How to do NAT on cat 3750 switch?

give me an example or a link
thanks

Hi,
NAT is not supported on the 3750s. Here is a link that confirms that:
http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00802c10bd.html#wp1031988
Pls do remember to rate posts.
Paresh

Similar Messages

  • Cat 3750 Switch: Dynamic vlan assignment

    Hey guys,
    I am trying to configure 802.1x on the switch and authenticate users against a Radius server. My radius server is FreeRadius running on Redhat. The authentication works fine but the switch just doesn't take the VLAN assigned by the server. I captured the packets between the server 172.17.1.1 and the switch 172.17.254.100. The cap file is attached here. Can anybody please verify that all the attributes are there and are all correct?
    The client laptop is running Windows XP and it's using EAP-MD5. The laptop in on port F1/0/1. Here is the configuration on the switch:
    aaa new-model
    aaa authentication dot1x default group radius none
    aaa authorization network default group radius none
    interface FastEthernet1/0/1
    switchport mode access
    dot1x pae authenticator
    dot1x port-control auto
    dot1x violation-mode protect
    dot1x reauthentication
    dot1x guest-vlan 17
    dot1x auth-fail vlan 18
    spanning-tree portfast
    radius-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx
    I also tried to debug dot1x errors and there is no output so I guess there is no errors... Any advise is appreciated! Thank you!

    Hey Kush, thanks for reply! I did those debugs and I will upload them here. In the debug radius the output is saying that unknow cisco AVP type. I think the switch just doesn't like the Freeradius's attributes. I think what I will do is that I will setup ACS server (with the evaluation software) and configure it to dynamically assign vlan and use the wireshark to watch the attributes sent by the server and adjust my Freeradius setting accordingly and see if that helps...

  • How can I mirror all ports on CISCO 3750 switches to one Gigabyte port?

    Hi,
    I have a requirement to mirror all the ports on my 7 CISCO 3750 switches, which are in 3 separate stacks, to one single Gigabyte Ethernet port.
    Does anyone know how I can do that?
    Thanks in advance.

    Vlad, thanks a heap for your response.
    I want to apply to my sitation. Please let me know if I get them right in the following:
    Catalyst A
    vlan 901
    remote-span
    monitor session 1 source interface fastethernet 1-48 (I want to monitor all ports on the CISCO 3725)
    monitor session 1 destination remote vlan 901
    Catalyst B
    vlan 901
    remote-span (If I don't need to monitor this switch, do I still need to put anything into this switch at all?)
    Catalyst C
    vlan 901
    remote-span
    monitor session 1 source interface fastethernet 1-48 (I want to monitor all ports on this switch as well)
    monitor session 1 source remote vlan 901
    monitor session 1 destination interface gigabitethernet 3 (There are 4 Gigabit Ethernet Uplink in CISCO 3750, I want all the traffic to go to port 3, is this the right way to do?)
    Thanks in advance.

  • How to check if 3750 switch is using sslv3

    Hi Everyone,
    i an trying to https to 3750 switch using firefox below is error message
    Firefox cannot guarantee the safety of your data on 10.0.0.4 because it uses SSLv3, a broken security protocol.
    Advanced info: ssl_error_no_cypher_overlap
    Learn More…
    ip http secure-server ---- is configured on 3750.
    i checked config on 3750 switch it does not show if sslv3 is enabled.
    is there any command i can use to check ssl config on 3750 switch?
    Regards
    Mahesh

    Hi Mahesh,
    Try running nmap against your switch: http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
    nmap --script ssl-enum-ciphers -p 443 <switch_name>
    There is an open Cisco bug for this vulnerabilty:
    https://tools.cisco.com/bugsearch/bug/CSCur23656
    ...which implies that this vulnerabilty is not fixed in any version of IOS!? If you are concerned, use the CLI and drop the HTTP(S) access.
    cheers,
    Seb.

  • QoS Questions for 3750 Switches

    2x3750 switches are stacked and we are trying to simulate traffic congestion at the UTP ports by using Smartbit 6000C. The objective of the test is to see if the QoS setting works in reality even though we see from Wireshark that the packets are marked with DSCP for voice traffic.
    Setup is as follows :
    Smartbit<->Avaya IP Phone<->3750 switches<->6509 switch.
    Please note that the configuration is set on the 3750 switch port as well as trusted on the Cat 6 switch port. However, when I set to continuous traffic with byte size of 64. Even though its a 100Mbps port, the Avaya IP Phone is already acting weird with hanged symptom. Just side note is that performing "show mls qos inter gi2/0/7 statistic" shows that data and voice traffic are marked on the different priority which seemed correct.
    1) Is this the right way to test? If not, what should be the correct way?
    2) The port that's connected to Smartbit is configured and it seemed that with the continuous traffic, even other IP Phones are hanged even though I have set Smartbit to hit on the IP address of the CAT6 Switch port. This is not normal right as this is supposed to be unicast traffic. Any idea what could be the reason?

    Hello Brandon,
    I understand your concern and how you want to test, but with the VoIP services you need to understand that there are 2 points (telephones if you want) involved. Your local one, where you might have taken all the necessary steps to protect and prioritize your voice traffic, and the oposite end which also need to have the voice packets prioritized.
    Now, from your description, I understand that the packets (voice and data) marked correctly (I believe on C3750), but that's not enough. You need to use CBWFQ together with LLQ to give priority to the Voice traffic over data in case of congestion. Do you have such configuration? Can you show us some excerpt from it?
    Next, during the testing, you said that your phone hang-up...where you in a call?
    To respond to your questions:
    1. The start is ok, but we need more details. You are pushing traffic from Smarbit, this is your local end, but where is the traffic pushed to (remote end), who is receiving the traffic?
    2. In theory, you shouldn't have any impact over voice if links are 100Mbit, only if you have such a power packet generator that could fill 100Mbit. What do you mean by "This is not normal right as this is supposed to be unicast traffic"? VoIP is also unicast traffic...
    I can see that you are determined to solve this issue, and this is OK as it will help you back with gained knowledge, but I have to warn you that troubleshooting QoS / Voice related problems may be more tricky than you think, as it will involve a strong know-how in these areas.
    We will help, but you have to come back with more precise details.
    Good luck!
    Calin

  • How do you tell if a 3750 interface is shaping or policing traffic?

    We have an Avaya PBX Medpro board plugged into a 3750 port with the following configuration:
    interface FastEthernet1/0/4
    description PBX Medpro-1
    switchport access vlan 10
    switchport mode access
    duplex full
    speed 100
    srr-queue bandwidth share 10 10 60 20
    srr-queue bandwidth shape 10 0 0 0
    mls qos trust dscp
    auto qos voip trust
    Everything was working fine until the PBX call level went above 110 calls (G-711) which pushed the interface to more than 10mbps. When this happened random calls out of that medpro became garbled and after lots of troubleshooting we came to the conclusion that the default auto qos settings where the problem.
    Default auto qos puts these statements on an interface:
    srr-queue bandwidth share 10 10 60 20
    srr-queue bandwidth shape 10 0 0 0
    ...which means that queue 1 will allow for 10mbps of traffic and then shaping will kick in.
    Adding the line 'priority-queue out' to the interface disables the 10mbps limitation of queue 1 and instead forces the interface to process every packet that goes into the priority queue before anything else.
    My question is - is there a 'show' command that we can use to see shaping at work? On router ports with a service policy that has shaping or policing on it you can see the shaping/policing in real time with 'show policy....'
    What about on the 3750 switch ports?

    Thanks for responding. We work with DSCP so I tried your example on the port a medpro is connected to, but with DSCP, as in:
    int f0/15
    description Medpro-1
    switchport access vlan 12
    mls qos dscp 46
    srr-queue bandwidth share 10 10 60 20
    srr-queue bandwidth shape 10 0 0 0
    auto qos voip trust
    This is the output of 'sh mls qos int f0/15'
    #sh mls qos int f0/15
    FastEthernet0/15
    trust state: not trusted
    trust mode: not trusted
    trust enabled flag: ena
    COS override: dis
    default COS: 0
    DSCP Mutation Map: Default DSCP Mutation Map
    Trust device: none
    qos mode: port-based
    Note - it doesn't show that 'mls qos dscp 46' did anything. Also it won't take the command 'mls qos dscp override', so how do I tell to mark incoming packets to DSCP 46?

  • Who is anybody using a WISM with FWSM on a CAT 6500 Switch?

    Hi
    Who is anybody using a WISM with FWSM on CAT 6500 switch ?
    Are there any problem,if use?
    And How can I set them to connecting each other ?
    I have founded a document relate it on the cisco website that name is Integrating Cisco WiSM and Firewall Service Module.
    I have a question concern it.
    Why do I have make a VRF to communication each other ?
    Please let me know.

    As far as the FWSM is concerned you can have each of the wireless vlans come in to the same context of the FWSM and then just add those vlans to the FWSM as separate vlans.

  • WAAS Configuration for 3750 Switch

    I am configuring a 3750 switch with 12.2(52)SE according to:
    (from https://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/3750_scg.pdf )
    This example shows how to configure SVIs and how to enable the web cache service with a multicast group list. VLAN 299 is created and configured with an IP address of 175.20.20.10. Gigabit Ethernet port 1 is connected through the Internet to the web server and is configured as an access port in VLAN 299. VLAN 300 is created and configured with an IP address of 172.20.10.30. Gigabit Ethernet port 2 is connected to the application engine and is configured as an access port in VLAN 300. VLAN 301 is created and configured with an IP address of 175.20.30.50. Fast Ethernet ports 3 to 6, which are connected to the clients, are configured as access ports in VLAN 301. The switch redirects packets received from the client interfaces to the application engine.
    Note Only permit ACL entries are being used in the redirect-list; deny entries are unsupported.
    Switch# configure terminal
    Switch(config)# ip wccp web-cache 80 group-list 15
    Switch(config)# access-list 15 permit host 171.69.198.102
    Switch(config)# access-list 15 permit host 171.69.198.104
    Switch(config)# access-list 15 permit host 171.69.198.106
    Switch(config)# vlan 299      WEB  SERVER
    Switch(config-vlan)# exit
    Switch(config)# interface vlan 299
    Switch(config-if)# ip address 175.20.20.10 255.255.255.0
    Switch(config-if)# exit
    Switch(config)# interface gigabitethernet1/0/1
    Switch(config-if)# switchport mode access
    Switch(config-if)# switchport access vlan 299
    Switch(config)# vlan 300 WAE
    Switch(config-vlan)# exit
    Switch(config)# interface vlan 300
    Switch(config-if)# ip address 171.69.198.100 255.255.255.0
    Switch(config-if)# exit
    Switch(config)# interface gigabitethernet1/0/2
    Switch(config-if)# switchport mode access
    Switch(config-if)# switchport access vlan 300
    Switch(config-if)# exit
    Switch(config)# vlan 301 CLIENTS
    Switch(config-vlan)# exit
    Switch(config)# interface vlan 301
    Switch(config-if)# ip address 175.20.30.20 255.255.255.0
    Switch(config-if)# ip wccp web-cache redirect in
    Switch(config-if)# exit
    Switch(config)# interface gigabitethernet1/0/3 - 6
    Switch(config-if-range)# switchport mode access
    Switch(config-if-range)# switchport access vlan 301
    Switch(config-if-range)# exit
    ===================================================================
    Question:  How do I configure my WAE to play nicely with this switch?

    Hi James,
    Here is the link to WCCP config part on WAE:
    http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v441/configuration/guide/traffic.html#wp1041742
    In your case, if my understanding is right, VLAN300 is where you want to connect WAE and WAE is also L2 adjacent. if that is true, here is the config you need on WAE:
    wccp router-list 1 171.69.198.100
    wccp tcp-promiscuous router-list-num 1 l2-redirect mask-assign l2-return
    wccp version 2
    Please note that 3750 supports L2 redirection only with redirect IN statements on 3750 interfaces connected to servers and clients.
    Hope this helps.
    Regards.

  • Catalyst 3750 Switch

    How many total Vlans can you create in Catalyst 3750 Switch ? I read a document about Catalyst 3750 Switch. This document is said that "Although the switch stack supports a total of 1005 (normal-range and extended-range) VLANs, the
    number of routed ports". However, I am not sure. Can you confirm for me ? Thanks

    this link should be of some help to answer your question.
    http://www.cisco.com/en/US/products/hw/switches/ps5532/products_command_reference_chapter09186a00803ec324.html#wp1031710
    HTH-Cheers,
    Swaroop

  • AAA on 3750 switch

    How to disable AAA on 3750 switch which has got screwed up due to missing of tacacs-server key command in older configuration. I believe RMON mode will not work...

    Hi ,
    I beleve you are able to log in to the switch. If that is the case then issues these commands,
    no tacacs-server host [ip]
    no tacacs-server key [key]
    no aaa authentication login default group tacacs+ local
    no aaa authorization exec default group tacacs+ if-authenticated
    no aaa authorization commands 1 default group tacacs+ if-authenticated
    no aaa authorization commands 15 default group tacacs+ if-authenticated
    no aaa authorization config-commands
    If you have accounting also, do the same. And finally
    no aaa new-model
    But incase you are not able to login to the box using tacacs or local login then you need to do password recovery.
    Thanks,
    Jagdeep

  • 3750 switch stacks

    I am new to the networking world and have some questions.
    I have 1 stack of six 3750 switches with a 10.50.3.10 ip address
    On the first stack (.10)I have int 6/0/19 , 20 and 21 assigned.
    I have a second ip scheme with one switch with an ip of 10.50.3.11
    Do I use a smartwise cable to connect the switches even though they have different ip schemes? Or do I use a only a cat 5 to connect the 2 differenet stacks. Also, do I need to configure the 6/0/19, 20 and 21 ports on the second ip scheme. I don't think it is possible now that I am writing this if the smartwise cables are not used. Any help would be appreciated.

    I apologize but I am not following you entirely. If you stack the 3750, you must use the stacking port and use the stackwise cable.
    You said: I have 1 stack of six 3750 switches with a 10.50.3.10 ip address
    >> This would mean you stacked them using the stackwise cable and all these six switches are seen as one single device.
    What do you mean by you have int 6/0/19-21 assigned? Assigned them what?
    You said: I have a second ip scheme with one switch with an ip of 10.50.3.11
    >> Sounds like you have another stack? Because the device will complaint if you address two different interfaces in teh same switch/router to the same subnet (10.50.3.10 and 10.50.3.11), unless these addresses are masked as host but I doubt that.

  • CAT 3750 and WCCP?

    Is WCCP supported in CAT 3750?

    Is WCCP supported in CAT 3750?
    Hi,
    Yes WCCP is supported with release 12.2 (37) SE in IP Services.Check out the below link from cisco for more information
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/prod_qas09186a00801b0971.html
    Hope to Help !!
    Ganesh.H
    Remember to rate the helpful post

  • CLI Template to run Archive Command to upgrade 3750 Switch in Prime

    Does anyone have or know how to write a template to upgrade a mixed stack of 3750 switches in Prime Infrastructure 2.0?  Prime does not support upgrading a mixed stack yet, but it can be done from command line.
    the command line would be:
    archive download-sw /allow /overwrite tftp://10.30.2.14/3750efilename  tftp://10.30.2.14/3750filename

    Hi,
    Please check:
    1. You need to download the correct .tar image file;
    2. Copy it to the root of your FTP or TFTP server;
    3. Upload, extract and install the .tar file to the switches (I always use the /imageonly option, because I don’t need the html files for management);
    4. Reload the switch stack;
    Please use this command:
    sw-stack#archive download-sw /imageonly /overwrite /allow-feature-upgrade ftp://user:password@/image-file.tar
    The boot parameters are automatically changed to the new IOS firmware. You can check the boot parameters with the show boot command.
    Regards
    Dont forget to rate helpful posts.

  • Can a 2851 GEC to a 3750 switch?

    Was trying to get g0/0 and g0/1 of a 2851 to form a GEC with a 3750 switch using VLANS.
    I've looked to documentation on this but cannot seem to find any if anyone could direct me to a "how to" I be greatful.
    BCT

    Are you talking about making the link up between 2851 and 3750 on gigabitports and used etherchannel ?

  • 3750 switch and HP switch fiber connectivity issue

    I have connected 2 Cisco 3750 switches "WS-C3750-48TS-S" with the LC to LC Duplex Single Mode fiber cable. Both the switches are communicating with each other.
    As i have checked in the cisco document that GLC-SX-MM support only Multimode fiber cable. So i am surprised how does it support single mode fiber optic cable.
    Can anyone tell me the reason for supporting single mode fiber optic cable?
    But when i connect HP 4208 switch with the same Cisco 3750 the interface is showing up but the input packets are 0 and output packets are increasing on both ends.
    I have checked the SFP's and fiber cable are compatible with HP. 
    Can anybody suggest me what can be the possible cause of this?
    Regards,
    Mukesh Kumar
    Network Engineer
    Spooster IT Services

    I tried to troubleshoot this issue by using some show commands.
    As i have checked that there are some specific commands to check SFP transreceiver as given below:
    show hw-module subslot slot/subslottransceiver port idprom.
    show interfaces {{[int_name] transceiver {[detail]} | {transceiver [module mod] | detail [module mod]}}
    But these commands support only those transreceivers which support DOM. GLC-SX-MM doesn't support DOM.
    Can anyone tell me that are there some troubleshoting commands to solve out the issue?
    Regards,
    Mukesh Kumar
    Network Engineer
    Spooster IT Services

Maybe you are looking for

  • Service PO Creation With Negative value

    Hi all, I am trying to create a Services PO using the BAPI 'BAPI_PO_CREATE1' In my scenario, First time PO will create with negative value. Then I will remove some conditions in Services line. Then PO value will becomes positive. When i create the ba

  • MDX Error: timeout during allocate / CPIC-CALL: 'ThSAPCMRCV' (NW 7.0)

    Hello everyone, while trying to execute an MDX Statement on NW 7s SAP BI i ran into the "timeout during allocate / CPIC-CALL: 'ThSAPCMRCV'" error. I searched these forums for a solution an found SAP Note 1032461. The Problem is: it only applys to old

  • Accessing Photos in Photoshop 3.0, never registered?

    Adobe Photoshop Album Starter Edition 3.0 came on our HP computer when new several years ago.  We never registered it, but some camera photos got grabbed by Adobe and are now in there.  When we try to access, a screen pops up telling us we need to re

  • Preview icon was gone from dock

    Hi everyone I have a problem with Mountain Lion. When I opened a pdf documents with Preview, it worked fine. After I closed the document (without quitting Preview) then I clicked on desktop, the Preview icon was gone from the dock. But when I opened

  • How do I open my old Word documents with Lion

    I installed Lion and now I can't open my old Word documents.  Any idea how I can do this?