Search this Blog

Thursday, March 31, 2011

How to connect the wireless bridge to a layer 2 port

QSolved Question: We have a Microwave wireless bridge connecting two 3750 switches. The wireless bridge is connected to a layer 3 port on the 3750 at each end and all is working fine today. We have some application requirements that we need to connect the wireless bridge to a layer 2 port, basically a trunk port on the 3750 at each end. Please see attached diagram.Has anyone done this before ?

Qsolved Answer : I've seen this done before where the wireless bridge simply acts as a transport mechanism. If you have a stable microwave link, there's no real issues but obviously this type of set up is more susceptible to interference issues.

Example: Figure 4 outdoor wireless VLANs deployment with Cisco equipment.Click here for the reference link.

Points of interest

- Be aware of any limitations with MTU for your microwave link and ensure it can accomodate any extra bytes if you are using 802.1q trunking

18bytes for ethernet header inc CRC

4 byte for the 802.1q tag

1500bytes for the IP MTU

total = 1522bytes.

Brain storming a little

- unstable trunk links will affect switches that carry the same VLANS as the trunk link - typical Layer 2 spanning-tree type issues

- if you intend to use a redundant links, you'll need to consider the fact that if the wireless goes down, the links on the switch will stay up, potentially black holing traffic, where as Layer 3 routing protocols have hello packets which could detect if the link is down.

You could use probes and scripts such as EEM to automate these kinds of things.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, March 30, 2011

How to read load distribution between GE links?

Qsolved Question: we are using a 6509 with L2 etherchannel configured. could someone enlighten us- how to read load distribution between GE links. is there a way to express this in percentage?

6500#show etherchannel port-channel
Channel-group listing:
-----------------------

Group: 2
----------
Port-channels in the group:
----------------------

Port-channel: Po2
------------

Age of the Port-channel = 1025d:04h:08m:47s
Logical slot/port = 14/1 Number of ports = 1
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -

Ports in the Port-channel:

Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 FF Gi3/1 On 8

Time since last port bundled: 647d:21h:46m:49s Gi4/16
Time since last port Un-bundled: 641d:06h:08m:39s Gi4/16

Group: 3
----------
Port-channels in the group:
----------------------

Port-channel: Po3
------------

Age of the Port-channel = 1025d:04h:08m:47s
Logical slot/port = 14/2 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -

Ports in the Port-channel:

Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 55 Gi3/16 On 4
1 AA Gi4/1 On 4

Time since last port bundled: 208d:00h:01m:40s Gi4/1
Time since last port Un-bundled: 208d:00h:17m:15s Gi4/1

Group: 4
----------
Port-channels in the group:
----------------------

Port-channel: Po4
------------

Age of the Port-channel = 1025d:04h:08m:48s
Logical slot/port = 14/3 Number of ports = 2
GC = 0x00000000 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = -

Ports in the Port-channel:

Index Load Port EC state No of bits
------+------+------+------------------+-----------
1 55 Gi3/4 On 4
0 AA Gi3/5 On 4

Time since last port bundled: 184d:12h:17m:09s Gi3/5
Time since last port Un-bundled: 184d:12h:23m:04s Gi3/5

Qsolved Answer:

As naive as it may seem, I would simply have a look at the input/output counters in the show interfaces command output (see the counters for the appropriate physical interfaces that are bundled in an EtherChannel). I am not sure if there is any command that would directly show you the percentage of traffic distribution over an EtherChannel bundle but I guess the counters in show interfaces will provide you with the basic data to compute the ratios yourself.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Trying to link test LAN to Production

Qsolved Question: We have some spare equipment and we are trying to access the internet via our production LAN, from a test LAN. We have a 6506 as our core switch, a 3560 acting as a Layer 3 switch connected to the 650 and an ASA 5520 firewall. We have posted configs below. First, the connections:

GigabitEthernet3/1 on the 6506 is directly connected to GigabitEthernet0/25 on the 3560. (our test LAN)

GigabitEthernet0/26 on the 3560 is directly connected GigabitEthernet0/1 on the ASA, which is designated as the Inside interface. (The internet access "router")

GigabitEthernet0/0 on the ASA (outside) is directly connected to the Production Core switch, which is a 6513. (the firewall prior to the "internet")

Also, VLAN 500 with an ip address of 10.50.0.254 is defined on the Production 6513 so that the NAT address from the test ASA will be able to communicate

In the configurations below, we can successfully ping all production IP addresses from both the ASA and the 3560 (they are 192.168.x.x IP's)

We can successfully ping the IP addresses on the 3560 and the inside interface of the ASA from the 6506.

We cannot ping production IP addresses from the 6506 - basically anything outside the firewall.

Here are configs for each. Note that on the 6506, I can't enter switchport trunk encapsulation dot1q but when I check the capabilities of the interfaces, they are all dot1q enabled:

6506:

vtp domain domain-name

vtp mode transparent

ip subnet-zero

!

vlan 120

!

interface GigabitEthernet3/1

description To 3560 Gi0/25

switchport trunk native vlan 120

switchport mode trunk

!

interface Vlan1

no ip address

shutdown

!

interface Vlan120

ip address 10.10.20.254 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.20.1

3560:

vtp domain domain-name

vtp mode transparent

ip routing

!

vlan 120

!

interface GigabitEthernet0/25

description From 6506 Gi3/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 120

!

interface GigabitEthernet0/26

description To ASA inside interface

no switchport

ip address 10.10.40.254 255.255.255.0

!

interface Vlan1

no ip address

shutdown

!

interface Vlan120

ip address 10.10.20.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.40.1

ASA 5520:

interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 10.50.0.1 255.255.255.0

!

interface GigabitEthernet0/1

nameif inside

security-level 100

ip address 10.10.40.1 255.255.255.0

!

same-security-traffic permit intra-interface

access-list traffic_out extended permit ip any any

access-list traffic_in extended permit ip any any

!

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

access-group traffic_in in interface outside

access-group traffic_out out interface inside

route outside 0.0.0.0 0.0.0.0 10.50.0.254 1

That's all. We'll crank down the security on the firewall if we can ever get the test 6506 to communicate with production.

QSolved Answer:

Sounds like a routing issue. Does your firewall know how to get to the inside addresses? i.e. in your case 10.10.20.x. You might need a route inside statement.From your config you 6506 has a static to the 3560 and the 3560 has a static to the firewall. You also need the reverse else the traffic ain't going come back .It works from the firewall and the 3560 because they have connected interfaces in those subnets.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */