Hsrp on router with vlan routing

Similar Messages

• Need basic Help - SG300 with vlan and routing

  Hi,
  i need some basic help with configuring vlan/routing.
  Situation:
  DSL Router - Cisco 300 - XenServer
  192.168.1.253 - 192.168.1.19 - 192.168.1.10 (mgmt ip)
  goal is, to reach from inside xenserver vms the internet.
  vms = 192.168.2.x
  gateway ip = 192.168.2.1
  what i did:
  - configured vlan 102, tagged, with the xenserver port
  - configured on xenserver a network with vlan id 102, attached to the vm
  - this network is conntected to an external bond
  - configured ipva4 interface: vlan102 - Static - IP 192.168.2.1 (this is the gateway ip of the vms)
  - automatic configured IPv4 Route: 192.168.2.0/24 next hop 0.0.0.0, Directly connected
  So at the moment i cant ping from inside a vm to the DSL Router (192.168.2.2 to 192.168.1.253)
  any ideas what i misconfigured or whats wrong?
  cheers,
  -Marco

  Hi Tom,
  ok, that make sense. I can ping the router now inside vms from 192.168.2.x network.
  But i cant ping external adresses, error: Destination net unreachable.
  My other problem i have, i cant reach any server from outside over router portforwarding.
  How do i have to configure the upload port to the dsl router? Is it a access port or a trunk
  port with all vlans (tagged or untagged?) At the moment ive a tagged Trunkport with all vlans.
  IPv4 Interface Table
  Interface
  IP Address Type
  IP Address
  Mask
  Status
  VLAN 1
  Static
  192.168.1.19
  255.255.255.0
  Valid
  Should the VLAN1 ip adress not the router ip adress ? Do i need an additional vlan for
  the router ? At the end i like to change the switch ip from dhcp to static (change automaticly
  when switching to layer 3 mode), but ive to look for the ios commands first.
  What else do i missing ?
  Thanks a lot,
  Marcus

• DMVPN Hub on HSRP standby router

  I was wondering if a DMVPN Hub was able to provide redundancy on an HSRP standby router.
  I currently have an active tunnel to the standby, but am unable to update EIGRP..
  Thank You in adavnce..

  Check GRE keepalives is enabled or not, if enabled remove that, then check the routing updates.
  Check whether you allowed ESP, UDP 500, UDP 4500 and GRE on your access-list.
  Also Adjust the MTU size, using the cmd ?ip tcp adjust-mss 1360?
  Try these links:
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml#eigrp
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a0080087026.html

• Two srw switches with vlans and pfsense gatway

  Hi,
  I've got a bit of a problem that a can't seem to get a handle of things.
  I've got two srw 48 port switches that I would like to link together  and then on to the pfsense box.
  First I'd like to connect the two switches to see if everything works and then on connect the pfsense box.
  Now I would be very great full if someone with a bit more experience with VLANs would be so kind to walk me trough the procedure of creating VLANs, configuring them to ports on the switch and connecting the whole thing to another switch.
  This is what I've done so fare.
  1. I created 3 VLANs on both switches (VLAN2-office,VLAN3-WiFi, VLAN5-VoIP). I've created these VLANs with the same tags on all the devices.
  2. I configured the ports that connect the switches as trunk. (I can't seem to be able to configure anything else on this port. Is there something else I should configure on these ports?)
  Now as fare as I understand the documentation the VLANs on each switch should now see each other.
  I'm still not sure on how to configure a physical port to one VLAN. After creating the VLANs on both switches and connecting them trough the trunk port I set ports 10-20 to VLAN2 by going to VLAN Management -> Ports to VLAN I selected VLAN2 and marked ports general and untagged and saved the settings. I repeated the procedure on the other switch. Now if I stuck my network cable into one of this ports I didn't get an IP anymore form the DHCP witch means that they were on a different VLAN than the other ports so I setup another router to act as a test DHCP with a different IP range as the main DHCPto see if it works. Now when I connectedthe test router to one of the ports in VLAN2 and my PC to the same VLAN2 port I got the test IP no problem. But when I connected the PC to the other switch VLAN2 port nothing happened until I connected the test DHCP to one of the VLAN2 ports. So clearly the switch VLANs are not communicating.
  Now I don't know did I forget something, made a mistake with some setting or I just don't know what I'm doing because I think I need to get the VLANs between switches working before tackling the pfsense connection.
  I would be really great full if someone explains to me how to set these VLANs up so that they would work between switches.
  Thank you for your help.

  Hi,
  I was successful and I did exactly that. I put all VLANs on trunk ports and the switch to switch to pfSense started to work.
  The only thing that gave me some problems was the end port(port connecting to the device pc, phone, printer) configuration. I was under the impression that the port was supposed to be in general mode and tagged. But I figured out that the port is supposed to be in access mode and untagged and only a member of one VLAN(the one I wanted it to connect to).
  Anyway all is working now and I've figured out all the kinks. 
  So thanks guys for the help.
  Nice day to all.
  Bye

• Cisco/Linksys SLM224G SWITCH: Problem with VLANs

  Hi!
  I'm trying to set up VLANs in my racks. I have some knowledge about VLANs, but I still can't set it up in my way.
  My situation:
  I have PC which contains two virtual machines, which has to works as a routers between three networks: LAN1, LAN2, WAN. It's a bit complicated, but I'll try to draw it:
                                                   |-------------|
  |----------------------------|                   |           e1|-to-eth1-VM2-----WAN
  |VirtualMachine 1        eth0|---trunk-VLAN1&2---|g1         e2|-to-eth0-VM2-----LAN2
  |eth0=VLAN1 eth1=VLAN2       |                   |           e3|-to-eth0-VM2-----LAN2 etc.
  |                         PC |                   |   SWITCH  e4|
  |VirtualMachine 2            |                   |           e5|-to-eth1-VM1---wire-to-LAN2
  |eth0=VLAN3 eth1=VLAN4   eth1|---trunk-VLAN3&4---|g2         e6|-to-eth0-VM1-----LAN1
  |----------------------------|                   |           e7|-to-eth0-VM1-----LAN1 etc.
                                                   |-------------|
  gX = Gigabit ports
  eX = 100Mbit ports
  VMX = Virtual machine number
  wire-to = patch-cord connection between ports on the switch
  Schema of routing and logical visibility:
  LAN1---VM1-----VM2---WAN
                |
  LAN2----------|
  Important note is that LAN1 and LAN2 has to be separated (visible only through routers). WAN has to be visible only through VM2 for LAN2 and through by VM1 and VM2 for LAN1. It looks easy, but VLANs which I done on that switch seems to doesn't works.
  I'm doing this like that:
  Step1: VLAN Management / Create VLAN...
  Creating VLANs from 1, 2, 3, 4 (numbers doesn't meters right now - I now that number 1 is restricted at the switch).
  Step2: VLAN Management / Port to VLAN...
  Setting up VLAN1 with ports g1, e5 (both tagged or untagged? - I haven't seen difference)
  Setting up VLAN2 with ports g1, e6, e7, etc...
  Setting up VLAN3 with ports g2, e2, e3, etc...
  Setting up VLAN4 with ports g2, e1
  Step3: VLAN Management / Port Setting...
  Setting up port e1 to PVID4 (frame type=all I suppose, but what with "ingress filtering"?)
  Setting up port e2 to PVID3
  Setting up port e3 to PVID3
  etc...
  Setting up port e5 to PVID1
  Setting up port e6 to PVID2
  Setting up port e7 to PVID2
  etc...
  So, on that configuration and on that switch it doesn't work for me
  I know that switch is seeing MACs from VLANs which are done by PC's, because when I get in "Admin / Dynamic Address" I can see MACs on correct ports and with correct VLAN ID. So the problem is to forward VLANs on their ports, next clear frames from IDs and let packets go (and back: take clear packets, add VLAN ID and send to gigabits ports).
  Showed configuration is the one of many that I tried :/ but I think this one is the best one.
  Or maybe I don't know VLANs as I think and that schema is impossible? Please tell me if I' doing sth wrong.
  Regards
  and waiting for any suggestions,
  Lucas

  You need to make sure that your VirtualMachine can send tagged frames if the VMs share physical ethernet ports on the host.
  I count 4 different LAN segments but you have only 2 physical ports on your PC (router).
  And VM2 requires 3 physical connections according to the list below.
  Depending on the virtualisation software you can maybe create the connection PVM1 to VM2 internally inside the PC (logical connection)
  Are these the connections you require ?
  VM1 --- LAN1
  VM1 --- VM2
  VM2 --- WAN
  LAN2 --- VM2
  Is this correct ? Will your PC, Virtualisation Software/Hypervisor tag frames with VLAn tags ?
  If this is true I can help you configure the switch.
  Jo

• SG-300 28P switches problem with VLAN Data and Voice, working all the time as Voice VLAN

  Hi Everyone,
  Thank you very much for your help in advance. I’m pulling my hair to fix the problem.
  I  just got the new SG-300 28P switches. My Bios ordered for me. I did not  know how it runs until now... not an IOS based. I really do not know  how to configure it.
  I have 2 VLAN are Data and Voice.
  -          Data VLAN ID is 2 IP 192.168.2.X/255.255.255.0
  -          Voice VLAN ID is 200 IP 192.168.22.X/255.255.255.0
  -          I created two vlans, in switch, Data and Voice.
  -          On the port number 28, it is trunk by default, so I add Data vlan ID 2 tagged.
  -          On the port number 26, it is trunk by default, so I add Voice vlan ID 200 tagged.
  -          On the port number 27, I add Data vlan ID 2 tagged for Data vlan out.
  -          Port settings No.1
  I set it up as Trunk with Data vlan 2 untagged, and  200  Tagged (voice vlan). I plugged in a phone with a pc attached. But the  PC will get to the vlan 200 to get the DHCP address, but no from vlan 2.  The Phone works with correct vlan ip.
  -          Port settings No.2
  Trunk with vlan 1UP, 2T, and 200T. The phone is even worse. Would never pick up any IP from DHCP.
  -          Port settings No.3
  Access  with 200U...of course the phone will work... and the PC could not get  to its own vlan. Instead, the PC got an ip from the voice vlan. Not from  VLAN 2.
  I have Linksys phone I’m not sure if this help.
  For more information I setup in switch,
              - enable voice vlan
  - set the port on auto voice vlan
  - enable LLDP-MED globally
  - create a network policy to assign VLAN 200
  - assign this network policy to the port the phone is connected to.
  I  hope this information help to help me to setup Data and Voice vlans, to  plug the phone to work with vlan Voice 200 (IP rang 192.168.22.X), from  phone to Pc and pc work as Data vlan 2 (IP rang 192.168.2.X).

  I just got done setting up voice VLANs on an SF 300-24P and verified working.  This was working with Cisco 7900 series phones connected to a Cisco UC setup.
  Here's my sample config.
  Note that I edited this by hand before posting, so doing a flat out tftp restore probably won't work.  However, this should give you a clue.  Also, don't take this as 100% accurate or correct.  I've only been working with these things for about a week, though I've worked with the older Linksys SRW switches for a couple of years.  I'm a CCNP/CCDP.
  VLAN 199 is my management VLAN and is the native VLAN on 802.1q trunks.
  VLAN 149 is the data/computer VLAN here.
  VLAN 111 is the voice/phone VLAN here.
  VLAN 107 does nothing.
  interface range ethernet e(1-24)
  port storm-control broadcast enable
  exit
  interface ethernet e1
  port storm-control include-multicast
  exit
  interface ethernet e2
  port storm-control include-multicast
  exit
  interface ethernet e3
  port storm-control include-multicast
  exit
  interface ethernet e4
  port storm-control include-multicast
  exit
  interface ethernet e5
  port storm-control include-multicast
  exit
  interface ethernet e6
  port storm-control include-multicast
  exit
  interface ethernet e7
  port storm-control include-multicast
  exit
  interface ethernet e8
  port storm-control include-multicast
  exit
  interface ethernet e9
  port storm-control include-multicast
  exit
  interface ethernet e10
  port storm-control include-multicast
  exit
  interface ethernet e11
  port storm-control include-multicast
  exit
  interface ethernet e12
  port storm-control include-multicast
  exit
  interface ethernet e13
  port storm-control include-multicast
  exit
  interface ethernet e14
  port storm-control include-multicast
  exit
  interface ethernet e15
  port storm-control include-multicast
  exit
  interface ethernet e16
  port storm-control include-multicast
  exit
  interface ethernet e17
  port storm-control include-multicast
  exit
  interface ethernet e18
  port storm-control include-multicast
  exit
  interface ethernet e19
  port storm-control include-multicast
  exit
  interface ethernet e20
  port storm-control include-multicast
  exit
  interface ethernet e21
  port storm-control include-multicast
  exit
  interface ethernet e22
  port storm-control include-multicast
  exit
  interface ethernet e23
  port storm-control include-multicast
  exit
  interface ethernet e24
  port storm-control include-multicast
  exit
  interface range ethernet g(1-4)
  description "Uplink trunk"
  exit
  interface range ethernet g(1-4)
  switchport default-vlan tagged
  exit
  interface range ethernet e(21-24)
  switchport mode access
  exit
  vlan database
  vlan 107,111,149,199
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 107
  exit
  interface range ethernet e(21-24)
  switchport access vlan 111
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 111
  exit
  interface range ethernet e(1-20)
  switchport trunk native vlan 149
  exit
  interface range ethernet g(1-4)
  switchport trunk allowed vlan add 149
  exit
  interface range ethernet g(1-4)
  switchport trunk native vlan 199
  exit
  voice vlan aging-timeout 5
  voice vlan oui-table add 0001e3 Siemens_AG_phone________
  voice vlan oui-table add 00036b Cisco_phone_____________
  voice vlan oui-table add 00096e Avaya___________________
  voice vlan oui-table add 000fe2 H3C_Aolynk______________
  voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
  voice vlan oui-table add 00d01e Pingtel_phone___________
  voice vlan oui-table add 00e075 Polycom/Veritel_phone___
  voice vlan oui-table add 00e0bb 3Com_phone______________
  voice vlan oui-table add 108ccf MyCiscoIPPhones1
  voice vlan oui-table add 40f4ec MyCiscoIPPhones2
  voice vlan oui-table add 8cb64f MyCiscoIPPhones3
  voice vlan id 111
  voice vlan cos 6 remark
  interface ethernet e1
  voice vlan enable
  exit
  interface ethernet e1
  voice vlan cos mode all
  exit
  interface ethernet e2
  voice vlan enable
  exit
  interface ethernet e2
  voice vlan cos mode all
  exit
  interface ethernet e3
  voice vlan enable
  exit
  interface ethernet e3
  voice vlan cos mode all
  exit
  interface ethernet e4
  voice vlan enable
  exit
  interface ethernet e4
  voice vlan cos mode all
  exit
  interface ethernet e5
  voice vlan enable
  exit
  interface ethernet e5
  voice vlan cos mode all
  exit
  interface ethernet e6
  voice vlan enable
  exit
  interface ethernet e6
  voice vlan cos mode all
  exit
  interface ethernet e7
  voice vlan enable
  exit
  interface ethernet e7
  voice vlan cos mode all
  exit
  interface ethernet e8
  voice vlan enable
  exit
  interface ethernet e8
  voice vlan cos mode all
  exit
  interface ethernet e9
  voice vlan enable
  exit
  interface ethernet e9
  voice vlan cos mode all
  exit
  interface ethernet e10
  voice vlan enable
  exit
  interface ethernet e10
  voice vlan cos mode all
  exit
  interface ethernet e11
  voice vlan enable
  exit
  interface ethernet e11
  voice vlan cos mode all
  exit
  interface ethernet e12
  voice vlan enable
  exit
  interface ethernet e12
  voice vlan cos mode all
  exit
  interface ethernet e13
  voice vlan enable
  exit
  interface ethernet e13
  voice vlan cos mode all
  exit
  interface ethernet e14
  voice vlan enable
  exit
  interface ethernet e14
  voice vlan cos mode all
  exit
  interface ethernet e15
  voice vlan enable
  exit
  interface ethernet e15
  voice vlan cos mode all
  exit
  interface ethernet e16
  voice vlan enable
  exit
  interface ethernet e16
  voice vlan cos mode all
  exit
  interface ethernet e17
  voice vlan enable
  exit
  interface ethernet e17
  voice vlan cos mode all
  exit
  interface ethernet e18
  voice vlan enable
  exit
  interface ethernet e18
  voice vlan cos mode all
  exit
  interface ethernet e19
  voice vlan enable
  exit
  interface ethernet e19
  voice vlan cos mode all
  exit
  interface ethernet e20
  voice vlan enable
  exit
  interface ethernet e20
  voice vlan cos mode all
  exit
  interface ethernet e1
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e2
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e3
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e4
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e5
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e6
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e7
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e8
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e9
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e10
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e11
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e12
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e13
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e14
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e15
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e16
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e17
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e18
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e19
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e20
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e21
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e22
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e23
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e24
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g1
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g2
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g3
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet g4
  lldp optional-tlv port-desc sys-name sys-desc sys-cap 802.3-mac-phy 802.3-lag 802.3-max-frame-size
  exit
  interface ethernet e1
  lldp med notifications topology-change enable
  exit
  interface ethernet e2
  lldp med notifications topology-change enable
  exit
  interface ethernet e3
  lldp med notifications topology-change enable
  exit
  interface ethernet e4
  lldp med notifications topology-change enable
  exit
  interface ethernet e5
  lldp med notifications topology-change enable
  exit
  interface ethernet e6
  lldp med notifications topology-change enable
  exit
  interface ethernet e7
  lldp med notifications topology-change enable
  exit
  interface ethernet e8
  lldp med notifications topology-change enable
  exit
  interface ethernet e9
  lldp med notifications topology-change enable
  exit
  interface ethernet e10
  lldp med notifications topology-change enable
  exit
  interface ethernet e11
  lldp med notifications topology-change enable
  exit
  interface ethernet e12
  lldp med notifications topology-change enable
  exit
  interface ethernet e13
  lldp med notifications topology-change enable
  exit
  interface ethernet e14
  lldp med notifications topology-change enable
  exit
  interface ethernet e15
  lldp med notifications topology-change enable
  exit
  interface ethernet e16
  lldp med notifications topology-change enable
  exit
  interface ethernet e17
  lldp med notifications topology-change enable
  exit
  interface ethernet e18
  lldp med notifications topology-change enable
  exit
  interface ethernet e19
  lldp med notifications topology-change enable
  exit
  interface ethernet e20
  lldp med notifications topology-change enable
  exit
  interface ethernet e21
  lldp med notifications topology-change enable
  exit
  interface ethernet e22
  lldp med notifications topology-change enable
  exit
  interface ethernet e1
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e2
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e3
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e4
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e5
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e6
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e7
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e8
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e9
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e10
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e11
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e12
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e13
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e14
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e15
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e16
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e17
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e18
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e19
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e20
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e21
  lldp med enable network-policy poe-pse
  exit
  interface ethernet e22
  lldp med enable network-policy poe-pse
  exit
  lldp med network-policy 1 voice vlan 111 vlan-type tagged
  interface range ethernet e(1-22)
  lldp med network-policy add 1
  exit
  interface vlan 199
  ip address 199.16.30.77 255.255.255.0
  exit
  ip default-gateway 199.16.30.3
  interface vlan 1
  no ip address dhcp
  exit
  no bonjour enable
  bonjour service enable csco-sb
  bonjour service enable http  
  bonjour service enable https 
  bonjour service enable ssh   
  bonjour service enable telnet
  hostname psw1
  line console
  exec-timeout 30
  exit
  line ssh
  exec-timeout 30
  exit
  line telnet
  exec-timeout 30
  exit
  management access-list Management1
  permit ip-source 10.22.5.5 mask 255.255.255.0
  exit
  logging 199.16.31.33 severity debugging description mysysloghost
  aaa authentication enable Console local
  aaa authentication enable SSH tacacs local
  aaa authentication enable Telnet local
  ip http authentication tacacs local
  ip https authentication tacacs local
  aaa authentication login Console local
  aaa authentication login SSH tacacs local
  aaa authentication login Telnet local
  line telnet
  login authentication Telnet
  enable authentication Telnet
  password admin
  exit
  line ssh
  login authentication SSH
  enable authentication SSH
  password admin
  exit
  line console
  login authentication Console
  enable authentication Console
  password admin
  exit
  username admin password admin level 15
  power inline usage-threshold 90
  power inline traps enable
  ip ssh server
  snmp-server location in-the-closet
  snmp-server contact [email protected]
  ip http exec-timeout 30
  ip https server
  ip https exec-timeout 30
  tacacs-server host 1.2.3.4 key spaceballz  timeout 3  priority 10
  clock timezone -7
  clock source sntp
  sntp unicast client enable
  sntp unicast client poll
  sntp server 199.16.30.1
  sntp server 199.16.30.2
  ip domain-name mydomain.com
  ip name-server  199.16.5.12 199.16.5.13
  ip telnet server

• 802.1x with VLAN assignment on Catalyst 2950T-48-SI

  I will really appreciate if you can confirm me if the C2950T-48-SI will support the following features.
  - IEEE 802.1x with VLAN assignment
  - SSHv2
  - SNMPv3
  The data sheet for the Cisco Catalyst 2950 Series Switches with Standard Image mentions all the above and more features for the 2950T-48-SI, but at the same time the power point presentation, (Cisco Catalyst 2950 Series Switches, and the tool Sofware advisor say that those features are only supported with the Enhanced Image.
  If your those feature are supported by the Standard Image, would you please also inform the last IOS version supported.
  Thanks a lot.

  SSH isn't available on the SI version of the 2950 as you require the Crypto features and these are not available for the SI (the documentation is a little vague here but trust me I have upgraded one and it doesn't like it...). The documentation says 'Switches that support only the SI cannot run the cryptographic image.'
  802.1x with VLAN assignment is available only in the latest IOS - or at least since 12.1(22).
  SNMPv3 is supported.
  HTH
  Andy

• 871 802.1x with vlan assignment aka dynamic vlan

  you can do vlan assignment on 871W wireless using the local radius server but unfort only LEAP which is N.G.
  I have been pounding on wired 802.1x PEAP (which works) trying to get vlan re-assignment. Have tried with IAS which I am using to do vlan reassignment with the WLC so I have the idea of how it works with IAS. With 871, no go. Have also tried ACS for radius with same results: can't escape the switchport's vlan. With debug radius local you can see the tunnel attributes for reassignment plainly but with debug radius with IAS or ACS, nada.
  Using 12.4(6)T advanced IP.
  I have just seen that 12.4(4)CX2 has "802.1x with vlan reassignment" but the download is MIA. Wonder what's up with that?
  Has anybody got this to work? Any info much appreciated
  Greg Turner

  SSH isn't available on the SI version of the 2950 as you require the Crypto features and these are not available for the SI (the documentation is a little vague here but trust me I have upgraded one and it doesn't like it...). The documentation says 'Switches that support only the SI cannot run the cryptographic image.'
  802.1x with VLAN assignment is available only in the latest IOS - or at least since 12.1(22).
  SNMPv3 is supported.
  HTH
  Andy

• How to resolve A VMWare portgroup with VLAN ID 0 cannot be founf on virtual switch vSwitch0.

  Hi All,
  I have deployed Microsoft private cloud using SCVMM, SCOM, SCCM, SCSM, SCO and SCSM Portal...
  Also, i am using cloud service process pack runbooks and offerings for my vm provisioning in VM Ware platform...
  After submitted the request vm got created but it is throwing an error in SCVMM jobs:
  A VMWare portgroup with VLAN ID 0 cannot be found on virtual switch vSwitch0...
  VLAN ID of the existing virtual switch vSwitch is 48 and that we cannot change...also we cannot create a new vswitch in DC...
  How can i resolve this error...
  Thanks in advance for your help...
  Regards,
  Sudheesh M A

  Hi Alexander,
  Thank for answering. I asked custumer to send some config file from the switch. I don´t how complete is this, but, regarding "mls cos" entries, we have:
  no aaa new-model
  switch 1 provision ws-c2960x-48ts-l
  ip domain-name ecs.local
  login on-failure trap
  login on-success log
  vtp mode transparent
  mls qos
  crypto pki trustpoint TP-self-signed-1837850112
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1837850112
   revocation-check none
   rsakeypair TP-self-signed-1837850112
  interface GigabitEthernet1/0/1
   switchport access vlan 235
   switchport mode access
   srr-queue bandwidth share 1 70 25 5
   priority-queue out
   mls qos trust dscp
   service-policy input ACCESS_INGRESS
  interface GigabitEthernet1/0/2
   switchport access vlan 235
   switchport mode access
   srr-queue bandwidth share 1 70 25 5
   priority-queue out
   mls qos trust dscp
   service-policy input ACCESS_INGRESS
  interface GigabitEthernet1/0/48
   switchport access vlan 235
   srr-queue bandwidth share 1 70 25 5
   priority-queue out
   mls qos trust dscp
   service-policy input ACCESS_INGRESS
  Is these entries make any sense for the behavior we are facing?
  Thanks

• How to set all new vm with VLAN ID as a default settings and alose set the avaiablity high .

  How to set all new vm with VLAN ID as a default settings and alose set the avaiablity high .

  Hi Ramy,
  As a work around , you can create a VM without installing OS and  configure the Vlan of VNic , then export it .
  The new VM will be with Vlan ID when you import the "export file".(note : you need to select "copy the virtual machine " in the tab "choose import type" during importing ) .
  Hope this helps
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• ISP with vlan id , cannot dialup

  I use cisco 1921 k9 , made a pppoe setting, here the problem , my ISP come with a vlan ID :620, where should i input this vaule?

  HI,
  Create Sub-interface  with VLAN tag where the IPS modem/Device is connected  and then configure the Dialer interface with PPPOE setting.
  Example:
  Interface Gig 0/0 or 0/1
  no ip address
   duplex auto
   speed auto
  interface Gig0/0.620
   encapsulation dot1Q 620
   pppoe enable group global
   pppoe-client dial-pool-number 1
  end
  interface Dialer0
  ip address  xxxxxxxxxxxx
   ip mtu 1492
   ip nat enable
   encapsulation ppp
   ip tcp adjust-mss 1452
   dialer pool 1
   dialer-group 1
   ppp authentication pap chap callin
   ppp chap hostname  ( Username)
   ppp chap password ( password)
   ppp pap sent-username ( Username) password 7 (Password)
  end

• Route leaking from VRF to Global on same router with VLAN interface

  Hi all,
  I would like to do some route leaking from VRF to Global and Global to VRF on the same router. Here is an output of the config:
  interface FastEthernet4
  description ***Connection to WAN***
  ip vrf forwarding FVRF
  ip address 10.0.0.6 255.255.255.0
  interface Vlan100
  description ***LAN***
  ip address 192.168.227.1 255.255.255.0
  So what I want is to import 192.168.227.0 /24 into FVRF and import 10.0.0.0 /24 into the global routing table.
  I though I could do that config but it is not possible:
  (config)#ip route vrf FVRF 192.168.227.0 255.255.255.0 vlan 100
  % For VPN or topology routes, must specify a next hop IP address if not a point-to-point interface
  OR
  DK-SLVPN(config)#ip route vrf FVRF 192.168.227.0 255.255.255.0 vlan 100 192.168.227.1 global
  %Invalid next hop address (it's this router)
  Any ideas are really welcome.
  Best regards,
  Laurent

  Hi,
  I have tried the following solution:
  Add 10.0.0.0 /24 From VRFto Global:
  ip route 10.0.0.0 255.255.255.0 FastEthernet4
  Add 192.168.227.0 /24 from Global to VRF:
  router bgp 64512
  bgp log-neighbor-changes
  address-family ipv4
    no synchronization
    redistribute connected
    no auto-summary
  exit-address-family
  ip prefix-list Global-VRF seq 5 permit 192.168.227.0/24
  route-map Global permit 10
  match ip address prefix-list Global-VRF
  ip vrf FVRF
    rd 1:1
    import ipv4 unicast map Global
  So now the VRF table looks like that:
  #      sh ip route vrf FVRF
  C        10.0.0.0/24 is directly connected, FastEthernet4
  S        10.0.0.1/32 [254/0] via 10.0.0.1, FastEthernet4
  L        10.0.0.6/32 is directly connected, FastEthernet4
  B     192.168.227.0/24 is directly connected, 00:15:12, Vlan100
  The Global table looks like this:
  #sh ip route
  Gateway of last resort is 10.1.0.107 to network 0.0.0.0
  D*    0.0.0.0/0 [90/1709056] via 10.1.0.107, 3d02h, Tunnel1
         10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
  S        10.0.0.0/24 is directly connected, FastEthernet4
  C        10.1.0.0/24 is directly connected, Tunnel1
  L        10.1.0.227/32 is directly connected, Tunnel1
  C        10.2.0.0/24 is directly connected, Tunnel2
  L        10.2.0.227/32 is directly connected, Tunnel2
  C        10.10.10.227/32 is directly connected, Loopback100
         192.168.227.0/24 is variably subnetted, 2 subnets, 2 masks
  C        192.168.227.0/24 is directly connected, Vlan100
  L        192.168.227.1/32 is directly connected, Vlan100
  But When I try to ping it still doesn´t work:
  #ping vrf FVRF 192.168.227.1 source fastEthernet 4
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.227.1, timeout is 2 seconds:
  Packet sent with a source address of 10.0.0.6
  Success rate is 0 percent (0/5)
  #ping 10.0.0.1 source vlan 100
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
  Packet sent with a source address of 192.168.227.1
  Success rate is 0 percent (0/5)
  Any ideas?
  Regards,
  Laurent

• Best Wireless router with VLAN support

  Bout an EA6700 only to find out that it didn't have VLAN support

  Thanks for your answer. I am now looking at an Asus RT AC 66U. **bleep** shame as the report I have seen on the EA 6700 are first class. Does anyone know if the ASUS will support VLan?

• HSRP standy router IP not showing

  Hi,
  i have got 6509 with l3, now with the below said configuration, i couldn't not able to the standby router ip address, instead it shows me "unknown" but for others vlan it shows me the standby router ip address, is that because that i had put access-list & will the access-list has affected that?
  Main Layer3 card
  interface Vlan199
  description ***PCR Network***
  ip address 192.168.3.254 255.255.255.0
  ip access-group 101 in
  ip access-group 103 out
  no ip redirects
  ip pim sparse-mode
  mls rp ip
  standby 199 ip 192.168.3.252
  standby 199 timers 5 15
  standby 199 priority 109
  standby 199 preempt
  Vlan199 - Group 199
  Local state is Active, priority 109, may preempt
  Hellotime 5 sec, holdtime 15 sec
  Next hello sent in 1.548
  Virtual IP address is 192.168.3.252 configured
  Active router is local
  Standby router is unknown
  Virtual mac address is 0000.0c07.acc7
  19 state changes, last state change 10w5d
  IP redundancy name is "hsrp-Vl199-199" (default)
  access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.9.0 0.0.0.255
  access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.1.0 0.0.0.255
  access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255
  access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255
  Standby Layer3 card
  interface Vlan199
  description ***PCR Network***
  ip address 192.168.3.253 255.255.255.0
  ip access-group 101 in
  ip access-group 103 out
  no ip redirects
  ip pim sparse-mode
  mls rp ip
  standby 199 ip 192.168.3.252
  standby 199 timers 5 15
  standby 199 priority 110
  standby 199 preempt
  Vlan199 - Group 199
  Local state is Active, priority 110, may preempt
  Hellotime 5 sec, holdtime 15 sec
  Next hello sent in 0.910
  Virtual IP address is 192.168.3.252 configured
  Active router is local
  Standby router is unknown
  Virtual mac address is 0000.0c07.acc7
  3 state changes, last state change 10w5d
  IP redundancy name is "hsrp-Vl199-199" (default)
  access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.9.0 0.0.0.255
  access-list 101 permit ip 192.168.3.0 0.0.0.255 10.2.1.0 0.0.0.255
  access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.3.0 0.0.0.255
  access-list 101 permit ip 192.168.3.0 0.0.0.255 192.168.2.0 0.0.0.255

  Hi Anand,
  Both the routers are thinking themselves to be active if you check the sh stahndy status which you have pasted "Local state is Active"
  This means hello packets are getting lost between the 2 routers and they are not able to detect which is active and which is standy router.
  Your accesss list can be one of the reason because you have allowed only 4 set of ip addresses and rest are implicit deny as per access list rules and HSRP hello packet carries 224.0.0.2 in its hello packet as destination address.
  Can you permit this ip in your access list and see what happens.
  HTH
  Ankur

• HSRP standby router

  Hello,
  If we have three routers in HSRP i.e. one is active, second is standby and third is listen.
  If the standby router goes down with active being up and operational, will the third router become new standby?
  Thanks        

  Hi,
  yes.
  Have a look at the HSRP State Machine:
  The condition that keeps the third router in the Listen state is 11-B:
  - Receipt of a hello message of higher priority from the standby router (event)
  - the Standby Timer is fired (action)
  When no more Hellos with a higher priority are received from the standby router, the Standby Timer expires; it is then re-started (4-B) and the state changes to Speak and finally to Standby.
  HTH
  Rolf