LMS 3.2 vlan configuration
Hi,
I have some port to configure to have a vlan + a voice vlan. How can i do that using LMS 3.2 ?
I have check the vlan port assignement but i haven't seen a option to define 2 vlan.
typically our port are configure like this one
interface FastEthernet0/1/1
switchport access vlan 2
switchport voice vlan 100
macro description cisco-phone | cisco-phone
spanning-tree portfast
and i wish to use LMS to configure new port.
Cheers
This feature is not available on Campus yet, and there isn't another GUI in LMS which will provide this. I have opened a feature request, CSCtf51757, but you should talk to your account team to get them to push things from the business side as well.
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com
Similar Messages
-
CiscoWorks: VLAN creation failed via CM-VLAN Configuration
Hi,
I have trying to create VLAN on single switch via CM-VLAN Configuration and getting below message, although switch is configured with correct snmp and I can backup same device via RME and also delopy config to it via Netconfig.
Please advice. Thanks
I am using LMS 3.2.1; CM 5.2.2; RME 4.3.2
Creation of VLAN failed
"There were some errors during operation."
Failed to perform the operation on 10.*.*.* Cause:An error occured while performing SNMP operation.
Action:Examine and save the server log file and report the error to the product administrator for further action.The credentials can be changed under Common Services > Device and Credentials > Device Management. Select the devices and click the Edit Credentials button. Fill in the correct username and password for these devices.
-
LMS 4.0 VLAN Port Assignment Cat3750X
Hello together
Have installed LMS 4.0 at a customer. The main switches he uses are the following ones:
WS-C3750X-24P-S (1.3.6.1.4.1.9.1.1224)
First problem I faced was with lack of support for Cisco View and the mentioned device. This is fixed with the following package Cisco View Device Update: Cat3750.cv50.13-0.zip. Have tested this today.
But now to my new problem. One reason for Cisco View usage is VLAN assignement. Unfortunately this is not supported with the Cat3750 devices and Cisco View like with other devices. So I thought I show the customer how to do it with the VLAN Port Assignement:
Configuration > Workflows > VLAN > Configure Port Assignment
Unfortunatly it seems that this is not supported with these devices. From the following document I can't find something which underlines the lack of support: http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_lan_management_solution/4.0/device_support/table/lms40sdt.html#Cisco Catalyst 3750 Series Switches
It even seems it should be supported. See picture in the bottom from the above link.
My question to the community:
- Does anybody else have the same switches? If yes, does Configure Port Assignment work in LMS 4.0
- @Cisco, is this feature really not supported with the following device: WS-C3750X-24P-S? If yes, are any patches planned with release date.
Thanks for any feedback.
ErichHi Joseph
Thanks for your feedback. Have asked the customer to do the following steps and send me a screen shot:
- Configuration > Workflows > VLAN > Configure Port Assignment
- Select Domain Selector
- Choose a Domain of a Switch C3750X
- Click on List Ports
Actually the same thing what I have done during my installation Onsite. When I have done the above steps I only have received a empty windows. Now, a week later it seems to work. Enclosed a screen shot with evidence for all those you have the same devices in use.
Happy that it works. Funny, that it didn't worked when I was onsite. Sorry for the inconvenience and thanks for your feedback / support.
Erich -
Application Administrators can't see VLAN configuration on VMs in VMM 2012 R2
Hi, I have the following issue on my VMM 2012 R2 infrastructure.
I have created a cloud with a Hyper-V Cluster in it. Configured a Application Administrator Role (Self Service) and assigned all permissions related to this cloud and Hyper-V Cluster, including a couple of VM Templates and a VM Network.
They users can see the VMs, create VMs but they cannot configure the VLAN inside the VM.
If I go to the VM settings using the full VMM admin, I can do it, select the VM Network and then select the appropiate VLAN, but when I try to do this using the Application Administrator account I configured specifically to this Cloud and Cluster, I can
select the same VM Network but can't see any options related to VLAN configuration.
What am I missing? Is this the default behavior? Do I need an additional permission? Where?
Thank you for your responses.
Regards.
Eduardo RojasThat is correct.
Application Admins 'consume' resources (compute and storage) and have no insight into the physical part. Especially if you are using the cloud abstraction. "Administrators" manage the physical layer of things - that is why you can see
/ set the VLAN ID directly.
I believe that you would need to create your Virtual Networks with the proper VLANs and the application admins can then choose based on the Virtual Network.
The worst case is that you define a Virtual Network per VLAN so that your application admins can select an item that correlates to a specific VLAN configuration.
Brian Ehlert
http://ITProctology.blogspot.com
Learn. Apply. Repeat. -
VLAN Configuration for Internal and Guest Wireless
Hello,
We are using the following hardware…
SG300-52MP switch -- latest firmware
ASA 5512-X firewall -- 9.1
Aironet AP1131AG WAP
We have the following networks…
10.252.4.0/24 = Internal = ASA-01 interface = VLAN1
10.252.6.0/24 = Guest = ASA-02 interface = VLAN6
10.252.6.0/24 = VOIP = ASA-03 interface = VLAN3
The Aironet supports two SSIDs, Secure (RADIUS) and Guest (WPA2), which are supposed to provide access to the appropriate interface on the ASA.
Relevant parts of the WAP configuration are…
dot11 ssid GUEST
vlan 6
dot11 ssid SECURE
vlan 1
interface Dot11Radio0
no ip address
ssid GUEST
ssid SECURE
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface Dot11Radio0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface Dot11Radio1
no ip address
no ip route-cache
ssid GUEST
ssid SECURE
interface Dot11Radio1.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface Dot11Radio1.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface FastEthernet0
no ip address
no ip route-cache
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
interface FastEthernet0.6
encapsulation dot1Q 6
no ip route-cache
bridge-group 255
interface BVI1
ip address 10.252.4.4 255.255.255.0
no ip route-cache
ip default-gateway 10.252.4.1
We can manage the WAP through it’s Internal IP address (10.252.4.4).
And the “Guest” wireless network is working -- connecting to that SSID provides the client with the correct IP addressing (10.242.6.X from VLAN6/ASA-02). [Note: the VOIP DHCP and network access also works correctly.]
The “Secure” wireless network is not working however -- the client never receives an Internal DHCP address from ASA-01, and even if you hard-code the client’s IP, no IP4 traffic ever passes.
[Note: connecting a device to a SG300 port with the “Default” configuration provides the client with an Internal DHCP configuration, and it works as intended.]
While this may be a problem with the WAP configuration, I would like to confirm that it is not an issue with the switch not passing traffic correctly.
I have a feeling that I have configured the VLANs on the ports incorrectly.
Relevant parts of the SG300 configuration are...
v1.3.0.62 / R750_NIK_1_3_647_260
vlan database
vlan 3,6
ip dhcp snooping
ip dhcp relay address 10.252.4.1
ip dhcp relay enable
bonjour interface range vlan 1
interface vlan 1
ip address 10.252.4.2 255.255.255.0
no ip address dhcp
interface vlan 3
name VOIP
interface vlan 6
name Guest
interface gigabitethernet45 -- Access mode, Untagged VLAN6
description ASA-Guest
ip dhcp snooping trust
switchport mode access
switchport access vlan 6
interface gigabitethernet46 -- Access mode, Untagged VLAN3
description ASA-VOIP
ip dhcp snooping trust
switchport mode access
switchport access vlan 3
interface gigabitethernet47 -- Trunk mode, Untagged VLAN1 and Tagged VLAN6
description WAP1
switchport trunk allowed vlan add 6
interface gigabitethernet48 -- Trunk mode
description ASA-Internal
ip dhcp snooping trust
ip dhcp relay enable
Can someone who understands this switch better than I do please confirm the VLAN configuration? THANK YOU!Welcome to the discussion area!
+PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration. -
Fwsm - active/standby - "Vlan configuration mismatch between peers"
Hi,
A FWSM pair fall in to active active sittuation due to a vlan configuration mismatch. What would be the best way to synchronize configurations and return to the normal active/standbay? There is a new vlan on the primary fwsm and at present both are in active state.
Thank you in advance.
ZdravkoHi,
To my understanding the FWSMs (even though both active) have identical configurations?
Have you perhaps done so that on the core switch you have only issued the "firewall vlan-group only on the primary core device (to which the FWSM is attached) and not the secondary core device?
The only time I have witnessed the same situation is when configuring a new customer link and I have only configured the primary unit (and about to configure the same on the standby unit)
Hope it helps, not sure if the above was what you meant.
- Jouni -
Hi Surendra,
I was just given this task to see how i can configure a second ssid for guest access in our environment.
this is our network setup prior to this request: Internet----Firewall (not ASA)---ce520---C1131AG and CME router is also connecting to the ce520 switch. we only have two vlans: one for voice and two for data.
Presently, there is no vlan configured on the AP because it on broadcasting ont ssid and wireless users gets IP from a windows DHCP server on the LAN. the configuration on the ce520 switch port for the AP and other switches say access vlan is the DATA vlan which automatically becomes the native vlan for all trunk port connecting the AP and other Stiches to the network.
Now with this new requirement, i have made my research and i have configured the AP to broadcast both the production and the guest Vlans. The two vlans are 20-DATA and 60-Guest. I made the DATA vlan on the AP the native vlan since the poe switch is using the DATA vlan as native on the trunk ports. I configured the firewall to serve as DHCP server for the guest ssid and i have added the ip helper-address on the guest vlan interface on all switches while the windows server remains the dhcp server for the production DATA Vlan. I have confirmed that the AP, switches can ping the default gateway of the guest dhcp server which is another interface on the firewall. I can now see and connect to all broadcasted ssids but the problem is I am not getting IP addresses from both the production dhcp server and guest dhcp server when i connected to the ssid one at a time.
My AP config is attached below.
Please tell me what am I doing wrong.
Do i need to redesign the whole network to have a native vlan other nthan the data vlan?
Does the access point need to be aware of the voice vlan?
Do the native Vlan on the AP need to be in Bridge-group 1 or can i leave it in bridge-group 20?
I will greatly appreciate your urgent response.
Thanks in advanced.Hi,
As far as i know we dont set the ip helper address on the radio interface. It should be on the L3 interface of corresposding VLANs i.e.
int vlan 20
ip helper-address 192.168.33.xxx
int vlan 60
ip helper-address 130.20.1.xxx
I'm assuming that your using SVI's (int Vlan 20 and int Vlan 60) rahter than physical interfaces. Also hope you have configured switch port as trunk where this AP is connected.
Modify the AP config as below since you are using data vlan as the native vlan
interface Dot11Radio0.20
encapsulation dot1Q 20 native
interface FastEthernet0.20
encapsulation dot1Q 20 native
Ideally your AP fastethernet configuration should looks like below and not sure how you missed this as this comes by default when you have multiple vlans for multiple ssids.
interface FastEthernet0.20
encapsulation dot1Q 20 native
no ip route-cache
bridge-group 20
no bridge-group 20 source-learning
bridge-group 20 spanning-disabled
interface FastEthernet0.60
encapsulation dot1Q 60
no ip route-cache
bridge-group 60
no bridge-group 60 source-learning
bridge-group 60 spanning-disabled
Hope this helps.
Regards
Najaf -
EA6500 - VPN interface and VLan configuration feature?
Does EA6500 has any kind of built-in VPN interface and also built-in VLan configuration feature??
This particular router has VPN passthrough and you may open ports when needed for VPN to work behind it. As for VLAN configuration, this router is not designed for that. Everything that you would like to know about the router just click here
-
I've got a handful of devices in Cisco Prime Infrastructure 2.0 which show up in the "Archive Failed Devices" view. The "Failure Reason" is some variation of "Fetch VLAN configuration - Command failed" sometimes including "TELNET: Failed to establish TELNET connection to x.x.x.x". What does this mean? How do I overcome this? In all cases, the device is configured to use SSH and has valid SSH credentials. In all cases, I can SSH from the command line of the NCS appliance to the devices listed in the "Archive Failed Devices" view.
Hi
I was able to fix the "Fetch VLAN configuration - Command failed" by allowing tftp from the device to PI server in firewall. See if this can help. -
Prime Infrastructure 2.1 - Fetch VLAN Configuration - command failed
Hi,
i am installing the system on a customer's site.
i've noticed that most of the devices configured on the PI have resulted in error in the Configuration Archive with this error:
Fetch VLAN Configuration - command failed.
i checked that the tftp service on the PI is enabled.
i tried manually executing from a device: copy flash:vlan.dat tftp://PI_IP and couldnt manage to do so.
i also tried manually to do it to another tftp server and it worked.
i dont see any FW drops.
does anyone have any idea how to troubleshoot this?
thanks in advance!As to get the VLAN information, the file in Cisco devices Flash : Vlan.dat is fetced, and if PI fails to do so, it gives this error. As it is a file in flash, PI needs to send it over to Server itself using TFTP.
If TFPT is somehow not working between Server and devices, it may throw this error.
Is it happening with all the devices or some perticular platform?
If with all the device, you need to check if there is any Firewall blocking TFTP access to devices.
Also, you can check if TFTP service on CPI is working properly by command ncs status.
If service is affected, try to restart service - service tftp restart Or you can restart the PI Machine itself.
-Thanks
Vinod
**Encourage Contributors. RATE Them.** -
SA540 VLAN Configuration Question
I need to connect 2 internal LANs to the SA540 but cannot work out how to set the IP addresses for the 2 VLANs on this device. Does anyone know how to setup the relevant IP addresses for the 2 VLANs? Example: VLAN 2 IP = 192.168.5.10 and the second VLAN IP = 192.168.10.10The WAN port will connect to a single Internet device. Any help will be greatly appreciated.
Hi Ratan,
The following steps apply to latest MR Firmware version 2.1.18.
1) The first thing you need is to enable VLAN (Networking ->LAN -> VLAN Configuration -> Enable VLAN? {check this}).
2) Next you have to create the second VLAN (Networking ->LAN ->Available VLANs ->Add...) Name it and use the ID to associate the VLAN to (2). If you want inter VLAN Routing to be enabled leave the box checked, otherwise uncheck it.
3) Next we specify/edit the subnet that your new vlan will use. (Networking ->LAN -> Multiple VLAN Subnets) Look for the VLAN ID created above (2), and Click the Edit button. Modify the subnet parameters as needed.
4) Finally we assign the SA 500 ports to use the VLANS. (Networking ->LAN ->Port VLAN) Setup the port's Mode as Access, General, or Trunk, and assign VLAN membership as well.
See screenshots for clarity. If you need to create more VLANs, repeat steps 2-4 as needed.
Hope this helps,
Julio -
For no apparent reason hreap access point loses it vlan configuration in vlan mapping. Has anyonr see this?
Enter the Detail page of the desired access point, select the H REAP tag again, and click VLAN Mapping in order to configure the 802.1Q tagging per locally switched WLAN.
-
I am trying to create a simple 2-VLAN configuration on an RV110W. After adding the VLANs, I am unsure how to specify whether the port traffic should be tagged, untagged or excluded.
On the VLAN Membership page, I want VLAN 3 associated with ports 1,2 and 3. I want VLAN 4 associated with port 4 only. I want both VLANs to have access to the internet, and I want the VLANs to be isolated from each other.
The VLAN Membership page looks like this:
VLANs Setting Table
Select
VLAN ID
Description
Port 1
Port 2
Port 3
Port 4
1
Default
Untagged
Untagged
Untagged
Untagged
3
WEI
Tagged
Tagged
Tagged
Excluded
4
JEM
Excluded
Excluded
Excluded
Tagged
Using these configuration options does not prevent computers on oneVLAN from accessing shares on the the other VLAN. What do I need to change? (The computers in this configuration are connected to dumb switches, which are connected to the LAN ports on the RV110W .)I am trying to create a simple 2-VLAN configuration on an RV110W. After adding the VLANs, I am unsure how to specify whether the port traffic should be tagged, untagged or excluded.
On the VLAN Membership page, I want VLAN 3 associated with ports 1,2 and 3. I want VLAN 4 associated with port 4 only. I want both VLANs to have access to the internet, and I want the VLANs to be isolated from each other.
The VLAN Membership page looks like this:
VLANs Setting Table
Select
VLAN ID
Description
Port 1
Port 2
Port 3
Port 4
1
Default
Untagged
Untagged
Untagged
Untagged
3
WEI
Tagged
Tagged
Tagged
Excluded
4
JEM
Excluded
Excluded
Excluded
Tagged
Using these configuration options does not prevent computers on oneVLAN from accessing shares on the the other VLAN. What do I need to change? (The computers in this configuration are connected to dumb switches, which are connected to the LAN ports on the RV110W .) -
WRT160N - does it support multiple vLan configurations?
I'm trying to find more detailed tech. specifications of this thing (WRT160N), but unfortunatelly I get only some basic marketing messages... I need to understand if this router supports vLAN configuration, as I'm thinking to have IPtv and internet on the same. My provider does integrates the IPtv into separate vLAN, but their HW is not too good in other perspectives... So I'm thinking about linksys.
So does it support multiple vLAN configuration (i.e. dedication of separate vLAN to exact port)?No. VLANs are not supported in Linksys devices. You'll have to look at Cisco Small Business or better.
-
FCoE Native VLAN Configuration
Hi
One question about FCoE Configuration
Is better to permit the Native VLAN (FIP VLAN) in the allowed trunk vlans or just left it in the native vlan configuration
Here the two choices showing my doubt
VLAN 1197
name FIP_VLAN
VLAN 1198
name FCOE_VLAN
fcoe vsan XX
01)
interface EthernetX/X
switchport
switchport mode trunk
switchport trunk native vlan 1197
switchport trunk allowed vlan 1197,1198
spanning-tree port type edge trunk
or
02)
interface EthernetX/X
switchport
switchport mode trunk
switchport trunk native vlan 1197
switchport trunk allowed vlan 1198
spanning-tree port type edge trunkHi,
Usually when you add it to the trunk as native, you don't to add again. So, option-2
HTH
Maybe you are looking for
-
How to connect Macbook Pro using thunderbolt to older TV
Hi everyone. I'm trying to view streaming video from my MacBook Pro using the thunderbolt port to an older TV that doesn't appear to have an HDMI port (probably not an HD TV). I've tried using the VGA and S-Video (TV has both ports) using adapters, a
-
No cost booking against sales order+line item once accontng release is done
Dear all, I want to stop all cost bookings against a sales order + line item once the accounting release for that item has been done. By cost booking i mean, all such transactions that are done for a sales order + line item that involve cost booking.
-
Hi, I have been trying to do some coding around - fetching members of dynamic ldap groups. In both these code snippets.. I get the same exception: java.lang.ClassCastException: com.sun.jndi.ldap.LdapCtx no matter whatever i tried. Can anyone please -
-
Internet Explorer 4.72 and applet menu
Hi! I've got an applet that displays a menu that redirects to other URLs when selecting a menu item. The applet only uses AWT and Menu, MenuItem and PopupMenu are used to create the menu. My problem is that together with some other sites this menu st
-
Problem Posting a Group of Calendars
HI, I have 4 people that I keep calendars for. Each person has a different color on my ical so I know what each person is doing. The task does not identify the person on my ical at all, just the color. When I publish the Group, the color for each per