Catalyst 3550 & HSRP v2

Similar Messages

• Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet

  I've about pulled what little hair I have out of my head on this one, and need some configuration help.
  I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached.  All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly.  I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet.  I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong.  When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work.  Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers?  Here's what I am looking for:
  INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESS

  The Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
  The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
  HTH,
  John

• Catalyst 3550: Loading IOS via TFTP from ROMmon?

  Hi everybody,
  I need to load an IOS from ROMmon-mode to a Catalyst 3550.
  Of cause I could do that via xmodem but I thought it should also be possible via TFTP.
  What I did:
  switch: IP_ADDRESS=192.168.1.1
  switch: IP_SUBNET_MASK=255.255.255.0
  switch: TFTP_SERVER=192.168.1.2
  switch: TFTP_FILE=c3550-ipservicesk9-mz.122-35.SE5.bin
  switch: DEFAULT_GATEWAY=192.168.1.1
  switch: set
  BOOT=tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin
  DEFAULT_GATEWAY=192.168.1.1
  IP_ADDRESS=192.168.1.1
  IP_SUBNET_MASK=255.255.255.0
  MAC_ADDR=00:0F:90:7F:B1:00
  MODEL_NUM=WS-C3550-48-SMI
  MODEL_REVISION_NUM=L0
  MOTHERBOARD_ASSEMBLY_NUM=73-5701-09
  MOTHERBOARD_REVISION_NUM=A0
  MOTHERBOARD_SERIAL_NUM=CAT08130PUT
  POWER_SUPPLY_PART_NUM=34-0967-02
  POWER_SUPPLY_SERIAL_NUM=DTH08094HH7
  SYSTEM_SERIAL_NUM=CAT0813Z29A
  TFTP_FILE=c3550-ipservicesk9-mz.122-35.SE5.bin
  TFTP_SERVER=192.168.1.2
  switch: boot tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin
  Loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"...tftp://192.168.1.2/c35 50-ipservicesk9-mz.122-35.SE5.bin: permission denied
  Error loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"
  Interrupt within 5 seconds to abort boot process.
  Boot process failed...
  switch: boot
  Loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"...tftp://192.168.1.2/c35 50-ipservicesk9-mz.122-35.SE5.bin: permission denied
  Error loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"
  Interrupt within 5 seconds to abort boot process.
  Boot process failed...
  Am I doing something wrong or is it generally impossible to load an IOS via TFTP to a 3550?
  Thanks in advance
  Rolf

  I am pretty sure you can't boot from a TFTP server with the Catalyst 3550 (or any of the other standalone access switches - 2950, 3550, 3560 3750 etc). If you want to recover one you need to recover it using XModem via the console:
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_tech_note09186a0080169696.shtml
  I used to think you had to do this at 9600-baud, however you can increase the baudrate and it only takes 10-20 minutes (I couldn't get 115200 to work but 57600 worked OK and took about 20-minutes).
  You need to remember to put the baud rate back to 9600 when the image is back on as it gets stored in NVRAM and reboots etc are at the stored speed (i.e. changing it after it has booted under the line con 0 doesn't get saved to NVRAM).
  HTH
  Andy

• Policy-map on catalyst 3550

  dear all,
  how to configure policy-map on catalyst 3550 to shapping bandwidth. I've tried to setting that police-map in one of interface, but when I wrote sh policy-map interface fa0/1, in class-map field, the result are
  class-map: policeIn (match-all)
  0 packets, 0 bytes
  5 minute offered rate 0 bps, drop rate 0 bps
  match: access-group 112qm_police_inform_feature: CLASS_SHOW
  Could u give me a clue..??
  thx.
  ..::rhiez::..

  hi,
  i've checked statistic of interface and there is traffic on that interface :
  Hardware is Fast Ethernet, address is xxxx.xxxx.xxxx.xxxx(bia xxxx.xxxx.xxxx)
  MTU 1500 bytes, BW 512 Kbit, DLY 100 usec,
  reliability 255/255, txload 102/255, rxload 42/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Half-duplex, 100Mb/s
  input flow-control is off, output flow-control is off
  ARP type: ARPA, ARP Timeout 04:00:00
  Last clearing of "show interface" counters 00:03:16
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue :0/40 (size/max)
  5 minute input rate 85000 bits/sec, 67 packets/sec
  5 minute output rate 961000 bits/sec, 201 packets/sec
  12965 packets input, 2137646 bytes, 0 no buffer
  Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
  0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
  0 watchdog, 0 multicast, 0 pause input
  0 input packets with dribble condition detected
  38564 packets output, 23504798 bytes, 0 underruns
  0 output errors, 46 collisions, 0 interface resets
  0 babbles, 0 late collision, 62 deferred
  0 lost carrier, 0 no carrier, 0 PAUSE output
  0 output buffer failures, 0 output buffers swapped out
  is there another way to shapping bandwidth per vlan or per port interface on catalyst 3550 with IOS 12.1(8).
  thx.
  ..::rhiez::..

• Need help - Catalyst 3550 on CCM4.1 Voip

  Guys.
  We had a Catalyst 3550 switch fail last week, and the guy who really knows this system has left the company.
  The switch has a non-free molecules error, which i believe is terminal.
  I've sourced a replacement switch and need help configuring it.
  I copied the running config from it's sister switch (there are only 2 switches on this ccm), however, the sister switch is a 3560.
  I changed the I.P address and switch name before uploading it to the 3550 on the off chance it might just work.
  Show run on the 3550 shows that it might be configured, but when i connected it, it took the gateway down.
  I'm really up the creek at the moment unless i can get someone to either look at it, find an old config or get this guy back in for a few hours.
  Any advice would be greatly received.
  Looking at show run, i see two refernces to VLAN's
  interface Vlan1
   ip address 170.205.238.3 255.255.255.0
  interface Vlan10
   ip address 10.10.0.254 255.255.255.0
  ip classless
  ip route 0.0.0.0 0.0.0.0 170.205.238.1
  no ip http server
  The I.P address 170.205.238.1 is alien to me.. i don't know what this is. However, what i do know is that i never changed this. This IP address is the same in the 3560.
  Could this cause an issue ?. I'm not aware of anything on a 170.X.X.X subnet, this could have been some legacy from the previous owners of the building.
  The first 3 ports in the switch are connected to the publisher, subscriber and gateway router.
  Does it matter which port is connected to which component. ?
  I believe that i can't be too far away from configuring this, but without any help, i'm a bit stuck.
  LEE-SW-CC_VOIP-01#show run
  Building configuration...
  Current configuration : 6147 bytes
  version 12.1
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname LEE-SW-CC_VOIP-01
  enable secret 5 $1$2BRP$UtiYkRMAsp7roykkfRDo3/
  username cisco privilege 15 secret 5 $1$mh3w$w8H5ygAfDUOBdiE2UftB8.
  ip subnet-zero
  ip routing
  vtp domain LEE
  vtp mode transparent
  mls qos map cos-dscp 0 8 16 26 32 46 48 56
  mls qos
  no file verify auto
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan 10
  interface FastEthernet0/1
   switchport access vlan 10
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/2
   switchport access vlan 10
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/3
   switchport access vlan 10
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/4
   switchport access vlan 10
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/5
   switchport access vlan 10
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/6
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/7
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/8
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/9
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/10
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/11
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/12
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/13
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/14
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/15
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/16
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/17
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/18
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/19
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/20
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/21
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/22
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/23
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface FastEthernet0/24
   switchport mode access
   switchport voice vlan 10
   no ip address
   mls qos trust device cisco-phone
   mls qos trust cos
   auto qos voip cisco-phone
   spanning-tree portfast
  interface GigabitEthernet0/1
   switchport trunk encapsulation dot1q
   switchport mode trunk
   no ip address
   mls qos trust cos
   udld port aggressive
   auto qos voip trust
  interface GigabitEthernet0/2
   switchport trunk encapsulation dot1q
   switchport mode trunk
   no ip address
   mls qos trust cos
   udld port aggressive
   auto qos voip trust
   priority-queue out
  interface Vlan1
   ip address 170.205.238.3 255.255.255.0
  interface Vlan10
   ip address 10.10.0.254 255.255.255.0
  ip classless
  ip route 0.0.0.0 0.0.0.0 170.205.238.1
  no ip http server
  logging trap debugging
  line con 0
   exec-timeout 0 0
   privilege level 15
   login local
  line vty 0 4
   privilege level 15
   login local
   length 0
  line vty 5 15
   privilege level 15
   login local
   length 0
  end
  LEE-SW-CC_VOIP-01#

  Always wanting to learn more, I re-instated the test config and ran those commands.
  LEE-SW-CC_VOIP-01#show cdp neighbor
  Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                    S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
  Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
  LEE-SW-CC_VOIP-01#show ip int brief
  Interface                  IP-Address      OK? Method Status                Prot
  ocol
  Vlan1                      170.205.238.2   YES NVRAM  up                    down
  Vlan10                     10.10.0.254     YES NVRAM  up                    down
  FastEthernet0/1            unassigned      YES unset  down                  down
  FastEthernet0/2            unassigned      YES unset  down                  down
  FastEthernet0/3            unassigned      YES unset  down                  down
  FastEthernet0/4            unassigned      YES unset  down                  down
  FastEthernet0/5            unassigned      YES unset  down                  down
  FastEthernet0/6            unassigned      YES unset  down                  down
  FastEthernet0/7            unassigned      YES unset  down                  down
  FastEthernet0/8            unassigned      YES unset  down                  down
  FastEthernet0/9            unassigned      YES unset  down                  down
  FastEthernet0/10           unassigned      YES unset  down                  down
  FastEthernet0/11           unassigned      YES unset  down                  down
  FastEthernet0/12           unassigned      YES unset  down                  down
  FastEthernet0/13           unassigned      YES unset  down                  down
  FastEthernet0/14           unassigned      YES unset  down                  down
  FastEthernet0/15           unassigned      YES unset  down                  down
  FastEthernet0/16           unassigned      YES unset  down                  down
  FastEthernet0/17           unassigned      YES unset  down                  down
  FastEthernet0/18           unassigned      YES unset  down                  down
  FastEthernet0/19           unassigned      YES unset  down                  down
  FastEthernet0/20           unassigned      YES unset  down                  down
  FastEthernet0/21           unassigned      YES unset  down                  down
  FastEthernet0/22           unassigned      YES unset  down                  down
  FastEthernet0/23           unassigned      YES unset  down                  down
  FastEthernet0/24           unassigned      YES unset  down                  down
  GigabitEthernet0/1         unassigned      YES unset  down                  down
  GigabitEthernet0/2         unassigned      YES unset  down                  down
  LEE-SW-CC_VOIP-01#

• Password reset on a Cisco Catalyst 3550 series

  We have a Cisco Catalyst 3550 series, and we don't have the password to gain access to the switch through a web browser. My question is if I reset the password using Hyper-terminal, does changing the password affect any vlan or fiber optic settings that I should know about. Or does resetting the password changes our switch to factory settings? 

  Hi,
  The password recovery procedure for your switch is described in this document:
  http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html
  If you follow the instructions in the document exactly, you will retain the original configuration - you just rename the configuration file so that it is not loaded when the switch boots up. However, you will still be able to display it after the switch boots up using the more flash:config.old . Eventually, you can even load it into running-config using copy flash:config.old running-config command. At that point, the old passwords will be brought back but because you already are in the privileged EXEC mode, you can change them and save the updated configuration.
  VLANs should not be affected as long as you do not delete the vlan.dat file located in FLASH. Fiber optic ports should not be affected as long as you are using original Cisco GBICs. If you're using 3rd party GBICs, it may be necessary to enter the service unsupported-transceiver hidden command in the global configuration mode before they get recognized.
  Good luck!
  Best regards,
  Peter

• Catalyst 3550-48 unable to boot

  Hi,
  I have a catalyst 3550-48 switch which is running the ios image c3550-ipbase-mz.122-25.SEB4.bin. the problem is now its not booting, it directly goes to rommon mode from there if I issue the command boot flash:c3550-ipbase-mz.122-25.SEB4.bin it gives me the error message like loading ...... c3550-ipbase-mz.122-25.SEB4.bin .....magic number mismatch:bad mzip file
  please help me to resolve the issue

  Hi Friend,
  Seems to be a corrupt image. The best solution will be to xmodem the same image again.
  Download the same image again from cisco.com and xmodem to the switch.
  Have a look at this xmodem procedure
  http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080320001.html
  HTH, if yes please rate the post.
  Ankur

• Catalyst 3550 & 3560/3750 command 'show mls qos interface statistics'

  On the Catalyst 3550 the command 'show mls qos interface statistics' will show ingress packet (or byte) counts with DSCP values. If you have policers configured then it also shows a count of packets that have been marked down to another DSCP value due to policing or any that have been dropped (obviously 'mls qos monitor dscp x' needs configuring). The same command on the 3560/3750 only shows the ingress & egress DSCP values, there is no column that shows packets (or bytes) that have been policed or dropped. Is there any command to display the same information with the 3560/3750?
  Neither platform show counters when the command 'show policy-map interface x/x' is used so this won't work.
  Thanks
  Andy

  Hi, I believe there is a command on the 3560 'sh mls qos interface policers' may be what you are looking for.
  Here is what the command says it outputs:
  To display QoS information at the interface level. This information includes:
  The configuration of the egress queues and the CoS3-to-egress-queue map
  Which interfaces have configured policers
  Ingress and egress statistics, which includes the number of bytes that have been dropped

• Catalyst 3550 and unidirectional multicast

  I have several segments routed by several Catalysts 3550. In one of the segments i start multicast TV streamer. I use IGMP and PIM to route the multicast. But how to restrict the clients only to receive multicast TV stream not to send multicast traffic to other segments joined the same group ?

  Setting a boundary or setting scope will restrict all multicast traffic and preventing any local client from sending any multicast would also prevent forwarding the received multicast any further. Depending on the topology and what the processing requirements are this might or might not be a good solution.
  Another alternative to consider is if you want to allow received multicast to be forwarded but want local originated multicast not to be forwarded would be to configure an outbound access list on the interface. In the access list would be a line like this:
  deny ip 224.0.0.0 15.255.255.255
  this will deny any packet with any broadcast destination address which has a source address within the local subnet. The acccess list would also have to have appropriate permit commands for the traffic that you do want to send (perhaps permit ip any any).
  HTH
  Rick

• Catalyst 3550 Strong Cryptographic Software

  What do you lose/gain using Catalyst 3550 Strong Cryptographic Software for features. Are there any authentication features/services not available in the non-crypto image. Need to answer this for a HIPAA review.

  I have used Cisco's Software Advisor to look for differences in the crypto and non-crypto images. For several releases the Advisor does not list any differences. I did find a release 12.1EA1 where it did list differences. As far as authentication services there were no differences listed. It did list support for SSH in the crypto image which is not in the non-crypto image. So depending on how broad your definition of services is there may be a difference that you might care about.
  HTH
  Rick

• Catalyst 3550 stack and etherchannel

  I wonder if it is possiable to organize gigabit etherchannel from stack of two catalyst 3550 to server. The problem is to connect server's 2-port NIC to both switches, not just one, and have loadbalancing over 2 links while staying connected in case one of the switches goes down. If not, is it possiable with 3750 switches.

  Hi,
  This is not possible on 3550's as they do not use true stacking feature on that and moreover both the switches have different configs and they do not get Sync. I think it is possible in case of 3750's, though havnt tried myself.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12119ea1/3750scg/swethchl.htm#1033981
  regards,
  -amit singh

• ACL's in VLAN Catalyst 3550

  Hello !!
  We have a Switch Catalyst 3550 - 12G
  IOS : Version 12.2(25)SEA
  I need to implement ACL security in VLAN's. But, it did't work.
  VLAN 11 Definition :
  interface Vlan11
  description VLAN - RED WAN
  ip address 192.168.21.1 255.255.255.0
  Interface association (g0/7) with VLAN 11 and extended ACL (ip1)
  interface GigabitEthernet0/7
  switchport access vlan 11
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 11
  switchport mode dynamic desirable
  ip access-group ip1 in
  ACL definition :
  ip access-list extended ip1
  permit ip 192.168.70.0 0.0.0.255 any
  deny ip any any
  This configuration must allow ip communication between 192.168.70.0 / 24 and 192.168.21.0 / 24. However it does't work.
  Inter VLAN communication are ok.
  Any Suggest ?
  .... Switch Conf. attach
  Tks.
  John Nanez E.

  Try putting on the SVI for vlan 11 (interface vlan 11) . don't think you can put it on a individual interface and have it work . Also they way you wrote it you'll have to put it as out on the vlan because you are permitting a address from another network to the vlan 11 address space thus it would have to block the traffic "out" to the devices on vlan 11 .

• Cisco Catalyst 3550-12T

  hi,
  internal AC power supply of cisco Catalyst 3550-12T has been failed and rps led blinking.we want to replace this internal power supply.What is the part number of it? and is there any document or web site to learn part numbers of cisco devices..Thks.

  I don't think you can replace the power supply in 3550 switch. It is on the motherboard. You may need to replace the whole switch. Check out the link below
  http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00800a7af7.shtml#ac_power

• How do I add a Subnet and vlan with a catalyst 3550 and RV120

  Hello Friends.
  I have a scenario that i'm hoping i can get some help with. I'll be as detailed and descriptive as i can.
  This is for a business with 100 employees nodes and 100 camera nodes all needing IP internet through private addressing and public gateway.
  I have a business class gateway with a private range of 12 public addresses. Ther modem does nothing but act as a gateway since i have disabled the firewall and DHCP.
  In place of the firewall and DCHP from the modem i have installed a RV120 Firewall with VPN. When installing i replicated the IP scheme of the modem as to not disturb and distrup the devices assigned addresses from that scheme from the modem. I did this because the owner could not have any down time or any disruption to the business operations.
  The RV120 now acts as firewall , DHCP , and VPN. I'll address the subnet first. I's using 10.0.0.0/24 subnet range.
  DHCP is assigning 10.1.10.50 - 10.1.10.100 the rest are static and i plan to use static DHCP with the IP and MAC assigned to each static DHCP address.
  There are 100 cameras with static IP addresses in the range of 10.1.10.11 - 10.1.10.40, and 10.1.0.1.101 - 10.1.10.170.
  VPN uses PPTP assigned address 10.1.10.6 - 10.1.10.10.
  There are no layer 3 switches that i know of. Just a layer two that is the primary swith and ports have run out, and various out of the box switches and wireless access points connected to the primary switch.
  I want to implement subnets into the network and VLANS as well on a new Layer 3 switche from cisco. Thinking 3550 from Cisco or one of the older layer 2 switches with layer three capabilities.
  I also want to introduce a 192.168.0.0/24 IP range for the existing wireless network and segment the traffic from the rest of the traffic on other ranges.
  I want to replace the 10.0.0.0/24 DHCP alltogether and the static addresses for end user nodes on the same network, but keep that range just for camera nodes segmented.
  I want to implement a NEW end user IP range and VLAN for employee/guest networks using the 172.16.0.0/24 range.
  Iv'e thought of replacing all the wireless nodes with RV120's and use VLAN. Dont know if that strategy works. Need to think it through.
  I want the 192.168.0.0/24 IP range comunicate to with the 172.16.0.0/24 and possibly the 10.0.0.0/24 range.
  Any advice on how to do this?
  As a side note the next step after this is to install a server domain controller as all the computers are all stand alones in their own workgroups. It's a simultaneous project that will introdue a DCHP, WINS, DNS server.

  Hi Omid, it sounds like you're proposing the 3550 switch but you're not decided yet. The 3550 switch is a pretty old device and needs enhanced multilayer image. It may be more prudent to use a more current switch such as small business SG300 or SG500 as the feature set is more rich and it supports around 480 LAN connections.
  To answer the inquiry, the RV120W, when you create a VLAN it will automatically create an IP interface. From this you may assign subnet as you like along with 'enable or disable' for inter vlan routing. Since the RV120W has this feature, a layer 3 switch is not required unless you are looking to keep the routing load smaller by routing locally with the switch.
  With Catalyst or a small business switch you would need to create a VLAN. After creating the VLAN, on a Catalyst you can simply issue "switchport trunk encapsulation dot1q" on the desired interface and all VLAN will passage without issue. For a port connecting a user "switchport mode access" "native vlan xx" This will assign the port as untag member of the desired VLAN.
  If using a small business switch, it is slightly different, you still create the VLAN but the command issue is a bit different  "switchport trunk allowed vlan add xx" for the link to the router, where xx = the VLAN ID to tag to the router. For access client it remains the same as Catalyst.

• Catalyst 3550 Privat-VLAN

  Hi,
  I was about to purchase a 3560 for my home lab to do private VLANS because I read that 3550s do not supprt pvlan. Till my suprise i can see the commands to do a private-vlan configuration on my 3550:
  (config-vlan)#private-vlan ?
    association       Configure association between private VLANs
    community         Configure the VLAN as a community private VLAN
    isolated          Configure the VLAN as an isolated private VLAN
    primary           Configure the VLAN as a primary private VLAN
    twoway-community  Configure the VLAN as a two way community private VLAN
  Can any tell me why everyone says their not supported though the commands are availble?
  Thanks in advance
  Bart

  Hi Bart,
  The IOS is obviously compiled from a common code base that is shared also for Catalyst 3560 and similar platforms. That is why you see the commands actually present. However, if you try to define a Private VLAN (either primary or secondary) and exit the VLAN configuration mode, you will get a platform error message, indicating the switch hardware could not be programmed for the Private VLAN operation.
  Private VLANs require hardware support, and if the underlying platform has no hardware provisions for supporting Private VLANs, they will not be available even if the switch IOS itself has the management features built in, as is in your case. True, the Private VLAN management commands should have not been enabled in the IOS for your platform but it's just the way it is...
  Best regards,
  Peter