WCCP: Is dot1Q trunking needed on Router I/F to avoid redirection loop

Similar Messages

• Problems with vlan and dot1q trunking port

  Dear Folks,
  i have problems with my AccessPoint Konfiguration.
  Even when i set the Catalyst Port to trunk, i can only connect to VLAN 1 but not to VLAN 10.
  and if i change the port to statik vlan 10 i can not connect to the ap but it works...
  config below:
  User Access Verification
  version 12.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  hostname 1200_PP_1
  logging queue-limit 100
  enable secret xxxx
  clock timezone A 1
  ip subnet-zero
  bridge irb
  interface Dot11Radio0
  no ip address
  no ip route-cache
  ssid DEPACNGLW0HS
  vlan 10
  authentication shared
  infrastructure-ssid
  mobility network-id 10
  speed basic-1.0 2.0 5.5 11.0
  rts threshold 2312
  channel 2412
  antenna receive right
  antenna transmit right
  station-role root
  interface Dot11Radio0.1
  no ip route-cache
  interface Dot11Radio0.10
  encapsulation dot1Q 10 native
  no ip route-cache
  bridge-group 1
  bridge-group 1 subscriber-loop-control
  bridge-group 1 port-protected
  bridge-group 1 block-unknown-source
  no bridge-group 1 source-learning
  no bridge-group 1 unicast-flooding
  bridge-group 1 spanning-disabled
  interface FastEthernet0
  no ip address
  no ip route-cache
  speed 100
  full-duplex
  ntp broadcast client
  interface FastEthernet0.1
  encapsulation dot1Q 1
  no ip route-cache
  bridge-group 254
  no bridge-group 254 source-learning
  bridge-group 254 spanning-disabled
  interface FastEthernet0.10
  encapsulation dot1Q 10 native
  no ip route-cache
  bridge-group 1
  no bridge-group 1 source-learning
  bridge-group 1 spanning-disabled
  interface BVI1
  ip address 10.2.2.222 255.255.255.0
  no ip route-cache
  ip default-gateway 10.2.2.2
  ip http server
  ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag/122-15.JA/1100
  ip radius source-interface BVI1
  bridge 1 route ip
  line con 0
  line vty 0 4
  login local
  line vty 5 15
  login
  end
  it would be fine if anyone could help me....

  You configure Layer 3 Mobility with WLSM. No trunking is required on the CAT switch. However, you need to set the switch port on the CAT switch as access port in VLAN 10.
  Please post the WLSM and SUP720 configuration. Also, which VLAN do you want to access the AP?
  The following URL may be useful for you to verify the configuration:
  http://www.cisco.com/en/US/partner/products/hw/wireless/ps430/prod_technical_reference09186a00802a86a7.html

• Vlan 1 on dot1q trunks, cross-vtp-domain

  Hello all,
  trying to transport vlan 1 via .1Q between a c6500 (IOS) and a c35xx. The idea is to access the c35xx for management purposes.
  Vlan 1 does not seem to work; neither the c35xx nor any devices attached to it can be seen in the vlan 1 cloud.
  The 2 catalysts are members of different vtp domains. Both domains do include their vlan 1 definitions.
  Any ideas?

  When using dot1q trunking you must specify what the native vlan is on BOTH sides of the trunk if it is different from 1. If you want the Interface VLAN1 on your 3750 be accessible then it must be in the same network as VLAN1 on your 6509. If you have a different vlan on your 3750 for users but want to keep VLAN1 for management this is how you need to set it up: Using VLAN 25 for users and VLAN 1 for management Example below using GiX/Y for uplink interface to 3750:
  interface Vlan25
  ip address 172.30.25.2 255.255.255.0
  ip helper-address 172.30.X.Y
  no ip redirects
  standby 1 priority 110 preempt
  standby 1 ip 172.30.25.1
  no shutdown
  Interface GiX/Y
  switchport
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,25
  switchport mode trunk
  no shutdown
  On 3750:
  interface VLAN1
  decription "Management Interface"
  ip address 172.30.25.5 255.255.255.0
  interface GigabitEthernet1/0/1
  description "Trunk to 6509"
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,25
  switchport mode dynamic desirable
  By NOT including: "switchport trunk native vlan 25"
  on both sides of the trunk you are making VLAN 1 the native VLAN but still allowing VLAN 25 traffic

• Dot1q Trunk between Catalyst 6500 and HP Blade Enclosures

  We have a requirement to configure trunks to a 6500 and HP GbE2 interconnect switch in a blade enclosure.
  The interconnect switches and the 6500 are connected as in the attachment.
  The configuration was done using the documentation provided by HP for connecting these trunks to the 6500, but there seems to be some problem with STP.
  All the network remains stable for a time and then falls over, traffic counts on the trunk interfaces shoots up to crazy values.
  The access layer (consisting of 2950s) hanging off the 6500 also falls over and the interfaces on the trunks become err-disabled. This happens eventhough we are not trunking the 102-108 vlans that are trunked to the HP switches to these switches.
  We need to run dot1q trunks to the HP blade switches, because of the requirement to have the servers within the blade enclosure in different VLANS. The vlans were configured as per the document provided by HP and the server ports assigned accordingly.
  Has anyone managed to configure etherchannel trunks (dot1q) to HP blade switches? Any guidelines and findings will help

  Forgot the attachment....

• Do I need a router or access point / bridge?

  Hi.  We have a MS small bus server with a software firewall.  It does dhcp and routes traffic so we don't need the router part of the router.
  Wireless  N access is needed.  Will a DAP 1522 (Wireless N access point / switch) offer the same wireless performance as a Linksys wireless N router?
  I just bought the DAP access point and am getting 100-130 mb/s with a strong signal.  Would the router work better with its giant antennae?
  Nick

  DAP 1522 is a good acess point. It  lets you connect up to 4 Ethernet-enabled devices such as set top boxes, game consoles, or computers to an existing Wi-Fi network for on-demand broadcast, online gaming, or media streaming throughout the home.
  With dual-band wireless capabilities, the DAP-1522 is ideal for wireless HD video streaming and gaming applications because entertainment content can be sent over the less crowded 5GHz band.
  The DAP-1522 can also be used to create a new 802.11n wireless network using its Access Point feature. Simply connect it to an existing wired or wireless router, and you'll enjoy greater range and data speeds in seconds.

• Do I need a router to interface with my wireless laptop and printer, or can booth tooth.

  Im having a problem interfacing the HP B210 all in one wireless printer to my ASUS wireless Laptop. Do I need a router or can I some hoe make the wireless connection using my blue tooth on my laptop. Please help.

  Well, the printer does not have bluetooth so that will not work.
  However, you can connect to it directly via wi-fi on your laptop.  From the front of the printer go to: Setup > Network > Restore Network Defaults.
  Now, on your PC, look for a wireless network beginning with "HP".  Join it.  There is no password.
  Now, go to Control Panel > Printers and Add a Printer.
  Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
  I am employed by HP

• Do I need a router when I have time capsule

  I'm so new with iMac. Thinking getting a time capsule for movies and music so if I get a time capsule do I need a rout with it

  Time capsule is a backup device not a media server.. it will not work at all well as a place to store your itunes or iphoto libraries..
  Read around carefully for what people use but TC has no internal method to automatically backup.. anything stored on the TC even if you only use it for file storage is lost. if the TC dies.. which they do.
  If you still want to use it. a TC is basically an airport extreme.. ie wireless router with built in hard disk drive.

• Need a router to conect ipad to a telstra 4G usb Sierra wireless "AirCard 320U

  need a router to conect ipad to a telstra 4G usb Sierra wireless "AirCard 320U

  You need a MiFi. Talk to your cell provider.

• Is a modem enough?  Or do I need a router?

  No, really, that's my question.  Bear with me; I'm ignorant of how this is supposed to work, though I think I understand the very basic principles.
  I have an old zoom modem that for six years has wirelessly connected my iMac to the internet.  The network is sometimes very unreliable and I have to restart the modem and fool with settings to get it working again; that sometimes fixes it for several months, but sometimes I get dropped freqently for weeks before something fixes itself.  However, the network always shows up in the drop-down list.  I'm in an 800 squ. ft. apartment in a large building and surrounded by 15 or so home networks, but I'd like to add a wireless printer and connect remote speakers with an Airport Express, so I want it solid before I start playing with more devices.
  Given the number of wireless setups around me, I recently I decided to make my network more secure because the modem was not encrypted and I had no wireless security set up in my network preferences.  But as soon as I started playing with encryption on the modem and/or adding WPA2 security on the network preferences, everything became unstable.  The network still shows up in the drop-down list (the one that comes up when I click on the network icon in the menu bar), but it usually wants me to enter a WEP password and doesn't let me connect, etc.  If I reboot the modem and restart the computer (I think the latter helps) I get a connection; that might work for several days or for only hours.  Sometimes rebooting the computer helps too.  But, like I said, the only time I have anything that stays stable for any length of time is with no security.
  So I've got to do something.  People are always talking about routers connected to modems, but the guy at my ISP said that for my purposes a modem alone would be enough.  He suggested connecting an ethernet cable and creating a new network to see if that alone will help, and if the wireless setup still doesn't work I should replace the modem.
  So, considering my modest demands on the network, do I need a router?  Shouldn't a wireless dsl modem be enough, even if I need to replace this one?
  Edited to add: my understanding is that everything on the network is connected to the modem, which is why he said the modem is all I need.  Is this wrong?  I just got an iPod touch and all I had to do was sign in to the network.  Right now I've had a few days of stability, so I haven't gotten so see if it loses the network when the iMac does.

  A potential problem with a non-Apple router is compatibility.  Some brands tend to be better than others.  Also there is the question of support.  Few if any mfgrs. provide support for Macs.  That said I would give a qualified thumbs-up to D-Link routers.  They do work well with Macs and can be easily configured with a browser.  Mac support is available although minimal.  D-Link also sells access points that can be used much like an Airport Express.
  Any problems with WPA on your Zoom is likely because it's very old.  The modem may not even be DOCSIS 2 compatible given its age.
  Consult with your ISP to determine what they recommend for a replacement modem or what they currently provide in new installations.  Whatever you do a new modem may require provisiioning with the ISP.
  I don't believe Tesserax or I made conflicting statements about needing a router to connect multiple devices.  If there's any question here, then the answer is, "Yes.  You need some type of router to connect multiple devices.  It could be separate from the modem or it could be built-in to the modem like what you now have.

• Need firewall/ router / nat / vpn recommendation

  As the title states, I'm looking for an all-in-one hardware solution (not software) that will work seemlessly with our xserve. Right now we are using a consumer grade Linksys vpn/router as a temporary solution. We also have a business series linksys 24-port switch, so I don't need the router to handle any of that.
  We have about 15 users in the office. The vpn will need to support about 3-5 users at any one time, both Mac and Windows clients. We would like to utilize PPTP since it is easier to setup. The internet is provided via Cox cable and sits around 5MB of bandwidth.
  Any recommendations would be greatly appreciated. I would prefer to base this purchase on those who use a solution in a production environment as opposed to hearsay.
  Thanks in advance.

  We use a SonicWALL TZ 170 for that, and it works fine. The current product is the TZ 180, its replacement, which is a bit faster. The TZ 180 can handle 5 MB bandwidth with Intrusion Prevention Services on (signature watching on packet inspection); about 6 MB is the real limit for the TZ 170 with IPS (don't believe the marketing sheets that say faster). With 15 users in your office, you might want the PRO 2040 rather than the TZ 180 for increased processor power. Avoid the 1260, which is essentially just a TZ 170 with a switch on the back end.
  Supports the major VPN protocols. If you want to use IKE, you will need the Equinux VPN Tracker client for the Macs (SonicWALL doesn't have a Mac VPN client). Note that their Vista VPN client is now in beta, people are having mixed results with it. No Vista 64 bit VPN client is even announced.
  We have used it for several years with Mac VPN (VPN Tracker) from iMacs at our homes to our Xserve G5 and LAN, works fine. SonicWALL support is Mac hostile, they claim it doesn't work with Macs. Hogwash. Be prepared for Bob from Bangalor for the Level 1 and Level 2 support people, who seem untrained on the product line. The Level 3 support people are good, except when you get the anti-Macintosh bigots.
  If you need to do NAPT (NAT with port translation), you will have to get the SonicOS Enhanced OS. SonicOS Standard can do NAT but not port translation. The learning curve on SonicOS Standard is not that bad; SonicOS Enhanced is a very different animal - more powerful and featured but more difficult to set up.
  Sonic's business model is to pretty much give the hardware away and make it up on support contracts/licenses for firmware/hardware support, IPS, Anti-Spyware, Anti-Virus licensing, etc. The hardware is reliable.
  Hope that helps,
  Russ
  Xserve G5 2.0 GHz 2 GB RAM   Mac OS X (10.4.8)   Apple Hardware RAID, ATTO UL4D, Exabyte VXA-2 1x10 1u

• I´m doing a design for presale, where I will need a router what support PAT for 500 or a little more of users, it not need any more features only static routing and dhcp pool for 500 users, can you help me for know what router recommend?

  I´m doing a design for presale, where  I will  need a router what support PAT for 500 or a little more of users, it  not need any more features only static routing and dhcp pool for 500 users, can you help me for know what router recommend?

  What is your WAN speed currently and projected WAN speed in the next 3 years?

• Dot1q trunking

  Hi all,
  i have configured dot1q trunking between two switches with default native vlan 1 on set based switch.
  how do i change native vlan other than vlan 1 on set based switch.
  Thanx in advance for the response.
  Regards,
  Rajesh

  802.1Q Trunk Configuration Guidelines and Restrictions
  The following configuration guidelines and restrictions apply when using 802.1Q trunks and impose some limitations on the trunking strategy for a network:
  •When connecting Cisco switches through an 802.1Q trunk, make sure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If the native VLAN on one end of the trunk is different from the native VLAN on the other end, spanning-tree loops might result.
  •Disabling spanning tree on the native VLAN of an 802.1Q trunk without disabling spanning tree on every VLAN in the network can cause spanning-tree loops. We recommend that you leave spanning tree enabled on the native VLAN of an 802.1Q trunk. If this is not possible, disable spanning tree on every VLAN in the network. Make sure that your network is free of physical loops before disabling spanning tree.
  •When you connect two Cisco switches through 802.1Q trunks, the switches exchange spanning-tree BPDUs on each VLAN that is allowed on the trunks. The BPDUs on the native VLAN of the trunk are sent untagged to the reserved IEEE 802.1D spanning-tree multicast MAC address (01-80-C2-00-00-00). The BPDUs on all other VLANs on the trunk are sent tagged to the reserved Cisco Shared Spanning Tree (SSTP) multicast MAC address (01-00-0c-cc-cc-cd).
  •Non-Cisco 802.1Q switches maintain only a single instance of spanning tree (the Mono Spanning Tree, or MST) that defines the spanning-tree topology for all VLANs. When you connect a Cisco switch to a non-Cisco switch through an 802.1Q trunk, the MST of the non-Cisco switch and the native VLAN spanning tree of the Cisco switch combine to form a single spanning-tree topology known as the Common Spanning Tree (CST).
  When you connect a Cisco switch to a non-Cisco switch, the CST is always on VLAN 1. The Cisco switch sends an untagged IEEE BDPU (01-80-C2-00-00-00) on VLAN 1 for the CST. On the native VLAN, the Cisco switch sends an untagged Cisco BPDU (01-00-0C-CC-CC-CC) which the non-Cisco switch forwards but does not act on (the IEEE BPDU is not forwarded on the native VLAN).
  •Because Cisco switches transmit BPDUs to the SSTP multicast MAC address on VLANs other than the native VLAN of the trunk, non-Cisco switches do not recognize these frames as BPDUs and flood them on all ports in the corresponding VLAN. Other Cisco switches that are connected to the non-Cisco 802.1Q cloud receive these flooded BPDUs. This situation allows Cisco switches to maintain a per-VLAN spanning-tree topology across a cloud of non-Cisco 802.1Q switches. The non-Cisco 802.1Q cloud separating the Cisco switches is treated as a single broadcast segment between all switches that are connected to the non-Cisco 802.1Q cloud through the 802.1Q trunks.
  •Make sure that the native VLAN is the same on all of the 802.1Q trunks connecting the Cisco switches to the non-Cisco 802.1Q cloud.
  •If you are connecting multiple Cisco switches to a non-Cisco 802.1Q cloud, all of the connections must be through 802.1Q trunks. You cannot connect Cisco switches to a non-Cisco 802.1Q cloud through ISL trunks or through access ports because the switch will place the ISL trunk port or access port into the spanning tree "port inconsistent" state and no traffic will pass through the port.
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_8_5/confg_gd/e_trunk.htm#wp1045882

• I need my router password - I do not remember what it is

  I need my router password- do not remember what it is. How do I retrieve it

  Easiest way is probably to do a hard reset (how ya do that differs with modem brand) so it reverts to the default password (and login) and then you can reset it to the password to what you WANT it to be. The defaults should be on a label on or under the modem, unless it's been removed, and I suppose, alternatly, you can contact the manufacturer support if you can't find it that way.

• I have made a bootable copy of ML and want to load it on another laptop running SL. What do I need to do in order to avoid losing any files. I do not want to do a clean install.

  I have made a bootable copy (8GB thumb drive) of ML and want to load it on another Apple laptop running SL. What do I need to do in order to avoid losing any files. I do not want to do a clean install. I know ML is comptible.

  I'm getting an error message when ML is almost completely installed and it stops the install. Is there any way to get back to the snow leopard operating system and scrap the ML install at this point. I had to shut the Mac book off and when I started again it tried to install ML a second time. It is still trying to install but at this point I don't want to screw anything up any further so just want to get back to SL.
  Any suggestions.

• Need to route traffic based on destination to 2 different routers

  I have a 4451X that has a default route of 10.10.48.1. I have 2 other internet routers at 10.10.48.15, and 172.31.1.3.
  The router at 172.31.1.3 is a VPN firewall and has a VPN to 3 specific IP networks. 172.31.252.0/24, 192.168.252.0/24, and 192.168.163.0/24.
  I need the traffic headed to the 3 VPN'd networks to route to 172.31.1.3, and the remaining traffic to route to 10.10.48.15.
  The source network is 172.31.0.0/23 and the gateway of the machines is 172.31.0.1.
  I tried creating a PBR but the internet traffic seems to go outbound through the router's default route of 10.10.48.1 and not 10.10.48.15.
  I am sure I am just missing something silly.
  Here are the relevant portions of the config:
  interface GigabitEthernet0/0/1
   ip address 172.31.0.20 255.255.254.0
   ip nat inside
   ip policy route-map Test
   negotiation auto
   vrrp 1 ip 172.31.0.1
   vrrp 1 priority 105
  interface GigabitEthernet0/0/1.2
   encapsulation dot1Q 2
   ip address 10.10.48.12 255.255.255.224
   ip nat inside
   ip access-group 199 in
   vrrp 1 ip 10.10.48.3
   vrrp 1 priority 105
   vrrp 2 priority 105
   no cdp enable
  ip route 0.0.0.0 0.0.0.0 10.10.48.1
  ip route 0.0.0.0 0.0.0.0 172.31.1.3 2
  access-list 116 permit ip 172.31.0.0 0.0.1.255 172.31.254.0 0.0.0.255
  access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.252.0 0.0.0.255
  access-list 116 permit ip 172.31.0.0 0.0.1.255 192.168.163.0 0.0.0.255
  route-map Test permit 19
   match ip address 116
   continue 20
   set ip next-hop 172.31.1.3
  route-map Test1 permit 20
   set ip next-hop 10.10.48.15
  Thanks in advance.
  Burton Hallman

  Firstly I'm not sure why you have two default routes if everything is meant go via 10.10.48.1 ?
  That aside in terms of your PBR -
  1) remove the continue statement. I don't know what it is meant to be doing but as far as i know it has no effect with PBR
  2) more importantly your second statement is using a different route map name ie Test1 which makes it a completely different route map so the one applied to the interface only has the first statement in it which is the one for VPN traffic.
  Jon