Cisco 871W - VLAN-Interface = 'Up/Down'

Similar Messages

• VLAN Interface Command

  Ok, I thought I had the reason for the VLAN interface command down. I thought it was either used for switch management or routing between VLANS? However, now I realized that some communication wont work with out this command which doesnt make sense. If I have a VLAN, then the switch will only switch packets to ports on the same VLAN. The only way, communication would work between VLANS is if I either enabled routing between VLANs with the VLAN Interface command, connected the switch to another multi-layer switch that did do routing between VLANS, or connected the switch to a router which routed between the VLANs.
  However, I just got this new 3550 switch in, configured the correct ports with the assigned VLANs, and the only way my cisco ip phone would work is if the VLAN Interface for my voice-ip VLAN was configured. The 3550 is connected to a 4507. Now, can someone tell my why this is? You shouldnt have to configure the VLAN Interface, right?(unless I wanted to route between VLANs, which could be done by the 4507)

  Sounds to me like you either dont have the dot1q trunk interface between your 4506 and 3550 working properly, or your 3550 is running the enhanced image which allows routing.
  It would be nice to see your config on both the 3550 and the 4500 to determine the reason. Just a stab at how it should be configured is that on your 4506, you have it running VTP server or transparent with the defined Data and Voice Vlan's. You have a port configured for trunking (which connects to the 3550). On your 3550, you have configured it as a vtp client or transparent and have verified that it has received (or if transparent VTP you have configured) the appropriate VLAN's. You than specified "interface VLAN #" or whatever number for switch management and configured the port that connects to the 4500 as a trunk. Your port connected to the port has the auxillary or voice vlan configured. If this is how your equipment is configured and it still does not work, than look for the line "ip routing" in your 3550 and negate it with "no ip routing".
  If still no worky worky, post your config.
  Cheers,

• Cisco 2950 VLAN shutting down

  Hi,
  i have got cisco 2950T-24, in that vlan 2 has got ip address of 10.1.1.1 /24, it is up & running, now when i create vlan 3 interface & type "no shutdown", vlan 2 interface goes down, why is that so? how to i make both the interface up & running?

  As others have said you are not creating a vlan , you are creating a layer 3 SVI . This is used to manage the switch only and thus you only need one address to do this , thus the switch shuts down the other SVI. To create a layer 2 vlan just do a "conf t" enter, type vlan XX where XX is the vlan number you want to create, enter . Verify with the "show vlan" command , should show the vlan you just created and it should show active .

• Problems with connection between nintendo wii and cisco 871w.-

  Dears,
  I have a problem connecting my Nintendo Wii via wireless with a cisco 871w.
  I tested  with different encryption (WEP, WPA2 and open) to no avail.
  The console gives me errors when testing the connection  (number 51 330).
  Any other device I connected  to the wireless network works flawlessly (Notebook, iphone, nokia  phones)
  The network configuration to be open is:
  ip dhcp pool VLAN20
     import all
     network 192.168.2.0 255.255.255.0
     default-router 192.168.0.1
     dns-server XX YY
     lease infinite
  dot11 ssid Wii
  vlan 20
  authentication open
  ssid guest-mode
  interface Dot11Radio0
  no ip address
  ssid Wii
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
  54.0
  channel 2462
  station-role root
  I change the channel, the  encryption. Leave the console with  fixed ip, not works!
  Thanks for your help.

  Please show me what commands you used to make these changes.
  Thanks!
  Mi config:
  interface Dot11Radio0
  no ip address
  no dot11 extension aironet
  encryption vlan 10 mode ciphers tkip
  encryption vlan 20 mode ciphers tkip
  ssid Agrolate
  ssid Pamelie
  mbssid
  speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
  channel 2462
  station-role root
  no cdp enable

• C3750, SNMP, MRTG, Vlan Interface Counters..

  This question HAS to have been asked and answered a thousand times by now, but I've tried for the last half hour to find that info and can't
  For years now I've just accepted that I can't get correct traffic counts on Vlan interfaces on C3750 switches by snmp polling with MRTG.
  Has anyone out there either figured out how to do this or tracked down the reason why it's not possible?  I read one post that said the C3750 didn't support this.  But then I started thinking.  If it didn't support it then why is there an OID for it I can successfully poll?  I just get wrong information, not no information.  The count that it does give me seems to amount to the behavior of some kind of minimum traffic flow or keep alive activity, and the pattern doesn't seem to be affected much or at all by how much or little traffic is being carried by the Vlan.
  Anyone out there that's already pursued an explanation/resolution to this issue? 
  Thanks!
  -John Jackson

  So, So, does anyone have any idea why, if the IF-MIB counters don't  supply the correct count of the traffic that they're supposed to, Cisco  has provided working OID's for them at all?  What keeps getting me about this issue is that I keep hearing from everyone that this is simply a 'feature that is not supported' on this platform.  What I don't hear along with that, which I would expect, is an acknowledgement attributed to Cisco that yes, someone made a mistake, and that's why it doesn't work properly.  For Cisco to respond that way though seems like it would be opening itself up to the logical next thought - if it's broken, then fix it.  If Cisco knew the hardware wouldn't support this, why have they implemented the OID's for it at all?  If, as Joe is saying, the problem is not that the counters don't exist, it's just that you can't get at them, why is that??  If they exist, what would be the reason for making it so you couldn't get at them?  This seems like such a small issue, and why am I making such a fuss about it?  Well, I'm just tired of accepting a vague explanation about the issue, which I've been hearing from people for years now.  I'd really like for someone to indulge my curiosity and hit me with the full, detailed explanation of how we got to this point of having these switches give essentially wrong information and Cisco's explanation has just been to say that's acceptable.  I don't think it's acceptable.  I just can't imagine I can really possible bring about a change in that.
  -John

• Cisco 871W as Radius Local Authenticator

  We are tring to configure an Cisco 871w as an access point and also as an local authenticator.The NAS would be the same server. The sample config is as below
  aaa group server radius rad_eap
  server 10.10.200.1 auth-port 1645 acct-port 1646
  aaa group server radius rad_mac
  aaa group server radius rad_acct
  aaa group server radius rad_admin
  aaa group server tacacs+ tac_admin
  aaa group server radius rad_pmip
  aaa group server radius dummy
  aaa authentication login eap_methods group rad_eap
  aaa authentication login mac_methods local
  aaa authorization ipmobile default group rad_pmip
  aaa accounting network acct_methods start-stop group rad_acct
  aaa session-id common
  ip dhcp excluded-address 10.10.200.1
  ip dhcp excluded-address 10.10.200.31 10.10.200.254
  ip dhcp pool <pool_name>
  import all
  network 10.10.200.0 255.255.255.0
  dns-server 141.x.x.6 141.198.136.12
  default-router 10.10.200.1
  lease 0 2
  interface Dot11Radio0
  ip address 10.10.200.1 255.255.255.0
  ssid <SSID Name>
  authentication network-eap eap_methods
  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
  station-role root
  ip classless
  ip http server
  ip http secure-server
  radius-server local
  nas 10.10.200.1 key 0 <key>
  user test nthash xxx
  radius-server attribute 32 include-in-access-req format %h
  radius-server host 10.10.200.1 auth-port 1645 acct-port 1646 key <key>
  radius-server vsa send accounting
  By the above config, we are trying to make the clients to authenticate with username created in the RADIUS which is this router and get an ip address through DHCP pool configured for the same. Will the above config does the same. Kindly let me know.
  Thanking You
  Regards
  Anantha Subramanian Natarajan

  Hi,
  Thanks .
  Worked with cipher mode tkip and used WPA for key management.
  Once again,Thanks for the repsonse
  Regards
  Anantha Subramanian Natarajan

• Does CISCO C3560X VLAN support multiple Network segments which are further configured with HSRP function

  Hi Cisco experts,
      My name is Kumagai and I need your expert opinions below.
  I am trying to configure one VLAN1 support multiple network segments as below.
  (this should be a very straight forward configuration and should be OK, I think ? )
   interface Vlan1
   ip address 172.30.0.0 255.255.128.0
   ip address 172.30.31.253 255.255.254.0 secondary
   ip address 172.30.61.253 255.255.254.0 secondary
   ip address 172.30.71.253 255.255.254.0 secondary
   ip address 172.30.4.253 255.255.255.0 secondary
   The only issue that is eating me is the above network segments are using HSRP too
   and I am not sure is this possible with a combination of VLAN1 supporting multiples which are
   further supported with HSRP settings in Cisco environment.
  !example of HSRP:
  interface Vlan4
   ip address 172.30.4.253 255.255.255.0
   no ip redirects
   standby 4 ip 172.30.4.254
   standby 4 priority 105
   standby 4 preempt
  <<< what will happen if I add the HSRP configuration as below into the above VLAN1 with multiple Network segment ??)
   I would like to summarize my "Combined" configurations as below but I need your expert opinions on
   whether the configuration below is workable without any problem ??
   Or it is a total flop because Cisco does not support the configuration below !!!
   interface Vlan1
   ip address 172.30.0.0 255.255.128.0
   ip address 172.30.31.253 255.255.254.0 secondary
   ip address 172.30.61.253 255.255.254.0 secondary
   ip address 172.30.71.253 255.255.254.0 secondary
   ip address 172.30.4.253 255.255.255.0  secondary
   standby 30 ip 172.30.31.254
   standby 30 priority 105
   standby 30 preempt
   standby 60 ip 172.30.61.254
   standby 60 priority 105
   standby 60 preempt
   standby 70 ip 172.30.71.254
   standby 70 priority 105
   standby 70 preempt
   standby  4 ip 172.30.4.254
   standby  4 priority 105
   standby  4 preempt
  Thanking you in advance !!!!!

  Hi,
  As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
  int vlan 20
  ip helper-address 192.168.33.xxx
  int vlan 60
  ip helper-address 130.20.1.xxx
  I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
  Modify the AP config as below since you are using data vlan as the native vlan
  interface Dot11Radio0.20
  encapsulation dot1Q 20 native
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface FastEthernet0.60
  encapsulation dot1Q 60
  no ip route-cache
  bridge-group 60
  no bridge-group 60 source-learning
  bridge-group 60 spanning-disabled
  Hope this helps.
  Regards
  Najaf

• Netflow on 6509 in Native Mode from Vlan Interface

  I'm trying to get a 6509-E, running Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICES_WAN-M), Version 12.
  2(33)SXI9, RELEASE SOFTWARE (fc2), to send netflow traffic from a vlan interface to a Solarwinds server.
  The server is not seeing all the vlan traffic, but does see all the traffic on the layer 2 ports (not netflow).
  I've seen that a command, ip flow ingress layer2-switched vlan, needs to be enabled, but the OS I have does not support that command.
  Or could it be that MLS is not configured except for a couple commands:
  mls netflow interface
  mls cef error action reset 
  netflow setup:
  Flow export v5 is enabled for main cache
    Export source and destination details :
    VRF ID : Default
      Source(1)       10.31.101.1 (Vlan52)
      Destination(1)  10.30.2.196 (2055)
    Version 5 flow records
    14927339 flows exported in 615072 udp datagrams
    0 flows failed due to lack of export packet
    0 export packets were sent up to process level
    0 export packets were dropped due to no fib
    0 export packets were dropped due to adjacency issues
    0 export packets were dropped due to fragmentation failures
    0 export packets were dropped due to encapsulation fixup failures
    0 export packets were dropped enqueuing for the RP
    0 export packets were dropped due to IPC rate limiting
    0 export packets were dropped due to Card not being able to export  
  interface:
  interface Vlan52
   description AN.VDI.stu
   ip address 10.31.101.1 255.255.255.0
   ip helper-address 10.31.149.200
   no ip redirects
   ip flow ingress
   ip flow egress
   ip pim neighbor-filter 98
   ip pim sparse-dense-mode
   ip cgmp

  Enabling MLS was the fix.
  mls netflow interface
  mls flow ip interface-full
  mls nde sender version 5
  mls cef error action reset   

• ACE - Query VLAN Interfaces Status

  Hi,
  I am wondering what the status of the query vlan interface means in the command 'show ft peer detail':
  Query Vlan IF State          : UP, Manual validation - please ping peer
  I am pretty sure that I did not see this status when I configured query vlan last time. Current version is A2(2.3).
  Unfortunately this status does not seem to be documented anywhere on CCO.
  I appreciate any help!
  Thanks,
  Daniel

  Hi Daniel,
  The FT Query VLAN interface is an optional, yet very good, feature to be used when using redundant ACE modules or appliances. Without it, if the FT VLAN was to go down, the standby ACE will no longer receive FT heartbeats from the active ACE and therefore take the active role.  However, if the active ACE is still running fine in the active role, then you don't want the standby ACE to take over as active because that will put them into an active/active scenario, which may lead to connectivity issues.
  This is where the FT Query VLAN interface comes in.  If the FT VLAN goes down, the standby ACE will notice this, but before taking the active role, it will ping it's peer IP address configured on the interface that is designated as the FT Query VLAN.  If the ping is successful, then it will stay in the standby role, thereby saving you some headaches.
  The status that you are seeing is the ACE's way of telling you that the interface is UP, but if you want to know if it can successfully ping the peer IP address, then you would have to manually ping the peer IP address from the CLI.  The ACE does not periodically check the ping connectivity through any automatic mechanism.  The automatic mechanism is only triggered by the FT VLAN going down.
  Does this help?
  Sean

• IOS XR Interface up/down trap

  For interface up/down trap
  In IOS it used to be:
  Generic: 2; Specific: 0; Enterprise: .1.3.6.1.6.3.1.1.5;
  Variables:
  [1] mgmt.mib-2.interfaces.ifTable.ifEntry.ifIndex.34 (Integer): 34
  [2] mgmt.mib-2.interfaces.ifTable.ifEntry.ifDescr.34 (OctetString): POS2/1/0
  [3] mgmt.mib-2.interfaces.ifTable.ifEntry.ifType.34 (Integer): 171[4] private.enterprises.cisco.local.linterfaces.lifTable.lifEntry.locIfReason.34 (OctetString): Keepalive failed
  Annotations:
  In IOS XR we are missing ifDescr

  Thanks Joe.
  This solves the problem.
  One more question. we do not see LDP traps coming from the XR router.
  here is the config; when i enable LDP traps it just does not show up in the config:
  snmp-server host 10.10.141.253 traps ovadmin
  snmp-server view N ip included
  snmp-server view N system included
  snmp-server view N cpwVcMIB included
  snmp-server view N entityMIB included
  snmp-server view N interfaces included
  snmp-server view N cpwVcMplsMIB included
  snmp-server view N mplsTeStdMIB included
  snmp-server view N ciscoCBQosMIB included
  snmp-server view N ciscoPingEntry included
  snmp-server view N ciscoProcessMIB included
  snmp-server view N ciscoMemoryPoolEntry included
  snmp-server view N ciscoEnhancedMemPoolMIB included
  snmp-server community admin RO
  snmp-server community admirw RW
  snmp-server traps snmp
  snmp-server traps config
  snmp-server traps entity
  snmp-server location Y
  snmp-server trap-source MgmtEth0/8/CPU0/0
  Tried to enable it:
  RP/0/8/CPU0:P1(config)#snmp-server traps mpls ?
    frr          Enable MPLS FRR traps
    l3vpn        Enable MPLS L3VPN traps
    ldp          Enable MPLS LDP traps
    traffic-eng  Enable MPLS TE traps
  RP/0/8/CPU0:P1(config)#snmp-server traps mpls ldp ?
    down       Enable MPLS LDP session down traps
    threshold  Enable MPLS LDP threshold traps
    up         Enable MPLS LDP session up traps
  RP/0/8/CPU0:P1(config)#snmp-server traps mpls ldp ?
    down       Enable MPLS LDP session down traps
    threshold  Enable MPLS LDP threshold traps
    up         Enable MPLS LDP session up traps
  RP/0/8/CPU0:P1(config)#snmp-server traps mpls ldp down ?
  RP/0/8/CPU0:P1(config)#snmp-server traps mpls ldp down
  RP/0/8/CPU0:P1(config)#snmp-server traps mpls ldp up  
  RP/0/8/CPU0:P1(config)#commit
  RP/0/8/CPU0:P1(config)#end
  does not show up in the config.

• High VLAN Interface utilization (6500/sup720)

  Can anyone tell me why a VLAN interface would show 100% utilization for a givin VLAN? This is a sup720 we're talking about.
  I understand that the bandwidth of a virtual interface is 1Gig but I thought this was more related to routing metric.
  Users were actually seeing performance issues until we changed how the servers on this particular interface were replicating. Once we did this the VLAN interface utilization went down and performance went up.
  It doesn't make sense to me that the VLAN interface would limit the actual throughput of the various ports that are mapped to it. Throughput should be related to the switch module 61xx, 65xx, 67xx and how it interfaces to the backplan and the backplan speed itself.
  Any insights would be helpful......

  If the layer 3 SVI was showing 100% that means it had a lot of traffic that was being layer 3 processed switched instead of hardware switched . Normally most traffic is hardware switched within the ASICS and never even gets passed up to that layer . What would cause this I'm not sure .

• 871W dot11 interface as a receiver?

  Hello,
  I have a 871W with advanced IP services image.
  What I have is a non-Cisco router which is connected to the internet and has a wireless.
  What I want to do is set up the 871W radio interface to receive the signal from my other router (Internet) and route it(or NAT it) to the FE and WAN ports. I think this function is called something like a wireless bridge, but I am not sure.
  Is it even possible to configure the radio like that? To be a receiver and send the signal to the wired ports? And how can I do this configuration?
  Any help is greatly appreciated.
  Thanks!
  Kalin

  How about if I set up the radio as a Universal Wireless Client? 871W has that mode, but I wander if in this mode I can reroute the traffic received on the radio interface to the LAN and WAN interfaces and how?
  If anyone has done something like that please share.
  Thanks

• Basic WAN / Vlan Interface Configurations

  Hello,
  I'm attempting to configure a Cisco 1812 to interface between 3 distinct subnets (e.g. 10.1.x.x, 10.2.x.x, 10.3.x.x). I'm very new at this, and am trying to learn (without having a device in front of me, to play with!)
  Two of the subnets will interface through the two WAN ports (I don't need them for any WAN connections). The following is my configuration commands for one of them:
  > enable
  <enter password at prompt>
  # config
  (config)# interface FastEthernet0/0
  (config-if)# ip address 10.1.1.1 255.255.255.0
  (config-if)# no shutdown
  The other WAN inteface would be the same, excepting that I'm using the interface FastEthernet1/0 with the IP address 10.2.1.1.
  The switch port I configure as follows:
  > enable
  <enter password at prompt>
  # vlan database
  (vlan)# vlan 1
  (vlan)# exit
  # config
  (config)# interface Vlan1
  (config-if)# ip address 10.3.1.1 255.255.255.0
  (config-if)# no shutdown
  Also, I'll configure FastEthernet0/0 as my default gateway, but I'll leave that part out of this post.
  As far as communications between the three subnets, through the three configured interfaces, does this above configuration look valid?
  Am I missing anything? Most particularly, I feel like I'm missing something in regards to configuring the SVI interface on the 8-port switch.
  Thank you very much for your time, and thank you in advance for your help.

  Thank you for the link, that's a really good example.
  I have nearly the same configuration, excepting instead of the Catalyst switch I'm using a Cisco 1812 router.
  I'm not sure that I understand the necessity for VLAN Trunking. Could the same end result be accomplished using static routing from the Cisco 2621 to the Catalyst 3512 (specifying static routes for the VLAN 1 and VLAN 2 subnets)? I suppose perhaps the VLAN Trunking uses a protocol that makes configuration simpler?

• 2960 Plus VLAN Interface

  Hi, i have a 2960 which i need to replace as it is now end of life, the replacement Cisco recommendes is the WS-C2960+24TC-L which is one of the new 260 Plus models, can you tell me if you can create a VLAN interface on this switch as it states that this is a layer 2 switch only??
  Thanks

  Yes, you can create VLAN interfaces.

• FWSM vlan interface

  Hello, quick question I hope someone can help with.
  Is it possible for me to create 2 vlan interfaces on the 6500 and have them both in the same subnet?
  For a specific customer requirement I would like to have a vlan interface on the 6500 as default gateway, sat in it's own vrf, and then route all traffic inbound and outbound to this vlan through the FWSM interface, preferably in the same subnet. I don't think this will be possible so just looking for confirmation either way.
  As I will be running EIGRP between a pair of central 6500's and 2 remote offices it will make things much easier for me advertise the connected FWSM interfaces in to EIGRP for access in/out of all my VRF'd subnets. If I need another subnet for each VRF FWSM next hop then I'll have to reditribute a list of statics which I don't really want to do.
  The reason I am not just using the FWSM as gateway is because I need to run HSRP across 3 different devices (another 6500 in a second suite), and failover FWSM will only give me 1 level of redundancy for those gateways.
  Hope that makes sense, let me know if you have further questions.
  Thanks

  Thanks Marvin. You do understand the question, and it occurred to me after writing the above that I could just use a single FWSM inside interface and route in and out of each VRF via that 1 interface (All VRF's belong to a single customer, just required for segregation of internal traffic).
  The third 6500 running HSRP will be located in a DC 100km away connected via dual 1Gb circuits (3ms latency), and has it's own default route to a pair of ASA 5520's. If both FWSM's go down then the gateway will go live in the second site and traffic will be switched over our SP qinq tunnel to that gateway. Relevant BGP bits (MED), etc. will also be in place for seemless failover and traffic flow to and from the /23 pi range peered with the same ISP in each location..
  Thanks again.
  Chris