Compatibility of VLAN with Cisco

Hello

We just bought 10 x new Netgear switches (all M4100) to add to an existing Cisco infrastructure.

Simple configuration with only 6 Valns.

5: Admin, 30: VOIP, 101: management, 100: a set of Workstations, 102: second series of Workstations, 200: IPTV, 400: Internet, 401: Wireless Management

All I wanted to do was: 2 last ports each switch netgear = T and all the VLANS. I have not identified all ports if I want to use in the appropriate vlan

101 of VLAN is my Managementt Vlan. (Need to configure inter vlan routing for this to work)

I only turned on three switches up to now and all three do not work. They work for a while and that packets but do not receive all.

What I am doing wrong?

What I need to get rid of the original vlan1 on the netgear?

Is that what I need config in the STP to make these compatible with Cisco (300 and 400 series) switches.

I use an optical backbone on Cisco and Netgear switches.

Sincere greetings,

OLAF

Hi Moussa,.

Thanks for reaching out.

We got it working.

Step 1: upgrade to the latest firmware.

Step 2: Forget the MISTLETOE.

We had a few questions about the old firmware - causing links to trunk have some incompatibility with their tag and removed the images between Cisco and Netgear brand.

After the upgrade of the firmware that we had access to "switchport mode access" and "switchport mode trunk" orders fixing the access port and trunking issues.

Thank you Mr President,

OLAF

Tags: Netgear

Similar Questions

  • VLANS with Cisco ASA 5505 and non-Cisco switch

    I have an ASA5505 and a switch Netgear GSM7224 L2 that I try to use together.  I can't grasp how VLANs (or at least how they should be put in place).  When configuring my VLAN on the ASA5505 it seems simple enough, but then on my switch, I thought I'd create just the same VLAN numbers that I used on the SAA and then add the ports that I wanted to use for each VLAN.

    Currently on my ASA, I have the following VLAN configured...

    outside - vlan11 - Port 0/0

    inside - vlan1 - Port 0/1

    dmz_ftp - vlan21 - Port 0/2

    Port of Corp - vlan31 - 0/3

    I need to do the same thing on my switch as well...  On my way, I'm a little confused as to how I need to configure the VLAN.  Below is the screenshot of web GUI...

    Note: Normally you can now change the VLAN ID (red), but in this case the default vlan (vlan id 1) may not be changed or deleted, you can does not change its settings.

    Tagged (green), Untagged (purple) and Autodetect (yellow) you must select at least 1.  I'm not sure how to in one place to tell my inner vlan (vlan1).

    I want VLAN1 ports 1-8 on my Netgear switch used alone to talk to interface/0/1 on the ASA5505 port.  I don't want to NOT port 9-24 able to talk to ports 1-8 on the Netgear switch ports OR 0/0, 0/2 - 0 / 7 on the Cisco ASA 5505.

    So, how can I configure my inner Vlan1 on ports 1-8 on the switch?  Do mark, UNTAG, autodetect them?  What about tours?  I've been a bit the impression that I would set up my VLAN on both devices, then trunk port 1 and dedicate this port on both devices to nothing other than the sheath and the security of vlan would then take the packages where they need to go.  Is this the wrong logic?

    Hi Arvo,

    If the port of the ASA is just part of a single VLAN (i.e. e0/0 single door 11 VLAN), this is called an access port. If the port of the ASA had to carry several VLANs, it would constitute a Trunk port.

    To access ports (VLAN unique), you must set the switch corresponding to be unidentified for port this VLAN individual. If you decide to configure a trunk port, then the port of the switch must be set for labelling for each of VLAN who win the trunk.

    For example, ASA I have:

    interface Ethernet0/1
    

    switchport access vlan 20
    

    !
    

    interface Vlan20
    

    nameif inside
    

    security-level 100
    

    ip address 192.168.100.254 255.255.255.0

    With the above configuration, the configuration of the switch would look like this (assuming the e0/1 port of the SAA is connected to 0/1 on the switch):

    VLAN 20 - 0/1 = untagged

    If instead you use a trunk port, the config would look like this:

    interface Ethernet0/0
    

    switchport trunk allowed vlan 10,20
    

    switchport mode trunk
    

    !
    

    interface Vlan10
    

    nameif outside
    

    security-level 0
    

    ip address dhcp setroute
    

    !
    

    interface Vlan20
    

    nameif inside
    

    security-level 100
    

    ip address 192.168.100.254 255.255.255.0

    Assuming that the ASA e0/0 port is connected to 0/1 on the switch):

    VLAN 10 - 0/1 = tagged
    

    VLAN 20 - 0/1 = tagged

    Hope that helps.

    -Mike

  • Query VLANS with Cisco configuration example

    List of expensive,

    I was wondering if there is an error on the Cisco documentation below.

    The schema and configuration shows the LWAPs attached to the switch on vlan 5, but the trunk to the WLC is pruning vlan 5.

    If this is true, how the LWAPP LWAPs with the WLC to talk?

    The proposed config is a few lines of the diagram below.

    Thanks for any comments.

    http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a0080665cdf.shtml#DIA

    Chris.

    Management of the AP is on vlan 5, so there's no reason to be vlan 5 allowed on the trunk for the wlc.  Only the interfaces configured on the WLC should be allowed.

    Management, AP-Manager and all dynamic interfaces... service-port can be included, but should not be routable.

    Hope that explains it... If not let me know :)

  • Compatibility phone Avaya with Cisco Unified Communications Platform

    Hello

    We are currently a user all-Cisco on the side of routing, switching and network security, however, we are a user all Avaya on the phone, IP phone and voice communications.  I laugh with all the problems we had with Avaya and would migrate to Cisco.  My department head wants to know is it possible to have a Cisco platform manage all unified communications and voice mail on the back end, but continue to use the Avaya phones currently in place in each office, until we can replace in the coming years through attrition?  It is essentially a measure of cost that is the main factor in management are unwilling to make any changes whatsoever because of investment is already in the existing system.

    None of the Avaya endpoints are officially supported on Cisco CUCM, but if they SIP phones, they can be defined as 3rd-party SIP endpoints.  That being said you get far more features and satisfaction with phones Cisco CUCM, otherwise ask for another set of questions, and at that time there a seller will point to the other.

  • Using VLANs with Cisco 1240AG

    Hi guys,.

    NIC 1

    I want that all cable customers (PC1 to PC9) in native VLAN 1 and all in VLAN 10 wireless clients.

    1. is this a correct network card?

    2. given that all the wireless clients are in the same VLAN, I guess I should configure port F0/10 market as a port of access for VLAN10 and the single trunk port would be F0/0 that goes to the router. And all I have to do is create VLAN 10 access point and map it to an SSID. Am I wrong?

    3. do I need to do any configuration regarding native VLAN 1 on the access point at all?

    Network card 2.

    I want to have customers invited LAN wireless as well.

    1. is this a correct network card?

    2 the port configuration of the ethernet switch to which is connected the point access (F0/10) as a TRUNK port?

    3 configure the APs as a trunk port ethernet port?

    4. can you explain these two commands for me?

    AP(config-subif)# interface FastEthernet0.10AP(config-subif)# encapsulation dot1Q 10

    Hello

    Yes you are right!

    If you want to configure only one SSID and only one VLAN, then make the Switchport access and for multiple SSID make as a trunk on the switch and the AP configure interfaces corresponding Sub...

    Here is the doc that i hv written can give you some nice info as well!

    https://supportforums.Cisco.com/docs/doc-14496

    Let me know if that answers your question and please do not forget to note the useful messages!

    Concerning

    Surendra

  • Are Cisco 1130ag APs compatible with Cisco Wireless LAN Controller virtual?

    Are Cisco 1130ag APs compatible with Cisco Wireless LAN Controller virtual?

    It's... AP compatibility depends on the code that runs on the WLC. This is a matrix that is a good reference.

    http://www.Cisco.com/en/us/docs/wireless/controller/5500/tech_notes/wire...

    Sent by Cisco Support technique iPhone App

  • iOS 10 with Cisco Jabber

    Dear Cisco support community,

    as seen on http://www.apple.com/ipad/business/work-with-apple/cisco/

    Only the spark is described here. There will also be a better integration of the call with Cisco Jabber?

    According to me, they're trying to transmit only apple ios 10 best interactive aura to the customer of the spark. This does not mean that jabber for iphone will be less functional in ios 10.

  • AnyConnect + possible PSK (pre-shared key) as under with cisco vpn client ikev1 and ikev2

    Is it possible to create a VPN Anyconnect of RA with just the name of user and password + pre-shared key (Group) for the connection, as could do for ikev1 with cisco VPN client? I am running 8.4.X ASA code and looks like tunnel-group commands have 8.2.X somewhat change. If you change the group type of the tunnel for remote access, now there is no option for IKEv2 PSK. This is only available when you choose the type

    Type of TG_TEST FW1 (config) # tunnel - group?

    set up the mode commands/options:
    Site IPSec IPSec-l2l group
    Remote access using IPSec-IPSec-ra (DEPRECATED) group
    remote access remote access (IPSec and WebVPN) group
    WebVPN WebVPN Group (DEPRECATED)

    FW1(config-tunnel-General) # tunnel - group TG_TEST ipsec-attributes
    FW1(config-tunnel-IPSec) #?

    configuration of the tunnel-group commands:
    any required authorization request users to allow successfully in order to
    Connect (DEPRECATED)
    Allow chain issuing of the certificate
    output attribute tunnel-group IPSec configuration
    mode
    help help for group orders of tunnel configuration
    IKEv1 configure IKEv1
    ISAKMP policy configure ISAKMP
    not to remove a pair of attribute value
    by the peer-id-validate Validate identity of the peer using the peer
    certificate
    negotiation to Enable password update in RADIUS RADIUS with expiry
    authentication (DEPRECATED)

    FW1(config-tunnel-IPSec) # ikev1?

    the tunnel-group-ipsec mode commands/options:
    pre-shared key associate a key shared in advance with the connection policy

    I'm getting old so I hope that it is not in another complaint curmudgeonly on the loss of functionality. :)

    Many small businesses do not want to invest in the PKI. It is usually a pain to deploy, backup, make redundant, etc..

    But it would be nice to have a bit more security on VPN other than just the connections of username and password.

    If this is not possible, it is possible to configure the Anyconnect customer to IKEv1 with PSK and name at the level of the Group client?

    If this is not possible, WTH did cisco end customer VPN cisco as a choice of VPN connection (other than to get more fresh mail of license)?

    I really hope that something like this exists still!

    THX,

    WR

    You are welcome

    In addition to two factors, you can also do double authentication (ie the two using the user name and password). Each set of credentials can come from a Bank of different identities.

    With this scheme, you can can configure a local user name (common) with password on the SAA (think of it as your analog PSK) and the other be the AD user identification information.

  • ISA500 site by site ipsec VPN with Cisco IGR

    Hello

    I tried a VPN site by site work with Openswan and Cisco 2821 router configuration an Ipsec tunnel to site by site with Cisco 2821 and ISA550.

    But without success.

    my config for openswan, just FYI, maybe not importand for this problem

    installation of config

    protostack = netkey

    nat_traversal = yes

    virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%4:!$RIGHT_SUBNET

    nhelpers = 0

    Conn rz1

    IKEv2 = no

    type = tunnel

    left = % all

    leftsubnet=192.168.5.0/24

    right =.

    rightsourceip = 192.168.1.2

    rightsubnet=192.168.1.0/24

    Keylife 28800 = s

    ikelifetime 28800 = s

    keyingtries = 3

    AUTH = esp

    ESP = aes128-sha1

    KeyExchange = ike

    authby secret =

    start = auto

    IKE = aes128-sha1; modp1536

    dpdaction = redΘmarrer

    dpddelay = 30

    dpdtimeout = 60

    PFS = No.

    aggrmode = no

    Config Cisco 2821 for dynamic dialin:

    crypto ISAKMP policy 1

    BA aes

    sha hash

    preshared authentication

    Group 5

    lifetime 28800

    !

    card crypto CMAP_1 1-isakmp dynamic ipsec DYNMAP_1

    !

    access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255

    !

    Crypto ipsec transform-set ESP-AES-SHA1 esp - aes esp-sha-hmac

    crypto dynamic-map DYNMAP_1 1

    game of transformation-ESP-AES-SHA1

    match address 102

    !

    ISAKMP crypto key address 0.0.0.0 0.0.0.0

    ISAKMP crypto keepalive 30 periodicals

    !

    life crypto ipsec security association seconds 28800

    !

    interface GigabitEthernet0/0.4002

    card crypto CMAP_1

    !

    I tried ISA550 a config with the same constelations, but without suggesting.

    Anyone has the same problem?

    And had anyone has a tip for me, or has someone expirense with a site-by-site with ISA550 and Cisco 2821 ipsec tunnel?

    I can successfully establish a tunnel between openswan linux server and the isa550.

    Patrick,

    as you can see on newspapers, the software behind ISA is also OpenSWAN

    I have a facility with a 892 SRI running which should be the same as your 29erxx.

    Use your IOS Config dynmap, penny, you are on the average nomad. If you don't have any RW customer you shoul go on IOS "No.-xauth" after the isakmp encryption key.

    Here is my setup, with roardwarrior AND 2, site 2 site.

    session of crypto consignment

    logging crypto ezvpn

    !

    crypto ISAKMP policy 1

    BA 3des

    preshared authentication

    Group 2

    lifetime 28800

    !

    crypto ISAKMP policy 2

    BA 3des

    md5 hash

    preshared authentication

    Group 2

    lifetime 28800

    !

    crypto ISAKMP policy 3

    BA 3des

    preshared authentication

    Group 2

    !

    crypto ISAKMP policy 4

    BA 3des

    md5 hash

    preshared authentication

    Group 2

    !

    crypto ISAKMP policy 5

    BA 3des

    preshared authentication

    Group 2

    life 7200

    ISAKMP crypto address XXXX XXXXX No.-xauth key

    XXXX XXXX No.-xauth address isakmp encryption key

    !

    ISAKMP crypto client configuration group by default

    key XXXX

    DNS XXXX

    default pool

    ACL easyvpn_client_routes

    PFS

    !

    !

    Crypto ipsec transform-set esp-3des esp-sha-hmac FEAT

    !

    dynamic-map crypto VPN 20

    game of transformation-FEAT

    market arriere-route

    !

    !

    card crypto client VPN authentication list by default

    card crypto VPN isakmp authorization list by default

    crypto map VPN client configuration address respond

    10 VPN ipsec-isakmp crypto map

    Description of VPN - 1

    defined peer XXX

    game of transformation-FEAT

    match the address internal_networks_ipsec

    11 VPN ipsec-isakmp crypto map

    VPN-2 description

    defined peer XXX

    game of transformation-FEAT

    PFS group2 Set

    match the address internal_networks_ipsec2

    card crypto 20-isakmp dynamic VPN ipsec VPN

    !

    !

    Michael

    Please note all useful posts

  • Cannot reset the user vmail with Cisco Unified CM Administration password

    We use Cisco Unified CM Administration ver 7.1 with Cisco 7945 IP phones. I have a user who came to tell me that they could access is no longer the voicemail, getting PIN disabled. Ichanged the PIN with the Cisco Unified CM Administration that accepts the new pin without problem, but when we try from the phone, it does not work. Any ideas... Thank you Don

    Hi Don,

    For voicemail partners changes/updates, you should choose

    2 cisco Unity Connection Administration.

    Then; Users > Find/list > user associated with selectect > drop-down Edit > change passwords >

    Change voicemail password

    See you soon!

    SoC

    "Spend your life waiting,
    a moment that all do not come.
    Well, don't waste your time waiting.

    -Springsteen

  • Problem with Cisco ACS and different areas

    Hello

    We are conducting currently a problem with Cisco ACS that we put in place, and I'll try to describe:

    We have ACS related directory AD areas, where we have 2 domains and appropriate group mappings.

    Then we have our Cisco switches with the following configuration,

    AAA new-model

    AAA-authentication failure message ^ CCCC

    Failled to authenticate!

    Please IT networks Contact Group for more information.

    ^ C

    AAA authentication login default group Ganymede + local

    AAA authorization exec default group Ganymede + local

    AAA authorization network default group Ganymede + local

    AAA accounting exec default start-stop Ganymede group.

    orders accounting AAA 15 by default start-stop Ganymede group.

    !

    AAA - the id of the joint session

    But the problem is that with the users in a domain, we can authenticate, but not the other. Basically, the question is that when we check on the past of authentication, two authentications are passage and the display of 'Authentic OK', but on the side of the switch, there is a power failure.

    There may be something wrong with the ACS?

    Thank you

    Jorge

    Try increasing the timeout on IOS device using radius-server timeout 10.

    Do we not have journaling enabled on the ACS server remotely?

    -Philou

  • How does them VLANS in Cisco UCS

    Hi guys,.

    I wanted to help better understand the notion VLANS in Cisco UCS.

    I ask this because even if we create a VLAN in UCSM but where can I define which port should apply this VLAN?

    Is it possible that this can be done by using the user interface or api XML?

    Thank you

    Hello

    All the VLANS created will be assigned to the uplink ports. There is no option to have on the same fabric of interconnection of VLANs on an uplink and other VLANs on another. As on the side of the blade, you choose what VLAN is assigned to a blade when you create the vNIC.

    Kind regards

    Bogdan

  • SX 20 with Cisco Call Manager

    Dear team,

    If I add the SX20 with Cisco Call Manager, do I need to install the software cmterm - s52010tc6_2_1.cop.sgn the SX20. If this isn't the case, then what I have to do, I can see only administrator external field in my SX20, where I gave my callmanager IP address but it is not save.

    BR

    Hello

    In order to save the SX20 in CUCM you for CUCM version 8.6.2 or later, and your SX20 must be running TC5 version or a later version.

    This file you mentioned, cmterm - s52010tc6_2_1.cop.sgn, is just a upgrade file that you install on CUCM, so that CUCM can update your point of SX20 endpoint automatically. But you can upgrade your SX20 manually using the file s52010tc6_2_1.pkg.

    To get help on how to register to CUCM SX20, take a look at these guides with the name "administer endpoints TC on CUCM". The Guide according to the version of CUCM you run:

    http://www.Cisco.com/en/us/partner/products/ps11424/prod_maintenance_guides_list.html

    I hope this helps.

    Concerning

    Paulo Souza

    My answer was helpful? Please note the useful answers and do not forget to mark questions resolved as "responded."

  • can plan us the Conference from Outlook with Cisco TMS

    Hi team,

    is it possible to provide to the Conference by the prospect with Cisco TMS, we have no license to Exchange provisoning. Y at - it a plugin that can be used with Microsoft outlook.

    Please advise.

    See above for my response, either you need to purchase the license and install / configure Setup

    or you program something yourself.

    I would not exclude that there could be tools external hookin upward on the MSDS as well, but I'm not aware of anything.

    The other way is to do it by politics, rent rooms and is a participant dials up to the

    others or if the meeting is greater everyone connects the mcu...

  • View of the horizon 3.5.0 and ThinApp v4.7 with Cisco ASA Smart Tunnel 9.3.3

    Hello

    The problem:

    Our technology smart tunnel doesn't seem to be forward traffic to our new customer from the view.  I wonder what kind of configuration changes must be considered to enable such a connection.  The error returned when searching for the host name goes in the direction of the hostname not found.  Error finding of intellectual property is related to the time-out.

    Background information and specifications:

    We are in the process of upgrading our servers from 5.2 to 6.2 connection.  As part of the upgrade, we want to improve our customers for the Horizon to use version 3.5.0.  To make it easier on vendors and remote computers we prefer also to our Horizon View Client with ThinApp 4.7.3 ThinApp.  We currently have a Cisco ASA, supporting a SSL VPN portal with "Smart Tunnel" technology.  The ASA is currently on firmware 9.3.3 in production, but we have access to version 9.5 in test.

    Preferred connection scenario:

    User > PC > VMware View Client (ThinApp would be) > Cisco ASA Smart Tunnel > view connection server > Virtual Office

    .exe running on the client to view ThinApp:

    It seems the ThinApp Client version view is only launching VMware - view.exe.

    .exe running from the customer view full/thickness:

    VMware - view.exe

    -ftnlsv.exe

    -vmwsprrdpwks.exe

    -ftscanmgr.exe

    There is something else to consider when the view client configuration ThinApp or thickness to work with Cisco SSL VPN Portal and the Smart Tunnel?  We should have ports configured in the client in connection with the same view Firewall works with SSL VPN Portal port redirector functionality.

    We have not been able to find any documentation on how to properly configure the smart to work with the New Horizon 3.5.2 client Tunnel.  A ticket of troubleshooting with Cisco suggests that the Smart Tunnel feature still perhaps not compatible with this new Horizon (thin or thick) client.  Currently, we are looking at other options because it is not not clear whether Cisco will be able to get us the confirmation or offer a solution without delay of our project to upgrade.  Maybe stick to the previous VMware View Client version 5.4.0 which we know work with Smart Tunnel in some situations and with the redirector port for others.

Maybe you are looking for

  • Administrator account has been disabled and cannot connect at ALL.

    I own a 'HP G71-340US Notebook running Windows 7"and I'm trying to restore my computer completely (for delete). Then at some point when I turned on the computer a few days ago, it took me in the Recovery Manager, I couldn't do anything. I try to rest

  • How to replace the speaker for Macbook pro mid-2010

    My right speaker and subwoofer for Macbook Pro mid-2010 are broken. Apple makes this new part to replace? If Yes, where can I buy it? If not, can I replace it it by another company?

  • Voltage wave are not smooth!

    Dear all I use power quality measurment with the cRIO-9023 + 9118 + 9225 + 9227 with LabVIEW and EPS 2013. My questionthat why the voltage dispay wave are not really smooth. Please please let me known the reason why and how can I make it smooth! Plea

  • LJ 3050 Scanner question

    Recently installed Win 7 (had XP) and have had no problem printing the files/docs from my PC. Just tried my first scan.  Receive an error message on my HP Pavilion a1600 of not saying "no paper in the tray", but the LJ 3050 has a message saying the d

  • Screen size IE: why everything is oversized?

    Screen size IE: why everything is oversized? I've been internet crusing, then when I closed the last window, I noticed that the screen looked oversized. So I open IE back upward and Yes. All pages that fail the screen (such as MS-answers) look like t