Securing Internet Edge Switch
I am fairly familiar with hardening of Cisco routers acting as an internet gateway, like enabling SSH and blocking inbound access to private range IP addressing via ACLs, disabling , but what about switches? Is there a best practice on configuring a switch that is being used as a L3 device for internet access?
Thanks...
Andy
Hi,
For L3 switch @ internet edge, you can use the similar security restrictions (ACLs, disabling services that is not needed etc) and inaddition 'admin down' the ports that are not being used. In addition to that if the switch IP not required to advertise to interenet, do not add the default route (you may need this incase of L3 behaviour, but you can judge better).
hth
MS
Similar Messages
-
ASA for internet edge and internal zones
Hi,
Has anyone used a pair of ASA 5520s in HA to firewall the internet edge and to firewall traffic between internal security zones such as web and application layers? If so, is this best done using different security levels or contexts?
I'm thinking of using a routed context for securing the internet edge and then using seperate contexts for the web and application networks. Conexts will route via a L3 switch.
Thanks,Thanks Varun
I will probably configure the ASA in routed single mode and use security levels between the different zones. There is only 1 ISP in this enviroment and I also need to support VPN termination on the internet edge.
In terms of sizing, the internet connection will be 300Mbps and the firewall throughput between zones needs to be above 500Mbps. I'm just thinking that the 5520 in active/standby will handle the internet bandwidth requirements but not the inter-zone requirements. Which model of ASA will be a good fit here?
Thank you. -
ACL's on the Internet Edge Routers
I have one query on ACL's on the internet edge routers. If we configure the ACL's as per the below weblink on the edge routers, we may not get all the logs on the firewall as the traffic is filtered at the router level and we donot enable logging on the router.
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801afc76.shtml
Unless we enable IDS on this segment there is no way of knowing any attacks towards the firewall or the router itself. I need some comments from security experts on this kind of implementation.
Thank You very much,Hello Avil,
You need to necessarily need to have an IPS on your segment to know all the attacks hitting your network !!!!! with the anti-spoof ACL applied, as given above, you are only blocking standard protocols or ports coming inside your network.. there can still be attacks on known ports that you are allowing.. if i had to capture that, i would either put an IPS on my network (or SSM card with ASA) or enable logging on devices and put a CS-MARS on my network.. MARS is an extremely useful device, focussed on increasing LAN security with real-time maps on attacks and it also will say how to stop the attack !!!! so, i guess only a couple of options here for you.... not sure if anyone else have any other options...
Hope this helps.. all the best..
Raj -
I cannot connect to the internet after switching providers. I've changed the email address associated with the new account but am sure there is something else I need to change. I have also changed the apple information as well including user name and password. Can anyone help me? (This is an ipad question).
Apple ID: Changing your Apple ID
http://support.apple.com/kb/ht5621
Using your Apple ID for Apple services
http://support.apple.com/kb/HT4895
Apple ID: What to do after you change your Apple ID
http://support.apple.com/kb/HT5796?viewlocale=en_US&locale=en_US
iTunes Store: Associating a device or computer to your Apple ID
http://support.apple.com/kb/ht4627
iOS: Changing the signed-in iTunes Store Apple ID Account
http://support.apple.com/kb/ht1311
Some things to try first:
1. Turn Off your iPad. Then turn Off (disconnect power cord for 30 seconds or longer) the wireless router & then back On. Now boot your iPad. Hopefully it will see the WiFi.
2. Go to Settings>Wi-Fi and turn Off. Then while at Settings>Wi-Fi, turn back On and chose a Network.
3. Change the channel on your wireless router (Auto or Channel 6 is best). Instructions at
http://macintoshhowto.com/advanced/how-to-get-a-good-range-on-your-wireless-netw ork.html
4. Go into your router security settings and change from WEP to WPA with AES.
5. Renew IP Address: (especially if you are drooping internet connection)
• Launch Settings app
• Tap on Wi-Fi
• Tap on the blue arrow of the Wi-Fi network that you connect to from the list
• In the window that opens, tap on the Renew Lease button
6. Potential Quick Fixes When Your iPad Won’t Connect to Your Wifi Network
http://ipadinsight.com/ipad-tips-tricks/potential-quick-fixes-when-your-ipad-won t-connect-to-your-wifi-network/
~~~~~~~~~~~~~~~~~~~~~~~~~
Fix WiFi Issue for iOS 7
http://ipadnerds.com/fix-wifi-issue-ios-7/
iOS 6 Wifi Problems/Fixes
Wi-Fi Fix for iOS 6
https://discussions.apple.com/thread/4823738?tstart=240
How To: Workaround iPad Wi-Fi Issues
http://www.theipadfan.com/workaround-ipad-wifi-issues/
Another Fix For iOS 6 WiFi Problems
http://tabletcrunch.com/2012/10/27/fix-ios-6-wifi-problems-ssid/
Wifi Doesn't Connect After Waking From Sleep - Sometimes increasing screen brightness prevents the failure to reconnect after waking from sleep. According to Apple, “If brightness is at lowest level, increase it by moving the slider to the right and set auto brightness to off.”
Fix For iOS 6 WiFi Problems?
http://tabletcrunch.com/2012/09/27/fix-ios-6-wifi-problems/
Did iOS 6 Screw Your Wi-Fi? Here’s How to Fix It
http://gizmodo.com/5944761/does-ios-6-have-a-wi+fi-bug
How To Fix Wi-Fi Connectivity Issue After Upgrading To iOS 6
http://www.iphonehacks.com/2012/09/fix-wi-fi-connectivity-issue-after-upgrading- to-ios-6.html
iOS 6 iPad 3 wi-fi "connection fix" for netgear router
http://www.youtube.com/watch?v=XsWS4ha-dn0
Apple's iOS 6 Wi-Fi problems
http://www.zdnet.com/apples-ios-6-wi-fi-problems-linger-on-7000004799/
~~~~~~~~~~~~~~~~~~~~~~~
iPad: Issues connecting to Wi-Fi networks
http://support.apple.com/kb/ts3304
How to Boost Your Wi-Fi Signal
http://ipad.about.com/od/iPad_Troubleshooting/a/How-To-Boost-Your-Wi-Fi-Signal.hmL
Troubleshooting a Weak Wi-Fi Signal
http://ipad.about.com/od/iPad_Troubleshooting/a/Troubleshooting-A-Weak-Wi-Fi-Signal.htm
How to Fix a Poor Wi-Fi Signal on Your iPad
http://ipad.about.com/od/iPad_Troubleshooting/a/How-To-Fix-A-Poor-Wi-Fi-Signal-O n-Your-iPad.htm
iOS Troubleshooting Wi-Fi networks and connections http://support.apple.com/kb/TS1398
iPad: Issues connecting to Wi-Fi networks http://support.apple.com/kb/ts3304
WiFi Connecting/Troubleshooting http://www.apple.com/support/ipad/wifi/
How to Fix: My iPad Won't Connect to WiFi
http://ipad.about.com/od/iPad_Troubleshooting/ss/How-To-Fix-My-Ipad-Wont-Connect -To-Wi-Fi.htm
iOS: Connecting to the Internet http://support.apple.com/kb/HT1695
iOS: Recommended settings for Wi-Fi routers and access points http://support.apple.com/kb/HT4199
How to Quickly Fix iPad 3 Wi-Fi Reception Problems
http://osxdaily.com/2012/03/21/fix-new-ipad-3-wi-fi-reception-problems/
iPad Wi-Fi Problems: Comprehensive List of Fixes
http://appletoolbox.com/2010/04/ipad-wi-fi-problems-comprehensive-list-of-fixes/
Connect iPad to Wi-Fi (with troubleshooting info)
http://thehowto.wikidot.com/wifi-connect-ipad
10 Ways to Boost Your Wireless Signal
http://www.pcmag.com/article2/0,2817,2372811,00.asp
Fix iPad Wifi Connection and Signal Issues http://www.youtube.com/watch?v=uwWtIG5jUxE
Fix Slow WiFi Issue https://discussions.apple.com/thread/2398063?start=60&tstart=0
How To Fix iPhone, iPad, iPod Touch Wi-Fi Connectivity Issue http://tinyurl.com/7nvxbmz
Unable to Connect After iOS Update - saw this solution on another post.
https://discussions.apple.com/thread/4010130
Note - When troubleshooting wifi connection problems, don't hold your iPad by hand. There have been a few reports that holding the iPad by hand, seems to attenuate the wifi signal.
Some Wi-Fi losses may stem from a problematic interaction between Wi-Fi and cellular data connections. Numerous users have found that turning off Cellular Data in Settings gets their Wi-Fi working again.
You may have many apps open which can possibly cause the slowdown and possibly the loss of wifi. In iOS 4-6 double tap your Home button & at the bottom of the screen you will see the icons of all open apps. Close those you are not using by pressing on an icon until all icons wiggle - then tap the minus sign. For iOS 7 users, there’s an easy way to see which apps are open in order to close them. By double-tapping the home button on your iPhone or iPad, the new multitasking feature in iOS 7 shows full page previews of all your open apps. Simply scroll horizontally to see all your apps, and close the apps with a simple flick towards the top of the screen.
Wi-Fi or Bluetooth settings grayed out or dim
http://support.apple.com/kb/TS1559
~~~~~~~~~~~~~~~
If any of the above solutions work, please post back what solved your problem. It will help others with the same problem.
Cheers, Tom -
Internet Edge Router and the Firewall
What is the best way to monitor an Internet Edge router from the Internal network behind the Firewall?
We want to pull more information from the edge router like netflow. We can use SNMPv3 and ACLs to keep the router secure.
But I am looking for the best config to keep both the router and firewall as secure as possible while still allowing us to monitor performance and faults.
I am running an ASA and a 2821.I'd start with locking down the router configuration if you haven't already. Cisco Configuration Professional (free) offers a nice GUI for analyzing and delivering all the necessary commands to secure the router.
Getting Netflow from your router doesn't add much more than getting it from your ASA.
If you're querying through the firewall to the routers using SNMPv3 (and have deleted the v1/v2 communities) that's one good step. The only other thing I might suggest is sending syslogs to your management system from the router. To do that you'll need to add an access-list and probably a NAT entry to your firewall to allow the incoming syslog traffic.
Most important beyond all the technology is to make sure that your people follow a process to regularly analyze and act upon the information being reported and gathered. Without that all the rest isn't worth the time it take to implement it. -
IPS 4270 placement @ Internet Edge
Given that I have same topology as shown in Internet Edge Cisco IPS Design Best Practices and basically inserting 4270 Appliance into an INLINE mode.
Core and Distribution Switch = Layer-3 routed links
Distribution Switch and ASA = Layer-2 access port
I'm wondering how IPS sensors be configured? I think I understand belows method but since my Core/Distrib is a layer-3 links, not sure which method gonna work since most require two vlans ...
1. Interface Pairing
2. VLAN Pairing
3. VLAN Group
Anyone has same experience?
Thanks in advance ...
GerardI have a 4270-20 positioned at the edge of my network. It sits between the outside of the firewall and our Internet router. The only problem with this model is that it makes tracking down threats very difficult, as the only thing you will ever see are the NAT'd public IPs for all your traffic.
To get around this limitation, we created an addition interface in promiscuous mode and we SPAN the traffic on the link between our core switch and the internal interface of our firewall to it. This gives us complete outside protection and inside visibility. This is still not an ideal setup and we are in the process of re-architechting our internal traffic so that we can run two in-line pairs on the IPS. One internal, and one external.
The best way to go, is having the IPS in the firewall itself, but throughput on firewalls is often a concern, and unfortunately for Cisco, quite a limitation. -
How to identify that a host is connected to which particular edge switch
Hello Guys
Can anybody explain how to identify that a host is connected to which particular edge switch and port in a Cisco SAN Fabric ??Hi,
Hopefully you know the host PWWN.
If the edge switch is not in NPV mode, get the FCID from the output of "show fcns database"
The answer may also be as simple as finding this entry in the "show fcns database detail".
If not, once you have the fcid, the first byte of the fcid is the switch domain ID. With the combination of "show fcdomain domain-list vsan xx" "show fcs ie" you should be able to determine what you need.
If the edge switch is in NPV and registers as a NPV device ( Cisco switches do ), then the FCID will be assigned by the core switch upstream of that edge switch. You can see this from a "show flogi database". Find the PWWN here. There will likely be multiple entries for the port where the host is connected. Once you find the port where the NPV switch is attached. The first flogi entry on that port will be the switch WWN. Get the FCID for the switch and then find the entry for this FCID in the "show fcns database detail", this will give you the switch information.
Best regards,
Jim -
Problem: DVD player crashed in Mavericks 10.9. Solution: Download free player VLC from internet and switch preferences to that player. No more problems. God Bless.
Safari > Preferences > Extensions
Turn those off and relaunch Safari to test.
Start up in Safe Mode.
http://support.apple.com/kb/PH14204?viewlocale=en_US
Repair Disk.
http://support.apple.com/kb/PH5836
Reset SMC. http://support.apple.com/kb/HT3964
Choose the method for:
"Resetting SMC on portables with a battery you should not remove on your own". -
JavaScript is disabled in your browser. Please activate JavaScript from Tools>Internet Options>Security>Internet>Custom Level>Scripting>Active Scripting>Enabled.
These are the instructions for internet explorer but i can't see anything in firebox.In my Firefox 5.0 I see check-box for enabling/disabling JavaScript in the "Content" tab.
Is it checked in your Firefox and JavaScript still not working? -
Please Help - Secure Internet Programming
On Sun's home page at http://java.sun.com they have an article
on "Secure Internet Programming with JavaTM 2, Standard Edition (J2SETM) 1.4" so I tried it out but I got "cannot resolve symbol" compiler
error when I tried to compile HttpsServer.java - so what do I change
to get it to compile?
Here's the actual error message:
HttpsServer.java:32: cannot resolve symbol
symbol : class ServerSocketFactory
location: class HttpsServer
ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
^
1 error
I'm using JDK1.4.1 but I can't believe that is the problem. Here is the
soucre code from the article:
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.*;
import java.util.StringTokenizer;
* This class implements a multithreaded simple HTTP
* server that supports the GET request method.
* It listens on port 44, waits client requests, and
* serves documents.
public class HttpsServer
String keystore = "serverkeys";
char keystorepass[] = "hellothere".toCharArray();
char keypassword[] = "hiagain".toCharArray();
//The port number which the server will be listening on
//*public static final int HTTP_PORT = 8080;
public static final int HTTPS_PORT = 443;
public ServerSocket getServer() throws Exception
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)ssf.createServerSocket(HTTPS_PORT);
//*return new ServerSocket(HTTP_PORT);
return serversocket;
//multi-threading -- create a new connection for each request
public void run()
ServerSocket listen;
try
listen = getServer();
while(true)
Socket client = listen.accept();
ProcessConnection cc = new ProcessConnection(client);
catch(Exception e)
System.out.println("Exception: "+e.getMessage());
//main program
public static void main(String argv[]) throws Exception
HttpsServer httpserver = new HttpsServer();
httpserver.run();
class ProcessConnection extends Thread
Socket client;
BufferedReader is;
DataOutputStream os;
public ProcessConnection(Socket s)
//constructor
client = s;
try
is = new BufferedReader(new InputStreamReader(client.getInputStream()));
os = new DataOutputStream(client.getOutputStream());
catch(IOException e)
System.out.println("Exception: "+e.getMessage());
this.start(); //Thread starts here...this start() will call run()
public void run()
try
//get a request and parse it.
String request = is.readLine();
System.out.println("Request: "+request);
StringTokenizer st = new StringTokenizer(request);
if((st.countTokens() >= 2) &&
st.nextToken().equals("GET"))
if((request = st.nextToken()).startsWith("/"))
request = request.substring(1);
if(request.equals(""))
request = request + "index.html";
File f = new File(request);
shipDocument(os, f);
else
os.writeBytes("400 Bad Request");
client.close();
catch(Exception e)
System.out.println("Exception: " + e.getMessage());
* Read the requested file and ships it
* to the browser if found.
public static void shipDocument(DataOutputStream out, File f) throws Exception
try
DataInputStream in = new
DataInputStream(new FileInputStream(f));
int len =(int) f.length();
byte[] buf = new byte[len];
in.readFully(buf);
in.close();
out.writeBytes("HTTP/1.0 200 OK\r\n");
out.writeBytes("Content-Length: " + f.length() +"\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.write(buf);
out.flush();
catch(Exception e)
out.writeBytes("<html><head><title>error</title></head><body>\r\n\r\n");
out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.writeBytes("</body></html>");
out.flush();
finally
out.close();No problem, glad to help.
Sun, like anyone else, doesn't always catch typos and copy/paste errors. Hopefully next time something like this happens, you'll be able to understand the information that's available to you in the error message, and look in the documentation for help. That's the bigger lesson here.
Steve -
On Sun's home page at http://java.sun.com they have an article
on "Secure Internet Programming with JavaTM 2, Standard Edition (J2SETM) 1.4" so I tried it out but I got "cannot resolve symbol" compiler
error when I tried to compile HttpsServer.java - so what do I change
to get it to compile?
Here's the actual error message:
HttpsServer.java:32: cannot resolve symbol
symbol : class ServerSocketFactory
location: class HttpsServer
ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
^
1 error
I'm using JDK1.4.1 but I can't believe that is the problem. Here is the
soucre code from the article:
import java.io.*;
import java.net.*;
import javax.net.ssl.*;
import java.security.*;
import java.util.StringTokenizer;
* This class implements a multithreaded simple HTTP
* server that supports the GET request method.
* It listens on port 44, waits client requests, and
* serves documents.
public class HttpsServer
String keystore = "serverkeys";
char keystorepass[] = "hellothere".toCharArray();
char keypassword[] = "hiagain".toCharArray();
//The port number which the server will be listening on
//*public static final int HTTP_PORT = 8080;
public static final int HTTPS_PORT = 443;
public ServerSocket getServer() throws Exception
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), keystorepass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypassword);
SSLContext sslcontext = SSLContext.getInstance("SSLv3");
sslcontext.init(kmf.getKeyManagers(), null, null);
ServerSocketFactory ssf = sslcontext.getServerSocketFactory();
SSLServerSocket serversocket = (SSLServerSocket)ssf.createServerSocket(HTTPS_PORT);
//*return new ServerSocket(HTTP_PORT);
return serversocket;
//multi-threading -- create a new connection for each request
public void run()
ServerSocket listen;
try
listen = getServer();
while(true)
Socket client = listen.accept();
ProcessConnection cc = new ProcessConnection(client);
catch(Exception e)
System.out.println("Exception: "+e.getMessage());
//main program
public static void main(String argv[]) throws Exception
HttpsServer httpserver = new HttpsServer();
httpserver.run();
class ProcessConnection extends Thread
Socket client;
BufferedReader is;
DataOutputStream os;
public ProcessConnection(Socket s)
//constructor
client = s;
try
is = new BufferedReader(new InputStreamReader(client.getInputStream()));
os = new DataOutputStream(client.getOutputStream());
catch(IOException e)
System.out.println("Exception: "+e.getMessage());
this.start(); //Thread starts here...this start() will call run()
public void run()
try
//get a request and parse it.
String request = is.readLine();
System.out.println("Request: "+request);
StringTokenizer st = new StringTokenizer(request);
if((st.countTokens() >= 2) &&
st.nextToken().equals("GET"))
if((request = st.nextToken()).startsWith("/"))
request = request.substring(1);
if(request.equals(""))
request = request + "index.html";
File f = new File(request);
shipDocument(os, f);
else
os.writeBytes("400 Bad Request");
client.close();
catch(Exception e)
System.out.println("Exception: " + e.getMessage());
* Read the requested file and ships it
* to the browser if found.
public static void shipDocument(DataOutputStream out, File f) throws Exception
try
DataInputStream in = new
DataInputStream(new FileInputStream(f));
int len =(int) f.length();
byte[] buf = new byte[len];
in.readFully(buf);
in.close();
out.writeBytes("HTTP/1.0 200 OK\r\n");
out.writeBytes("Content-Length: " + f.length() +"\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.write(buf);
out.flush();
catch(Exception e)
out.writeBytes("<html><head><title>error</title></head><body>\r\n\r\n");
out.writeBytes("HTTP/1.0 400 " + e.getMessage() + "\r\n");
out.writeBytes("Content-Type: text/html\r\n\r\n");
out.writeBytes("</body></html>");
out.flush();
finally
out.close();
souborntwice80, many thanks for your response - good idea
but it turns out that all I needed was the following statement:
import javax.net.*;
...and that fixed the problem
...Actually, it was mutmansky in the java programming forum
that found it. -
Help me to choose Right Core switches and Edge switches as per my Spec
Dear All
Please help me to choose Core and Edge switches and all required hard ware and software.
the spec details as per below
Core Switches
1. High performance, highly scalable core switch to provide multi-10GE connectivity to various segments in the network.
2. Switch should have redundant switch fabric and routing engines or management / supervisor modules
3.should have separate control and forwarding planes
4.Each switch should have redundant power supplies in N+N or N+1 fashion
5. Must allow for two spare slots once services, management, processing modules and line cards populated
6. Easy to manage firmware- i.e. single code type enterprise/service provider) or train, and robust operating system
7. Supports for the VRRP, NSR, GRES, BFD, STP, MSTP, RSTP, VSTP, LACP redundancy protocols
8. Hot plugging and removal
9. The switch should have native switching architecture with up to sufficient performance such that the loss of one switching fabric should not lead to degraded performance
10. Switch should support switching at least 400Mpps
11. Switch should be able to support 40 10Gig line rate ports in a fully redundant configuration
12. Chassis that can scale to 700 Gbps
13. The proposed Backbone switch should support, but not be limited to the following Layer 3 features:
Static ip routing
Routing information protocol (RIP) and RIP2
Open shortest path first (OSPF)
IGMP v1, v2 and v3
IGMP Snooping
IP multicast routing protocol
14. The switch should support the following features at a minimum:
Spanning Tree 802.1D, 802.1S, 802.1W
GVRP
802.1x single and multi-supplicant: VLAN and ACL assignment
Dynamic ARP Inspection (DAI), DHCP snooping, IP Source gurard
LLDP, LLDP-MED
802.3X, 802.3ad
Redundant Trunk Group (RTG)
IGMP snooping
Unicast static, OSPF v1/v2, RIP v1/v2
Multicast IGMPv1/v2, PIM
Graceful Route Engine SwitchoverI have gone through your document and I am surprised to see MORE information in the document than what you've posted. I am so mildly suspicious about the authenticity of the document and spreadsheet you've attached.
So far, based on this document, the client wants a chassis that can support up to 700 Gbps backplane. The only candidate, other than a full-blown Nexus solution, is the 6807-X.
Next, the document also states dual supervisor card with two spare slots. Good luck trying to get that much empty space on a 6807-X. This means 6509E. You can't use a 6513E because of line-card-to-slot limitation.
If you look under the heading "Edge Switching", the first sentence already makes references to 6800ia switch.
There's also a reference stating that the product should have a 100 Gbps backplane. You can take the 6509E chassis out of the equation.
So you see, I am suspicious about the authenticity of the document. I agree with mali's and devil's recommendation that if you are serious, you would be engaging Cisco SE/AM in your region. There are only three reasons, that I can think of, why you've posted this here. One of them is the intended purpose of this document (and the audience). -
Dear Experts,
I'm going to try configure on how to telnet to Edge switch but still no result. My Network topology is below:
- 1 Core Switch 3560
- 3 Edge Switch 2960
I'm configured 4 VLAN:
+ Vlan 19: 10.19.10.0/24
+ Vlan 20: 10.20.10.0/24
+ Vlan 21: 10.21.10.0/24
+ Vlan 22: 10.22.10.0/24
On each Vlan, I was assigned Vlan interface IP.
I'm using VTP mode (Server and client) to trunking VLAN and Core SW is standing a VTP Server. I can telnet to Core SW using VLAN Interface IP.
The question is how can I configure to telnet to Edge SW?
Has somebody help me on this?
Thanks in advance!
JHHi,
From looking at your topology, the configuration should work. You should be able to telnet into the edge switches from anywhere in the network using the ip addresses of the vlan interfaces on each switch.
What exactly is the issue you're experiencing?
Are you able to ping the switch ip addresses?
Looking forward to hearing from you -
How to telnet to an edge switch?
We have a 6506 which have dot1q trunk links to 2950 edge switches....
my problem is that i need to be able to remotely access these 2950 switches using telnet.
Is it just a case of assigning each switch an ip address to vlan1 and also assigning an ip address to vlan1 on the 6506?
any help would be great
CheersJonathan
I think you have pretty well described what you need to do. You assign an IP address to each 2950 for management purposes (all management addresses in the same subnet). By default that address is associated with VLAN 1. You also need to configure VLAN 1 on the 6506 with an IP address in the subnet that you are using on the 2950s. That way the 6506 can get to all the 2950s. You also need to provide appropriate routing so that devices in other parts of the network have routes to the subnet and the 6506 has routes to the other subnets in the network. You should then be able to telnet to any of the switches.
HTH
Rick -
WebHelp leaves secure internet connection
When clicking "Help" from the application, you are prompted
with "You are
about to leave a secure internet connection. Do you which to
continue?" That
is normal.
However, if you select "No", a web page still pops up, with
the help
information displayed and a blank web page behind it.
Does anyone know how to fix this?J.Bost -
In the web application that calls the Webhelp, what is the
language/syntax used? Do you see this behavior if you call a simple
html page?
Maybe you are looking for
-
I recently upgraded my internal hard drive to a 1TB. Prior to this, I had been backing up to an external hard drive using Time Machine and then deleting the older photos to make room for the newer ones. Now that I have a large internal hard drive, I
-
Send Mail with Multiple Attachment
How to send mail with multiple attachment. The documents are in a table column BLOB. Read and attach in to mail directly. We dont want save the documents into hard disk and attach to mail. Please Help If you have java procedure or Pl/Sql Procedure.
-
Mac Mavericks has messed up my CS4
Since downloading Mavericks, Photoshop CS4 is not working correctly. Specifically, I have lost my Tools bar and many of my most useful Tools, including the main cursor. Anyone know how to fix this? Thanks.
-
How do I send my display to a projector via HDMI?
I am new to Mac. I recently purchased a projector and I want to use my Macbook Air to display presentations via my projector. With PC, I think I used "F8". How do I on Mac? Please help...
-
Trying to add workforceID to eDirectory Collector
I'm trying to add WorkforceID to the eDirectory collector. I have Eclipse installed and working with the Senitnel SDK plug-in. I have the edirectory collector imported and have been looking through the various files to get some sort of understanding.