LMS 3.2 vlan configuration

Similar Messages

• CiscoWorks: VLAN creation failed via CM-VLAN Configuration

  Hi,
  I have trying to create VLAN on single switch via CM-VLAN Configuration and getting below message, although switch is configured with correct snmp and I can backup same device via RME and also delopy config to it via Netconfig.
  Please advice. Thanks
  I am using LMS 3.2.1; CM 5.2.2; RME 4.3.2
  Creation of VLAN failed
  "There were some errors during operation."
  Failed to perform the operation on 10.*.*.* Cause:An error occured while performing SNMP operation.
  Action:Examine and save the server log file and report the error to the product administrator for further action.

  The credentials can be changed under Common Services > Device and Credentials > Device Management.  Select the devices and click the Edit Credentials button.  Fill in the correct username and password for these devices.

• LMS 4.0 VLAN Port Assignment Cat3750X

  Hello together
  Have installed LMS 4.0 at a customer. The main switches he uses are the following ones:
  WS-C3750X-24P-S (1.3.6.1.4.1.9.1.1224)
  First problem I faced was with lack of support for Cisco View and the mentioned device. This is fixed with the following package Cisco View Device Update: Cat3750.cv50.13-0.zip. Have tested this today.
  But now to my new problem. One reason for Cisco View usage is VLAN assignement. Unfortunately this is not supported with the Cat3750 devices and Cisco View like with other devices. So I thought I show the customer how to do it with the VLAN Port Assignement:
  Configuration > Workflows > VLAN > Configure Port Assignment
  Unfortunatly it seems that this is not supported with these devices. From the following document I can't find something which underlines the lack of support: http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/device_support/table/lms40sdt.html#Cisco Catalyst 3750 Series Switches
  It even seems it should be supported. See picture in the bottom from the above link.
  My question to the community:
  - Does anybody else have the same switches? If yes, does Configure Port Assignment work in LMS 4.0
  - @Cisco, is this feature really not supported with the following device: WS-C3750X-24P-S? If yes, are any patches planned with release date.
  Thanks for any feedback.
  Erich

  Hi Joseph
  Thanks for your feedback. Have asked the customer to do the following steps and send me a screen shot:
  - Configuration > Workflows > VLAN > Configure Port Assignment
  - Select Domain Selector
  - Choose a Domain of a Switch C3750X
  - Click on List Ports
  Actually the same thing what I have done during my installation Onsite. When I have done the above steps I only have received a empty windows. Now, a week later it seems to work. Enclosed a screen shot with evidence for all those you have the same devices in use.
  Happy that it works. Funny, that it didn't worked when I was onsite. Sorry for the inconvenience and thanks for your feedback / support.
  Erich

• Application Administrators can't see VLAN configuration on VMs in VMM 2012 R2

  Hi, I have the following issue on my VMM 2012 R2 infrastructure.
  I have created a cloud with a Hyper-V Cluster in it. Configured a Application Administrator Role (Self Service) and assigned all permissions related to this cloud and Hyper-V Cluster, including a couple of VM Templates and a VM Network.
  They users can see the VMs, create VMs but they cannot configure the VLAN inside the VM.
  If I go to the VM settings using the full VMM admin, I can do it, select the VM Network and then select the appropiate VLAN, but when I try to do this using the Application Administrator account I configured specifically to this Cloud and Cluster, I can
  select the same VM Network but can't see any options related to VLAN configuration.
  What am I missing? Is this the default behavior? Do I need an additional permission? Where?
  Thank you for your responses.
  Regards.
  Eduardo Rojas

  That is correct.
  Application Admins 'consume' resources (compute and storage) and have no insight into the physical part.  Especially if you are using the cloud abstraction.  "Administrators" manage the physical layer of things - that is why you can see
  / set the VLAN ID directly.
  I believe that you would need to create your Virtual Networks with the proper VLANs and the application admins can then choose based on the Virtual Network.
  The worst case is that you define a Virtual Network per VLAN so that your application admins can select an item that correlates to a specific VLAN configuration.
  Brian Ehlert
  http://ITProctology.blogspot.com
  Learn. Apply. Repeat.

• VLAN Configuration for Internal and Guest Wireless

  Hello,
  We are using the following hardware…
  SG300-52MP switch -- latest firmware
  ASA 5512-X firewall -- 9.1
  Aironet AP1131AG WAP
  We have the following networks…
  10.252.4.0/24 = Internal = ASA-01 interface = VLAN1
  10.252.6.0/24 = Guest = ASA-02 interface = VLAN6
  10.252.6.0/24 = VOIP = ASA-03 interface = VLAN3
  The Aironet supports two SSIDs, Secure (RADIUS) and Guest (WPA2), which are supposed to provide access to the appropriate interface on the ASA.
  Relevant parts of the WAP configuration are…
  dot11 ssid GUEST
     vlan 6
  dot11 ssid SECURE
     vlan 1
  interface Dot11Radio0
  no ip address
  ssid GUEST
  ssid SECURE
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  interface Dot11Radio0.6
  encapsulation dot1Q 6
  no ip route-cache
  bridge-group 255
  interface Dot11Radio1
  no ip address
  no ip route-cache
  ssid GUEST
  ssid SECURE
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  interface Dot11Radio1.6
  encapsulation dot1Q 6
  no ip route-cache
  bridge-group 255
  interface FastEthernet0
  no ip address
  no ip route-cache
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  interface FastEthernet0.6
  encapsulation dot1Q 6
  no ip route-cache
  bridge-group 255
  interface BVI1
  ip address 10.252.4.4 255.255.255.0
  no ip route-cache
  ip default-gateway 10.252.4.1
  We can manage the WAP through it’s Internal IP address (10.252.4.4).
  And the “Guest” wireless network is working -- connecting to that SSID provides the client with the correct IP addressing (10.242.6.X from VLAN6/ASA-02).  [Note:  the VOIP DHCP and network access also works correctly.]
  The “Secure” wireless network is not working however -- the client never receives an Internal DHCP address from ASA-01, and even if you hard-code the client’s IP, no IP4 traffic ever passes.
  [Note:  connecting a device to a SG300 port with the “Default” configuration provides the client with an Internal DHCP configuration, and it works as intended.] 
  While this may be a problem with the WAP configuration, I would like to confirm that it is not an issue with the switch not passing traffic correctly.
  I have a feeling that I have configured the VLANs on the ports incorrectly.
  Relevant parts of the SG300 configuration are...
  v1.3.0.62 / R750_NIK_1_3_647_260
  vlan database
  vlan 3,6
  ip dhcp snooping
  ip dhcp relay address 10.252.4.1
  ip dhcp relay enable
  bonjour interface range vlan 1
  interface vlan 1
  ip address 10.252.4.2 255.255.255.0
  no ip address dhcp
  interface vlan 3
  name VOIP
  interface vlan 6
  name Guest
  interface gigabitethernet45 -- Access mode, Untagged VLAN6
  description ASA-Guest
  ip dhcp snooping trust
  switchport mode access
  switchport access vlan 6
  interface gigabitethernet46 -- Access mode, Untagged VLAN3
  description ASA-VOIP
  ip dhcp snooping trust
  switchport mode access
  switchport access vlan 3
  interface gigabitethernet47 -- Trunk mode, Untagged VLAN1 and Tagged VLAN6
  description WAP1
  switchport trunk allowed vlan add 6
  interface gigabitethernet48 -- Trunk mode
  description ASA-Internal
  ip dhcp snooping trust
  ip dhcp relay enable
  Can someone who understands this switch better than I do please confirm the VLAN configuration?  THANK YOU!

  Welcome to the discussion area!
  +PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
  I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
  This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
  FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration.

• Fwsm - active/standby - "Vlan configuration mismatch between peers"

  Hi,
  A FWSM pair fall in to active active sittuation due to a vlan configuration mismatch. What would be the best way to synchronize configurations and return to the normal active/standbay? There is a new vlan on the primary fwsm and at present both are in active state.
  Thank you in advance.
  Zdravko

  Hi,
  To my understanding the FWSMs (even though both active) have identical configurations?
  Have you perhaps done so that on the core switch you have only issued the "firewall vlan-group only on the primary core device (to which the FWSM is attached) and not the secondary core device?
  The only time I have witnessed the same situation is when configuring a new customer link and I have only configured the primary unit (and about to configure the same on the standby unit)
  Hope it helps, not sure if the above was what you meant.
  - Jouni

• Multiple SSID With Multiple VLANs configuration on Cisco Aironet APs: Assotiated clients cannot obtain IP addresses

  Hi Surendra,
  I was just given this task to see how i can configure a second ssid for guest access in our environment.
  this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
  Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
  Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
  My AP config is attached below.
  Please tell me what am I doing wrong.
  Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
  Does the access point need to be aware of the voice vlan?
  Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
  I will greatly appreciate your urgent response.
  Thanks in advanced.

  Hi,
  As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
  int vlan 20
  ip helper-address 192.168.33.xxx
  int vlan 60
  ip helper-address 130.20.1.xxx
  I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
  Modify the AP config as below since you are using data vlan as the native vlan
  interface Dot11Radio0.20
  encapsulation dot1Q 20 native
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
  interface FastEthernet0.20
  encapsulation dot1Q 20 native
  no ip route-cache
  bridge-group 20
  no bridge-group 20 source-learning
  bridge-group 20 spanning-disabled
  interface FastEthernet0.60
  encapsulation dot1Q 60
  no ip route-cache
  bridge-group 60
  no bridge-group 60 source-learning
  bridge-group 60 spanning-disabled
  Hope this helps.
  Regards
  Najaf

• EA6500 - VPN interface and VLan configuration feature?

  Does EA6500 has any kind of built-in VPN interface and also built-in VLan configuration feature??

  This particular router has VPN passthrough and you may open ports when needed for VPN to work behind it. As for VLAN configuration, this router is not designed for that. Everything that you would like to know about the router just click here

• Getting past "Fetch VLAN configuration - Command failed" errors in Cisco Prime Infrastructure 2.0 - How?

  I've got a handful of devices in Cisco Prime Infrastructure 2.0 which show up in the "Archive Failed Devices" view.  The "Failure Reason" is some variation of "Fetch VLAN configuration - Command failed" sometimes including "TELNET: Failed to establish TELNET connection to x.x.x.x".  What does this mean?  How do I overcome this?  In all cases, the device is configured to use SSH and has valid SSH credentials.  In all cases, I can SSH from the command line of the NCS appliance to the devices listed in the "Archive Failed Devices" view.

  Hi
  I was able to fix the "Fetch VLAN configuration - Command failed" by allowing tftp from the device to PI server in firewall. See if this can help.

• Prime Infrastructure 2.1 - Fetch VLAN Configuration - command failed

  Hi,
  i am installing the system on a customer's site.
  i've noticed that most of the devices configured on the PI have resulted in error in the Configuration Archive with this error:
  Fetch VLAN Configuration - command failed.
  i checked that the tftp service on the PI is enabled.
  i tried manually executing from a device: copy flash:vlan.dat tftp://PI_IP and couldnt manage to do so.
  i also tried manually to do it to another tftp server and it worked.
  i dont see any FW drops.
  does anyone have any idea how to troubleshoot this?
  thanks in advance!

  As to get the VLAN information, the file in Cisco devices Flash : Vlan.dat is fetced, and if PI fails to do so, it gives this error. As it is a file in flash, PI needs to send it over to Server itself using TFTP.
  If TFPT is somehow not working between Server and devices, it may throw this error.
  Is it happening with all the devices or some perticular platform?
  If with all the device, you need to check if there is any Firewall blocking TFTP access to devices.
  Also, you can check if TFTP service on CPI is working properly by command ncs status.
  If service is affected, try to restart service - service tftp restart Or you can restart the PI Machine itself.
  -Thanks
  Vinod
  **Encourage Contributors. RATE Them.**

• SA540 VLAN Configuration Question

  I need to connect 2 internal LANs to the SA540 but cannot work out how to set the IP addresses for the 2 VLANs on this device.  Does anyone know how to setup the relevant IP addresses for the 2 VLANs? Example: VLAN 2 IP = 192.168.5.10 and the second VLAN IP = 192.168.10.10The WAN port will connect to a single Internet device.  Any help will be greatly appreciated.

  Hi Ratan,
  The following steps apply to latest MR Firmware version 2.1.18.
  1) The first thing you need is to enable VLAN (Networking ->LAN -> VLAN Configuration -> Enable VLAN? {check this}).
  2) Next you have to create the second VLAN (Networking ->LAN ->Available VLANs ->Add...)  Name it and use the ID to associate the VLAN to (2).  If you want inter VLAN Routing to be enabled leave the box checked, otherwise uncheck it.
  3) Next we specify/edit the subnet that your new vlan will use.  (Networking ->LAN -> Multiple VLAN Subnets)  Look for the VLAN ID created above (2), and Click the Edit button.  Modify the subnet parameters as needed.
  4) Finally we assign the SA 500 ports to use the VLANS.  (Networking ->LAN ->Port VLAN)  Setup the port's Mode as Access, General, or Trunk, and assign VLAN membership as well.
  See screenshots for clarity.  If you need to create more VLANs, repeat steps 2-4 as needed.
  Hope this helps,
  Julio

• HREAP VLAN configuration

  For no apparent reason hreap access point loses it vlan configuration in vlan mapping. Has anyonr see this?

  Enter the Detail page of the desired access point, select the H REAP tag again, and click VLAN Mapping in order to configure the 802.1Q tagging per locally switched WLAN.

• RV110W VLAN Configuration

  I am trying to create a simple 2-VLAN configuration on an RV110W.  After adding the VLANs, I am unsure how to specify whether the port traffic should be tagged, untagged or excluded.
  On the VLAN Membership page, I want VLAN 3 associated with ports 1,2 and 3.  I want VLAN 4 associated with port 4 only.  I want both VLANs to have access to the internet, and I want the VLANs to be isolated from each other.
  The VLAN Membership page looks like this:
  VLANs Setting Table
  Select
  VLAN ID
  Description
  Port 1
  Port 2
  Port 3
  Port 4
  1
  Default
  Untagged
  Untagged
  Untagged
  Untagged
  3
  WEI
  Tagged
  Tagged
  Tagged
  Excluded
  4
  JEM
  Excluded
  Excluded
  Excluded
  Tagged
  Using these configuration options does not prevent computers on oneVLAN from accessing shares on the the other VLAN.  What do I need to change?  (The computers in this configuration are connected to dumb switches, which are connected to the LAN ports on the RV110W .)

  I am trying to create a simple 2-VLAN configuration on an RV110W.  After adding the VLANs, I am unsure how to specify whether the port traffic should be tagged, untagged or excluded.
  On the VLAN Membership page, I want VLAN 3 associated with ports 1,2 and 3.  I want VLAN 4 associated with port 4 only.  I want both VLANs to have access to the internet, and I want the VLANs to be isolated from each other.
  The VLAN Membership page looks like this:
  VLANs Setting Table
  Select
  VLAN ID
  Description
  Port 1
  Port 2
  Port 3
  Port 4
  1
  Default
  Untagged
  Untagged
  Untagged
  Untagged
  3
  WEI
  Tagged
  Tagged
  Tagged
  Excluded
  4
  JEM
  Excluded
  Excluded
  Excluded
  Tagged
  Using these configuration options does not prevent computers on oneVLAN from accessing shares on the the other VLAN.  What do I need to change?  (The computers in this configuration are connected to dumb switches, which are connected to the LAN ports on the RV110W .)

• WRT160N - does it support multiple vLan configurations?

  I'm trying to find more detailed tech. specifications of this thing (WRT160N), but unfortunatelly I get only some basic marketing messages... I need to understand if this router supports vLAN configuration, as I'm thinking to have IPtv and internet on the same. My provider does integrates the IPtv into separate vLAN, but their HW is not too good in other perspectives... So I'm thinking about linksys.
   So does it support multiple vLAN configuration (i.e. dedication of separate vLAN to exact port)?

  No. VLANs are not supported in Linksys devices. You'll have to look at Cisco Small Business or better.

• FCoE Native VLAN Configuration

  Hi
  One question about FCoE Configuration
  Is better to permit the Native VLAN (FIP VLAN) in the allowed trunk vlans or just left it in the native vlan configuration
  Here the two choices showing my doubt
  VLAN 1197
  name FIP_VLAN
  VLAN 1198
  name FCOE_VLAN
  fcoe vsan XX
  01)
  interface EthernetX/X
  switchport
  switchport mode trunk
  switchport trunk native vlan 1197
  switchport trunk allowed vlan 1197,1198
  spanning-tree port type edge trunk
  or
  02)
  interface EthernetX/X
  switchport
  switchport mode trunk
  switchport trunk native vlan 1197
  switchport trunk allowed vlan 1198
  spanning-tree port type edge trunk

  Hi,
  Usually when you add it to the trunk as native, you don't to add again.  So, option-2
  HTH