3560switch: 十一月 2013

2013年11月28日星期四

Cisco 3560 Routing Between Vlans

I have got a cisco WS-C3560X-48P-S which i use as my core switch, it is setup with multiple vlans and ip ranges.

i am trying to get the 10.0.10.x ip range to be able to communicate with the 192.168.4.x range, my routing table is below and shows everything as i believe it should but when i try to ping from the 10.0.10.x range it fails? anyone have any ideas? do i need to do anything different as i am using vlan tagging?

do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.16.0 is directly connected, Vlan30

C 192.168.4.0/24 is directly connected, Vlan1

10.0.0.0/24 is subnetted, 3 subnets

C 10.0.10.0 is directly connected, Vlan20

C 10.1.1.0 is directly connected, Vlan100

C 10.0.0.0 is directly connected, Vlan10

150.150.0.0/21 is subnetted, 1 subnets

C 150.150.0.0 is directly connected, Vlan40

then yes, you need the static route on the host to point to 192.168.4.253 as that is the gateway for vlan 1 (directly attached network). Even if you add a static route on the router (192.168.4.254) that all other vlans are accessed via a static route of 192.168.4.253, this will cause TCP Half sessions. Example (assuming that no static route to 192.168.4.253 exists on the 192.168.4.10 host), if 10.0.10.10 sends a TCP syn packet to 192.168.4.10, the packet is sent via the default gateway (10.0.10.254). A routing table lookup is conducted on the 3650, the 192.168.4.0/24 network is directly attached via vlan 1, an ARP lookup is executed for 192.168.4.10 to obtain the MAC address to building the layer 2 frame, it is located and the packet is forward out directly via VLAN 1. The issue is on the return (TCP SYN), 192.168.4.10 sends a TCP SYN packet back to 10.0.10.10, so the packet is sent to the GW, 192.168.4.254. A routing table lookup is conducted and the route is via 192.168.4.253, so the packet is forwarded to the 3560. The 10.0.10.0/24 is directly attached on the 3560, an ARP lookup is executed for 10.0.10.10 to obtain the MAC address to building the layer 2 frame, it is located and the packet is forward out directly via VLAN 20 addressed directly to 10.0.10.10 and NOT sent back to 192.168.4.254 where the path of the TCP Packet was originated from. Any SPI Firewall will typically drop the TCP SYN packet as it does not have an entry in its SPI table for any SYN sessions from the originating host. In some cases you can disable SYN checking, but this might cause unforeseen issues. At any rate, best practice dictates to create another vlan for your Internet traffic (Vlan 2) and move the link over to that vlan, then you can use the WS-C3560V2-24PS-S as the aggregate gateway for all your traffic (Local and traffic destined to the Internet). The addition of the static route on the host is required for the topology you have that exists.

2013年11月26日星期二

Why window DHCP server is connected to a cisco routing switch in a LAN

We have Cisco WS-C3560X-48P-L switch within our LAN, which connects to a modem and through the fibre network to the service provider. This switch does the internet routing for our network.

We have PDC Windows 2008 server , which is also our DHCP server.
I have observed that the LAN port of the DHCP server is connected to one of the port in the Cisco 3560 switch.

We have another Cisco Core switch and on this switch all the remaining servers LAN ports get connected and also the uplinks from other segment comes and gets connected to this switch.

So there is also a RJ45 cable patched between the Core and the Cisco 3560.

I am not clear as why the DHCP LAN port is patched into the Cisco 3650 rather than the Core switch.
We have been allocated 10.14.116/22 to our network and the scope 10.14.116.1 - 10.14.119.254 is configured on our DHCP server.

I am not able to understand this connectivity. Please tell me technical how it works.
Any tutorial or link to understand this type of infrastructure connectivity will be great.

I am not clear as why the DHCP LAN port is patched into the Cisco 3650 rather than the Core switch. <-- I think no one here can answer this ^^

For technically why it works, you provided information is not enough to understand, and many scenario can do. Most common case is the core switch has configured ip helper to relay the DHCP request to your server

The port/server can be connected anywhere i.e in any switch as long as the particular port is under the same relevant vlan. Which physical switch, it does not matter. But since you have to connect it somewhere so anywhere, keeping the port config same.......

It all depends on what is connected to the core WS-C3560X-48P-S switch. IP helpers can be setup that route all DHCP broadcasts to the known DHCP server.

2013年11月25日星期一

Fiber connection question to Cisco 3560 switch

we are connecting a Cisco WS-C3750X-48T-L switch to a Cisco WS-C3560V2-24TS-S with Fiber. We have two SFP connectors in each switch. On the Cisco 3750, both connections are green. On the 3560, one is amber and one is green. We are able to send traffic from one switch to another but we aren't sure why one is amber. We want to combine the connectors so that we can send 2GB over the link. When we unplug either fiber connection on the Cisco 3560, the other connection turns green. My first question is why is one connection amber and secondly how do we combine the connections so that we can utilize 2GB.

we are connecting small network environment with one layer 3 Catalyst 3750 and two Catalyst 3560s running VLANs across them. All switches are placed in the same network rack.

There is some debate about how best to connect them together:

a) with LC fibre cables and SFP fibre adapters.

b) with CAT5e cables and SFP Gigabit adapters.

c) with Cisco Interconnect cables (but unfortunately we already have a bucket load of SFP gbic adapters

1) Is there any benefit of using fibre to interconnect them over such a short distance? (they're located above/below each other in the same rack!). If so, what are the benefits?

My understanding is that fibre really only offers better latency which is important over longer distances, and the SFP ports are gigabit no matter if you use fibre or CAT5e the speed is the same - therefore I can see no point in interconnecting them with fibre - but then again, I am not a Cisco expert.

So you have 2 fibers between switches which effectively creates a loop. So spanning-tree would then just one of the ports down to break the loop.

What you want to do is setup an etherchannel connection between the switches using both of those ports on each switch. This creates a virtual interface called a port-channel that looks like one connection from spanning-tree's viewpoint. Then it will send traffic down both links

The use of fibre optic against Cat5e began to become popular when used to span different floors and/or building. Unlike Cat5e which has a limit of 100 metres, specific fibre optic cables can go from short range (multi-mode) to long range (single-mode). Now if budget permits, I would always choose uplinks or inter-connection to be fibre optic over copper (Cat5/Cat5e or Cat6).

If fibre optic isn't feasible then get Cat6 instead.

2013年11月22日星期五

OSPF Between 2 Cisco 3560 Switches

I would like to connect two switches to one another, with each WS-C3560X-24P-L switch connected to one host. I would like to use a dynamic routing protocol such as OSPF between the two switches, and make sure that Switch1 can ping Host2 and Switch2 can ping Host1 and vice versa.

How can this be done using 2 Cisco 3560 Switches that have Layer 3 capability?

Host1 --------- Switch1 ---------------- Switch2 -------- Host2

Host1: 172.16.10.2 255.255.0.0

Interface fe1/1 - connected to Switch1 - switchport access vlan 2

Switch1: VLAN 2 - 172.16.10.1 255.255.255.0

interface g1/1 - 10.1.1.1 255.255.255.0 (connected to Switch2)

Switch2: VLAN 3 - 172.17.10.1 255.255.255.0

interface g1/1 - 10.1.1.2 255.255.255.0 (connected to Switch1)

Host2: 172.17.10.2 255.255.0.0

Interface fe1/1 - connected to Switch 2 - switchport access vlan 3

for very basic functionality try this on both switches:

switch1:

router ospf 10

network 172.16.10.0 0.0.0.255 area 0

switch2:

router ospf 10

network WS-C3560V2-48TS-S 172.17.10.0 0.0.0.255 area 0

2013年11月20日星期三

Cisco 3560 Lock IP Address

We want WS-C3560V2-24PS-S to lock an ip address to mac number. But we are not using DHCP , so is there any way to mac base protection on layer3 mode

You can use the following command...

arp <IPaddress> <MACaddress> arpa

If you remove the switch IP address through a Telnet session, your connection to the switch will be lost.

Hosts can find subnet masks using the Internet Control Message Protocol (ICMP) Mask Request message. Routers respond to this request with an ICMP Mask Reply message.

You can disable IP processing on a particular interface by removing its IP address with the no ip address command. If the switch detects another host using one of its IP addresses, it will send an error message to the console.

You can use the optional keyword secondary to specify an unlimited number of secondary addresses. Secondary addresses are treated like primary addresses, except the system never generates datagrams other than routing updates with secondary source addresses. IP broadcasts and ARP requests are handled properly, as are interface routes in the IP routing table.

This example shows how to configure the IP address for the Layer 2 switch on a subnetted network:

Switch(config)# interface vlan 1

Switch(config-if)# ip address 172.20.128.2 255.255.255.0

This example shows how to configure the IP address for a port on the Layer 3 switch WS-C3560V2-48PS-S:

Switch(config)# ip multicast-routing

Switch(config)# interface gigabitethernet0/1

Switch(config-if)# no switchport

Switch(config-if)# ip address 172.20.128.2 255.255.255.0

Cisco Catalyst 3560 48port; lots of ports not power PoE devices

Here's a weird experience I'm having with some of my cisco WS-C3560V2-24TS-S switches. After a power surge occurred, a few of my catalysts can't seem to power any of my PoE devices such as Cisco phones and AP's. These switches are plugged into an APC managed PDU which are connected to an APC RT 10k UPS.

It just seems like maybe the switches are not getting enough power required to fully enable PoE for each port. Do you think this is the case when plugged to a PDU?

I originally had them plugged to a separate UPS and had no issues. I have a Fluke Linkrunner AT 2000 that I use to diagnose ports but I'm not sure if this tool can test the PoE.

I would try plugging a switch directly into house power and bypass the UPS/PDU altogether. If you magically get full PoE like before, then the finger starts to point at the UPS/PDU. If you get the same results, perhaps the WS-C3560X-24P-L switch got hit by the surge in a way that (very strangely) only affected PoE.

2013年11月14日星期四

Huawei S3200 display debugging wlan all

Wcwp submodule- AR3260 switch information

-----------------------------------------------

sock-module-switch : on

fwd-module-switch : on

fr-module-switch : on

rt-module-switch : on

fsm-module-switch : on

codec-module-switch : on

dtls-module-switch : on

comm-module-switch : on

sfwd-module-switch : on

-----------------------------------------------

Wcwp debug-switch information

-----------------------------------------------

Error switch : off

Info switch : off

Message switch : off

Packet receive switch : off

Packet send switch : off

-----------------------------------------------

Wmap module switch :

-----------------------------------------------

Error switch : off

Info switch : off

Message switch : off

Packet receive switch : off

Packet send switch : off

-----------------------------------------------

Wsec module switch :

-----------------------------------------------

Error switch : off

Info switch : off

Message switch : off

Packet receive switch : off

Packet send switch : off

-----------------------------------------------

Wess module switch :

-----------------------------------------------

Error switch : off

Info switch : off

Message switch : off

Packet receive switch : off

Packet send switch : off

-----------------------------------------------

Wglb module switch :

-----------------------------------------------

Error switch : off

Info switch : off

-----------------------------------------------

Wlbm module switch :

-----------------------------------------------

Error switch : off

Info switch : off

-----------------------------------------------

Wlbm module switch :

-----------------------------------------------

Error switch : off

Info switch : off

-----------------------------------------------

Wcfg module switch :

-----------------------------------------------

Error switch : off

Info switch : off

Message switch : off

Packet receive switch : off

Packet send switch : off

-----------------------------------------------

Wrfm module switch :

-----------------------------------------------

Error-Switch : off

Info-Switch : off

Message-Switch : off

Packet-Receive-Switch : off

Packet-Send-Switch : off

-----------------------------------------------

Wsta module switch:

-----------------------------------------------

Error-Switch : on

Info-Switch : on

Message-Switch : on

Packet-Receive-Switch : on

Packet-Send-Switch : on

-----------------------------------------------

For more Huawei ME60-X3 information please click here

2013年11月11日星期一

Cisco Catalyst 3560-X Ethernet Switch

Cisco WS-C3560X-24T-L series products have two main categories, Cisco 3560V2 and Cisco 3560X, 3560V2 is FE based switch while 3560X is GE based switch, the previous Cisco 3560, 3560G and 3560E are end of sales now and replaced by Cisco 3560V2 and Cisco 3560X. Cisco Catalyst 3560 v2 Series consumes less power than its predecessors. The 3560-X Series Switches is an enterprise-class lines of stackable and standalone switches. 3Anetwork.com keeps regular stock of 3560V2 and 3560X switches. Among all Cisco Catalyst 3560 switches, WS-C3560V2-24TS-S, WS-C3560V2-24PS-S WS-C3560X-24T-L, WS-C3560X-24T-S and WS-C3560X-24P-S are best selling models. 3Anetwork.com offers best Cisco 3560 Price, Cisco 3560V2 Price, Cisco 3560X Price, ship to worldwide.

I just put together a spreadsheet for the Clear Winds sales team on a comparison between Cisco 3750-X switches and below, as opposed to Brocade ICX 6610 switches and below. When you are comparing apples to apples (and you should), Brocade always seems to win from my perspective.

Here are the apples to apples comparisons:

Cisco 3750-X compares to a Brocade ICX 6610

Cisco 3750G/3560-X compares to a Brocade FCX series/ICX 6610

Cisco 2960-S compares to a Brocade ICX 6450

The Cisco Catalyst3750-X and 3560-X Series Switches are an enterprise-class lines of stackable and standalone switches, respectively. These switches provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower (available only on the Catalyst 3750-X), IEEE 802.3at Power over Ethernet Plus (PoE+) configurations, optional network modules, redundant power supplies, and Media Access Control Security (MACsec) features.

For more Cisco information please click here

http://www.3anetwork.com/cisco-ws-c3560x-24t-s-price_p45.html

2013年11月5日星期二

Cisco WS-C3560X-48T-S 3560X Series 48 Port Catalyst Switch

The Cisco Catalyst 3560X-48T-S Layer 3 Switch Ethernet Switch is an enterprise-class lines of stackable and standalone switch, respectively. This switch provides high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, IEEE 802.3at Power over Ethernet Plus (PoE+) configurations, optional network modules, redundant power supplies, and Media Access Control Security (MACsec) features

The Cisco Catalyst 3560-X Series Switches are an enterprise-class lines of stackable and standalone switches, respectively. These switches provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as IEEE 802.3at Power over Ethernet Plus (PoE+) configurations, optional network modules, redundant power supplies, and Media Access Control Security (MACsec) features. The Cisco Catalyst 3560-X enhances productivity by enabling applications such as IP telephony, wireless, and video for borderless network experience.

For more Cisco 3925 price information please click here

订阅：评论 (Atom)