6500 FWSM - ping interface VLAN

I pass the FWSM 6509e catalyst module. I set up 2 VLANS as follows.

HR VLAN ID 16 - gateway - X.X.16.1

Management VLAN ID Gateway 18 - X.X.18.1

I try to do a ping from host in 16 vlan to a host to vlan 18 which is successful, but I can't ping 18 bridge vlan that is X.X.18.1. why it is so?

Please answer.

Okay, that's fine, please rate if useful.

Concerning

Farrukh

Tags: Cisco Security

Similar Questions

Switch all 6500 FWSM

I'm setting up a cisco 6509 switch with FWSM, but it a little confusing to implement. I'm following the next of the http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00808b4d9f.shtmldocumentation, however, depending on the following configuration has failed. I would check if my interpretation is correct. The FWSM firewall is like a part doesn't work don't not with switch, from what I've seen on the configuration of the conversation of FWSM example with the switch through a VLAN specific and am not together, correct? If so, created because the configuration is incorrect? The next option below.

6500 switch

interface vlan 10

IP 192.168.10.1 255.255.255.0

FWSM

interface vlan 10

nameif outside

security-level 0

address 192.168.10.2 255.255.255.0

interface vlan 20

nameif inside

security-level 100

address 172.16.10.1 IP 255.255.255.0

interface vlan 30

nameif dmz

security-level 60

address 172.16.20.1 255.255.255.224

No VLAN 10,20 and 30 create 6500 switch.

Concerning

Ricardo

"not create VLAN 10,20 and 30 on the 6500 switch."

All VLANS have exist to L2 on the 6500. So, if you do a ' sh vlan "on the 6500, you should see VLAN 10,20,30. If you have not your configuration will not work.

In addition, you must have L3 vlan interface to the external interface, you have your config, IE. -

6500 switch

interface vlan 10

IP 192.168.10.1 255.255.255.0

But you must not have an interface vlan to VLAN 10 & 20 L3.

Jon

Maximum virtual interfaces (VLANS) FWSM latest version

Hello

Please someone (perhaps cisco) can tell me for the FWSM for the latest 3.x version that corresponds to the maximum number of virtual interfaces (VLANS)?

Best regards.

It depends on the firewall mode, but I think that most of the time, the limit of vlan is related to the routed mode.

Refer to this VLAN 3.1 FWSM features/limit:

http://www.Cisco.com/en/us/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a0080577c68.html#wp1052995

HTH

AK

interface vlan problems addin

Hello

I have a problem with my 8164F with 6.1.0.1 powerconnect version

I create the vlan 643

then I create an interface vlan

interface vlan 643
IP 172.24.64.2 255.255.240.0
output

When I ping the ip address of the switch

ping 172.24.64.2
Ping 172.24.64.2 with 0 bytes of data:

4 packets transmitted, 0 packets received, 100% packet loss
round-trip (MS) min/avg/max =<10><10><>

in the journal, I have the following line

<173>11 Jun 14:39:29 172.16.8.100 - 2 TRAPMGR [1206213340]: traputil.c (697) 1604 %% link on Vl643 is down

show ip interface vlan 643

State of the routing interface... Down
Primary IP address... 172.24.64.2/255.255.240.0
Method......................................... Manual
Routing mode... Enable
Administrative mode... Enable
NET before realized emissions... Disable
Proxy ARP...................................... Enable
Local Proxy ARP... Disable
Statement of assets... Inactive
MAC address... D067. E595.0B1A
Type of encapsulation... Ethernet
IP MTU......................................... 1500
Bandwidth...................................... 10000 Kbps
Destination unreachable... Activated
ICMP redirects... Activated

that really interested me

I simplified my config and merge the two portchannel.

and it works.

I'll come by later to STDs

Interface VLAN SG300-28 Firmware 1.3.7.18

Hello

I just my SG300 to update the last firrmware 1.3.7.1.8 and I met this problem:

-By default, the interface VLAN has been activated, but the display is always disabled

-I can not change and I can not ping to the VLAN IP interface as well (I gave an IP 192.168.10.1)

Is this a bug? Does anyone know how to fix this? Please help me!

Appreciate your help

Minh

minh06,

You upgrade the startup code for Sx300_FW_Boot_1.3.5.58 ?

-Marty

SG300/SG500 remove interface vlan

Hello!

The question is the following:

I add a VLAN interface to test IP connectivity to this vlan by adding an IP address for this interface vlan and ping on a host.

for example
interface vlan 5
192.168.0.251 IP address 255.255.255.0

Then I can remove the ip address "without ip address', but I can't delete the ' interface vlan 5".»

Even when I delete the vlan itself of the database for vlan. There is no command "no interface vlan. I can only stop the interface vlan.

If anyone knows how to remove the interface vlan switches SG300/SG500 cli.

Thanks, Woeger

Hello

I tried just that with my switch from laboratory here.

I created VLAN 10 and he has given an IP address.

Then I did a no ip address on the interface VLAN and then not a vlan 10.

At this stage there is no interface THAT VLAN 10 in my config running or when I do a show ip interface.

So remove the VLAN has done actually remove the interface for me, brings me to my question.

What version of the bootcode/firmware do you currently use? Maybe this problem has been fixed, because I am running 1.3.7.18 firmware with 1.3.7.01 code to boot.

If you are on a low moving forward and put to date, don't forget to upgrade the boot thus code, it is necessary for new versions of firmware.

Hope that help, but if not just let me know and we can take another look,

Christopher Ebert - Advanced Network Support Engineer

Cisco Small Business Support Center

* Please note the useful messages *.

3rd interface VLAN does not add properly

Hello

I have some difficulty with a switch 300 series running in mode of L3. I created two VLANS each with an interface IP that work well without any problems. The problem I have is when adding a third interface VLAN and IP - for some reason the switch seems not add the subnet in its routing as a directly connected route table.

The first and second VLAN add correctly. It seems to be the third. I have factory default, the switch and still the same. Version is 1.1.2.0.

The Setup is as follows:

VLAN1 - 10.20.2.253/24

VLAN2 - 192.168.2.253/24

VLAN3 - 192.168.3.253/24

Ping results are:

switch27b42e #ping 10.20.2.253

Ping 10.20.2.253 with 18 bytes of data:

18 bytes from 10.20.2.253: icmp_seq = 1. time = 0 ms

18 bytes from 10.20.2.253: icmp_seq = 2. time = 0 ms

18 bytes from 10.20.2.253: icmp_seq = 3. time = 0 ms

18 bytes from 10.20.2.253: icmp_seq = 4. time = 0 ms

-10.20.2.253 PING Statistics-

4 packets transmitted, 4 packets received, 0% packet loss

round-trip (ms) min/avg/max = 0/0/0

switch27b42e #ping 192.168.2.253

Ping 192.168.2.253 with 18 bytes of data:

18 bytes to 192.168.2.253: icmp_seq = 1. time = 0 ms

18 bytes to 192.168.2.253: icmp_seq = 2. time = 0 ms

18 bytes to 192.168.2.253: icmp_seq = 3. time = 0 ms

18 bytes to 192.168.2.253: icmp_seq = 4. time = 0 ms

-192.168.2.253 PING Statistics-

4 packets transmitted, 4 packets received, 0% packet loss

round-trip (ms) min/avg/max = 0/0/0

switch27b42e #ping 192.168.3.253

Ping 192.168.3.253 with 18 bytes of data:

PING: net-unreachable

PING: net-unreachable

PING: net-unreachable

PING: net-unreachable

-192.168.3.253 PING Statistics-

4 packets transmitted, 0 packets received, 100% packet loss

Additional output which can be interesting:

switch27b42e #show ip int vlan 1

Type of priority status done IP address

Broadcast

------------------- ----------- ---------- ---------- -----------

static 10.20.2.253/24 disable invalid

switch27b42e #show ip int vlan 2

Type of priority status done IP address

Broadcast

------------------- ----------- ---------- ---------- -----------

static 192.168.2.253/24 disable invalid

switch27b42e #show ip int vlan 3

Type of priority status done IP address

Broadcast

------------------- ----------- ---------- ---------- -----------

static 192.168.3.253/24 disable invalid

switch27b42e #show ip route

Maximum parallel paths: 1 (1 after reset)

IP routing: enabled

Code: C - connected, S - static, D - DHCP

C 10.20.2.0/24 is directly connected vlan 1

C 192.168.2.0/24 is directly connected vlan 2

What I am doing wrong?

Thank you in advance.

Craig

Hi Craig,.

I don't think you're doing anything wrong.

The command line shows that this IP for VLAN3 interface is not connected, or at least nothing is connected physically VLAN3.

Connect a PC VLAN3 and see if the interface road happens.

I guess just that nothing is plugged physically vlan3.

regards Dave.

F10 4820 t - pulsations on the interface vlan

Hello everyone

Using Force10 S4820T on 9.6

Rate limits can be applied to the physical interfaces only? and if yes how can I do to fix a speed limit on an interface vlan? Policy-map?

Thanks in advance

Based on the information contained in the user guide, it seems that it cannot apply to the physical interface.

Page 739:

http://bit.LY/1IRtdlU

How to view associated with an interface VLAN IP address?

I have a 6224 with some VLANs set up. I have addresses assigned to most of VLANs (i.e. "configuration, interfaces, vlan 20, ip 192.168.20.254 address '). I can't seem to find a way to have the switch shows that vlan interfaces have this ip assigned, either the CLI or from the web interface. It does not help that I don't think that the web interface even exposes settings for this at all.

Thank you

Scott

Assign IP address to the Interface VLAN of Web Admin?

It is a simple question, I can't find can in the web config page to assign an IP to an interface vlan.

Example: I create a vlan 40 and assign ip 192.168.40.254/24 to it, I can accomplish this with the CLI with 'config; interface vlan 40; "192.168.40.254 IP address 255.255.255.0" but it does not seem to exist in the web interface!

Thank you
Scott

XConnect - interface vlan

Hello

I can create Tunnel Xconnect (OVER MPLS NETWORK) between the Vlan interface to the physical interface on the other site?

For example:

site 1:

interface GigabitEthernet7/2.88
Xconnect 1 Site Description
encapsulation dot1Q 88
XConnect 1.1.1.2 88 mpls encapsulation

Site 2:

interface Vlan 88

Xconnect 2 Site Description
IP 192.168.2.2 255.255.255.0

XConnect 1.1.1.1 88 mpls encapsulation

anyone tried this type of installation?

Thank you

Alon.

Hello

Yes. It will work.

X interface VLAN 4451

I try to configure interfaces VLAN on a 4451 X and problem. I can configure subinterfaces, but I want to set up a real interface VLAN like this:

B12_3925 (config) #int vlan 11
* Jan 11 21:17:20: % LINEPROTO-5-UPDOWN: Line protocol on the Interface Vlan11, change of State down
B12_3925(Config-if) #IP add 192.168.100.1 255.255.255.0

Am I missing something? This should be very simple.

Thank you

Hello

4451-X is a router, so, working with the VLAN is different to the switches. Creating a interface Vlan would make sense only if you had a switching module installed in this router and had some of its interfaces configured as switchports in the VLAN individual. Otherwise, the only way to work with the VLAN attached to interfaces routed to this router is to create some subinterfaces.

Keep in mind: a router can have several routed interfaces and each of them can put an end to an independent set of VLANS. To a router, simply saying 'VLAN 11' doesn't mean anything, because this VLAN can be used on several routed ports and their subinterfaces. That's why the style interface Vlan is not used with routers without changing of modules installed because it is ambiguous.

Welcome to ask for more!

Best regards
Peter

The interface VLAN ACL of inbound traffic?

Hi, I may be over thinking this, but I have an ACL that is applied when entering an interface vlan. I have a line to allow udp any any newspaper which is temporary. I see hits, but the source ip address is outside the network to the ip address of the destination interface vlan. I expect to see ip source addresses only in the range of ip addresses of 192.168.1.128/25. What do you think? Thank you

Interface vlan 100

IP 192.168.1.132 255.255.255.128

IP access-group ACL_IN in

Hit of the ACL

% S: SW1-6-IPACCESSLOGP: list of the allowed ACL_IN 192.168.6.100 (137) udp-> 192.168.1.132 (137), 1 packet

Hello

That looks like to me WINS navigation, a response packet.

And as MS navigation works at level 2, it sends a response to the IP of the router where he sees demand for travel coming - maybe your customers have a configured WINS server address?

Do not forget
allow udp any any newspaper

will match ANY ip src, not only your local subnet and is why your journal entries show the traffic in both directions.

Rgds

Ian

Interface VLAN traffic information

Hi all

Could someone please advice what traffic demonstrated Interface VLAN?

For example, I have two interfaces, VLAN 10, and I created the layer 3 Interface VLAN 10.

If I monitor the traffic of 10 to VLAN, the two interfaces combined traffic statistics?

Thank you

Prasanna Kumar deully

Oh sorry I thought you meant span monitor where you register the interface traffic combined with the terms of a vlan

To answer your question, it will display the number of ip layer 3 traffic in packets to all interfaces grouped under the vlan, then Yes, the two interfaces will show the interface of layer 3 vlan, some platforms will also show some L2 information like below and its shows 30 sec count on VLAN interfaces, but number five on the physical interface FA0/1

Vlan149 is up, line protocol is up
Material is EtherSVI, the address is 0008.e3ff.fd90 (bia 0008.e3ff.fd90)
The Internet address is x.x.x.x/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
KeepAlive not supported
Type of the ARP: ARPA, ARP Timeout 04:00
Last entry of 00:00:14, exit ever, blocking of output never
Last clearing of "show interface" counters 24w4d
Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0
Strategy of queues: fifo
Output queue: 0/40 (size/max)
30 second entry rate 2134000 bps, 381 packets/s
exit rate of 30 seconds 2019000 bps, 460 packets/s
L2 switching: ucast: 30595061 pkt, 2268569227 bytes - mcast: 0 pkt, 0 bytes
L3 in Switched: ucast: 5882988002 pkt, 1908218042989 bytes - mcast: 1623 pkt, 775020 bytes
L3 on Switched: ucast: 5579358870 pkt, 1872959920772 bytes - mcast: 322 pkt, 138259 bytes
5886751734 packets input, 1885010127367 bytes, 0 no buffer
Received 0 emissions (28 of IP multicasts)
0 Runts, 0 giants, 0 shifters
entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored
5618600472 packets output, 1854023804196 bytes, 0 underruns
0 output errors, 0 interface resets
output buffer, the output buffers 0 permuted 0 failures

SG300-20 - configure DHCP on the interface VLAN

I have read the different partners of the discussions on the SG300 and SG500 going on regarding the high setting of VLAN and DHCP on VIRTUAL networks. For some reason, I could not get even this simple task to work.

First thing I did was update my version firmware and boot as follows:

SW version 1.3.7.18 (date of 12 January 2014 time 18:02:59)

Start the 1.3.5.06 version (dated 21 July 2013 times 15:12:10)

HW version V02

When I rebooted the SG300 after the SW/Boot updates the boot configuration has been crushed and I had to configure my switch from scratch. The intention is to have two VIRTUAL networks:

VLAN 1: all the devices, servers, etc.

VLAN 2: subnet basis which distributes DHCP addresses

The SG300-20 is connected to a router Asus RT-AC66U on the 192.168.1.x subnet and provides access to the internal network and WiFi access (IP address of the router is 192.168.1.1 and the default gateway). Everything works without any problem. So my task is simply to create 2 VLANS on 192.168.2.x subnet and use DHCP to assign addresses. I spent many hours on it and I still can't get it to work. When I connect a laptop to the port (GI8) assigned to 2 VLANS, I end up finding a few wobbly 169.254.x.x address. I definitely thought something would not 'easy' that hard to set up, but apparently I was wrong.

The SG300 is running in mode L3 as shown in my running-config below.

Someone gets to see something which could prevent my client from the laptop to receive the interface VLAN 2 DHCP IP addresses that are not on the 192.168.2.x subnet?

Any ideas / suggestions would be greatly appreciated!

Here's my running-config:

config-file-header
MYSTICSW1
v1.3.7.18 / R750_NIK_1_35_647_358
CLI v1.0
router adjustment system mode

SSD of encrypted file indicator
@
SSD-control-start
config of SSD
control of password file unrestricted SSD
no control of the integrity of the file ssd
SSD-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
database of VLAN
VLAN 2
output
Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
Add a voice vlan Yes-table 00036 b Cisco_phone___
Add a voice vlan Yes-table 00096e Avaya___
Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
Add a voice vlan Yes-table 00d01e Pingtel_phone___
VLAN voice Yes-table add Polycom/Veritel_phone___ 00e075
Add a voice vlan Yes-table 00e0bb 3Com_phone___
Hello interface range vlan 1
hostname MYSTICSW1
host 192.168.1.15 record
logging source hostname id
username privilege 15 b4a0fcf20b2cd9d80a55b06ab8f83277f9733904 encrypted password cisco
location of the SNMP-Server Office
clock timezone ""-5
DST Web recurring U.S. clock.
clock source sntp
unicast SNTP client enable
unicast SNTP client survey
survey of 192.168.1.10 SNTP server
!
interface vlan 1
IP 192.168.1.254 255.255.255.0
no ip address dhcp
!
interface vlan 2
name MysticWAN
192.168.2.254 IP address 255.255.255.0
!
interface gigabitethernet8
switchport mode access
switchport access vlan 2
!
output
Default IP gateway 192.168.1.1

Thanks in advance!

Clint Lambert

Clint, please see this post

https://supportforums.Cisco.com/message/4178990#4178990

-Tom
Please mark replied messages useful
http://blogs.Cisco.com/smallbusiness/

6500 FWSM - ping interface VLAN

Similar Questions

Maybe you are looking for