual Machine | MCT | MCITP | MCSA | CCA | Husband and Papa |
www.hyper-v-server.de | First German Gold Virtualisation Kompetenz Partner ---- If my answer is helpful please mark it as answer or press the green arrow.

Connect unmanaged switch to 887VA fast ethernet port

I tried connecting an unmanaged (and dumb) switch to one of the four fast ethernet ports on the back of the router. I configured the port to act as an access port bound to a specific VLAN, say no. 100.
What I can see on the LEDs of the unmanaged switch is that the link goes up and down every few seconds. I don't know if this is related to the spanning tree protocol and unfortunately the unmanaged switch doesn't know about STP and doesn't send out BPDUs.
So, how I should configure the port in order to avoid the link going up and down?
The actual conf. for the port:
interface fastEthernet 3
switchport mode access
switchport access vlan 100

What do you mean by dumb siwthc? What model/make/company is that switch?
Can you try to do the reset of the switch so that it wipe off all the config what so ever present on the box and then try to connect the switch to the router?

URGENT HELP-Connecting 2 Switches

Hi All,
I need to connect 2 switches (2960 & 2960S) with only one single link in our LAN network. This is to get extra number of ports.
Requesting your help with the followings:
Please confirm if straight throug cable will work to connect between the above two switches
What will be the best configuration on each port (in sw1 & 2) to avoid any kind of loop? For example: spanning tree command
Please advise
Thanks in advance

Ok. Here are the outputs:
For SW1:
sw1#show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 2
VTP Domain Name                 : dr
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 9caf.ca74.8400
Configuration last modified by 10.212.100.11 at 9-2-13 12:20:53
Local updater ID is 10.212.100.11 on interface Vl100 (lowest numbered VLAN interface found)
Feature VLAN:
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 255
Number of existing VLANs          : 15
Configuration Revision            : 17
MD5 digest                        : 0xDE 0xA3 0x3E 0x80 0x2A 0x70 0x29 0xEC
                                    0xBB 0x30 0x88 0x32 0x6D 0x17 0x22 0x9A
sw1#show spanning-tree vlan 100
VLAN0100
Spanning tree enabled protocol rstp
Root ID    Priority    32868
             Address     9caf.ca74.8400
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32868 (priority 32768 sys-id-ext 100)
             Address     9caf.ca74.8400
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi0/1               Desg FWD 4         128.1    P2p Edge
Gi0/6               Desg FWD 19        128.6    P2p Edge
Gi0/7               Desg FWD 4         128.7    P2p
Gi0/8               Desg FWD 4         128.8    P2p
Gi0/9               Desg FWD 19        128.9    P2p Edge
Gi0/10              Desg FWD 19        128.10   P2p
Gi0/15              Desg FWD 19        128.15   P2p Edge
Gi0/16              Desg FWD 19        128.16   P2p Edge
Interface           Role Sts Cost      Prio.Nbr Type
Gi0/21              Desg FWD 4         128.21   P2p
Gi0/22              Desg FWD 4         128.22   P2p Edge
Po6                 Desg FWD 2         128.96   P2p
sw1#show spanning-tree vlan 103
VLAN0103
Spanning tree enabled protocol rstp
Root ID    Priority    32871
             Address     9caf.ca74.8400
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32871 (priority 32768 sys-id-ext 103)
             Address     9caf.ca74.8400
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi0/7               Desg FWD 4         128.7    P2p
Gi0/8               Desg FWD 4         128.8    P2p
Gi0/21              Desg FWD 4         128.21   P2p
Po6                 Desg FWD 2         128.96   P2p
For SW2:
sw2#show vtp s
qadr-sw2#show vtp status
VTP Version capable             : 1 to 3
VTP version running             : 2
VTP Domain Name                 : dr
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 9caf.ca7b.3800
Configuration last modified by 10.212.100.11 at 9-2-13 12:20:53
Local updater ID is 10.212.100.12 on interface Vl100 (lowest numbered VLAN interface found)
Feature VLAN:
VTP Operating Mode                : Server
Maximum VLANs supported locally   : 255
Number of existing VLANs          : 15
Configuration Revision            : 17
MD5 digest                        : 0xDE 0xA3 0x3E 0x80 0x2A 0x70 0x29 0xEC
                                    0xBB 0x30 0x88 0x32 0x6D 0x17 0x22 0x9A
sw2#show spanning-tree vlan 100
VLAN0100
Spanning tree enabled protocol rstp
Root ID    Priority    32868
             Address     9caf.ca74.8400
             Cost        2
             Port        96 (Port-channel6)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32868 (priority 32768 sys-id-ext 100)
             Address     9caf.ca7b.3800
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi0/1               Desg FWD 4         128.1    P2p Edge
Gi0/6               Desg FWD 19        128.6    P2p Edge
Gi0/7               Desg FWD 4         128.7    P2p
Gi0/8               Desg FWD 4         128.8    P2p
Gi0/9               Desg FWD 19        128.9    P2p Edge
Gi0/14              Desg FWD 4         128.14   P2p Edge
Gi0/15              Desg FWD 19        128.15   P2p Edge
Gi0/21              Desg FWD 4         128.21   P2p Edge
Gi0/22              Desg FWD 4         128.22   P2p
Po6                 Root FWD 2         128.96   P2p
sw2#show spanning-tree vlan 103
VLAN0103
Spanning tree enabled protocol rstp
Root ID    Priority    32871
             Address     9caf.ca74.8400
             Cost        2
             Port        96 (Port-channel6)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32871 (priority 32768 sys-id-ext 103)
             Address     9caf.ca7b.3800
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi0/7               Desg FWD 4         128.7    P2p
Gi0/8               Desg FWD 4         128.8    P2p
Gi0/22              Desg FWD 4         128.22   P2p
Po6                 Root FWD 2         128.96   P2p

2960x - stack cables connected while switches power on. SFP ports - status unknown

Connected 2960x uplink using SFP ports both stacks and all 4 ports worked good.
Remote tech connected last stack cable between first and last switch, in 2 different 2960x stacks of switches, while switches were powered on. A longer stack cable was needed. 3 of 4 SFP ports did stopped communicating.
One stack SFP stayed up in switch 2, not master. Completed reload - other SPF connected in switch 4/0/52
Second stack no connection on either SFP, remote tech power cycled switches.
After power cycle one SFP worked in Master 1/0/52, other switches SFP ports show "unknown" when inserting SFP.
Configured port 48 on stack with issue and connected second uplink just fine.
Has anyone experienced this with the SFP's?
- GLC-T P/N 30-1410-03
Looking for documentation on reccommending procedure for connecting stack cables while switches should be powered off or not.
Thanks,

Opened Cisco TAC case. the following bug was found.
the two different HBRN's below require 2 different IOS and they cannot be in same stack.
https://tools.cisco.com/bugsearch/bug/CSCur56395
switch#sh ver | s Hardware Board
Hardware Board Revision Number : 0x05
switch#remote command 2 sh ver | s Hardware Board
Switch : 2 :------------ Hardware Board Revision Number : 0x05
switch#remote command 3 sh ver | s Hardware Board
Switch : 3 : ------------ Hardware Board Revision Number : 0x12
switch#remote command 4 sh ver | s Hardware Board
Switch : 4 :------------Hardware Board Revision Number : 0x12
From Cisco.
Developers have recommended to upgrade the IOS version of switches with a Hardware Board revision Number below 0x10 to the release 15.0(2.0).EX5ES. this is the one attached to this email and should be applied to switch 1 and 2.
For switches with a Hardware Board revision Number above 0x10 to the release 152-2.4.E1ES, which I will send you right away. This should be done on switch 3 and 4.
Now, If you load the engineering special, you will need to do a full power-cycle (physically unplug the power and plug it back in for every single switch). A simple ‘reload’ will not resolve this.
The same must be done on Switch-0. For this stack you will only need to load the image attached to this email since all the Hardware Board revision Numbers are lower than 0x10.
done.

Unable to connect SD2008 switch to WRT610N

I recently acquired a SD2008 8 port switch. I attempted to connect it to my existing WRT610N router, and I am unable to get connectivity to the internet with devices connected to the switch. I am not using a crossover cable to connect the switch to the router, but as I understand it, that should not matter as the SD2008 does not require this. I have the switch connected via port 1 on the switch to port 4 of my WRT610N. Any suggestions?

I actually already tried that and unfortunately, it did not work. I was then looking on various sites regarding the SD2008 version 2.1 which is the version I have, and there have been technical concerns about this particular unit. I noted it had a lifetime warranty, and took it back to where I bought it, and they gave me a new one-version 3. I plugged it in and it worked on the first try without power cycling the network or router.
Thank you for your reply. Maybe it was just a bad unit. I could not figure it out for the life of me.

Can you Connect Cisco switch modules for to N2K?

I have not seen anything about connecting Cisco Switch modules for Blade Chassis to fex. Does anybody now if you can do that?
thank you.

thank you Lucien.
I think you got a right name for N2Ks, a NIC card extender. In my opion N2K should be able to support Blade switches. Not every company has just rack mount servers, most enviroment is mixed. In my case, I run out ports on N5K, but plenty available on N2K. I want add two more blade centers with gig switch modules in them. now I have to buy a N5K!!!. I'm sure Cisco can make N2K to support switches too.

Connect to switch loopback address

Hello,
I have a loopback address on swich A, also switch A connects to switch B through a trunk. Switch B has 3 SVI vlans that are routed thru eigrp. What I want to do is connect to switch A to loopback IP address. I tried a static route but did not work can connect to loopback address. The config for switch A is loopback address is 192.168.137.6 255.255.255.255. On swich B one switch SVI address is 192.168.136.1 255.255.255.128 and eigrp routes 192.168.136.1 thru network 192.168.136.0. Can I use a static route from loopback address to SVI address 192.168.136.1 I tried that did not work. I just want to configure something only on switch A to connect to loopback address for management, any suggenstions what will work and with what switch commands?
Thanks,

I am not fully understanding the environment that you describe and so do not fully understand your issue. But based on what I think that I do understand it seems to me that it should be possible to configure a host specific static route on switch B that would allow you to connect to the loopback on switch A, assuming that switch A has an IP address other than the loopback which is reachable from switch B. If this does not seem to adequately address your question then please provide clarification of your question.
HTH
Rick

Can I connect two switches to a server?

We share an office with another company but we currently have separate servers and networks.
I'm looking into the possibility of us sharing their server.
The thing is we both have our own switches and and I want to avoid any rewiring of the network. Will I be able to use two switches?
It's a 2x 2.8 GHz quad core intel xeon (with dual ethernet). So is it just a matter of connecting both switches to the server and configuring them in some way?

Hi Christiaan,
I end up doing this quite often. You have a few options, the simplest is below...
How many users and devices that require network connections does each company have? If it's under 254 which it sounds like it is and your happy to have the users on the same network, sharing the same ISP. Then the easiest option is going to be your company sharing their network. You'd save a bit of money on your internet connection which could be used to increase the bandwidth on the other companies line if needed.
You would do following. Make sure all devices that need a fixed IP address such as printers/mfds'/switches/WiFI/phone system (if applicable) are changed to a fixed IP address with the relevant subnet mask, dns and gateway from the other companies network. You'd obviously need to get the relevant numbers from their IT guy.
Then you could use your switch as extra capacity on their network by linking it with their switch. Obviously you'd want to use the fastest possible connection between the switches or look to buying something new with more ports. If you both have something like the HP 1810G ProCurve or a compatible switch you can buy two fibre transceivers and connect them with a fibre cable, this will free up more ports for users on the switch or simply connect them via an ethernet cable. On the 1800 series you can use LACP which allows you to use up to 4 ethernet ports to improve the bandwidth thus giving you a 4gigabit connection to their network. Depending on how much traffic there is going to be you might want to skip that as there might be no need.
Then it's just a case of creating your users on their server and creating an area for your company that only you have the access rights to and creating a shared area inter-company area if you want to easily ping them over files.
What do you both use for email? Are you going to look to share a server for it?
Hope that helps
Beatle

Wi-fi always has to be hand connected when switching programs or useres

I have an imac running on 10.7.5 that wi-fi always has to be hand connected when switching programs or users. Can anyone help? Is something wrong with my settings? It will also look for all surrounding wi-fi connections, I cannot seem to get it to only connect to mine.

There are some apps that let you check the speed of your Wifi or let you analyze your network connections.
Search for "Wifi finder", "System Status" or similar apps.

Asa connection to switch

Similar Messages

Maybe you are looking for