Setup of HSRP on 3560

Similar Messages

• Single WAE setup in HSRP environment

  Hi,
  I have this particular setup with the WAE connected to the standby router(not inline) and the traffic comes in from the active router.
  The active and standby router are interconnected and using iBGP.
  Will the WAE actually sync with the active router connecting from standby router with the normal redirect commands?
  Do I need to do something so that the redirected traffic from router 1 goes to the WAE connected to r2?
  router 1
  ip wccp 61
  ip wccp 62
  LAN
  ip wccp 61 redirect in
  WAN
  ip wccp 62 redirect in
  router 2
  LAN
  ip wccp 61 redirect in
  WAN
  ip wccp 62 redirect in
  WAE connected LAN
  ip wccp redirect exclude in
  WAE
  wccp router-list x r1 ip
  wccp router-list x r2 ip
  wccp tcp-promiscuous router-list-num x
  wccp version 2
  egress-method negotiated-return intercept-method wccp

  One thing about this config is you will to put both routers on the same list in the WAE.
  wccp router-list 1 (r1-ip) (r2-ip)
  wccp tcp-promiscuous router-list-num 1
  This will do what you want it to do.

• Next hop Priority of HSRP

  I have a question about HSRP porotocol
  I had setup a HSRP for Gateway Redundancy and BO_GW1 is the default active router.
  The route goes to OUTSIDE Router is from BO_GW1 in the normal state.
  But sometimes the route from outside come back to the internal network isn't the same router.
  Like sometimes it come back from BO_GW1 and sometimes BO_GW2.
  How can I control the route from outside to inside the same as the route from inside to outside.
  Is there any solution?
  Sorry for my English.

  Hello Alan,
  The thing here is that the Outside Router is not aware of any HSRP cloud being used. In fact that router does not even face the HSRP Cloud.
  That router connects to 2 different subnets.
  In this case the router will use it's own routing table to send traffic to the destination and in this case as you are using static routing there will be a draw in the AD and both routes will be installed and used in a load-balancing fashion.
  How to change it?
  Well, use routing protocols and withdraw routes when the respectice interface go down or use IP SLA having the BO-GW1 as primary and using BO-GW2 as secondary.
  Hope this makes sense.
  jcarvaja
  CCIE R&S 42930, 2-CCNP,JNCIS-SEC
  Looking for a quick remote support session? Contact us at inetworks.cr 

• HSRP on 3750G

  I am using 2 3750G switches with EMI which will be my main redundant routers. Floor 1 will connect to Router1 and floor 2 will will connect to Router 2. How would I be able to setup these 2 switches as routers for HSRP with multiple VLans.
  Ex. Say I have 192.168.0.x for these 2 routers
  192.168.1.x for Server farm
  192.168.2.x for Server farm
  192.168.3.x for PCs
  192.168.4.x for PCs
  192.168.5.x for Finance
  192.168.6.x for Marketing
  Then some more of VLans for others.
  Other SMI Cisco 3000 switches will connect to these 3750's which will be also connected to eachother between floors for redundancy.
  Do I have to make 2 seperate standby groups for each VLan? or how would I do this ?

  Hi Noobie,
  when 2 switches are stacked together, it will act as one single single, so you cannot setup hsrp between those 2 switches, once the two switches are stacked, based on the MAC-address, switch up time & IOS version, which ever has got the higher priority, those configuration will sync each other, so hsrp between those 2 switches not possible when they are stacked. you need to have a those 2 switches seperately & connect then via UTP/OFC cable, then setup the HSRP, with the virtual IP. the configuration looks like......
  switch A
  interface Vlan2
  description ***SERVER***
  ip address 10.2.1.2 255.255.255.0
  ip pim sparse-mode
  standby 2 ip 10.2.1.1
  standby 2 timers 5 15
  standby 2 priority 109
  standby 2 preempt
  Switch B
  interface Vlan2
  description ***SERVER***
  ip address 10.2.1.3 255.255.255.0
  ip pim sparse-mode
  standby 2 ip 10.2.1.1
  standby 2 timers 5 15
  standby 2 priority 108
  standby 2 preempt
  in this configuration, 10.2.1.1 is the virtual IP which is commenly set up in 2 switches & the real IP only varies. so in the pc's 10.2.1.1 should be the gateway, which means if 10.2.1.2 fails, this 10.2.1.1 will act as 10.2.1.3, because priority is set low in 10.2.1.3. hope your clear with this.
  rate this post.

• 2 5508's connecting to 2 6500 switches

  Looking to design for redundancy and mobility. My initial plan was to use LAG on both but I am confused on the setup because typcially all interfaces on these two switches are setup with HSRP. Does anybody have a matching configuration example they can share? Also looking to map multiple vlans to one SSID and using AD groups. Additional info is that this is for a large campus with multiple distribution areas but looking to just have consolidated WLC infrastructure at one location. Multiple GIG connections exist to all distribution points. Last note plan is to just use two of the 8 ports on each 5508.
  All the guides aren't quite bringing together for me the best practice for this setup.
  Thanks,
  Andrew

  Well you must understand, that if the WLC1 fails, then there will be a temporary lose of service until the AP's on WLC1 fails to WLC2.  This is for local mode ap's and this means that all traffic will be tunneled back to the WLC's and the layer 3 subnet needs to reside on the 6500's.  If you have remote sites that you want ap's and maybe don't have over 50, you can setup the ap's in h-reap mode (flexconnect) and the subnet's the users get placed on is the local subnet at the remote site.  So in this scenario, if WLC1 goes down, and remote site 1 has ap's on WLC1, the ap's stay up and traffic still flows normally.  You have two options in h-reap mode.... centrally switched which means tunnel traffic back to the WLC or locally switched where traffic is switched locally at that site.  When AP's are in local mode, the hard failure of the WLC will always disrupt the client devices just for a little (minute or less) until the AP's move to the other WLC.  When WLC1 comes back online, the AP's will move back with little to no disruptions.
  You will configure mobility between the two WLC's so that each WLC will know of clients that might roam to an AP on the other WLC.  This also is required for the AP's to know about the other WLC.

• MOH doest not works

  Hello,
     I have a simple setup with one core 3560 switch with 2 vlans Data 192.168.100.x and Voice 192.168.200.x and CME 4.1 installed on a  router 2801 with an IP address 172.16.0.1 connected to it. My phones are registering well and I am able to call. When I am trying to implement MOH it doesnt works here are the commands which I Have used
  telephony-service
  moh music-on-hold.au
  multicast moh 239.23.4.10 port 2000
  your help will be appreciated

  Hi Syed
  Can you find the below?. I hope to check if the audio file on the flash.
  ip multicast-routing
  ccm-manager music-on-hold
  CME(config)# telephony-service
  CME(config-telephony)#no moh "music-on-hold.au"
  CME(config-telephony)# moh flash:music-on-hold.au
  CME(config-telephony)# no create cnf-files
  CME(config-telephony)#create cnf-files
  also find the following URL:-
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/admin/configuration/guide/cmemoh.html#wp1010372
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucme/feature/guide/MoH.pdf
  Thank you
  please rate all useful infomation

• Second MGMT IP

  I have to re ip a network.  The current network is 10.110.46.0/24 and the 10.110.49.0/24.  I am trying to keep both networks up and running at the same time.  They are connected back to my corporate network via MPLS network.
  When i change the switchport access on the switches to the new 49 network pc's work fine and can talk back to corporate network.  Get DCHP fine from my network.
  There is a switch currently IP'd as 10.110.46.221 its a 2950.  When I add a new vlan interface as 10.110.49.221 I lose contact with the switch.  I can get back into the switch from the router via the 10.110.49.221.  I read that the 2950 can only have one active vlan ip address.  Is this true?
  Also, from the new switch when the 49.221 ip address is active I can not ping my router of 10.110.49.254 which is a virutal ip setup for HSRP.  I can ping the physical interface fine.  When I switch default gateway on the switch from 10.110.49.254 10.110.49.218(VIP) I can then get to it.
  Any ideas of why I cant ping virtual IP?
  Also seeing theses errors on the switch when I turn on 49 vlan int:
  *Feb 28 19:00:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan46, change
  d state to up
  *Feb 28 19:00:25: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/
  24, changed state to up
  May 15 10:47:57: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer
   vlan id 1 on FastEthernet0/25 VLAN46.
  May 15 10:47:57: %SPANTREE-2-BLOCK_PVID_PEER: Blocking FastEthernet0/25 on VLAN0
  001. Inconsistent peer vlan.
  May 15 10:47:57: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking FastEthernet0/25 on VLAN
  0046. Inconsistent local vlan.
  May 15 10:48:32: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/25 o
  n VLAN0001. Port consistency restored.
  May 15 10:48:32: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/25 o
  n VLAN0046. Port consistency restored.
  May 15 10:48:47: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2
  5, changed state to down
  May 15 10:48:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2
  5, changed state to up
  Thanks

  aaa new-model
  aaa authentication login default group tacacs+
  aaa authentication login consoleport group tacacs+ local
  aaa authentication login vtyport group tacacs+ local
  aaa authentication ppp default if-needed group tacacs+
  aaa authorization exec default group tacacs+ local if-authenticated
  aaa authorization commands 15 default group tacacs+ if-authenticated
  aaa authorization network default group tacacs+
  aaa accounting commands 15 default start-stop group tacacs+
  aaa accounting network default start-stop group tacacs+
  clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
  ip subnet-zero
  spanning-tree mode pvst
  no spanning-tree optimize bpdu transmission
  spanning-tree extend system-id
  interface FastEthernet0/1
   switchport access vlan 46
   rmon collection stats 1 owner PMmonitor
   --More--         rmon collection history 1 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/2
   switchport access vlan 46
   rmon collection stats 2 owner PMmonitor
   rmon collection history 2 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/3
   switchport access vlan 46
   rmon collection stats 3 owner PMmonitor
   rmon collection history 3 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/4
   switchport access vlan 46
   rmon collection stats 4 owner PMmonitor
   rmon collection history 4 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/5
   switchport access vlan 46
   --More--         rmon collection stats 5 owner PMmonitor
   rmon collection history 5 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/6
   switchport access vlan 46
   rmon collection stats 6 owner PMmonitor
   rmon collection history 6 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/7
   switchport access vlan 46
   rmon collection stats 7 owner PMmonitor
   rmon collection history 7 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/8
   switchport access vlan 46
   rmon collection stats 8 owner PMmonitor
   rmon collection history 8 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/9
   --More--         switchport access vlan 46
   rmon collection stats 9 owner PMmonitor
   rmon collection history 9 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/10
   switchport access vlan 46
   rmon collection stats 10 owner PMmonitor
   rmon collection history 10 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/11
   switchport access vlan 46
   rmon collection stats 11 owner PMmonitor
   rmon collection history 11 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/12
   switchport access vlan 46
   rmon collection stats 12 owner PMmonitor
   rmon collection history 12 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
   --More--         interface FastEthernet0/13
   switchport access vlan 46
   rmon collection stats 13 owner PMmonitor
   rmon collection history 13 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/14
   switchport access vlan 46
   rmon collection stats 14 owner PMmonitor
   rmon collection history 14 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/15
   switchport access vlan 46
   rmon collection stats 15 owner PMmonitor
   rmon collection history 15 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/16
   switchport access vlan 46
   rmon collection stats 16 owner PMmonitor
   rmon collection history 16 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
   --More--         !
  interface FastEthernet0/17
   switchport access vlan 46
   rmon collection stats 17 owner PMmonitor
   rmon collection history 17 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/18
   switchport access vlan 46
   rmon collection stats 18 owner PMmonitor
   rmon collection history 18 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/19
   switchport access vlan 46
   rmon collection stats 19 owner PMmonitor
   rmon collection history 19 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/20
   switchport access vlan 46
   rmon collection stats 20 owner PMmonitor
   rmon collection history 20 owner PMmonitor buckets 50 interval 1800
   --More--         spanning-tree portfast
  interface FastEthernet0/21
   switchport access vlan 46
   rmon collection stats 21 owner PMmonitor
   rmon collection history 21 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/22
   switchport access vlan 46
   rmon collection stats 22 owner PMmonitor
   rmon collection history 22 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/23
   switchport access vlan 46
   rmon collection stats 23 owner PMmonitor
   rmon collection history 23 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/24
   switchport access vlan 46
   rmon collection stats 24 owner PMmonitor
   --More--         rmon collection history 24 owner PMmonitor buckets 50 interval 1800
   spanning-tree portfast
  interface FastEthernet0/25
   switchport mode trunk
   rmon collection stats 25 owner PMmonitor
   rmon collection history 25 owner PMmonitor buckets 50 interval 1800
  interface FastEthernet0/26
   switchport mode trunk
   rmon collection stats 26 owner PMmonitor
   rmon collection history 26 owner PMmonitor buckets 50 interval 1800
  interface Vlan1
   no ip address
   no ip route-cache
   shutdown
  interface Vlan46
   ip address 10.110.46.221 255.255.255.0
   no ip route-cache
  ip default-gateway 10.110.46.254
  ^C
  line con 0
   login authentication consoleport
   stopbits 1
  line vty 0
   exec-timeout 0 0
   login authentication vtyport
   login authentication vtyport
  line vty 5 15
   login authentication vtyport
  ntp clock-period 17179899
  end
  Port 25 is the uplink.  Not passing a native vlan on either side.  I rebooted the switch to get it back up and working.  vlan 49 was configured same way as 46 just with 49 IP. 

• Understanding WAN traceroute with VLANs (WS-C4507R)

  Please see the attached diagram.
  I've a pair of WS-C4507R's, which compose my core. My JPG diagram denotes their current IP/subnet configuration. I'm curious about the following traceroute output while telnetted into "4500-SW1".
  4500-SW1#traceroute 10.10.10.5
  Type escape sequence to abort.
  Tracing the route to 10.10.10.5
  1 192.168.100.3 8 msec
  172.16.3.3 4 msec
  192.168.102.3 8 msec
  2 10.10.10.5 4 msec * 4 msec
  10.10.10.5 is the second interface off "WAN 18". Wouldn't the path be for "4500-SW1" to go one hop to "WAN 18"'s 10.10.10.1 interface?
  192.168.100.3 = Int VLAN4 off 4500-SW2
  172.16.3.3 = Int VLAN2 off 4500-SW2
  192.168.102.3 = Int VLAN 6 off 4500-SW2
  I'm curious why this traceroute bounces off three different VLANs within the same switch before finding its destination of 10.10.10.5. I assume the "1" and "2", denoting hops, means the first hop is VLAN 4 and the next hop is the WAN router, itself. I also assume the additional IP addresses are alternate hops, in the event VLAN 4 isn't available, to the same destination?
  I didn't engineer this WAN environment, my predecessor did. I'm also curious what benefits having each interface on the two routers on their own subnets. Wouldn't it be preferable to have to two interfaces on the same subnet and setup an HSRP address between them for availability? Any insight would be appreciated. If you need more pieces to the puzzle in terms of configurations, let me know.

  ip route 192.168.20.0 255.255.255.0 172.30.0.1
  ip route 192.168.21.0 255.255.255.0 172.30.0.1
  ip route 192.168.22.0 255.255.255.0 172.30.0.1
  ip route 192.168.23.0 255.255.255.0 172.30.0.1
  ip route 192.168.25.0 255.255.255.0 172.30.0.1
  ip route 192.168.26.0 255.255.255.0 172.30.0.1
  ip route 192.168.27.0 255.255.255.0 172.30.0.1
  ip route 192.168.28.0 255.255.255.0 172.30.0.1
  ip route 192.168.29.0 255.255.255.0 172.30.0.1
  ip route 192.168.31.0 255.255.255.0 172.30.0.1
  ip route 192.168.32.0 255.255.255.0 172.30.0.1
  ip route 192.168.33.0 255.255.255.0 172.30.0.1
  ip route 192.168.34.0 255.255.255.0 172.30.0.1
  ip route 192.168.36.0 255.255.255.0 172.30.0.1
  ip route 192.168.37.0 255.255.255.0 172.30.0.1
  ip route 192.168.38.0 255.255.255.0 172.30.0.1
  ip route 192.168.39.0 255.255.255.0 172.30.0.1
  ip route 192.168.40.0 255.255.255.0 172.30.0.1
  ip route 192.168.41.0 255.255.255.0 172.30.0.1
  ip route 192.168.42.0 255.255.255.0 172.30.0.1
  ip route 192.168.43.0 255.255.255.0 172.30.0.1
  ip route 192.168.44.0 255.255.255.0 172.30.0.1
  ip route 192.168.45.0 255.255.255.0 172.30.0.1
  ip route 192.168.46.0 255.255.255.0 172.30.0.1
  ip route 192.168.47.0 255.255.255.0 172.30.0.1
  ip route 192.168.48.0 255.255.255.0 172.30.0.1
  ip route 192.168.49.0 255.255.255.0 172.30.0.1
  ip route 192.168.50.0 255.255.255.0 172.30.0.1
  ip route 192.168.51.0 255.255.255.0 172.30.0.1
  ip route 192.168.52.0 255.255.255.0 172.30.0.1
  ip route 192.168.53.0 255.255.255.0 172.30.0.1
  ip route 192.168.54.0 255.255.255.0 172.30.0.1
  ip route 192.168.55.0 255.255.255.0 172.30.0.1
  ip route 192.168.56.0 255.255.255.0 172.30.0.1
  ip route 192.168.57.0 255.255.255.0 172.30.0.1
  ip route 192.168.59.0 255.255.255.0 172.30.0.1
  ip route 192.168.60.0 255.255.255.0 172.30.0.1
  ip route 192.168.61.0 255.255.255.0 172.30.0.1
  ip route 192.168.62.0 255.255.255.0 172.30.0.1
  ip route 192.168.63.0 255.255.255.0 172.30.0.1
  ip route 192.168.64.0 255.255.255.0 172.30.0.1
  ip route 192.168.65.0 255.255.255.0 172.30.0.1
  ip route 192.168.66.0 255.255.255.0 172.30.0.1
  ip route 192.168.67.0 255.255.255.0 172.30.0.1
  ip route 192.168.68.0 255.255.255.0 172.30.0.1
  ip route 192.168.69.0 255.255.255.0 172.30.0.1
  ip route 192.168.70.0 255.255.255.0 172.30.0.1
  ip route 192.168.71.0 255.255.255.0 172.30.0.1
  ip route 192.168.72.0 255.255.255.0 172.30.0.1
  ip route 192.168.73.0 255.255.255.0 172.30.0.1
  ip route 192.168.74.0 255.255.255.0 172.30.0.1
  ip route 192.168.75.0 255.255.255.0 172.30.0.1
  ip route 192.168.76.0 255.255.255.0 172.30.0.1
  ip route 192.168.77.0 255.255.255.0 172.30.0.1
  ip route 192.168.78.0 255.255.255.0 172.30.0.1
  ip route 192.168.79.0 255.255.255.0 172.30.0.1
  ip route 192.168.80.0 255.255.255.0 172.30.0.1
  ip route 192.168.81.0 255.255.255.0 172.30.0.1
  ip route 192.168.83.0 255.255.255.0 172.30.0.1
  ip route 192.168.84.0 255.255.255.0 172.30.0.1
  ip route 192.168.85.0 255.255.255.0 172.30.0.1
  ip route 192.168.86.0 255.255.255.0 172.30.0.1
  ip route 192.168.87.0 255.255.255.0 172.30.0.1
  ip route 192.168.88.0 255.255.255.0 172.30.0.1
  ip route 192.168.89.0 255.255.255.0 172.30.0.1
  ip route 192.168.90.0 255.255.255.0 172.30.0.1
  ip route 192.168.91.0 255.255.255.0 172.30.0.1
  ip route 192.168.92.0 255.255.255.0 172.30.0.1
  ip route 192.168.93.0 255.255.255.0 172.30.0.1
  ip route 192.168.95.0 255.255.255.0 172.30.0.1
  ip route 192.168.96.0 255.255.255.0 172.30.0.1
  ip route 192.168.97.0 255.255.255.0 172.30.0.1
  ip route 192.168.98.0 255.255.255.0 172.30.0.1
  ip route 192.168.101.0 255.255.255.0 192.168.100.4
  ip route 192.168.106.0 255.255.255.0 172.30.0.1
  ip route 192.168.202.0 255.255.255.0 172.30.0.1
  ip route 192.168.205.0 255.255.255.0 172.30.0.1
  ip route 192.170.70.0 255.255.255.0 172.16.200.100
  ip route 192.170.250.0 255.255.255.0 172.16.200.90
  ip route 193.183.233.0 255.255.255.0 172.30.0.1
  ip route 198.178.131.1 255.255.255.255 172.30.0.1

• Config register changed to 0x0 on two 6506

  Over the weekend our AC system failed in our datacentre.  Temperatures were very high.  Our tech crew was called in and restored the AC and the room cooled down.  All our equipment was ok (phew) except for our two main Catalyst 6506 switches which are setup with HSRP.  I came in and found that both switches had their config registers changed to 0x0 so they were loading into rommon.  I changed the registers and reloaded them and they both worked fine (double phew!).  My question however is why did both get their registers changed?  Is this a safety feature of some sort?  Does anyone know or has anyone seen something similar?

  Thanks for the response.  I can tell you that these boxes have been running for the past three years with no additional hardware added or removed.  If the confreg value was always 0x0 and hadn't been changed, how were the switches loading their ios and config files in the first place?  They've been restarted before and have always started normally.  The conf reg changed on both boxes specifically after the event I described.
  Below you can see my show version output.  I'm not quite sure what you want to see in it, please let me know.
  Cisco IOS Software, s3223_rp Software (s3223_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXJ1, RELEASE SOFTWARE (fc2)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Compiled Wed 22-Jun-11 17:11 by prod_rel_team
  ROM: System Bootstrap, Version 12.2(17r)SX3, RELEASE SOFTWARE (fc1)
   CORE_6506_A uptime is 3 days, 22 hours, 51 minutes
  Uptime for this control processor is 3 days, 22 hours, 51 minutes
  Time since CORE_6506_A switched to active is 3 days, 22 hours, 50 minutes
  System returned to ROM by power on (SP by reload)
  System restarted at 12:43:46 EET2DST Mon Sep 8 2014
  System image file is "sup-bootdisk:s3223-advipservicesk9_wan-mz.122-33.SXJ1.bin"
  Last reload reason: Reload Command
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco WS-C6506-E (R7000) processor (revision 1.2) with 458752K/65536K bytes of memory.
  Processor board ID SAL16138ELZ
  R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
  Last reset from power-on
  28 Virtual Ethernet interfaces
  17 Gigabit Ethernet interfaces
  2 Ten Gigabit Ethernet interfaces
  1915K bytes of non-volatile configuration memory.
  65536K bytes of Flash internal SIMM (Sector size 512K).
  Configuration register is 0x2102

• Reg: ACLs

  HI Experts,
  In my lab setup i configured Cisco 3560 switch.
  VLAN 20 and VLAN 30 i configured.
  VLAN 20 interface IP : 192.168.20.1/24
  VLAN 30 interface IP : 192.168.30.1/24.
  Inter-vlan communication is happening fine.
  For testing for purpose i configured extended ACLs.
  Here is my requirement:
  i want stop communication from VLAN 30 to VLAN 20 but not vice-versa.
  Here i configured like this:
  access-list 111 deny ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255
  access-list 111 permit ip any any
  applied ACL in VLAN 30 interface 'in' direction.
  ip access-group 111 in
  In this scenario, communication is stopping in both directions.
  If i ping from one of the IP VLAN 20 to one of the ip of VLAN 30, i was gettng Requested time out. And if i ping from one of the IP VLAN 20 to VLAN 30 interface IP, i was able get pinging.
  From VLAN 30 to VLAN 20, i was getting destination host unreachable from VLAN 30 ip( Its fine as its my requirement)
  So, solution needed to communicate from VLAN 20 to VLAN 30.
  Regards,
  Janardhan

  Hello,
  What if you do a reflexive ACL on the .20 vlan.
  ip access-list extended test
  permit ip 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 reflect test-123
  ip access-list extended inbound-packets
    evaluate test-123
  interface fastethernet 0/1.20
  ip access-group test out
  ip access-group inbound-packets in
  Please let me know the result of this.
  Regards,
  Julio

• Fully Redundant Network

  Hello everyone,
  I have some rack space in a colo and would like to know if what I have in mind is actually correct and perhaps if there is a better way to do it.
  I want to setup full redundancy in terms of the LAN and WAN. I have 2 drops from the datacenter for redundant internet connection.
  I have 2 managed dell switches (cisco oem from what i understand) and 2 ASA 5505's.
  I have just a simple ESX environment and my boxes have NIC Teaming setup already, which seems to be the ideal configuration for redundant network.
  I plan to have 2 VLan's, 1 for WAN and 1 for LAN on each switch (2 total).
  I understand that I will want to have HSRP setup, but I am not sure how to go about that or if the 5505 is even able to do HSRP.
  So I will have just 1 subnet and just have all servers and SAN connected to 2 switches and each ASA on 1 switch with HSRP, sound right?
  It sounds like i need hsrp for both wan and lan.
  Did i forget anything? Thanks a ton for all the help!

  Hello everyone,I
  have some rack space in a colo and would like to know if what I have in
  mind is actually correct and perhaps if there is a better way to do it.I
  want to setup full redundancy in terms of the LAN and WAN. I have 2
  drops from the datacenter for redundant internet connection.I have 2 managed dell switches (cisco oem from what i understand) and 2 ASA 5505's.I
  have just a simple ESX environment and my boxes have NIC Teaming setup
  already, which seems to be the ideal configuration for redundant
  network.I plan to have 2 VLan's, 1 for WAN and 1 for LAN on each switch (2 total).I understand that I will want to have HSRP setup, but I am not sure how to go about that or if the 5505 is even able to do HSRP.So
  I will have just 1 subnet and just have all servers and SAN connected
  to 2 switches and each ASA on 1 switch with HSRP, sound right?It sounds like i need hsrp for both wan and lan.Did i forget anything? Thanks a ton for all the help!
  Hi,
  It will be helpful if you can provide the scehmatic diagram of the current setup and we can guide the best design with the expected one any how what i have understand with the above comments is you have two internet links with two routers,two switches,two ASA5505 and all servers are having two NIC with teamiung configured.
  To have simple redudant network configure two vlans in switches one with external where your router and ASA 5505 interface will be connected and anothere with local lan where another port of ASA 5505 will be connected an will act as gateway for local servers.
  To have redundancy for internet links alos configure HSRP in router local interface with tracking configuration so that one links goes down traffic will be shifted to other one without any delay,for that you need to configure a defualt route towards the vip of HSRP of router in ASA 5505.
  Check out the below link on HSRP with tracking configuration on routers
  http://www.networkstraining.com/cisco-router-hsrp-configuration/
  http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094e8c.shtml
  and on ASA 5505 you need to configure two vlan as mentioned and for local and external interface configure a cluster setup with HSRP in ASA 5505
  Check out the below link for ASA 5505
  http://www.articlesbase.com/networks-articles/stepbystep-configuration-guide-for-the-cisco-asa-5505-firewall-803076.html
  http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/asacfgIX.html
  Hope to Help !!
  Remember to rate the helpful post
  Ganesh.H

• HSRP and Failover in a Setup

  Hi All,
  I need a create a setup with complete HA availability from Core Switch , Firewall and Router.
  I had 2-Cisco 3560 Switch , 2 - Cisco ASA 5520 Fw and 2 - Cisco 2921 router.
  Let me explain how the devices are connected. Created HSRP between the Users VLAN in the Core Switch for the Gateway HA.
  Also made a Priority set on one of the L3 Switch and make that a Root Bridge.
  Configured 2 Firewall with Active/Standy mode and also 2 Routers LAN Interface with HSRP mode for HA.
  All the Firewall Outside and Router LAN Interfaces are connected in a L2 VLAN. Also created a Separate L2 VLAN for the Failover link and connected.
  Please refer the attached diagram for more clarity.
  Now the activity is to create a Site to tunnel in the Firewall to connect other locations.
  Problem :  Sometimes the Secondary Firewall become as Active Firewall and we are unable to ping anything outside.. but the same ip's are reachable from Standby Firewall. I am suscepting that all the ports are in Secondary switches are in blocked port .. it may be the cause.
  I made the Secondary Firewall connectivity to the Primary Switch and start to do the configuration change, but some what in between the default gateway is not getting reachable and tunnel is going down.
  *** Some ip's i am able to reach from the Switch-A but the same is not reach from Switch - B and also from the Firewalls. No idea why it is pinginig.
  *** Is it a proper setup to connect the devices or we need to do any changes.
  Kindly suggest me the right setup and Configuration .... which will provide a HA in all layers.

  Hi Ganesan,
  I am proposing a design like this. You can have the STP in pvst mode and have a different priority set for the core switch to make it core a as root bridge. There is nothing wrong with your design you have made you core switch which will be physically down to your firewall... but in real it comes on the top of your firewall as well... But spanning tree conf should be done properly to achieve this... I have proposed my design which is pretty simple but easy for troubleshoot....
  You can have your firewalls connected to core switch on the down and can directly connected to router on outside... always core a -->py fw--rtra will be the primary path... if anything goes wrong then secondary line will come in to picture....
  make sure that your hsrp will have high priority to ur core a vlan conf for the access switches.....
  Please do rate for the helpful posts.
  By
  Karthik

• Multiple HSRP instances on Cisco 3560 L3 EMI?

  Hi, can someone tell me if a Cisco 3560 L3 EMI can support HSRP for multiple vlan interafces?

  Hi Billy,
  SMI image does not support HSRP.
  Chek this link for more differnces
  http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_example09186a0080169623.shtml
  HTH
  Ankur

• Ipv6 HSRP gloabl unicast address on cisco 3560 switch

  Dear Team,
  We are using cisco 3560 switch. Now we are going to implement ipv6 in our network. But we are not disturbing to existing ipv4. my question is 1) Can we confiure the global unicast ipv6 address in ipv6 HSRP and 2) can cisco 3560 switch will support ipv4 and ipv6 standby group on same SVI ?                 

  YES

• What's the password to logon the 3560 series switch on express setup

  what's the password to logon the 3560 series switch on express setup

  Hi Samuel,
  The 3560 doesn't have a password configured on it by default. You may want to double check the procedure for accessing Express Setup in case a step was missed:
  http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/hardware/quick/guide/3560gsg_08.html#wp49930
  If that still doesn't work, you can reset the switch to factory defaults by following this guide:
  http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3560/hardware/quick/guide/3560gsg_08.html#wp46478
  Hope that helps.
  -Mike