Vlan between 2950 and 3550

We are attempting to setup an additional VLAN between a 2950 and a 3550. There are 2 connections between the switches using the GI0/1 and 2 interfaces. One is set to Static Access on the current vlan and the other is set to Trunk Desirable for all other traffic. We need to add the additional VLAN using one of the existing links between the two switches. We have spare ports on both switches but have limited knowledge of configuration required. Not sure if further info is required but happy to provide.

You can find lot of information on this link
http://cisco.com/en/US/tech/tk389/tk390/tech_configuration_examples_list.html

Similar Messages

  • Problems with QoS between 2950 and 3550 with use of Native VLAN

    Hi!
    I try to set up QoS between a C2950 and a C3550, I have provided a drawing that might help understanding the setup.
    As I understand it, since I only have the SMI image on the C2950 I have to run a 802.1Q trunk over the leased 2Mb line to get QoS to work. And I DO get it to work, or at least it seems so to me.
    What I'm trying to setup QoS on is between a Nortel Succession Media Server and a Nortel i2004 IP Phone.
    And when I sniff the port that the Succession Media Server is connected to, I get this output:
    *BEGIN*
    *** TO IP Phone ***
    IP version: 0x04 (4)
    Header length: 0x05 (5) - 20 bytes
    Type of service: 0xB8 (184)
    Precedence: 101 - CRITIC/ECP
    Delay: 1 - Low delay
    Throughput: 1 - High throughput
    Reliability: 0 - Normal reliability
    Total length: 0x00C8 (200)
    ID: 0x5FE1 (24545)
    Flags
    Don't fragment bit: 0 - May fragment
    More fragments bit: 0 - Last fragment
    Fragment offset: 0x0000 (0)
    Time to live: 0x40 (64)
    Protocol: 0x11 (17) - UDP
    Checksum: 0x69EC (27116) - correct
    Source IP: 10.40.2.10
    Destination IP: 10.10.153.100
    IP Options: None
    UDP
    Source port: 5216
    Destination port: 5200
    Length: 0x00B4 (180)
    Checksum: 0x5C02 (23554) - correct
    *** FROM IP Phone ***
    IP version: 0x04 (4)
    Header length: 0x05 (5) - 20 bytes
    Type of service: 0xB8 (184)
    Precedence: 101 - CRITIC/ECP
    Delay: 1 - Low delay
    Throughput: 1 - High throughput
    Reliability: 0 - Normal reliability
    Total length: 0x00C8 (200)
    ID: 0x8285 (33413)
    Flags
    Don't fragment bit: 0 - May fragment
    More fragments bit: 0 - Last fragment
    Fragment offset: 0x0000 (0)
    Time to live: 0x7F (127)
    Protocol: 0x11 (17) - UDP
    Checksum: 0x0848 (2120) - correct
    Source IP: 10.10.153.100
    Destination IP: 10.40.2.10
    IP Options: None
    UDP
    Source port: 5200
    Destination port: 5216
    Length: 0x00B4 (180)
    Checksum: 0x5631 (22065) - correct
    *END*
    But, then to the problem:
    Since the modems I use have ip adresses in them I want to monitor them and be able to change settings in them.
    But to connect to units within the trunk, I have to set the native vlan to VLAN 144, which provides the ip adresses I use for the modems, in both ends of the trunk.
    But if I do that the tagging of the packets from the IP Phone disappears!
    Here's an output after native VLAN is applied:
    *BEGIN*
    *** TO IP Phone ***
    IP version: 0x04 (4)
    Header length: 0x05 (5) - 20 bytes
    Type of service: 0xB8 (184)
    Precedence: 101 - CRITIC/ECP
    Delay: 1 - Low delay
    Throughput: 1 - High throughput
    Reliability: 0 - Normal reliability
    Total length: 0x00C8 (200)
    ID: 0xDEF8 (57080)
    Flags
    Don't fragment bit: 0 - May fragment
    More fragments bit: 0 - Last fragment
    Fragment offset: 0x0000 (0)
    Time to live: 0x40 (64)
    Protocol: 0x11 (17) - UDP
    Checksum: 0xEAD4 (60116) - correct
    Source IP: 10.40.2.10
    Destination IP: 10.10.153.100
    IP Options: None
    UDP
    Source port: 5240
    Destination port: 5200
    Length: 0x00B4 (180)
    *** FROM IP Phone ***
    IP version: 0x04 (4)
    Header length: 0x05 (5) - 20 bytes
    Type of service: 0x00 (0)
    Precedence: 000 - Routine
    Delay: 0 - Normal delay
    Throughput: 0 - Normal throughput
    Reliability: 0 - Normal reliability
    Total length: 0x00C8 (200)
    ID: 0x89E4 (35300)
    Flags
    Don't fragment bit: 0 - May fragment
    More fragments bit: 0 - Last fragment
    Fragment offset: 0x0000 (0)
    Time to live: 0x7F (127)
    Protocol: 0x11 (17) - UDP
    Checksum: 0x01A1 (417) - correct
    Source IP: 10.10.153.100
    Destination IP: 10.40.2.10
    IP Options: None
    UDP
    Source port: 5200
    Destination port: 5240
    Length: 0x00B4 (180)
    Checksum: 0x31CA (12746) - correct
    *END*
    See, there is noe QoS tagging from the IP Phone anymore.
    If I set no switchport trunk native vlan 144 in both ends the tagging is back.
    Any ideas? Is this a bug, or just some command I don't know about?
    Please take a look at the picture to get a more understandable view of the setup.
    Thanks!

    Well, native VLANs are by definition untagged so there´s nothing wrong with that as far as you are getting the expected results. By the other way I think you should include VLAN 402 on your allowed vlan range on Catalyst 3550's FastEth0/45 trunk port, otherwise this VLAN will be completly isolated from the rest of the network.

  • Does 12.1 support ssh in 2950 and 3550

    Hi,
    We have 2950 and 3550 switches running IOS version 12.1
    In this version can we implement ssh access?
    Regards
    SKRAO

    Hi Rao,
    The following images support SSH on 2950 24 switches.
    12.1(22)EA9
    12.1 doesn't support SSH for 3550 24 switches.The following images support SSH on 3550 24 switches.
    12.2SEE
    12.2SED
    12.2SEB
    Hope it helps you.
    Thanks,
    satish

  • RPS and Cisco Catalyst 2950 and 3550 switches

    We are doing experiments with RPS and CC 2950 and 3550. When we unplug the main power, the RPS takes over and feeds the switch with power. But when we plug the main power back again, the switch contiues to take power from the RPS. How is the power reduncancy achieved with CC 2950 and/or 3550s?
    Thanks in advance,
    Dardan

    You will need to press the active/standby button on the RPS for the internal power supply in the switch to take over. Note that this can cause the switch to reload and do it in your maintenance window if this switch is in production.
    http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdx81023

  • Sharing a VLAN between FWSM and ACE (Routed Mode)

    Anybody in here with experience on sharing a Vlan between an ACE and a FWSM module?
    I have a transfer network between the ACE and the FWSM in the same chassis. FWSM gets several vlans and ACE gets some Vlans.
    I wanted to configure it like this.
    firewall vlan group 10 <FWSM only vlans>
    firewall vlan group 20 <shared FWSM and ACE vlan>
    or
    svclc vlan group 20 <shared FWSM and ACE vlan>
    svclc vlan group 30 <ACE only vlans>
    The design hides the client side network and the server side network for the ACE behind the FWSM module.
    Layout:
    |-- Clients <--> MSFC <--> FWSM <--> ACE <--> Server --|
    So allocation on the 65xx would be like this.
    firewall module n vlan-group 10,20
    svclc module n vlan-group 20,30
    Any obvious issues with this design if you share the vlan(s) referred in group 20 with both modules?
    FWSM and ACE will be in routed mode.
    Thanks for reading...
    Roble

    Never mind...
    Just found the perfect answer for this in a another posting from Syed.
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=SNA%20Data%20Center%20Networking&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dddee0b/0#selected_message
    Roble

  • Crc error between 2950 and 3620 router

    I have connected the 2950 to the 3620, and the running-config of 2950 below:
    2950#show running-config
    Building configuration...
    Current configuration : 1279 bytes
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname 2950
    enable secret xxxx
    no ip subnet-zero
    no ip finger
    no ip domain-lookup
    interface FastEthernet0/1
    duplex half
    speed 10
    interface FastEthernet0/2
    interface FastEthernet0/23
    interface FastEthernet0/24
    interface FastEthernet0/24.122
    interface FastEthernet0/24.123
    interface Vlan1
    bandwidth 10000
    ip address 192.168.10.200 255.255.255.0
    no ip route-cache
    delay 100
    ip default-gateway 192.168.10.254
    no ip http server
    line con 0
    transport input none
    line vty 0 4
    password xxx
    login
    line vty 5 15
    login
    end
    And the 3620 router just set the interface ethernet0/3:
    interface Ethernet0/3
    ip address 192.168.10.254 255.255.255.0
    half-duplex
    I have connected the f0/1 of switch to the eth0/3 of router. There are many crc errors between the switch and router, and try to change the duplex and speed rate, but it didn't take effect. I ensure the cable is good.
    Thank you for your suggestion!

    First, thank you for your notice of my problems.
    Yes. When I ping from both directions, I'm seeing the CRC error only in the switch. And I have cleared the counters in both ends.
    And I try to connect to another port of the router, It exists the same problem.
    I'm seeing both of the input errors and CRC errors.
    The interface of f0/1 (in switch)is following:
    2950#show int f0/1
    FastEthernet0/1 is up, line protocol is up
    Hardware is Fast Ethernet, address is 0007.84fc.d1c1 (bia 0007.84fc.d
    MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
    reliability 219/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Half-duplex, 10Mb/s
    input flow-control is off, output flow-control is off
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:03:10, output 00:00:00, output hang never
    Last clearing of "show interface" counters 00:11:25
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue :0/40 (size/max)
    5 minute input rate 1000 bits/sec, 1 packets/sec
    5 minute output rate 1000 bits/sec, 3 packets/sec
    299 packets input, 39511 bytes, 0 no buffer
    Received 5 broadcasts, 0 runts, 0 giants, 0 throttles
    164 input errors, 164 CRC, 0 frame, 0 overrun, 33 ignored
    0 input packets with dribble condition detected
    1058 packets output, 81544 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out
    2950#

  • 2950 SX and 3550-12G Connection Problem

    In a Network we have 2950-SX as edge switches and 3550-12G as access switches. In 2950-SX we have 24-Port 10/100 Ethernet ports and 2-Fixed F.O ports which connector is MTRJ. in 3550-12G we have 12-Giga bit module in which we are using SC-1000 Base SX port.
    To connect these switches we are using one side MTRJ and other side SC connector Patch Cord (company manufactured). We have try MTRJ male and female both type of Patch cords to connect 2950 with 3550 but we fail every time. We have try to swap the RX-TX on the SC side but result is same and connection between 2950 and 3550 didn’t up so please advice any suggestion.

    Try to set the encapsulation on the 355012G to dot1q.
    [switchport trunk encapsulation dot1q]

  • How to set up VLAN for DATA and VOIP on SRW248G4P switch?

    Hi guys,
    I am totally new and was given this task to complete. I  really really need help.
    We are using one network 192.168.1.0
    Shared  with data and voip.
    CISCO C870, 5 switches LINKSYS SRW248G4P .
    The  email wrote:-
    On the Linksys switch;
    - create two  different VLANs one for voice and one for data.
    - put a firewall  between the two VLANs (between voice and data) and only enable certain  ports to flow to voice network (inbound tcp 8443 and ssh )
    What  should i do guys? I really need a dumb guide now.
    I know its simple for  you guys but i am not a smart IT fella. Whats the  step by step?

    If the switch is new or you have support on this, then you might try calling the support center.  Here is a link:
    https://www.myciscocommunity.com/community/smallbizsupport
    On the right hand side you can find links to the support center.
    Here is a link to the guide:
    http://www.cisco.com/en/US/products/ps9967/prod_maintenance_guides_list.html
    @ the bottom of this link you can find your switch model, you want the larger of the two.  In this guide it shows you how to create a second vlan.
    Will your router be the firewall between the two?
    Kindest regards,
    Andrew Lissitz

  • VLAN between SFE2000P switches

    Dear friends,
    I've connected two sites with the following configuration:
    Site 1:
    Stack Linksys SFE2000P - Firmware version 1.0.0.X
    Port 1/g3 connected to a FO link to site 2
    Oficina 2:
    Stack Linksys SFE2000P - Firmware version 3.0.0.X
    Port 1/g3 connected to a FO link to site1
    I've tried to create a VLAN to communicate only a few ports of both sites:
    4/e23 y 4/e24 of site 1
    7/e23 y 7/e24 of site 2
    To do this, I tried the following:
    Port 1/g3 (site1) -> VLAN 50 (tagged) - Trunk
    Port 1/g3 (site 2) -> VLAN 50 (tagged) - Trunk
    Port 4/e23 y 4/e24 (site1) -> VLAN 50 (untagged)
    Port 7/e23 y 7/e24 (site 2) -> VLAN 50 (untagged)
    It doesn't work!!!. In the same stack of each site it works without problems. Could you help me??? There is some misconfiguration???
    I've stablished other VLANs between Linksys and 3Com Switches, but now it doesn't work at all.
    Thanks in advance!

    I Did find a same article on this forum. Maybe this would help you. an article coming from GV.
    * access mode: an access mode port connects to a normal device like a desktop, printer, or similar. An access mode port can be member of a single VLAN only, i.e. you have to decide to which VLAN it is supposed to belong to. In your case, you configure an access mode port for either VLAN 10 or VLAN 20.
    With a single switch things are clear now: some ports are VLAN 10 and some ports are VLAN 20. VLAN 10 can talk to each other. VLAN 20 can talk to each other. No traffic passes between VLAN 10 and VLAN 20.
    Of course, now you want to connect this switch to some other network devices, in particular the second SRW because you need additional ports or you have an additional location. And there is the ASA which provides internet access for these VLANs.
    * trunk mode: This is where trunk mode comes in. A trunk mode port can carry multiple VLANs on a single port. This is done using 802.1q tags. 802.1q tagged ethernet frames have an additional field for the VLAN to which the frame belongs to. With this, a switch can send frames for VLAN 10 and VLAN 20 through a single port to another switch or router. Each frame sent is tagged with 10 or 20 depending on which VLAN the frame belongs to. The receiver will accept each frame and assign it to the corresponding VLAN on the receiving side. This way the receiving switch or router is able to keep those VLANs strictly separated.
    So let's say you want two VLANs 10 & 20 in your network. You would create VLANs 10 & 20 on your ASA and both SRWs. (Create only means that the device knows this VLAN exists and is able to handle traffic for this VLAN). You would configure LAN port 1 of your ASA as trunk with members VLAN 10 & 20. You configure port 1 & 24 of your first SRW in trunk mode with members VLAN 10 & 20. You configure port 1 of your second SRW in trunk mode with members VLAN 10 & 20. Now you wire port 1 of your ASA to port 1 of your first SRW. Then you wire port 24 of your first SRW to port 1 of your second SRW.
    This creates the VLAN trunk through your network. Traffic in both VLANs can travel through this trunk between the switches and to the ASA and from there, if properly routed, into the internet.
    here is the Link
    As the SFE2000P is now part of Cisco Small Business I would recommend you ask your question in the Cisco Small Business Support Community. There are a few Cisco people over there which maybe able to reproduce your problem in a lab environment and check with the developers...

  • VLAN and STP compitability between Cisco 2950 and SRW2048

    How Cisco 2950 and Linksys SRW2048 switches can be combined to work fine with more than one VLAN's and STP?? I want both switches to support three VLAN's and STP for loop free network.Can some body help me out to combine linksys and cisco switches to interconnect to form my Network???  

    I believe that the SRW2048 is a 48 port managed switch. The easiest way to set the VLAN and STP configuration of is to access the web utility of this switch via 192.168.1.254. You have to go to VLAN Management and he needs to create the VLANs. The default VLAN of the switch is VLAN 1. You need to create 2 more VLANs by choosing the VLAN IDs and the name you want for these VLANs.
     After creating the VLANS, you need to determine the LAN of the switch you want to assign to each VLAN and the Trunk port or the port where you need to connect the SRW2048 to the Cisco 2950 switch. Go to the port setting and make this port as “truck”, and leave the other ports as “access”. Go to VLAN to ports and manually allocate the each LAN ports to the desired VLAN ID number. Take note that all ports that are members of VLAN1 should be “untagged” and the rest should be “tagged”. Save the settings you made.
     The STP configuration for the SRW2048 can be found also in the web utility. Just go to the Spanning Tree tab and setup your desired STP configuration.
     For the Cisco 2950, I am not quite sure on how to create these settings but I saw a useful link that might help you:
     http://www.petri.co.il/csc_setup_a_vlan_on_a_cisco_switch.htm

  • Link bundle between 2950 & 7204VXR (NPE400)

    Dear Team,
    We have made etherchannel between Cisco WS-C2950T-24 L2 & Cisco 7204VXR (NPE400) router for load balancing purpose.
    But the traffic from L2 switch to router is just being forwarded on single port & other port is idle while router is properly load balancing on both the ports.
    Below is the configuration for both the switch & router.
    Switch Configuration ->
    interface Port-channel2
    description ## Uplink bundle to VXR ##
    switchport access vlan 102
    switchport mode access
    no ip address
    interface FastEthernet0/5
    description ### To VXR Port-Fa0/0 ###
    switchport access vlan 102
    switchport mode access
    no ip address
    load-interval 30
    duplex full
    speed 100
    channel-group 2 mode on
    interface FastEthernet0/6
    description ### To VXR Port-Fa0/1 ###
    switchport access vlan 102
    switchport mode access
    no ip address
    load-interval 30
    duplex full
    speed 100
    channel-group 2 mode on
    Switch#show etherchannel summ
    Flags:  D - down        P - in port-channel
            I - stand-alone s - suspended
            H - Hot-standby (LACP only)
            R - Layer3      S - Layer2
            u - unsuitable for bundling
            U - in use      f - failed to allocate aggregator
            d - default port
    Number of channel-groups in use: 1
    Number of aggregators:           1
    Group  Port-channel  Protocol    Ports
    ------+-------------+-----------+-----------------------------------------------
    2      Po2(SU)          -        Fa0/5(Pd)   Fa0/6(P)
    Switch#show etherchannel load-balance
    Source MAC address
    Router Configuration ->
    interface Port-channel2
    description ### Link Bundle to L2 ###
    ip address 172.16.10.66 255.255.255.224
    load-interval 30
    hold-queue 150 in
    interface FastEthernet0/0
    description ### To L2 - Port - Fa0/5 ###
    no ip address
    load-interval 30
    duplex full
    speed 100
    channel-group 2
    interface FastEthernet0/1
    description ### To L2 - Port - Fa0/6 ###
    no ip address
    load-interval 30
    duplex full
    speed 100
    channel-group 2
    We have tried changing load-balance algorithm on Switch but result is same. Can somebody please help for load balance the traffic from L2 to Router?
    Thanks in advance.
    Nilesh.

    Leo,
    Thanks for the info. And please forgive me, I am not doubting your knowledge, just wanted to make sure about it. However, are you sure that channel numbers are supposed to be same? If that is the case, 2950 supports only up to 6 channels, and 3550 I think about 24 if I remember correctly. So what happens when I configure more then a 6 channels of 2950s into 3550. Next channel after six-th one would be 7, 8 and so on. However, I cannot configure channel # higher then 6 on 2950. With this, I am limiting 3550 to only 6 channels.
    Now, I have not got experience in doing ether-channels. However, I was thinking logicly and thoughed that Cisco would not limit 3550s to 2950 limitation.
    Please advise.
    Thanks

  • Cisco 2950 and Dell Powerconnect 5224

    I am trying to Cascade a cisco 2950 and dell powerconnect 5224. I am connecting port 32 on the 2950 and port 24 (gigport) on the dell. Any idea on how I can get the cascading to work? This is what I have on the Dell and the cisco.
    Dell Powerconnect 5224:
    interface ethernet 1/24
    switchport allowed vlan add 1 untagged
    switchport native vlan 1
    switchport mode trunk
    switchport allowed vlan add 1,10 tagged
    Cisco 2950:
    interface FastEthernet0/32
    switchport access vlan 10
    switchport mode trunk
    Dell documentationon casdcading between powerconnect and catalyst 4000 talks about setting up GVRP on both the dell and cisco switches. However, 2950 doesn't have GVRP.
    http://www.dell.com/downloads/global/products/pwcnt/en/app_note_4.pdf
    Any ideas, tips. Thanks.

    Try this instead:
    Dell:
    interface ethernet 1/24
    switchport allowed vlan add 1 untagged
    switchport native vlan 1
    switchport mode trunk
    switchport allowed vlan add 10 tagged
    Cisco 2950:
    interface FastEthernet0/32
    switchport mode trunk
    switchport trunk allow vlan 1,10
    switchport nonegotiate
    You don't need "switchport access vlan 10" on the Cisco because it's not in access mode, it's in trunk mode. And on the Dell you don't want vlan 1 to be tagged and untagged.
    Good luck.

  • Problem of routing between inside and outside on ASA5505

    I have a ASA5505 with mostly factory default configuration. Its license allows only two vlan interfaces (vlan 1 and vlan 2). The default config has interface vlan 1 as inside (security level 100), and interface vlan 2 as outside (security level 0 and using DHCP).
    I only changed interface vlan 1 to IP 10.10.10.1/24. After I plugged in a few hosts to vlan 1 ports and connect port Ethernet0/0 (default in vlan 2) to a live network, here are a couple of issues I found:
    a) One host I plugged in is a PC, and another host is a WAAS WAE device. Both are in vlan 1 ports. I hard coded their IP to 10.10.10.250 and 10.10.10.101, /24 subnet mask, and gateway of 10.10.10.1. I can ping from the PC to WAE but not from WAE to the PC, although the WAE has 10.10.10.250 in its ARP table. They are in the same vlan and same subnet, how could it be? Here are the ping and WAE ARP table.
    WAE#ping 10.10.10.250
    PING 10.10.10.250 (10.10.10.250) from 10.10.10.101 : 56(84) bytes of data.
    --- 10.10.10.250 ping statistics ---
    5 packets transmitted, 0 packets received, 100% packet loss
    WAE#sh arp
    Protocol Address Flags Hardware Addr Type Interface
    Internet 10.10.10.250 Adj 00:1E:37:84:C9:CE ARPA GigabitEthernet1/0
    Internet 10.10.10.10 Adj 00:14:5E:85:50:01 ARPA GigabitEthernet1/0
    Internet 10.10.10.1 Adj 00:1E:F7:7F:6E:7E ARPA GigabitEthernet1/0
    b) None of the hosts in vlan 1 in 10.10.10.0/24 can ping interface vlan 2 (address in 172.26.18.0/24 obtained via DHCP). But on ASA routing table, it has both 10.10.10.0/24 and 172.26.18.0/24, and also a default route learned via DHCP. Is ASA able to route between vlan 1 and vlan 2? (inside and outside). Any changes I can try?
    Here are ASA routing table and config of vlan 1 and vlan 2 (mostly its default).
    ASA# sh route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
    i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
    * - candidate default, U - per-user static route, o - ODR
    P - periodic downloaded static route
    Gateway of last resort is 172.26.18.1 to network 0.0.0.0
    C 172.26.18.0 255.255.255.0 is directly connected, outside
    C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback
    C 10.10.10.0 255.255.255.0 is directly connected, inside
    d* 0.0.0.0 0.0.0.0 [1/0] via 172.26.18.1, outside
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.10.10.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address dhcp setroute
    interface Ethernet0/0
    switchport access vlan 2
    All other ports are in vlan 1 by default.

    I should have made the config easier to read. So here is what's on the ASA and the problems I have. The ASA only allows two VLAN interfaces configured (default to Int VLAN 1 - nameif inside, and Int VLAN 2 - nameif outside)
    port 0: in VLAN 2 (outside). DHCP configured. VLAN 2 pulled IP in 172.26.18.0/24, default gateway 172.26.18.1
    port 1-7: in VLAN 1 (inside). VLAN 1 IP is 10.10.10.1. I set all devices IP in VLAN 1 to 10.10.10.0/24, default gateway 10.10.10.1
    I have one PC in port 1 and one WAE device in port 2. PC IP set to 10.10.10.250 and WAE set to 10.10.10.101. PC can ping WAE but WAE can't ping PC. Both can ping default gateway.
    If I can't ping from inside interface to outside interface on ASA, how can I verify inside hosts can get to outside addresses and vise versa? I looked at ASA docs, but didn't find out how to set the routing between inside and outside. They are both connected interfaces, should they route between each other already?
    Thanks a lot

  • Communication between : AP and WLAN controller

    Hi,
    The communication between AP and WLAN Controller is ( Data and Control ) UDP.
    Source port 1024 and destination port 12222 and 12223. Actually which device listen to which port or both should listen as control and data can be generated from both the devices.
    How does the user ( wireless client) traffic is switched - if user traffic is a TCP traffic. It will be sent to WLANC and then WLANC forwards it to respective VLAN or default gateway ( depending upon the destination in the packet ).
    Please explain / share the experience.
    any link on cisco.com
    Thanka in advance
    Subodh

    "the LWAPP Control and Data messages are encapsulated in UDP packets that are carried over the IP network. The only requirement is established IP connectivity between the access points and the WLC. The LWAPP tunnel uses the access point's IP address and the WLC's AP Manager interface IP address as endpoints. The AP Manager interface is explained in further detail in the
    implementation section. On the access point side, both LWAPP Control and Data messages use an ephemeral port that is derived from a hash of the access point MAC address as the UDP port. On the WLC side, LWAPP Data messages always use UDP port 12222. On the WLC side, LWAPP Control messages always use UDP port 12223.
    The mechanics and sequencing of Layer 3 LWAPP are similar to Layer 2 LWAPP except that the packets are carried in UDP packets instead of being encapsulated in Ethernet frames."
    Taken from "Cisco 440X Series Wireless LAN Controllers Deployment Guide"

  • WLC mobility group between 4404 and 5508 controllers

    Mobility 'Control and Data Path Down' between 4404 and 5508 WLC's.
    Hello, we have 5 x 4404 WLC's running 7.0.240.0 with mobility configured fine between them.
    We have installed a 5508 with HA running 7.4.110.0, and have tried to add it to the mobility group, however we see 'Control and Data Path Down' between the new 5508 and all the 4404 controllers.
    All controllers have:
    The same virtual address
    Management interfaces are in the same VLAN, and indeed all the controllers connect via the same pair of 3750X stacked switches.
    The default mobility domain name is the same
    4404 output when issung the command 'show mobility summary'
    Symmetric Mobility Tunneling (current) .......... Enabled
    Symmetric Mobility Tunneling (after reboot) ..... Enabled
    Mobility Protocol Port........................... 16666
    Default Mobility Domain.......................... SGH-Mobility
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0xe209
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 6
    Mobility Control Message DSCP Value.............. 0
    5508 ouput when issueing the command 'show mobility summary'
    Mobility Architecture ........................... Flat
    Mobility Protocol Port........................... 16666
    Default Mobility Domain.......................... SGH-Mobility
    Multicast Mode .................................. Disabled
    Mobility Domain ID for 802.11r................... 0xe209
    Mobility Keepalive Interval...................... 10
    Mobility Keepalive Count......................... 3
    Mobility Group Members Configured................ 6
    Mobility Control Message DSCP Value.............. 0
    I've spent quite some time double checking all the configurations to no avail.
    Has anybody seen this problem before?
    Kind regards
    Dave Bell

    Thanks Sandeep.
    I am well versed with WLC's and mobility, however trying to add a 5508 to a mobility group with 4404's has come up with a bit of a curve ball.
    All the 4404 controllers all joined the mobility group fine, no problems at all - its only the 5508 I am struggling with.
    In theory its simple, populate the IP address, and MAC addres of the management interface of the remote WLC, as long as the management interfaces are in the same VLAN, and the Default Mobility Domain Name are the same it should come up.
    Interestingly I have found the 5508 reports its own management interface MAC address incorrectly when viewing the Mobility Groups:
    For example:
    {Screen shot WLC1.jpg}
    5508 management address is 10.95.x.x and when viewing the Mobility Management screen it shows its own MAC address as bc:16:65:f9:37:60.
    however!
    From our router is I do an sh arp | i 10.95.x.x (controller management address), I see:f872.eaee.becf.
    {Screen shot wlc2.jpg}
    Hence the WLC reports as: bc:16:65:f9:37:60
    and
    The network reports as: f872.eaee.becf for the same IP address.
    I have changed the other WLC's to the MAC adress seen on the network for the new controller, aka changed from
    bc:16:65:f9:37:60
    to
    f8:72:ea:ee:be:cf
    I now see the controllers reporting the mobility with the new controller as 'Control Path Down', however I am at a loss as to what may be causing this?
    Kind regards
    Dave Bell

Maybe you are looking for