Cisco Catalyst Switch Setup
I recently acquired a 2950 switch brand new, this is now on production but I needed several things to be setup on the switch such as SNMP, setup an IP to access it over a browser, etc. etc.
Do you know somebody who offers a setup service for cisco switches?
View Complete Thread with Replies
Related Forum Messages:
Cisco Switch IP Route Setup
Cisco Switch IP Route setup
This is probably an easy and simple task for someone that have a good knowledge in Cisco, BGP and Blackhole/Synchole communities.
We do have a Cisco 2948G that is our border and through this equipment we apply Blackhole (a sequence of commands to filter all the traffic from the world except our country, this is done by communities that is setup in cisco).
These are the sequence of the commands to apply it for IP 189.1.XXX.40
Enter configuration commands, one per line. End with CNTL/Z. asw-hl01(config)#router bgp 184XX
asw-hl01(config-router)#network 189.1.XXX.40 mask 255.255.255.255 asw-hl01(config-router)#exit
asw-hl01(config)#access-list 50 permit 189.1.XXX.40
asw-hl01(config)#ip route 189.1.XXX.40 255.255.255.255 Null0 250 asw-hl01(config)#
I have another Cisco 2948G that is connected in a FastEthernet port of the border above, and this other cisco is holding another subnet. To make it clear,
Border - I have 189.1.XXX.1 ~ 189.1.XXX.127 (subnet 255.255.255.128)
Cisco2 - I have 189.1.XXX.128 ~ 189.1.XXX.255 (subnet 255.255.255.128)
This is being done through a ip route from Border to Cisco2 to forward subnet 128 ~ 255 to the switch,
ip route 189.1.XXX.128 255.255.255.128 172.16.1.2
Ps: 172.16.1.2 is the internal IP for switch2
Now we go to the problem. If I want to apply a Blackhole (those sequence of commands for an IP located at subnet 128 ~ 255 switch2) it block all the traffic for that given IP, and I cant get access from national backbones. To make it clear,
Blackhole for IP 1 ~ 128 - It works fine
Blackhole for IP 128 ~ 255 - It doesnt work correctly, instead of blocking only international traffic its blocking everything in the world
Cisco Catalyst WS-C2924-XL-EN
if I could use a Cisco Catalyst WS-C2924 in a datacenter environment without any issues? Anything I should know about this model? Just looking for a cost effective and used switch to start out with. Switch Configuration and Graphs?
Cisco Catalyst 2960G Vs. Foundry FLS624
We're evaluating options on new switch deployments and wish for advise or opinions. We have experience with 2950's but want to move up into all gigabit devices. They will be used for pure L2 purposes as front-end access switches for server racks.
For our needs (24 port, all ethernet, L2 only) it looks like these two competing models fit our requirements and budget:
Cisco Catalyst 2960G (about $2150):
Foundry FLS624 (about $2400):
It's a tough decision because we have no experience with Foundry products, but from the spec sheets the price vs. performance ratio seems amazing (almost too good to be true).
You have to wonder if they get their ratings only under one specific situation in which you never encounter in "real world" use.
For those of you using Foundry what models are you using for your access switches to your web severs? Is there a better model for our application? What's your overall opinion of the products and service? Would you invest your entire network to them?
We have a mix of various vendors right now for switching / routing (Juniper, Cisco and Riverstone), but looking to the future being more vendor centric to either Cisco or Foundry for switching will be the model (using Juniper for routing). We've also considered other vendors such as HP, Extreme, etc, but ruled these out for a variety of reasons.
7800 Router Vs Catalyst Switch
i am thinking about upgrading things at the colo soon and am looking for some comments.
my current configuration is like so:
my bandwidth is delivered over fast ethernet and it is plugged straight into a cisco 3550 switch. i have the ip range they have assigned me cut up in to vlans the way i need.
i snmp poll the switch for traffic statistics with rtg.
this works fine, im only working about 10mbit avg so no biggie.
well, i am considering picking up another provider (super cheap cogent) to adding it to the pile. i want to get bgp setup and have my own address block assigned by arin (unless my carrier now lets me announce their address space out cogent). getting a ASN isnt a problem, and i have done some tinkering with bgp in the lab.
so anyway.. i am having a bit of a time figuring out what would work better for me, a 7200 series vxr router or a 4500 series catalyst. what would be the pros and cons of either one?
I am looking at picking up a switch to mess around with at home. I found the following within driving distance but have no idea of which one will give me more up to date, hands on experience. Any feedback is greatly appreciated.
Used Cisco WS-C5509 Chassis with power supply ( POWER SUPPLY 34-0870-01), and fan (WSC5509FAN)
Cisco WS-X5530-E2 Supervisor Engine III Modules
Cisco Systems WS-U5537-FETX CISCO 4 PORT 100BASETX UPLINK MODULE
Cisco WS-X5234-RJ45 Switch Modules X 8
Cisco WS-C5500 Chassis
POWER SUPPLY 34-0773-03
Cisco Ws-x5550 Supervisor Engine Iii G-series
WS-X5234-RJ45 X 11
Cisco WS-C5505 Chassis
Cisco WS-X5530-E2 Supervisor Engine III Modules
Cisco WS-U5533-FEFX-MMF Supervisor Engine III Uplink Modules
Cisco WS-X5225R Switch Modules X 2
How To 2 Cisco 2950 Switch Connect Together
I have 2 racks in a DC that cross connected together. Now, the datacenter gives me 1 port and I would like to put 1 switch at each rack. I have successfully set up 1 switch and connect to the internet. But, I am unable to set up the other.
Below is a diagram of what I want to do: ...
Assigning IP Addresses For Cisco Switch
I'm switching my colo and I currently am going to be hosting in my own colo; therefore I'm going to be switching IP addresses for all my servers.
I have a cisco switch, an APC and a few servers ... I know how to change the IP addresses within linux, but I do not know how to assign them within the switch.
Does anyone know how to do this?
Also, since I'm changing everything, does anyone know if the gateway IP address on each server has to be changed? If so, then how do you do it?
Switch Cisco 2924 Or 2950
Since now I utilize Cisco 2924 in my racks, now I am going to install a new rack and I want to know if to install again 2924 or you recommend me 2950? what important differences (pros and cons) offers the 2950 front to 2924?
Cisco IOS Router Vs. ASA Firewall For Small Colo-racked Setup
I am in the process of gathering the peices to move from a dedicated box to my own hardware in a local colo and am undecided how best to choose the edge device.
The colo has a 30Mb pipe with about 10Mb of it being constantly used during biz hours. Another 10Mb is being allocated in the next couple of months. I want to be able to burst to the full 30Mb when needed.
I am getting 12 IP's allocated but will increase to 24 soon if all goes well (fingers crossed!).
I will have for starters just a single Proliant running dnp on 2008 with IIS, FTP, Mail, ns1 and a 2003 VM running my secondary ns.
What I am unsure of is the edge device and looking for others that have used either a 2800 series router or a ASA5500 series firewall in a similiar fashion. I know what the raw throughput of each device is, but raw benchmarks are not realworld numbers by any means.
I am looking at the 2801 with IOS Firewall turned on and hopefully even some inspects for FTP and HTTP traffic. The other option and one that I am less familiar with is to use the ASA5505 instead which will do my basic routing but supposedly provide more thourough inspects and advanced rules.
Does anyone have experiance with either of these in a hosting environment and have input on the realistic throughput one can expect from either device?
There is a signifigant cost difference with the ASA5505 being much cheaper but I am more familiar with IOS. Would anyone recommend a 1841 router instead?
Procurve Vs Catalyst
We are currently looking making some switch changes in our rack as we are expanding.
We don't push a whole lot of traffic (currently 15MBPS) but would like to think ahead for growth.
We are looking at using either the Procurve 1800-24G which will provide web managed 24 10/100/1000 ports or the Cisco Catalyst Express 520-24TT which provide web managed 22 10/100 & 2 10/100/1000 Ports.
Connected to these switch would be our servers and then uplink to our firewalls.
HP is cheaper and provides faster ports, but would Cisco provide additional value over the HP because it's Cisco and their experienced technology?
Dedicated Or Reseller Setup With Virtualization Or Decent Chroot Setup
As my clients' needs expand, they're asking for chroot ssh/sftp setup. I'm currently on a dedicated Linux setup but don't really have the time to set up a whole new box with full virtualization or investigate a full chroot solution (baby on the way), and to be honest it would be less hassle to move to a new provider than worry about down time with sites.
What I'm looking for:
- linux hosting
- hosting for 30+ accounts, some with several domains
- at least 6 IP addresses for SSL certs
- each account in a full chroot environment (ssh/sftp/ftp) so they can't poke around each others' files, or each account set up in a virtual machine setup (ie: openvz)
- php 5, mysql, perl 5.8.8
- suexec apache would be nice
DNS Setup And FTP Setup [LXAdmin/HyperVM]
I have learnt it is harder to setup than I initially expected (since I have just moved from a shared hosting service). I am in need of some help setting up my DNS servers, as I am very confused. Here is most of the info I know:
1) I am running HyperVM
2) I've installed LXAdmin
3) I own the domain (purchased from xeodomains.com) runemart.com
4) My VPS hostname is: vps.runemart.com
5) I know my IP
6) My host has said:
'For VPS customers that have a HyperVM login you can now host forward DNS on the DNS servers rdns1.vaserv.com (US)rdns2.vaserv.com (UK'
And I am unsure what this means/how to do it.
I am not sure if I need some more information to set up my DNS, however I am sure that I can get it if I do.
Now, my questions begin. Firstly, I need to point my domain - runemart.com - somewhere. I believe I need to set up my DNS via HyperVM or LXAdmin so that they are something like: ns1.runemart.com and ns2.runemart.com. Though, is this correct? Am I able to set up my own actual domain name servers, or will my domain have to point at something like rdns2.vaserv.com?
If anyone can assist me in this I would be very greatful, as I am waiting to get my website running. This is all I will ask for now, I will take it one step at a time =).
Cisco PIX 501
I just got a Cisco PIX 501 from my IT Guy for home use and he didn't reset the firewall to default settings so there are ton of old commands in here.
Is there a command I can use to reset the firewall back to the factory default settings?
Or is there anyway I can flash it back to factory default settings?
I am interested to buy a Cisco ASA firewall. So far I have never played with this gears and I wonder if it is easy to setup.
Is there any software provided by Cisco to setup rules and ACL thru some graphic interface software ?
Which Cisco Firewall?
We are looking to replace our existing WatchGuard Firebox's with a hopefully more reliable firewall from Cisco's range although I'm a bit lost when it comes to the different ranges.
Could somebody suggest a firewall that is capable of:
1: Both NAT & Drop-in (bridge) mode
2: Pretty low bandwidth requirements, no more than 10mbit/s traffic
3: SNMP Monitoring
4: High availability pairing
I am on a tight budget for a Cisco firewall. I am browsing and seeing some affordable options in the x600 series.
Please tell me, which series is best?:
The higher the better?..
Also what about submodels, like is 1650 better than 1600?
And how can I tell how much DRAM each one can take up to?
I see a lot of DDos related articles here at WHT. We've got hit multiple times by DDos and had to handle those attacks everytime with a different approach.
The largest one and the most well know one (we were in Times Mag, AP news, CNN, slashdot, you name it - just do a search about us on WHT) was Russian botnet cyberattack - we had to anaylyze netflow and then block everything on our edge routers, then on the firewall and then locally on the servers.
Since then we had number of other attacks, some of them we were not able to defend on the server level, while, as you can understand we can't do netwflow and manual intervention evey time somebody gets an attach.
We have very good scripts which allow to mitigate huge number of DDos attack, whet our scripts are finding attacking IPs and blocking them automatically - still some attacks could be blocked only on the router level.
I've read that Cisco Guard (I am interesed in 65xx version of it) suppose to mitigate DDos attacks in automatic mode.
after months of disruption moving servers into a new data centre, our once reliable colocation company has now had nearly 6 hours downtime in the last 16 hours. So much for network redundancy.
I'm trying to learn about network. I bought Cisco 2950 for testing. I set it up and finding out the way to cap its ports at 20Mbps or 50Mbps. Do you know what command or how to do this?
Also what command to check the port speed or to uncap the port?
I am setting up a small ccna lab and i have RIP working and i can ping my lan from both routers, but only certain hosts on the lan from the one router the setup is
router 1 E0 192.168.1.45
Serial0 10.10.10.2 (of router2)
I can ping 192.168.1.102 from router 2 and 192.168.1.45 but no not 192.168.1.201 ... or 192.168.1.1
also i can ping 192.168.5.4 from 192.168.1.102 which is a linux box and an ip route to tell it that 192.168.5.0 can be gotten from 192.168.1.45
Which Cisco Router To Use
I am currently looking at these Cisco switches:
- Cisco 2924 WS-C2924-XL-EN Enterprise Switch
- Cisco 2950 WS-C2950-24 Catalyst Switch
- Cisco 3512 WS-C3512-XL-EN Enterprise Switch
- Cisco 3524 WS-C3524-XL-EN Enterprise Switch
- Cisco 3548 WS-C3548-XL-EN Enterprise Switch
1) I was recommended to chose the XL-EN model switches because it seems they have more Memory, but the second one in the list (Catalyst) is not a XL-EN, is that going to have any affect performance wise? or it doesn't really matter?
2) I was also recommended to choose managed switches because that way I can use the SNMP features to measure bandwidth, are any of the switches above unmanaged?
3) I also want to be able to manage the switch remotely, web managed, are any of the switches above web-manageable?
4) Most importantly, when my datacenter give me a 100mbit drop, I dont know which port to plug it in in the 29** series. In the 35** I see it clearly but I am not able to see it in the 29**, any ideas?
5) On some of these switches I see a special port called "Console", what is it? where does that connect to?
6) Do any of the switches above not have a console port?
Cisco ASA Security
My network currently looks like this :
ISP ->> L3 Switch ->> Firewall (Transparent Mode) ->> Switch ->> Servers
I have a single /24 and my firewall is on x.2 and routes traffic for each of the servers.
Now i have a new Cisco ASA 5510 that i want to replace the aging firewall currently in place, however i dont want to put the firewall into transparent mode because i dont want to lose all the functionality.
Now with most firewalls your outside subnet cannot be the same as your inside subnet, which is fine if you are using NAT but i dont want to NAT. I need all of my servers to remain with their public ip addresses.
So what is the ideal way to setup something like this? Request my ISP give me a /30 for the ASA outside interface or something? And then ask them to route my /24 through the /30 new subnet?
Qos Cisco 3600
whether I can grant a specific vlan priority over all other traffic..and if so does anyone know an appropriate site where I can find documentation on how to do so?
From the posts in this forum it would appear that a number of forumites are colocation service providers and web hosters that use Cisco gear.
I was reviewing the Cisco End User License Agreement that was included in the router box. Under the General Limitations section, "Customer shall have no right, and Customer specifically agrees not to:", item (iv) states, "use or permit the Software to be used to perform services for third parties, whether on a service bureau basis or time sharing basis or otherwise, without the express written authorization of Cisco".
Does this mean that a service provider is required to acquire
a separate license similar to the Microsoft Service provider license?
I have a cisco 2960G switch that I used for colocation, the colocation provider does all the routing all I need is this switch. It's just a plug and play operation, however I now need to do some more difficult stuff.
So, I plugged their bandwidth uplink into port 20.
I have really no idea on how to setup anything other than the basic of the switch.
Is it possible to setup Private Vlans in this situation? I am in need of a setup like this:
All port 1-19 in private vlans, but still able to communicate with port 20 to get internet access. Port 1-19 cannot communicate with each other except by going through port 20, through the internet.
I also want to know if it's possible to statically assign each port with a specific IP? Just say I want all traffic to a static ip to only go to port 1? Is that possible? I want to be able to limit the control of IPs through the switch not through the server.
Right now all my IPs are assign on the server level, meaning the server can take each other IPs and mess with each other connections.
at 11x 2851's. When we got the quote they had added on Cisco Advanced IP SERVICES.
We arent sure if that is just the security bundle, or something they are trying to toss on for more money.
2851 w/ AC PWR,2GE,4HWIC,3PVDM,1NME-XD,2AIM,IP BASE,64F/256D
Cisco 2800 ADVANCED IP SERVICES
Maximum Compact and USB Flash
Four port 10/100 Ethernet switch interface card
Updated 1-Port T1/Fractional T1 DSU/CSU WAN Interface Card
64 to 256 MB CF Factory Upgrade for Cisco 2800 Series
256MB USB Flash Token for Cisco 1800/2800/3800 series
Cisco 2821/51 AC power supply
Device manager for routers
256MB DDR DRAM Memory factory default for the Cisco 2800
8X5XNBD Hardware Replacement 2851 w/ AC PWR,2GE,4HWIC,3 (1 Year)
Cisco IOS Licensing
My understanding is that the IOS software running in most of their products is non-transferable. So clearly this prevents a user from receiving updates if they purchase used hardware (i.e. ebay). However, isn't it possible to purchase an IOS software license from Cisco for any of their supported product?
Their web site is a mess! I've spent, literally, hours on their site trying to figure out how to purchase such a license, or how to purchase a service plan that might entitle me to IOS updates.
And how does "SMARTnet" fit into this puzzle? Do I need a SMARTnet contract to download maintenance updates, even for *new* hardware that I've purchased?
Procurve Vs. Cisco Vs. Juniper
I've been reading and searching on here as much as I can to try to help me in making a decision, unfortunately when I think I know what to do, I read something else and get confused again.
We are in the process of moving networks within our datacenter and will have 2 drops coming into our half-cabinet. We have about 7 servers in there, some for our own use and some for clients. In all cases, we manage the servers and are the only ones with root access (no need for VLANs for the purpose of protecting IPs etc).
We currently have a single drop and use an HP procurve 2524 layer2 switch that has been in there for over 6 years and never had a single hiccup. We also don't push much traffic at all though. Under 5mbps combined.
My question though is this: moving to the new network we will have 2 drops that are set up as HSRP on their end (upstream of me, I don't have to worry about having two switches). In order to use the dual feeds, we will need a Layer3 switch. One feed will be active, the other is not, both are connected to the switch via a VLAN and provide a gateway for VLAN2 to use. I have never used a layer3 switch, though I'm not *too* concerned since I don't expect we'll be doing anything too complex. My understanding is that one VLAN (VLAN1) will be set up with an IP address assigned to each drop and that VLAN1 will create a gateway for VLAN2. The second VLAN (VLAN2) will be all our "inside" client IPs that will then route through VLAN1.
I was briefly checking out the cisco 3750, but I think it's overkill...? I don't want to spend too much money, since I don't think we need any complex setups, at the same time, I don't want to waste money by buying something that won't work efficiently down the road.
My immediate short-list is now an HP procurve 2610, an HP procurve 3500 J9470A (not the YL), and a Cisco 3560 24-TS.
Of course, then someone mentioned Juniper (whom I have zero experience with either) and hence the title to my thread... I'm thoroughly confused. I was looking at the EX3200-24T.
Ok, so if I have to boil this down to some simple requirements/thoughts... here goes:
1. I only need 24 ports for now.
2. I use SNMP currently to monitor usage for clients (and overall)
3. I like HPs and have used them for layer2, I like their lifetime warranty and software availability
4. I don't have direct experience with Cisco at all.
5. Aside from routing from one VLAN (provider side) to another VLAN (my side), I don't think I need any other special features (hence the hp 2610 being ok I think, since it offers "lite layer3")
6. Some people say HP is great for layer2 but not for layer3? Now I dont' know what to think.
7. Currently use about 2mbps and might jump to 3 or 4mbps, but don't have major needs. I'd like for this switch to be able to last me a while though... so maybe 20~40mbps+? (but still not the hundreds of mbps that others here push
8. If possible, I'd LIKE to limit some servers to 1mbps or 2mbps on a per-port basis... but this is not a hard requirement. (I think this takes the 2610 out).
Budget: I like the $500 price tag of the 2610, but can spend the $1500~$2000 for the HP 3500, Cisco 3560, or Juniper. I would just rather not, if the price/features are not justifiable.
Hopefully I've provided enough information for someone to offer their insight? I think a few strategic key points or questions from someone with more experience might be what I need to help me bust through the "too many choices" fog and end up with the best switch for my situation...
L2 Switches......Cisco, Dell And HP
we are a small shop...
Not looking to buy another switch but we have a crapshoot of switches around. Dell 5448,
HP 2910 and a Cisco 3560.
I'd like to keep the the Cisco back in HQ stock since it's a POE switch.
We are colocating just 1 SAN intially. Max of maybe 7-8 Servers total in the future. Not alot of bandwidth and doing L2 traffic only. Any issues with either the Dell or HP in the colo environment from a production standpoint. We have used a couple of Procurves in our environment, and the dell switches were freebies that were part of our last order.
Basically, it would look like this
ASA5510 serving as main headed VPN
2 Branch Offices connecting to it
One L2 Switch. 2 - 3 Seperate Vlans with a trunk port back out to the ASA5510
Cisco ASR 1000 Router
I'm buying Cisco ASR 1000 router that should handle 2 Gbps bandwidth. Please advice on components, models, etc.
I have a vendor, but I'll appreciate any reference, based on your experience, on where to buy one at reasonable price. I think I can probably get refurbished ASR 1000 or similar as well, if the vendor can guarantee the quality of the device.
Buying A Cisco 6509-E
I am considering buying a C6509-E and I wanted to get a feel for that which I am about to do is hopefully a good move, and not a bad one. My traffic patterns are similar to what I suspect many of you experience. My traffic levels hovers around 2 - 300 mbit, but we are about to start offering more colocation services.
I also do internet facing bgp routing.
I was thinking something like this:
1 x C6509-E Chassis
1 x VS-S720-10G-3CXL 720 with 2 ports 10GbE MSFC3 PFC3C XL
1 x MEM-C6K-CPTFL1GB Compact Flash Memory 1GB
1 x WS-X6724-SFP 24-port GigE
1 x WS-C6509-E-FAN Fan tray
2 x WS-CAC-3000W
I will probably add on the forwarding card to the 6724 once my traffic levels rises more.
Additionally I would probably be getting one more identical box a little later.
Could I get any feedback on this setup, is there anything I've missed?
Also, if you have bought a similar setup before I would love to to be given an idea of what I should expect for pricing?
Buying Cisco 7201's
Our company just outgrown our linux routers, so we're getting ready to buy a pair of 7201's. I'm one of the programmers, not the network engineer, so I'm not sure about the details. All I know is that we will buy a pair of 7201's soon.
what they go for after discounts? Resellers/vendors feel free to chime in.
Cisco 2950 Vs. 2960
Is there much advantage to going with the 2960 series switches vs. the 2950 series? Basically I'm looking at 24 port and 48 port switches (10/100) with GBIT (copper) uplinks.
Cisco 3750G Series
I'm researching hardware alternatives to the Foundry switches we currently employ in our DCs. I'm focusing in on the Cisco 3750G-24TS, which seems to cover all the bases I need from a hardware standpoint. What I'm looking for from this crowd is any information they can share about that switch from a service & reliability perspective, especially how Cisco has treated you when you run into problems with the devices.
Cisco Asic Performance
I know this isn't exactly the right place but I have seen some VERY good Cisco expertise on this forum so I wanted to ask a few questions. We are getting ready to do an upgrade/migration from some older equipment. We are still trying to decide what HAS to be ugpraded and what to buy. I have been researching a lot but I still need some explanations regarding fundamental hardware differences between the sup720 and supII.
1) On the sup720 are both of the gig ports handled by the same ASIC?
2) What is the difference between a COIL asic and a Pinnacle Interface? Same thing?
3) This is just more of a tag on for item #2. In general, what kinds of asics are on the Cisco modules? Same kind eveywhere?
We still have lots of SUPIIs and are unsure if they HAVE to be upgraded right now.