DLSW ethernet redundancy for multiple vlans

Similar Messages

• DLSW Ethernet Redundancy timers

  Hi,
  I am running DLSW Ethernet redundancy on 2 x 7204 VXR routers. The one acts as the master for the odd VLAN's and the other as the master for the even VLAN's. The 7204's connect to 2 x 6509 switches via ISL trunking.
  The problem I have is that if I disable DLSw on one of the 7204's, it takes quite a long time for the worksession stations to re-establish their sessions.
  Any help welcome..
  Dean Young.
  T-systems South Africa
  [email protected]

  Thanks. I did change the parameter, but it did not make any difference.
  I am running PCOMMS 5.0.
  What I found was the following:
  I connect to the mainframe via 7204_1 and then disable DLSW on this router. It takes exactly 1minute and 25 seconds for my session to be re-established via the backup 7204.
  I was wondering if there is a timer that will speed up this process. It seems as if the source and destination MAC binding has to be released and then setup via the backup 7204.
  Regards
  Dean

• DLSW Ethernet Redundancy Transparent Cache

  I have corrupt entries in the ethernet redundancy transparent cache. These are causing problems establishing new sessions.
  Can I clear the entries individually and how long does the cache take to time out?

  Hi,
  the "dlsw clear transparent circuit" was introduced with CSCdv16277, it is in ios 12.1(11.5) and higher, 12.2(6.4) and higher and it also rolled into 12.3.
  Please note the "circuit" option is hidden. you can not see it with the ? asking for help in the parser.
  in respect to the origin of the erroneous cache entries. They can be a bug on itself. But they also can be a result of a configuration not exactly like it should be.
  I would advice to open a case with the tac and have the configurations sanity checked.
  If this is something you can reproduce at will than we would certainly be very interested how you get into this state.
  Dlsw ethernet redundancy was quite modified a bit in the last 2 years. Depending on what version of code you run you might need to go to a higher level to pick up all the current maintenance.
  My personal few is a recent 12.2 image or even better a recent 12.3 image.
  thanks...
  Matthias

• DLSW Ethernet Redundancy

  Hi,
  When configuring DLSW for ER using the global commands (transparent switch-support) and the interface commands (mac-address, transparent redundancy-enable and transparent map)
  are the traditional DLSW ethernet commands (dlsw bridge-group) still necessary or not ?
  If not why ? Does the ER implicit contains this commands ?
  Thnx
  Omar

  No, the traditional bridge commands are not applicable. In fact, once you enable DLSW ER, you will not be able to enable the traditional bridge-group commands. The ER takes care of receiving the packets into the DLSW process.

• DLSW Ethernet Redundancy - Master/Slave preemptive

  I am wondering if there is a way to control the behavior of the master dlsw router if it fails and circuits are established on the slave dlsw router. The lab testing I have done shows that once the master dlsw router is back online, the circuits teardown from the slave dlsw router and re-establish on the master dlsw router.
  Is there a way to control this behavior so that additional LLC disruptions are avoided when the master router comes online?

  I don't think there is a way to control this behavior

• Binding multiple VLANs to single SSID on WLC

  I have a building with over 4000 users and would like to bind multiple VLANs for user access to a single SSID in WLC. Can this be done? I would rather not have 4000 wireless users on a single VLAN.

  the question is tough. You can not use the SSID in on AP for multiple vlans. Once you assign the AP to the vlan then you will have to make all traffic in the vlan. With that being said. you could assign the AP's to specific vlans, but if you roam from one vlan to another you will have problems at L3. But you can use WDS to make that happen.
  Here are a couple of links tha might help.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00804d4421.shtml
  http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_guide_chapter09186a0080184ace.html

• Multiple VLAN config help

  I need to configure our Cisco Aironet 1200's for multiple VLANs. VLAN101 is for public use & VLAN2 is for employees only. Existing config is attached.
  I need:
  1. To disable the broadcast of VLAN2's SSID so that only VLAN101 shows up in the SSID list for visitors. Right now both are showing up.
  2. To ensure the WEP key is setup correctly for VLAN2
  Thanks in advance for your help!

  So are you saying both SSID's are currently broadcasting?
  I would delete and re-create your client configurations. I don't think it's on the AP side.

• 3750 - QinQ Multiple VLANS - Vlan mapping

  Hi All,
  I have a client that uses vlans that already exist on our network (vlan 1,2,3,99,100,200,250...) nethier of us are in a position to change the numbering at this stage.
  3750 stacks are on the client side and on my side
  what is the best way to configure QinQ or vlan mapping to connect their network to ours without a major outage?
  hypothetically, is there a way to have a Ether Channel and trunk all the client vlans to our VMware infrastructure
  * map vlan 99 on the client side to vlan 299 on my side
  * map vlan 100 on the client side to vlan 298 on my side
  * map vlan 200 on the client side to vlan 297 on my side
  Thank you in advance
  I have googled etc and found alot of info on QinQ for access ports / single vlans but not for multiple vlans / trunks

  Janene
  The vlan numbering may be the same but what about the IP subnets used per vlan.
  If the IP subnets are different why not just route between the two switch stacks then the vlans are not visible to each other.
  If you need the throughput you could always use L3 etherchannel for additional links.
  You could use static routes between each stack or run a dynamic routing protocol to exchange the routes (dependant on the feature sets on your stacks).
  Further advantages would be with L3 each site contains it's own broadcasts and there would be no outage for this.
  Obviously if the IP subnets are the same then please ignore the above.
  Jon

• Anyone help me redundancy for serial in to fast ethernet

  We have connected some customer through leaseline through router serial interface .
  the main problem is sometime the leaseckt is down for 2 or 3 days continously.
  so we want redundancy for those customer.
  we have backup rf link
  so any possiblities are there for if serial interface line protocol went down automatically traffic swithover to ethernet interface of 3550 switch fa interface

  Hi
  in this figure the customer have one ip 16 ip block that is oruted with IGRP in PE router
  we want either link customer use same ip block.
  and in RF link Base Station is connected in L3 Swith Fast Eternet port.
  All rf customers are in different VLANS.
  if the LeaselIne went down the traffic will automatically swithed over to rf link
  means the L3 swith fast ethernet port have several vlan membership in this it automatically go.
  sorry for poor english.
  looking forward u r reply.
  thanks

• Scenario for single WLAN to multiple VLANs

  Hi there,
  I read from this forum some discussion about the WLC VLAN Select feature.
  http://www.cisco.com/image/gif/paws/113465/vlan-select-dg-00.pdf
  I see that you can use this feature to have multiple VLANS (interfaces) to map to the same WLAN (SSID).
  What I try to learn is under what scenarios would people need to have mutliple vlan mapped to single SSID?
  In my environment, I have 50+ AP int he campus on 20+ Cisco 4500 switches.  I have single WLAN and it is mapped to one subnet.  All wireless users would be on that subnets, whereas wired users are on 20+ subnets of their own.
  Can someone help me to see under what scenarior (or requirement) that I would want to have multiple vlans mapped to single SSID?
  Thanks.

  having a large number of users in single subnet is not the best in all designs, since you will have a large single broadcast domain which is a true disaster with dense networks. If you the company policy states that we need only one single ssid
  for the whole employees within the company, it doesn't make sense to have them all on the same subnet.
  A lot of options are available to overcome such issues :
  for example, we might have AP groups feature , dynamic vlan assignment given that we have radius server in place, and vlan pooling.
  It might not be feasible to have RADIUS server all the time, and AP groups might be kind of administrtive overhead as well as it might induce a lot of issues when aps fail over from controller to controller --> Vlan select is a good soultion considering the previously mentioned reasons.
  Please Make sure to rate correct answers

• Multiple VLAN Access for PC

  I work in a building that has two separate entities, but both work together to accomplish the same goals. The IT admin before me set us up on separate VLANs through many cisco switches. One lady that works here does work for both entities. There are server shares that she needs to be able to access on both VLANs to do her work. The way it is now, she does Company A's work in the morning and then moves to another office to do work for Company B. My question is, can I tag her switch port with both VLANs and then just add a secondary IP to her PC NIC so she is able to access the server shares from both VLANs?

  If you can't ping anything on the other vlan does that mean each vlan does not route to anywhere else eg. other vlans or the internet.
  If they do route to other vlans you may find that there are SVIs for both vlans but they have acls applied in which case you could just modify the acl.
  Or maybe not.
  It is doable ie. servers do this all the time but as Rick says it depends on whether the PC supports tagging.
  If it does it is really more a question of how to set that up correctly than a networking issue ie. all you need to do on the network side is setup the port on the switch as a trunk allowing both vlans.
  There are however a couple of things to be aware of from the network perspective -
  a) if the vlan does route to other subnets then you only want one default gateway ie. the current one. There is  no need for another gateway as the PC would be directly connected to the other network anyway and multiple default gateways can lead to unexpected issues.
  b) you need to make sure you cannot route between vlans on your PC otherwise this could be a security issue. There is no need for the PC to route between these vlans because it has direct connections to both.
  From memory when you setup the trunking  there is an option to turn off ip forwarding between those subnets.
  Sorry I can't be more specific but it was a while ago that I last did this.
  Jon

• Multiple vlans configuration issue with RV016 router and SG 300-10MP witch

  Hi,
  I have to configure multiple vlans served with a unique DCHP server . As first step, I just will The DHCP server to serve 2 vlans. The following is the hardware and configuration that I implemented :
  Router (RV016 10/100 16-Port VPN Router) as gateway mode:
  IP : 172.16.0.1/24
  DHCP Server :
  IP : 172.16.0.2/24 GW: 172.16.0.1
  2 subnets :
  172.16.1.0/24 GW: 172.16.1.1 to serve vlan 1
  172.16.2.0/24 GW:172.16.2.1 to serve vlan 2
  Switch (SG 300-10MP 10-Port Gigabit PoE Managed Switch) as layer 3 mode:
  IP 172.16.0.254 (vlan 8 default)
  Vlan 1 : 172.16.1.1
  Vlan 2 : 172.16.2.1
  1 device connected on each vlan
  a workstation on the vlan 1
  a laptop on the vlan 2
  In this scenario (see the attached pdf file) the DHCP server is connected on a router, hosts on vlans dont receive any IP address.
  But If I connect the DHCP server on a trunked switch port and adapt the DHCP server gateway 172.16.0.1 to 172.16.0.254, hosts receive ip address properly.
  I have to connect the DHCP server directly to the router. How can I do that, what is wrong in the configuration ?
  I hope the explanations are clear enough and my English too
  Any help will be highly appreciated,
  Zoubeir

  Hi Eric, the small business group doesn't support the ASA config, but  I can help with the switch.
  A couple things I notice in your description-
  48 port (192.168.1.254) and the other 24P (192.168.1.253)  we have a  second vlan 20 set up on the 24P switch (192.168.2.253)  we have ports  1-12 set for vlan20 (untagged and trunk), the remaining ports on on the  default vlan 1.
  The connection between the switches, is it 1u, 2t?
  The link between the switches should be 1u, 2t, the switches support the trunking and vlan tagging, meaning all communication will work fine.
  We have the 24p and 48p switches connect using GE1 and GE1.  We are unable to ping a device on vlan 20 ( on the 24p switch
  The 24p switch should be in layer 2 mode, if you have the 48 port l3 switch upstream. Additionally, you need to have the default gateway set on the 24p switch.
  We have a static route set on the 24p switch (0.0.0.0 192.168.1.0). 
  Between the switches, it shouldn't require any static routes, assuming you correctly trunk / tag your ge1 ports, with both switches operating in l3, the ip route table dynamically builds the connected routes, therefore a static route is redundant.
  -Tom
  Please rate helpful posts

• Encrypting Aironet 1410 bridge link using multiple VLANs

  I've looked at the documentation available for Aironet 1400 series, and still would like to see a single document showing an example of
  the best encryption/authentication available for bridge links using multiple VLANs.
  As I understand it, 1400 series can support WPA-PSK using AES, which would work for me.  I just can't picture how to integrate chapters 9 and 10 for the 'WEP and WEP Features' + 'Configuring Authentication Types' instructions.
  I'm looking either for an example config, or a step-by-step that did all steps consecutively.
  Thanks

  What doc are you refering to?  If you want to encrypt the link from root bridge to non-root bridge, then WPA/TKIP-PSK is what you should use.  Here is a link to how to setup your link ssid to WPA: http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15auth.html#wp1044935
  Don't worry about the example they show on the WEP, just use the configuration from the above link for your encryption.
  Configuring a VLAN
  Configuring your bridge to support VLANs is a five-step process:
  1. Create subinterfaces on the radio and Ethernet interfaces.
  2. Enable 802.1q encapsulation on the subinterfaces and assign one subinterface as the native VLAN.
  3. Assign a bridge group to each VLAN.
  4. (Optional) Enable WEP on the native VLAN. <-- Use WPA-PSK
  5. Assign the bridge's SSID to the native VLAN.
  http://www.cisco.com/en/US/docs/wireless/bridge/1400/12.2_15_JA/configuration/guide/p15vlan.html
  Here is an example of vlan 1 (native) will be your management and your wireless link.  vlan 10 & 20 will pass through the link.
  BR# configure terminal
  BR(config)# interface dot11radio0.1
  BR(config-subif)# encapsulation dot1q 1 native
  BR(config-subif)# bridge group 1
  BR(config-subif)# exit
  BR(config)# interface fastEthernet0.1
  BR(config-subif)# encapsulation dot1q 1 native
  BR(config-subif)# bridge group 1
  BR(config)# interface fastEthernet0.10
  BR(config-subif)# encapsulation dot1q 10
  BR(config-subif)# bridge group 10
  BR(config)# interface fastEthernet0.20
  BR(config-subif)# encapsulation dot1q 20
  BR(config-subif)# bridge group 20
  BR(config-subif)# exit
  BR(config)# interface dot11radio0
  BR(config-if)# ssid batman
  BR(config-ssid)# vlan 1
  BR(config-ssid)# infrastructure-ssid
  BR(config-ssid)# end

• Creating multiple vlans on a 877

  Hi,
  I want to create a default, voice and access vlan on a 877, but just one vlan comes up. On the other two vlan inetrfaces is the protocol down. I guess this has something to do with bridging. I've tried that already, but I can't find documentation about this. Can someone tell me how to bring up the other two vlan interfaces?

  You need a trunk in case you are passing multiple VLANs on the port. However, in your configuration you do not need a trunk because each port is assigned to one VLAN.
  IN order for all VLANs to go UP all you interface should be Physically and Porotcol UP. Check that all your Fast Ethernet Interfaces are UP.
  Let me know how it goes,

• Multiple Vlans with multiple Internet connections using PBR

  Hello all,
  I'm trying to wrap my head around this configuration and not having a lot of success.  I have several Vlans 3,6,71,72,160, and 180.  I have two internet connections, Internet1 is connected to an ASA5510 and Internet2 is connected to a Meraki MX80.  I'm using two 4506 switches on my backbone trunked to 3750 switches that my clients connect to.  None of these switches have IP Services and my 4506 supervisor does not have an Enterprise license. However I do have one 3750 100Mbit switch with IP Services so I'm using that to do my PBR.  All my routing is currently being done on the 4506 switches and all Internet traffic is going to the ASA.  What I would like to do is force vlan160 and vlan180 through the Meraki as their Internet connection and the rest of the Vlans go through the ASA.  I'm thinking about trunking my vlans from the 4506 to the 3750 (the one with IP Services) and use policy based routing from there to force vlan160 and vlan180 to the Meraki.  But in order to do this I think I would have to move my routing onto the 3750 switch but since that is only 100Mbits I'm thinking this is going to choke my network down and defeat the purpose of the 4506 backbones.  Any suggestions or alternate ways to achieve my goal?
  Appreciate any help you guys can send my way.
  Matt

  Matthew
  What is the speed of the connection from the 4500 to the ASA and what is the combined speeds of the internet connections ?
  You definitely don't want to do all the inter vlan routing on the 3750. You could connect it up as shown in your diagram but leave all the routing between vlans on the 4500s. Then you -
  1) connect the 3750 to the 4500 using a L3 point to point link
  2) connect the 3750 to the ASA using a L3 point to point link
  3) do PBR on the 3750 interface connected to the 4500 for traffic coming from the 4500.
  If the 4500 supervisor/IOS version doesn't support routed links on that end just use an access port in a dedicated vlan ie. no other ports in the vlan and create a new SVI for it.
  You would need to update your routing to reflect the next hop on the ASA, Meraki, 3750 and the 4500.
  Disadvantages are -
  1) you only have fast ethernet ports on the 3750 so if the combined internet speed is greater than that then it will be a bottleneck.
  2) it is a single point of failure ie. if it is lost all internet via both connections is lost.
  The alternative would be to not have the 3750 in the path but connected to the 4500 via a trunk link and then route just vlan 160 and 180 on the 3750 ie. move their SVI(s) onto the 3750. Then the 3750 could have a direct connection to the Meraki device and point the default route that way (no PBR needed). The trunk would only allow those specific vlans on it.  This would mean a failure of the 3750 would not mean ASA internet lost but it would mean loss of connectivity for the two vlans routed on the 3750.
  You would need to add routes to the Meraki for return traffic plus routes on the 3750 and 4500 for inter vlan routing.
  The main disadvantages here are -
  1) inter vlan routing between the vlans routed on the 4500s and the vlans on the 3750 will be limited by the 100Mbps connection. However you could use an etherchannel trunk so you could get greater overall throughput and some redundancy
  2) more importantly though i suspect you are running HSRP between the 4500s for the client vlans and moving the SVIs onto the 3750 means a single point of failure for those vlans. 
  Personally i would tend towwards option 1) because of the SVI HSRP issue and perhaps because there may be a lot of inter vlan traffic and even with an etherchannel it would be too much. 
  But, single point of failure issues aside, a lot does depend on internet bandwidth in option 1) vs inter vlan traffic in option 2).
  So it's a tradeoff and personally i don't think either are ideal  so i'll have another think on this in the morning to see if there is anything more obvious that i have missed or maybe someone else will add to the post.
  Jon