C3560X switch: 十一月 2013

2013年11月26日星期二

cisco catalyst and cisco sbs with vlan

I have a cisco WS-C3560V2-24TS-S catalyst that i use as my gateway device. I also have a cisco sbs in the mix as well. Right now everything is working just fine. One cool thing i can do on the catalyst is create a single port interface assign to vlan 15. When i try the same thing on the cisco sbs using the gui it does not work at all. The SBS is allowing trunk access as i am able to hit all 3 of my VLANS.
I want to connect to the sbs on port 10 and assign my local network address to be 192.168.15.x Any idea how i can do that.
( sg 200)

interface ethernet g10
switchport mode general
exit
vlan database
vlan 15,50
exit
interface ethernet g10
switchport general allowed vlan add 15 untagged
exit
interface vlan 15
name Servers
exit
interface vlan 50
name Shoretel
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
interface vlan 1
ip address 192.168.1.39 255.255.255.0
exit
ip default-gateway 192.168.1.47
interface vlan 1
no ip address dhcp
exit
bonjour service enable csco-sb
bonjour service enable http
hostname switch0fadac
no passwords complexity enable
username cisco password f7cdfec1454cbfcc61a97c9f6ce47515ed550d00 level 15 encrypted
clock timezone -8
clock summer-time recurring usa
snmp-server set rlAutomaticClockSetFromPCEnabled rlAutomaticClockSetFromPCEnabled true

CATALYST 3560
S
!
hostname Server_3560G
no aaa new-model
udld aggressive

ip subnet-zero
ip routing
ip dhcp excluded-address 192.168.1.150 192.168.1.157
ip dhcp excluded-address 192.168.1.250 192.168.1.254
ip dhcp excluded-address 192.168.1.133
ip dhcp excluded-address 192.168.1.144
ip dhcp excluded-address 192.168.1.164
ip dhcp excluded-address 192.168.1.168
ip dhcp excluded-address 192.168.1.229
ip dhcp excluded-address 192.168.1.226
ip dhcp excluded-address 192.168.1.224
ip dhcp excluded-address 192.168.1.227
ip dhcp excluded-address 192.168.1.228
ip dhcp excluded-address 192.168.1.1 192.168.1.123
!
ip dhcp pool User_VLAN1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.47
dns-server 192.168.1.22 10.10.99.24
lease 8
mls qos map cos-dscp 0 8 16 26 32 46 46 56
mls qos
macro global description cisco-global | cisco-global
errdisable recovery cause link-flap
errdisable recovery interval 60
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
no spanning-tree vlan 49-50
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport access vlan 15
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/3
switchport access vlan 15
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode access
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15,50
switchport mode trunk
!
interface GigabitEthernet0/6
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/9
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15,50
switchport mode trunk
!
interface GigabitEthernet0/10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/11
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/13
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/14
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/15
switchport access vlan 15
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/17
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/18
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,50
switchport trunk pruning vlan none
switchport mode trunk
!
interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15,50
switchport mode trunk
!
interface GigabitEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15,50
switchport mode trunk
!
interface GigabitEthernet0/21
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/22
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/24
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,15
switchport mode trunk
!
interface GigabitEthernet0/25
switchport trunk pruning vlan none
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 192.168.1.47 255.255.255.0
!
interface Vlan15
ip address 192.168.15.1 255.255.255.0
!
interface Vlan49
ip address 192.168.238.240 255.255.255.0
!
interface Vlan50
ip address 192.168.16.240 255.255.255.0
no ip redirects
!
ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 255.255.255.255 10.16.14.2
ip route 192.168.253.0 255.255.255.0 192.168.16.243
ip http server
!You can only have one active vlan interface on a layer 2 cisco WS-C3560V2-48TS-S switch. If you want to use an interface vlan 15 on the SG switch you will have to shut down the interface vlan 1 after creating the interface vlan 15. Then you should be able to connect to the sg 200 on that new interface.

2013年11月25日星期一

Configure Cisco 3560 with 2008R2 NAP for guest and internal VLANs

Hosts and users should be authenticated by a Radius Server. According to the user or machine group, when someone connects, the port on the Switch should be changed to an internal authorized VLAN. Users / PCs not in an AD security group should be placed in an "internet only" guest VLAN. .

Radius Server: MS Server 2008 R2

Client: MS Windows 7

Switch: Cisco Catalyst WS-C3560V2-24TS-S

Routing is done from the Core switch

DHCP is on a 2008R2 Server

I have ports on the switch configured as:

interface FastEthernet0/11

description ports for radius

switchport mode access

switchport voice vlan 800

switchport priority extend trust

switchport port-security maximum 2

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

mls qos trust device cisco-phone

mls qos trust cos

auto qos voip cisco-phone

dot1x pae authenticator

dot1x port-control auto

dot1x host-mode multi-domain

dot1x timeout reauth-period 60

dot1x reauthentication

dot1x guest-vlan 50

dot1x auth-fail vlan 30

dot1x auth-fail max-attempts 2

spanning-tree portfast

spanning-tree bpduguard enable

end

Your NPS Server needs to have a certificate trusted by the workstations. This can mean a certificate you buy, or one from an internal certificate authority that has been installed as a trusted CA by your workstations.

Checklist: Configure NPS for 802.1X Authenticating Switch Access

http://technet.microsoft.com/en-us/library/cc732256(v=ws.10).aspx

focusing on the NPS policy

Use the 802.1X Wizard to Configure NPS Network Policies

http://technet.microsoft.com/en-us/library/dd283091(v=ws.10).aspx

Don't forget the RADIUS portion of your switch config

aaa new-model

aaa group server radius rad_eap

server name YOURNPSSERVERNAME1

server name YOURNPSSERVERNAME2

aaa authentication dot1x default group rad_eap

aaa authorization network default group rad_eap local

radius-server attribute 32 include-in-access-req format %h

radius-server retransmit 2

radius-server timeout 3

radius-server deadtime 1

radius-server key your-shared-key-for NPS-servers

radius-server vsa send authentication

radius server YOURNPSSERVERNAME1

address ipv4 10.0.0.10 auth-port 1645 acct-port 1646

radius server YOURNPSSERVERNAME2

address ipv4 10.0.0.11 auth-port 1645 acct-port 1646

500 WS-C3560X-48T-S

Excellent

2013年11月22日星期五

CISCO 3560 SWITCH - VLANS - SECURING VLANS

I have a WS-C3560X-24P-S 24 port switch that I have VLANS created on -

this switch will be put into a multi-tenant building / each port equates to a separate office.

I have all of the interface stuff ready to go but would like to secure each VLAN from each other.

I am guessing that I need some sort of access-list to accomplish that - Is there any other way?

It allows you to restrict traffic between ports (VLANs) without requiring you to create a separate IP addressing scheme for each VLAN.

Basically, there are 3 types of ports in a private VLAN environment.

Isolated - Can only communicate with promiscuous ports

Community - Can only communicate with ports in the same community and promiscuous ports (you can have multiple communities).

Promiscuous -WS-C3560X-24P-L Can communicate with all ports.

2013年11月20日星期三

Where to buy Cisco WS-C3560V2-24TS-S?

The Cisco list price for WS-C3560V2-24TS-S is 2,995.00 USD, there are many suppliers for this, according to our research on WS-C3560V2-24TS-S Price, best price is from, http://www.3anetwork.com/cisco-ws-c3560v2-24ts-s-price_p48.html, 879.00 USD, but they are based in Hong Kong, so may take 3 days to reach your country, some other sources for your reference:

1, distributors, like Ingram Micro, Comstor, Tech Data, Redington etc, different countries different distributors, also different price related to your region, partner level and project level, normally around 30%~60% off GPL;

2, http://www.amazon.com/Cisco-Catalyst-Series-Standard-WS-C3560V2-24TS-S/dp/B002CBHMEC/ref=sr_1_1?ie=UTF8&qid=1385003702&sr=8-1&keywords=WS-C3560V2-24TS-S , 729.00 USD, good price but frankly speaking Amazon is not professional in Cisco products at all, as can see from their description, also the list price 2995 USD is not correct, if you are located in US, maybe you can try, otherwise better find a professional networking supplier,

3, http://us.hardware.com/products/cisco/WS-C3560V2-24TS-S, 2,036.59 USD, more professional but price too too expensive;

4, http://www.ebay.com/itm/NEW-CISCO-WS-C3560V2-24TS-S-24-Port-Catalyst-MANAGED-GIGABIT-SWITCH-OPEN-BOX-/251382792120?pt=US_Network_Switches&hash=item3a8794ffb8, there are many cheap option, if want a used one, ebay would be a good source;

WS-C3560V2-24TS-S, Catalyst 3560V2 24 10/100 + 2 SFP + IPB (Standard) Image

2013年11月14日星期四

Configuration file of Huawei Router AR3200

sysname Router Huawei AR3260

vlan batch 10 20

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10 20

load-balance src-dst-mac

interface Ethernet1/0/1

eth-trunk 1

interface Ethernet1/0/2

eth-trunk 1

interface Ethernet1/0/3

eth-trunk 1

interface Ethernet1/0/4

port link-type trunk

port trunk allow-pass vlan 10

interface Ethernet1/0/5

port link-type trunk

port trunk allow-pass vlan 20

return

sysname RouterB

vlan batch 10 20

interface Eth-Trunk1

port link-type trunk

port trunk allow-pass vlan 10 20

load-balance src-dst-mac

interface Ethernet1/0/1

eth-trunk 1

interface Ethernet1/0/2

eth-trunk 1

interface Ethernet1/0/3

eth-trunk 1

interface Ethernet1/0/4

port link-type trunk

port trunk allow-pass vlan 20

interface Ethernet1/0/5

port link-type trunk

port trunk allow-pass vlan 10

return

For more Huawei ME60-X3 information please click here

24- and 48-Port Cisco 3560 Switches

Attaching Brackets to the Catalyst WS-C3560V2-48PS-S Switch

The bracket orientation and the brackets that you use depend on whether you are attaching the brackets

for a 19-inch or a 24-inch rack.

• For 19-inch racks, use bracket part number 700-8209-01

• For 24-inch racks, use bracket part number 700-13248-01.

After the switch is mounted in the rack:

1. Connect to a 10/100 or 10/100/1000 port, and run Express Setup. STo use the CLI setup program,“Configuring the Switch with the CLI-Based Setup Program.”

2. Connect to the front-panel ports.

• Catalyst 3560-24PS, 3560-24TS-S, 3560-48PS, and 3560-48TS-S

• Catalyst 3560G-24PS, 3560G-24TS, 3560G-48PS, and 3560G-48TS

These switches wall-mount with the front panel facing up or down:

• Catalyst 3560V2-24PS, 3560V2-24TS, 3560V2-48PS, and 3560V2-48TS

After the switch is mounted in the rack:

1. Power on the switch.

2. Connect to a 10/100 or 10/100/1000 port, and run Express Setup. To use the CLI setup program,

3. Connect to the front-panel ports.

Table- or Shelf- Mounting

Step 1 Locate the adhesive strip with the rubber feet in the mounting-kit envelope. Attach the four rubber feet

to the bottom of the switch near the corners.

Note Do not attach the rubber feet over the recessed screw holes on the bottom of the switch.

Step 2 Place the switch on the table or shelf near an AC power source.

After the switch is mounted in the rack:

1. Power on the switch. See the “Verifying Switch Operation” section on page 2-6.

2. Connect to a 10/100 or 10/100/1000 port, and run Express Setup.

Getting Started Guide for instructions.

3. Connect to the front-panel ports.

For more Cisco information please click here

http://www.3anetwork.com/cisco-ws-c3560x-48pf-l-price_p60.html

2013年11月7日星期四

WS-C3750V2-48TS-S,Catalyst 3750V2 48 10/100 + 4 SFP Standard Image

The Cisco Catalyst WS-C3750V2-48TS-S Series Switches are next-generation energy-efficient Layer 3 Fast Ethernet stackable switches. This new series of switches supports Cisco EnergyWise technology, which enables companies to measure and manage power consumption of network infrastructure and network-attached devices, thereby reducing their energy costs and their carbon footprints. The Cisco Catalyst 3750 v2 Series consumes less power than its predecessors and is the ideal access layer for enterprise, retail, and branch-office environments, as it increases productivity and investment protection by enabling a unified network for data, voice, and video.

Manufacturer/Supplier: Cisco Systems, Inc

* Manufacturer Part Number: WS-C3750V2-48TS-S

* Manufacturer Website Address: www.cisco.com

* Brand Name: Cisco

* Product Line: Catalyst

* Product Series: 3750

* Product Model: 3750V2-48TS

* Product Name: Catalyst 3750V2-48TS Stackable Ethernet Switch

* Marketing Information: The Cisco Catalyst 3750V2-48TS Switch is next-generation energy-efficient Layer 3 Fast Ethernet stackable switch. This new switch supports Cisco EnergyWise technology, which enables companies to measure and manage power consumption of network infrastructure and network-attached devices, thereby reducing their energy costs and their carbon footprints. The Cisco Catalyst 3750V2-48TS consumes less power than its predecessors and is the ideal access layer for enterprise, retail, and branch-office environments, as it increases productivity and investment protection by enabling a unified network for data, voice, and video.

* Product Type: Layer 3 Switch

* Number of Ports: 48

* Fast Ethernet Port: Yes

The Cisco Catalyst 3750 v2 series is the next generation energy-efficient Layer 3 fast Ethernet, stackable switches. This series of switches support Cisco EnergyWise technology, which enables companies to measure and manage power consumption of network infrastructure and network-attached devices, thereby reducing their energy costs and their carbon footprint.

For more Cisco WS-C3750V2-48PS-S information please click here

2013年11月4日星期一

Cisco compatible SFP-10G-SR

SFP-10G-SR,Transceiver in 6120XP for ethernet uplink,Cisco SFP+ optical modules that are supported in the 500X switches are: SFP-10G-SR, SFP-10G-LRM, and SFP-10G-LR.

For instance, the SFP+ is available for the Cisco Nexus 7000 Series and Cisco Nexus 5000 Series. The new transceiver is expected to propagate across the Cisco Catalyst 6000 Series Switches, including incorporation in new line cards for the Cisco Catalyst 6500, as well as to the next-generation Cisco Catalyst 4500 Series and Cisco Catalyst 3000 Series Switches. The Catalyst 3560-X switch supports the SFP+ module patch cable, a 0.5-meter, copper, passive cable with SFP+ module connectors at each end. The patch cable connects two Catalyst 3560-X switches in a cascaded configuration. The Cisco SFP-10G-SR module supports a link length of 26m on standard Fiber Distributed Data Interface (FDDI)-grade multimode fiber (MMF). Using 2000MHz*km MMF (OM3), up to 300m link lengths are possible. Using 4700MHz*km MMF (OM4), up to 400m link lengths are possible.

3Anetwork.com keeps regular stock of Cisco SFP-10G-SR, Cisco 10GBASE-SR Module SFP-10G-SR supports a link length of 26m on standard Fiber Distributed Data Interface (FDDI)-grade multimode fiber (MMF). Using 2000MHz*km MMF (OM3), up to 300m link lengths are possible. Using 4700MHz*km MMF (OM4), up to 400m link lengths are possible.

For more Cisco GLC-LH-SMD information please click here

2013年11月3日星期日

Cisco HWIC-2FE Cabling

The Cisco Fast Ethernet HWICs are singlewide interface cards, available as a 1-port HWIC (HWIC-1FE) and as a 2-port HWIC (HWIC-2FE), that provide Cisco modular and integrated services routers with additional Layer 3 routed ports.

The Cisco High-Speed WAN Interface Card (EHWIC) is an updated and enhanced version of the current HWIC for the Cisco Integrated Services Router Generation 2 (ISR G2). The EHWIC offers greater speeds (up to 800 Mbps bidirectionally) and higher port density than the current WIC. It also has a third row of pins for increased power to the cards, as well as support for Enhanced Power over Ethernet (EPoE) with up to 20 watts per port. Furthermore, the EHWICs have a connection to the traditional router CPU and the new Multi-Gigabit Fabric (MGF) backplane. EHWICs are available in single-wide and double-wide form factors.

While researching solutions, you remember some of the new benefits the more recent L2TPv3 can provide. As you research some of the benefits of L2TPv3 you learn that a Layer 2 connection can be extended across a Layer 3 network using a feature called x-connect or a “pseudo-wire “. As you investigate further the requirements and configuration you realize you have everything needed to make this connectivity scenario happen. The hardware involved is a Cisco 2811 router at the remote distant building (across a L3 WAN) with the guest Internet router at the main site also being a 2811 both running a 12.4 T code that supports L2TPv3. An obvious requirement is IP connectivity between each 2811 router for the “pseudo-wire” to function. The remote router at the distant location is reachable already since it’s within your company’s routing (table) domain while the guest Internet router is L3 reachable via a management interface.

For more Cisco WS-X45-SUP6L-E information please click here

订阅：博文 (Atom)