Search results for query: *

Hi Andy, Thanks for the help. I think I'll go with the ACL option. Customer has Sup720s so should be taken care of in hardware as you said. Cheers, Piass

Yes, I've used it before on production networks without any problems. You just need to take a little more care when setting up trunks and channels. Just make sure that things like the native vlan are the same at both ends.

Thanks for the advice guys. Andy - I think you're probably right with your explanation, and yes, I wouldn't really want to run all traffic through the FWSM. The other option I just thought of would be to have an access list on every vlan interface except the management one denying telnet, but...

Hi all, I'm trying to restrict telnet access to a 6500 switch with multiple VLAN interfaces. However, I want to restrict it based on destination address, not source address. I've tried the obvious access list, e.g., access-list 101 permit ip any host x.x.x.x (I'm writing this from memory so not...

A routing protocol such as OSPF should do equal cost load balancing. Then depending on the switching type, the router should load balance per destination or per packet.

I would guess that either the switch only supports dot1q, therefore there's no option, or your software version is old or has a bug in it. You could try checking the command reference on CCO for your version of s/w.

Try this to start with: http://www.cisco.com/warp/customer/459/40.html#4 If the ISPs have CE routers on site, then you could perhaps get them to advertise a default OSPF route, then your routers will have 2 equal cost paths and load share.

6.4(3)was recently annouced as GD (General Deployment). This basically means it has been well tested in the real world. http://www.cisco.com/warp/partner/synchronicd/cc/pd/si/casi/ca6000/prodlit/2212_pb.htm For the MSFC there's a version named "safe harbor". This should be the most...

You might want a switch that can supply inline power to access points or IP phones. This negates the need for a power outlet next to the access point or phone. The current standalone inline power switch from Cisco is the 3550-24-PWR. This is $3.5k list price for the standard version.

If you don't want to go down the BGP route (which would be the best, but perhaps most daunting) there are products available for this specific scenario. I know that Radware used to do one. Have a search on their website. It does some kind of calculation to work out which ISP to take to get to...

You're definitely on the right lines with that design as far as I can see. You might want to have one VLAN for every couple of hundred users, and therefore a /24 subnet. This might mean that you put the first several 3550 switches into Vlan 10 (for example), then the next few 3550's into Vlan...

If the client has a 10.16.x.x address, then they must be connected to a switchport that is assigned to Vlan 1. You would just change the switchport allocation, e.g. Switch#conf t Switch(config)#int g3/1 (or whatever) Switch(config-if)#switchport access vlan 1 Just remember that the client's...

If they're all configured on that switch, then all VLAN's should be able to communicate with eachother by default. Check that all the VLAN's are active by doing a "show vlan" or "show ip interface brief". One of these commands should help out.

First off, check that all your line cards are supported on both native and CatOS. They should be, unless any of them are particularly new. In that case, you may not have a choice. Next, do you have redundant supervisors in the chassis? Native failover times are much longer than for CatOS. CatOS...

BuckWeet is correct. The Sup III will do interVLAN routing. If you have a choice, go for the Sup IV. I think it's actually slightly cheaper and performs slightly better.

sounds like maybe you're configuring the management VLAN. The management VLAN can only be one specific VLAN. You can change it from the default of VLAN 1, but as soon as you do this, it will state that VLAN 1 is now shutdown. To create user VLANs, you do it in a different way. If the switch...

webnetwiz - why wouldn't you setup trunks between your core switches? sreid - I would go with KiscoKid's advice. As this will become an important link, it would be advisable to use 2 connections and etherchannel them together. If you do this, use one port on each supervisor. Then, if one of...

I would suggest that you try to find out how exactly etherchannel works on the 2900XL switches. It never just load balances 50/50. It uses a hash algorithm based on one of a few variables. I know that on the 6500 it can be configured to use source and destination MAC addresses, or IP addresses...

Sounds like you need CiscoSecure ACS. You could then setup different access levels for different people and control it all centrally via CiscoSecure. It will show you how logged in and when, and for how long etc etc. It can also be used to authenticate users dialling in to your network...

If you ask me, you're asking for trouble trying to run both. Try a proper protocol like OSPF OR IS-IS.