LACP hash between N3048 and CISCO SG300/SG200 + question Twinax attach direct cable

Hello

In my network I have deployed two new N3048 with 2 transceivers SPF + and SPF module back + as core switches are connected to other 3 switches from edge of N2048 using optical fiber and I reused my previous CISCO SG300 and SG200 goes to serve the other two boxes of my campus via the spine in copper.

I have 4 copper cable which starts from the hub of the SG300 network and 2 the SG200 brass. I set up to have a redundant connection using 2 + 2 with SG300 and 1 + 1 with SG200 RSTP.

So for the SG300 I re LAG + LACP to have two channels of the N3048s port, but now that a single cable is connected because I don't know what kind of LACP hash mode should I put on N3048 to have a compatible hash between Dell and Cisco switches.

My N3048 have mode 7 (Advanced hash) as default but I guess that cisco models do not understand... so, what mode is the best for LACP work perfectly with small business cisco switches?

I also received my twinax cables to connect my two N3048 via SPF + back modules... conhot can I plug the cables into the slots SPF + (already mounted) without turning off my basic switches?

Thank you!

See you soon

Cables can be connected/disconnected, but I don't know if the real module SFP + for the rear of the N3000 is hot plug.

Tags: Dell Switches

Similar Questions

  • VPN between ASA and cisco router [phase2 question]

    Hi all

    I have a problem with IPSEC VPN between ASA and cisco router

    I think that there is a problem in the phase 2

    Can you please guide me where could be the problem.
    I suspect questions ACL on the router, but I cannot fix. ACL on the router is specified below

    Looking forward for your help

    Phase 1 is like that

    Cisco_router #sh crypto isakmp his

    IPv4 Crypto ISAKMP Security Association
    status of DST CBC State conn-id slot
    78.x.x.41 87.x.x.4 QM_IDLE 2006 0 ACTIVE

    and ASA

    ASA # sh crypto isakmp his

    ITS enabled: 1
    Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
    Total SA IKE: 1

    1 peer IKE: 78.x.x.41
    Type: L2L role: initiator
    Generate a new key: no State: MM_ACTIVE

    Phase 2 on SAA

    ASA # sh crypto ipsec his
    Interface: Outside
    Tag crypto map: Outside_map, seq num: 20, local addr: 87.x.x.4

    Outside_cryptomap_20 ip 172.19.209.0 access list allow 255.255.255.0 172.
    19.194.0 255.255.255.0
    local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    current_peer: 78.x.x.41

    #pkts program: 8813, #pkts encrypt: 8813, #pkts digest: 8813
    #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 8813, model of #pkts failed: 0, #pkts Dang failed: 0
    #send errors: 0, #recv errors: 0

    local crypto endpt. : 87.x.x.4, remote Start crypto. : 78.x.x.41

    Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
    current outbound SPI: C96393AB

    SAS of the esp on arrival:
    SPI: 0x3E9D820B (1050509835)
    transform: esp-3des esp-md5-hmac no
    running parameters = {L2L, Tunnel}
    slot: 0, id_conn: 7, crypto-card: Outside_map
    calendar of his: service life remaining (KB/s) key: (4275000/3025)
    Size IV: 8 bytes
    support for replay detection: Y
    outgoing esp sas:
    SPI: 0xC96393AB (3378746283)
    transform: esp-3des esp-md5-hmac no
    running parameters = {L2L, Tunnel}
    slot: 0, id_conn: 7, crypto-card: Outside_map
    calendar of his: service life remaining (KB/s) key: (4274994/3023)
    Size IV: 8 bytes
    support for replay detection: Y

    Phase 2 on cisco router

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    current_peer 87.x.x.4 port 500
    LICENCE, flags is {origin_is_acl},
    #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 0, #pkts compr. has failed: 0
    #pkts not unpacked: 0, #pkts decompress failed: 0
    Errors #send 0, #recv 0 errors

    local crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
    Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
    current outbound SPI: 0x0 (0)

    SAS of the esp on arrival:

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:

    outgoing ah sas:

    outgoing CFP sas:

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    current_peer 87.x.x.4 port 500
    LICENCE, flags is {origin_is_acl},
    #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
    #pkts decaps: 8947, #pkts decrypt: 8947, #pkts check: 8947
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 0, #pkts compr. has failed: 0
    #pkts not unpacked: 0, #pkts decompress failed: 0
    Errors #send 0, #recv 0 errors

    local crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
    Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
    current outbound SPI: 0x3E9D820B (1050509835)

    SAS of the esp on arrival:
    SPI: 0xC96393AB (3378746283)
    transform: esp-3des esp-md5-hmac.
    running parameters = {Tunnel}
    Conn ID: 29, flow_id: Motorola SEC 1.0:29, card crypto: mycryptomap
    calendar of his: service life remaining (k/s) key: (4393981/1196)
    Size IV: 8 bytes
    support for replay detection: Y
    Status: ACTIVE

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:
    SPI: 0x3E9D820B (1050509835)
    transform: esp-3des esp-md5-hmac.
    running parameters = {Tunnel}
    Conn ID: 30, flow_id: Motorola SEC 1.0:30, card crypto: mycryptomap
    calendar of his: service life remaining (k/s) key: (4394007/1196)
    Size IV: 8 bytes
    support for replay detection: Y
    Status: ACTIVE

    outgoing ah sas:

    outgoing CFP sas:

    VPN configuration is less in cisco router

    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connect

    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connect

    sheep allowed 10 route map
    corresponds to the IP 105

    Crypto ipsec transform-set esp-3des esp-md5-hmac mytransformset

    mycryptomap 100 ipsec-isakmp crypto map
    the value of 87.x.x.4 peer
    Set transform-set mytransformset
    match address 101

    crypto ISAKMP policy 100
    BA 3des
    md5 hash
    preshared authentication
    Group 2
    ISAKMP crypto key xxx2011 address 87.x.x.4

    Your permit for 105 ACL statement should be down is changed to match because it is the most general ACL.

    You currently have:

    Extend the 105 IP access list
    5 permit ip 172.19.194.0 0.0.0.255 (18585 matches)
    10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect

    It should be:

    Extend the 105 IP access list
    10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect

    IP 172.19.194.0 allow 60 0.0.0.255 (18585 matches)

    To remove it and add it to the bottom:

    105 extended IP access list

    not 5

    IP 172.19.194.0 allow 60 0.0.0.255 any

    Then ' delete ip nat trans. "

    and it should work now.

  • Difference between Csico and Cisco Unity Connection unit

    What are the main differences between Cisco Unity and Cisco Unity Connection (version 7)

    as: 1. in Cisco Unity servers are active - failover Mode and about unity, the servers are in active-active mode

    2 Cisco Unity, knows about unity and unified messaging, integrated messaging

    What is the major difference between Unified Messaging and integrated messaging?

    Please provide some points of difference between the two...

    This may well be true today, but the gap could soon close... otherwise disappear.  Cisco is currently in EFT (field-tested at the beginning) or testing "beta" for the connection of the Unit 8.5 (1), which aims to add features of Unified Messaging Unit connection using WebDav for Exchange 2003 and Exchange Web Services (EWS) for Exchange 2007/2010.  Just a nugget to think when you consider the timing of your client to install and what platform would be best suited to most environments.  Take a look at this blog for more information/thoughts:

    http://www.netcraftsmen.NET/resources/blogs/unity-connection-with-Unified-Messaging-where-will-unity-fit-in.html?blogger=David+Hailey

    Hailey

    Please note the useful messages!

  • EZVPN between ASA and Cisco 2801

    Hi Experts,

    Need help with establishing ezvpn. I have a Cisco 2801 with the following configuration:

    router version 124 - 24.T3 (advanceipservicesk9)

    Crypto ipsec client ezvpn BOS-BACKUP
    connect auto
    Group bosnsw keys clar3nc3
    client mode
    peer 202.47.85.1
    xauth userid interactive mode

    interface FastEthernet0/0
    IP 10.80.3.85 255.255.255.0
    automatic duplex
    automatic speed
    Crypto ipsec client ezvpn BOS-BACKUP inside

    the Cellular0/1/0 interface
    the negotiated IP address
    encapsulation ppp
    load-interval 60
    Broadband Dialer
    GSM Transmitter station
    Dialer-Group 2
    interactive asynchronous mode
    no fair queue
    a model of PPP chap hostname
    PPP chap 0 dummy password
    PPP ipcp dns request
    Crypto ipsec client ezvpn BOS-BACKUP
    !
    IP route 0.0.0.0 0.0.0.0 Cellular0/1/0
    !
    Dialer-list 2 ip protocol allow

    Celuular interface is up and the router is able to ping the exchange of vpn:

    Router # ping 202.47.85.1

    Type to abort escape sequence.
    Send 5, echoes ICMP 100 bytes to 202.47.85.1, wait time is 2 seconds:
    !!!!!
    Success rate is 100 per cent (5/5), round-trip min/avg/max = 396/473/780 ms

    The ASA configuration:

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
    Crypto ipsec transform-set ESP-3DES esp-3des esp-sha-hmac
    life crypto ipsec security association seconds 28800
    Crypto ipsec kilobytes of life - safety 4608000 association
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
    Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    card crypto OUTSIDE_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
    OUTSIDE_map interface card crypto OUTSIDE

    crypto ISAKMP policy 10
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 86400

    username password encrypted UaV1j04bjTagjYnj privilege 0 bosnsw
    username bosnsw attributes
    VPN-group-policy DfltGrpPolicy
    Protocol-tunnel-VPN IPSec l2tp ipsec
    No vpn-framed-ip-address

    type tunnel-group bosnsw remote access
    tunnel-group bosnsw General-attributes
    address BOS_CORPORATE pool
    No ipv6 address pool
    authentication-server-group LOCAL ACS_AUTH
    secondary-authentication-server-group no
    no accounting server group
    Group Policy - by default-BOS_CORPORATE
    No dhcp server
    No band Kingdom
    no password-management
    No substitution-disabling the account
    No band group
    gap required
    certificate-CN user name OR
    secondary username-certificate CN OR
    authentication-attr-of primary server
    authenticated-session-user principal name
    tunnel-group bosnsw webvpn-attributes
    catch-fail-group policy DfltGrpPolicy
    personalization DfltCustomization
    the aaa authentication
    No substitution-svc-download
    No message of rejection-RADIUS-
    no proxy-auth sdi
    no pre-fill-username-ssl client
    no pre-fill-username without client
    No school-pre-fill-name user-customer ssl
    No school-pre-fill-user without customer name
    DNS-Group DefaultDNS
    not without CSD
    bosnsw group of tunnel ipsec-attributes
    pre-shared-key *.
    by the peer-id-validate req
    no chain
    no point of trust
    ISAKMP retry threshold 300 keepalive 2
    no RADIUS-sdi-xauth
    ISAKMP xauth user ikev1-authentication

    BOS-NRD-IT-FW1 # sh cry isa his

    HIS active: 2
    Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
    Total SA IKE: 2

    1 peer IKE: 112.213.172.108
    Type: user role: answering machine
    Generate a new key: no State: AM_TM_INIT_XAUTH_V6H

    I've attached the output of debugging of router and firewall. Hope someone can shed some light on this issue. Thanks in advance.

    Thats is correct! You must configure the network extension mode if you want to change the IP address

    Here is the guide to configure the router and ASA in network extension mode. Hope you find it useful.

    http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a0080809222.shtml#TS1

    Thank you

    Françoise

  • OSPF between 6224 and Cisco please!

    It is easily possible to Exchange routes using a 6224 for a Cisco 7204 OSPF? My cisco has always been eigrp between all other routers.

    I have OSPF enabled on the cisco as follows:

    router ospf 100
    Log-adjacency-changes
    redistribute subnets eigrp 1
    network 172.0.0.0 0.0.0.0 area 1

    What should I exactly say the 6224 to accept the cisco roads?

    I can find samples for the 6024, but not the 6224


  • Active FTP problem between Checkpoint and Cisco PIX

    Hello

    I am facing a strange problem.

    Many of our customers have achieved a Checkpoint FW-1/VPN-1 4.1 SP6 (the last before NG). When they try to connect to an FTP server that is located behind a Cisco PIX firewall, they are not able to transfer data: the connection is established, the authentication to follow, but at the stage of the 'LIST' the connection 'freeze' and the user must close the FTP client.

    Users are facing this problem ONLY in Active mode: passive mode works very well. Turn passive mode FTP client isn't acceptable workaround for most of my clients.

    The problem seems to be related only to the firewall Cisco PIX and active FTP.

    Please, what is someone encountered the same problem?

    Could someone give me any help?

    Thank you in advance.

    Paolo

    Yes it is a (global) problem, even with the last checkpoint firewalls. What happens with Active FTP, it's that each command (get, list, etc.) causes another log on the client (source port) to the server on port 21. If you run netstat from the customer you can check this for yourself.

    What normally happens, with HTTP, FTP, telnet, which have are, it's that the client makes a connection to port 21, 23 etc then returns with a port source such as 1936, 1980, 3000, etc..

    Connect problem with statefull firewall is they do not allow multiple sessions control port number on a destination, as well as a source port can be bound to a destination port, in this case, 21 for FTP. I Don t see it changed, an extreme security risk any time soon, since it s, someone else might be hopping session and block this type of traffic, it's what the stateful firewall are all about and FTP servers are problably the machines more pirated on the planet.

    You´ve mentioned the workaround solution, unfortunately that s the only way, change your passive customers, I think that Unix/Linux customers have a problem with this, change your FTP server can also help, there are multiple servers that can be configured to disable Active FTP, I wouldn know exactly, I only network & firewall... maybe someone else can move on this...

  • error when reading flat file of external table... "ORA-01849: time must be between 1 and 12"

    My question is - is it possible for me to fix this error at the level of external table definition? Please advice

    Here is the data file I am trying to download...

    KSEA | 08-10 - 2015-17.00.00 | 83.000000 | 32.000000 | 5.800000

    KBFI | 2015-08-06 - 15.00.00 | 78.000000 | 35.000000 | 0.000000

    KSEA | 08-10 - 2015-11.00.00 | 73.000000 | 55.000000 | 5.800000

    KSEA | 08-08 - 2015-05.00.00 | 61.000000 | 90.000000 | 5.800000

    KBFI | 2015-08-06 - 16.00.00 | 78.000000 | 36.000000 | 5.800000

    KSEA | 2015-08-07 - 18.00.00 | 82.000000 | 31.000000 | 10.400000

    KSEA | 08-10 - 2015-00.00.00 | 65.000000 | 61.000000 | 4.600000

    KBFI | 08-08 - 2015-07.00.00 | 63.000000 | 84.000000 | 4.600000

    KSEA | 08-10 - 2015-15.00.00 | 81.000000 | 34.000000 | 8.100000

    This is the external table script

    CREATE TABLE MWATCH. MWATCH. WEATHER_EXT ".

    (

    LOCATION_SAN VARCHAR2 (120 BYTE),

    DATE OF WEATHER_DATETIME,

    NUMBER (16) TEMP.

    NUMBER (16) OF MOISTURE,

    WIND_SPEED NUMBER (16)

    )

    EXTERNAL ORGANIZATION

    (TYPE ORACLE_LOADER

    THE DEFAULT DIRECTORY METERWATCH

    ACCESS SETTINGS

    (records delimited by newline

    BadFile "METERWATCH": "weather_bad" logfile 'METERWATCH': 'weather_log '.

    fields ended by ' |' missing field values are null

    (location_san, WEATHER_DATETIME char date_format DATE mask "YYYY-mm-dd - hh.mi.ss", TEMPERATURE, MOISTURE, wind_speed)

    )

    LOCATION (METERWATCH: 'weather.dat')

    )

    REJECT LIMIT UNLIMITED

    PARALLEL (DEGREE 5 1 INSTANCES)

    NOMONITORING;

    Here is the error in the weather_bad which is generated files...

    column WEATHER_DATETIME of 55 error processing in the 1st row to the /export/home/camsdocd/meterwatch/weather.dat data file
    ORA - 01849ther_log.log 55 56 error processing column WEATHER_DATETIME in the row 1 for the /export/home/camsdocd/meterwatch/weather.dat data file
    5756 ORA - 01849ther_log.log: time must be between 1 and 12
    58column WEATHER_DATETIME 57 error during treatment number 2 for the /export/home/camsdocd/meterwatch/weather.dat data file
    59ORA-58 01849: time must be between 1 and 12
    60column WEATHER_DATETIME of 59 error processing 5th for the /export/home/camsdocd/meterwatch/weather.dat data file
    61ORA-60 01849: time must be between 1 and 12
    62column WEATHER_DATETIME of 61 error treatment in line 6 to the /export/home/camsdocd/meterwatch/weather.dat data file
    63ORA-62 01849: time must be between 1 and 12
    64column WEATHER_DATETIME of 63 error treatment in row 7 for datafile /export/home/camsdocd/meterwatch/weather.dat
    65ORA-64 01849: time must be between 1 and 12
    66column WEATHER_DATETIME of 65 error treatment 9 for the /export/home/camsdocd/meterwatch/weather.dat data file online
    67: time must be between 1 and 12

    My question is - is it possible for me to fix this error at the level of external table definition? Please advice

    Yes it is possible.  Let's not your date mask.  You're masking for 12-hour format when your data is in 24-hour format.  Change the mask of your date to be "YYYY-mm-dd-hh24. MI.ss ".  Notice the change in "BOLD".

  • Cannot connect the switch Cisco Cisco SG300 - 28 p spend and traffic through VLANS

    Try to connect the Cisco SG300 - 28 p switch to another switch and proceed 2 VLANS between them.  Not doing any circuit.  If I connect a computer to the port on the SG300 - 28 p I can access the VLAN 2 and take a DHCP address. However, when I connect to another switch on the port and connect it to a port on another switch secondary I am unable to access VLAN 2 and pull an IP address.  I checked that the works of secondary switch (WS-C3560G-48PS-S) connected to the other 3500 s, but not this latest SG300 - 28 p.  Here's the configuration for both, I'm leaving areas that shouldn't matter and add if necessary.  Try to connect the SG300 - 28 p Port 26-WS-C3560 Port 1 port.  Once again, if I connect a computer to port 26 on the SG300 - 28 p I access the VLAN 2 as expected, but not when I connect to channel 2 on the secondary switch.

    Cisco SG300 - 28 p

    !
    interface vlan 1
    Internet name
    !
    interface vlan 2
    LAN name
    IP 172.20.5.11 255.255.0.0
    no ip address dhcp (this is the VLAN I'm moving)
    !
    interface vlan 3
    private name
    !
    interface vlan 4
    name of Nortel
    !
    interface vlan 101
    name Video_Project
    !
    interface gigabitethernet26
    Description VLAN2-ACCESS-CISCO3500
    switchport mode access
    switchport access vlan 2 (this goes to port 1 on the other Cisco 3500 switch to provide access 2 VLAN)

    Cisco 3500

    !
    interface Vlan1
    NATCO Internet description
    no ip address
    no ip route cache
    no ip mroute-cache
    !
    interface Vlan2
    NATCO LAN description
    IP 172.20.5.13 255.255.0.0
    no ip route cache
    no ip mroute-cache (this is the VLAN I'm moving)

    !
    interface Vlan3
    Description LHPrivate
    no ip address
    no ip route cache
    no ip mroute-cache
    !
    interface GigabitEthernet0/1
    switchport access vlan 2 (this is the port that I connect to the SG300 - 28 p)

    !
    interface GigabitEthernet0/2
    switchport access vlan 2 (this is the port I hang my computer to and trying to access VLAN 2 other switch)

    Hello

    Yes, STP is the problem here. As you can see on your release of the Cisco 3500 switch, port Gi0/1 is BKN (The FEW is a shortened form of "Broken").

    This is caused by an incompatibility of versions PLEASE used between the two switches. Small businesses (including series SG300) switches are use legacy STP or Rapid STP (your case), but uses templates to business (such as catalyst 3500) PVST + (each VLAN spanning tree version of STP).

    Two versions between group of switches are compatible only under certain conditions. Important condition is that the two switchports needs to use a VLAN 1, vlan access/native and not any other number VLAN.

    It is to make your communication work, you must:

    • disable the STP at least 3500 Cisco switch:

      • on overall global (Switch (config) # no vlan spanning tree 2)
      • or by the base interface (switch(config-if) # no vlan spanning tree 2)
    • change the configuration of your connection between two switches by following the path:
      • change the switchport trunk (trunk switchport mode) mode
      • do 1 VLAN as native vlan (vlan switchport trunk native 1)
      • Towing VLAN 2 as vlan tagged on that Stump (switchport trunk allow vlan add 2)

  • LAN-to-LAN tunnel between VPN 3000 and Cisco 1721

    Hello

    I have a current LAN-to-LAN tunnel configuration between VPN 3000 (3.6) and Cisco 1721 (12.2 (11) T).

    When I use the encryption = authentication and Des-56 = ESP\MD5\HMAC-128 for the IPSec Security Association, everything works fine.

    However, I would like to Turn off encryption for some time getting the speed improvements, so I changed

    Encryption = null esp (in 1721) and to "null" in VPN-3000.

    Now the tunnel is setup but I can spend only ICMP traffic. When I pass the traffic UDP\TCP the message below appears the Cisco 1721

    % C1700_EM-1-ERROR: error in packet-rx: pad size error, id 75, hen offset 0

    Has anyone seen this behavior?

    All those put in place an IPSec Tunnel with only the ESP authentication and NO encryption between VPN-3000 and Cisco 1721?

    Thanx------Naman

    Naman,

    Disable you the vpn Accelerator? "no accel crypto engine. Sure that you can't do with a null module vpn.

    Kurtis Durrett

  • difference between cisco NAC agent and cisco Clean Access Agent

    Hi all

    If anyone has the idea on different between cisco NAC agent and cisco Clean Access Agent, please let us know your ideas.

    Thank you

    In 4.6, the agent has been revised and is now called the NAC agent.  Previous versions were called the clean access Agent.  So roughly, 4.5 and 4.1.3.2 agent are own access agents, and agents 4.6.x and 4.7.x are called NAC agents.

    Some of the changes are moving a lot of the agent configuration in an XML file, redesign of the GUI, adding a service portion (of the sort that the agent of heel is no longer necessary) and the best journaling agent.

  • Problem with IPsec VPN between ASA and router Cisco - ping is not response

    Hello

    I don't know because the IPsec VPN does not work. This is my setup (IPsec VPN between ASA and R2):

    my network topology data:

    LAN 1 connect ASA - 1 (inside the LAN)

    PC - 10.0.1.3 255.255.255.0 10.0.1.1

    ASA - GigabitEthernet 1: 10.0.1.1 255.255.255.0

    -----------------------------------------------------------------

    ASA - 1 Connect (LAN outide) R1

    ASA - GigabitEthernet 0: 172.30.1.2 255.255.255.252

    R1 - FastEthernet 0/0: 172.30.1.1 255.255.255.252

    ---------------------------------------------------------------------

    R1 R2 to connect

    R1 - FastEthernet 0/1: 172.30.2.1 255.255.255.252

    R2 - FastEthernet 0/1: 172.30.2.2 255.255.255.252

    R2 for lan connection 2

    --------------------------------------------------------------------

    R2 to connect LAN2

    R2 - FastEthernet 0/0: 10.0.2.1 255.255.255.0

    PC - 10.0.2.3 255.255.255.0 10.0.2.1

    ASA configuration:

    1 GigabitEthernet interface
    nameif inside
    security-level 100
    IP 10.0.1.1 255.255.255.0
    no downtime
    interface GigabitEthernet 0
    nameif outside
    security-level 0
    IP 172.30.1.2 255.255.255.252
    no downtime
    Route outside 0.0.0.0 0.0.0.0 172.30.1.1

    ------------------------------------------------------------

    access-list scope LAN1 to LAN2 ip 10.0.1.0 allow 255.255.255.0 10.0.2.0 255.255.255.0
    object obj LAN
    subnet 10.0.1.0 255.255.255.0
    object obj remote network
    10.0.2.0 subnet 255.255.255.0
    NAT (inside, outside) 1 static source obj-local obj-local destination obj-remote control remote obj non-proxy-arp static

    -----------------------------------------------------------
    IKEv1 crypto policy 10
    preshared authentication
    aes encryption
    sha hash
    Group 2
    life 3600
    Crypto ikev1 allow outside
    crypto isakmp identity address

    ------------------------------------------------------------
    tunnel-group 172.30.2.2 type ipsec-l2l
    tunnel-group 172.30.2.2 ipsec-attributes
    IKEv1 pre-shared-key cisco123
    Crypto ipsec transform-set esp-aes-192 ASA1TS, esp-sha-hmac ikev1

    -------------------------------------------------------------
    card crypto ASA1VPN 10 is the LAN1 to LAN2 address
    card crypto ASA1VPN 10 set peer 172.30.2.2
    card crypto ASA1VPN 10 set transform-set ASA1TS ikev1
    card crypto ASA1VPN set 10 security-association life seconds 3600
    ASA1VPN interface card crypto outside

    R2 configuration:

    interface fastEthernet 0/0
    IP 10.0.2.1 255.255.255.0
    no downtime
    interface fastEthernet 0/1
    IP 172.30.2.2 255.255.255.252
    no downtime

    -----------------------------------------------------

    router RIP
    version 2
    Network 10.0.2.0
    network 172.30.2.0

    ------------------------------------------------------
    access-list 102 permit ahp 172.30.1.2 host 172.30.2.2
    access-list 102 permit esp 172.30.1.2 host 172.30.2.2
    access-list 102 permit udp host 172.30.1.2 host 172.30.2.2 eq isakmp
    interface fastEthernet 0/1
    IP access-group 102 to

    ------------------------------------------------------
    crypto ISAKMP policy 110
    preshared authentication
    aes encryption
    sha hash
    Group 2
    life 42300

    ------------------------------------------------------
    ISAKMP crypto key cisco123 address 172.30.1.2

    -----------------------------------------------------
    Crypto ipsec transform-set esp - aes 128 R2TS

    ------------------------------------------------------

    access-list 101 permit tcp 10.0.2.0 0.0.0.255 10.0.1.0 0.0.0.255

    ------------------------------------------------------

    R2VPN 10 ipsec-isakmp crypto map
    match address 101
    defined by peer 172.30.1.2
    PFS Group1 Set
    R2TS transformation game
    86400 seconds, life of security association set
    interface fastEthernet 0/1
    card crypto R2VPN

    I don't know what the problem

    Thank you

    If the RIP is not absolutely necessary for you, try adding the default route to R2:

    IP route 0.0.0.0 0.0.0.0 172.16.2.1

    If you want to use RIP much, add permissions ACL 102:

    access-list 102 permit udp any any eq 520

  • Cisco SG300-10 Cisco 6513 and Shoretel phones

    I have a new ShoreTel phone system will soon.  Configure a dhcp, including option 156 scope which is required for ShoreTel to obtain the configuration on ShoreTel phones and in order to get on the vlan correct voice on the phone.  I also created a new vlan 112 for the vlan voice.  When I plug directly into the Cisco 6513 Core switch, the phone starts fine, it gets its configuration and on the VLAN correct 112.

    We have a training room in which there will be a lot of users.  I ordered 6 Cisco small business 10port SG-300 POE switches for this training room.  I plugged the switch in a cable coming off the 6513 which is just an access port and in the vlan voice I created for phones shoretel VOIP:

    interface FastEthernet10/11
    switchport
    switchport mode access
    switchport voice vlan 112
    priority queue queue-limit 20
    WRR-queue random - detect min-threshold 1 30 40 50 60 70 80 90 100
    WRR-queue random - detect min-threshold 2 30 40 50 60 70 80 90 100
    WRR-queue random detection threshold min 3 30 40 50 60 70 80 90 100
    WRR-queue random detection max-threshold 1 70 80 90 100 100 100 100 100
    WRR-queue random detection max-threshold 2 70 80 90 100 100 100 100 100
    WRR-queue random detection threshold 3 70 80 90 100 100 100 100 100 max
    WRR-queue cos-map 1-3-1
    WRR-queue cos-1 6 4 map
    WRR-queue cos-map 2 6 0
    WRR-queue cos-map 2 8 2
    WRR-queue cos-map 3 1 7
    WRR-queue cos-map 3 8 3 6
    MLS qos trust dscp
    Storm-control broadcasts 20 h 00
    spanning tree portfast

    When I plug a phone directly into this cable the phone works very well.  When I plug a cheap cisco POE switch in I can get 3 phones works very well, but due to the amount of energy needed for this cheap a cisco switch it will give only 3 phones power.

    The real problem here is plug into small business cisco SG300-10port POE managed switch.  I thought I could just connect the switch to the port configured above right out of the box and plug in phones without a problem.  When I plug the switch and start plugging in ShoreTel phones, they do not start coming in and upward and actually had a few phones upward but then finally there is no tone and also later, they appear on the screen as a service not available.

    I have to configure a trunk port on a port on the SG300 and the Cisco 6513 for this to work?  Also I will need to VLAN configuration manually on the SG300.  Looks like that when I just plugged it in to the above configured the port on the SG300 it automatically create the vlan 112.

    Any help would be appreciated

    Thank you

    Dave

    Double post.

    Go HERE.

  • Circuits between 2960 and SG300-20, error: CDP-W-NATIVE_VLAN_MISMATCH %

    Hello experts,

    I create links between 2 2960 switches and a SG300-20 but only on SG300 pops up an error: "% CDP-W-NATIVE_VLAN_MISMATCH: incompatibility of VLAN native detected."

    I have attached the file of configuration here for ease of analysis,

    Any help is appreciate

    Best regards

    Why assign ip addresses on vlan 97 (native) the SG300-20? Native didn't need the ip address or the SVI (L3) see related for example configuration based on your attachments. Note: represents XXX with any number of your choice.

  • Cisco SG300 - 28 p - Port security issue.

    Hi, I would like to activate the port security on a Cisco SG300 PoE 28 p Switch. I would like to know how this can be done in cases where port is more connected to desktop switches 8 ports and in cases where computers are connected directly to the switch.

    Thanking you in advance,

    Parth.

    This is described in detail in the section 'Configuration of Port Security' on page 326 to 329 of the document Cisco Small Business 300 Series Managed Switch Administration Guide.

    The difference between a port serving a desktop switch and the other directly serving endpoint is just the number of MAC addresses that you want to leave.

    You have any specific questions?

  • Cisco SG300 / ASA 5505 intervlan routing problem

    Dear all

    I have a problem with the configuration correctly sg300 layer 3 behind the ASA 5505 switch (incl. license more security)

    The configuration is the following:

    CISCO SG300 is configured as a layer 3 switch

    VLAN native 1: 192.168.1.254, default route ip address (inside interface ASA 192.168.1.1)

    VLAN defined additional switch

    VLAN 100 with 192.168.100.0/24, default gateway 192.168.100.254

    VLAN 110 with 192.168.110.0/24, default gateway 192.168.110.254

    VLAN 120 with 172.16.0.0/16, default gateway 172.16.10.254

    Of the VLANS (100,110,120) different, I am able to connect to all devices on the other VIRTUAL local networks (with the exception of Native VLAN 1; is not the ping requests)

    From the switch cli I can ping my firewall (192.168.1.1) and all the other gateways of VLANs and vlan (VLAN1, 100, 110, 120) devices

    Asa cli I can only ping my switch (192.168.1.254) port, but no other devices in other VLAN

    My question is this. What should I change or installation in the switch configuration or asa so that other VLANs to access the Internet through the ASA. I will not use the ASA as intervlan routing device, because the switch does this for me

    I tried to change the asa int e0/1 in trunkport (uplink port switch also), to enable all the VLANS, but as soon as I do that, I can not ping 192.168.1.254 ASA cli more.

    Any help is greatly appreciated

    Concerning

    Edwin

    Hi Edwin, because the switch is layer 3, the only necessary behavior is to ensure that default gateways to the computer are set on the SVI interface connection to the switch to make sure that the switch is transfer traffic wished to the ASA.

    The configuration between the ASA and the switch must stay true by dot1q, such as the vlan all other, unidentified native VLAN tagged.

    Also, if I'm not wrong, on the SAA you must set the security level of the port to 100.

    -Tom
    Please evaluate the useful messages

Maybe you are looking for

  • USB 2.0

    Heb een HP Pavilion T3340.nl through pc recorvery opnieuw installeren like heb ik welke. Alles works weer, echter usb poorten achter pc wel, maar Van poorten usb werken aan werken deny meer als ook reageert niet meer card reader. Wat is doing frills

  • Question on install the last WGA

    Dear all professional,. I use Windows XP for my day to day work. On last week, my Update window ask me to install the latest version of WGA, but during the installation it pop up to ask a "license agreement for the term and" However, the button "Next

  • My fan continues to run away, just bought today

    Hi, I just bought the new laptop HP, but the fan continues to run away even if when I'm not working on it. Is this normal or should I make some adjustments? Thankx

  • After I loaded Turbo Tax 2011, after that I connect to my PC, I get a blank screen with only the cursor showing. I am on Windows Vista.

    After I loaded Turbo Tax 2011, after that I connect to my PC, I get a blank screen with only the cursor showing. I picked up at an earlier date and reloaded the software TT 3 times with the same result. I tried of caraa start windows Explorer by usin

  • Size of PSU or of connector HP 6100 (F3185WT)

    Hello I have an old HP6100 (F3185WT) with a touch of bad connector on the power supply.  Can someone tell me the exact connector size please?   It is 1.7 x 4.8 mm by 11mm long?  Having a hard time finding a diet including the correct end to this topi