We currently have a miniature test network configured like so:
Fast Ethernet 0
Fast Ethernet 1
switchport access vlan 2
Fast Ethernet 2
switchport access vlan 3
Fast Ethernet 3
switchport access vlan 4
- ip address 10.0.0.52 255.255.0.0
- ip address 192.168.0.1 255.255.255.0
- no ip address
- no ip address
Machine A (10.0.6.9) -> Fast Ethernet 2 Fast Ethernet 3 -> Switch
Switch -> Fast Ethernet 0 Switch -> Machine B (10.0.6.10)
Vlan 3 & vlan 4 in bridge-group 1 with bridge irb and bridge 1 protocol ieee
Using a Cisco 887M on "Cisco IOS Software, C880 Software (C880DATA-UNIVERSALK9-M), Version 15.0(1)M3, RELEASE SOFTWARE (fc2)"
We are attempting to use Fast Ethernet 2 & 3 to have a transparent firewall whilst also using the cisco as an EZVPN end-point with the implicit vlan 1 as outside and vlan 2 as inside.
We are experiencing 2 problems:
Number 1: ========== When a network cable is unplugged from either of the FastEthernet ports in the bridge group and re-plugged, the vlan interface status ends up as: VLan is up, Line Protocol is down
and does not re-enable until we do: config term interface vlan X shutdown no shutdown
Does anyone know if there is a way to automatically bring the VLAN and therefore the bridge group back to forwarding when the FastEthernet interface comes back up?
Number 2: ==========
Machine A is unable to communicate with the Cisco on IP address 10.0.0.52 through the bridge (I am under the impression that the traffic should flow from machine A, through the bridge, to the switch and back to FastEthernet 1), whilst Machine B can ping and SSH to it with no difficulty. Wireshark on Machine A shows that the machine receives no reply to an ARP "Who Has 10.0.0.52?" request.
Does anyone know why this is and if there is a way to correct this?
For our config see below:
version 15.0 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname CiscoVPN ! boot-start-marker boot-end-marker ! logging buffered 4096 ! no aaa new-model memory-size iomem 10 clock timezone GMT 0 ! ! ! ip source-route ! ! ! ! ip cef ip name-server ---.---.---.--- no ipv6 cef ! ! ! ! ! ! ! ! crypto ipsec client ezvpn voip connect auto group ----- key ------ mode client peer ---.---.---.--- nat allow username ---- password ----- xauth userid mode local ! bridge irb ! ! ! ! interface Loopback10 ip address 192.168.99.5 255.255.255.255 crypto ipsec client ezvpn voip inside ! interface BRI0 no ip address encapsulation hdlc shutdown isdn termination multidrop ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface FastEthernet0 switchport access vlan 9 ! interface FastEthernet1 switchport access vlan 2 ! interface FastEthernet2 switchport access vlan 3 ! interface FastEthernet3 switchport access vlan 4 ! interface Vlan1 description VPN-Internet-Access ip address 10.0.0.52 255.255.0.0 crypto ipsec client ezvpn voip ! interface Vlan2 description VPN-Internal ip address 192.168.0.1 255.255.255.0 crypto ipsec client ezvpn voip inside ! interface Vlan3 description Bridged-Interface no ip address bridge-group 1 ! interface Vlan4 description Bridged-Interface no ip address bridge-group 1 ! ip forward-protocol nd no ip http server no ip http secure-server ! ip route 0.0.0.0 0.0.0.0 10.0.0.1 ! access-list 1 permit ---.---.---.--- access-list 1 permit ---.---.---.--- access-list 1 permit ---.---.---.--- access-list 101 permit ip ---.---.---.--- 0.0.1.255 any access-list 101 permit ip ---.---.---.--- 0.0.0.255 any access-list 101 permit ip ---.---.---.--- 0.0.0.7 any access-list 101 permit ip ---.---.---.--- 0.0.0.255 any no cdp run
! ! ! ! ! control-plane ! bridge 1 protocol ieee ! line con 0 password 7 --------- login local no modem enable line aux 0 line vty 0 exec-timeout 0 0 login local transport input ssh line vty 1 4 login local transport input ssh ! scheduler max-task-time 5000 ntp server ---.---.---.--- end
Starting from NFVIS 3.12 versions, the deploy option does not depict all the SR-IOV VFs(Virtual Functions) available in a physical interface. This change is introduced as (i) the number of VFs of ENCS platform on LANs side is increased to 24 and (ii) the...
Community Live- Getting to know Cisco SD-WAN
(Live event - formerly known as Webcast- Wednesday December 11, 2019 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris)
This event will have place on Wednesday 11th, December 2019 at 10hrs PDT
Hi alli have 40 spots (40 Ethernet cables for computers coming out from switch) and i want each of these spots to have fix IP which means if i swap the computer the IP of certain spot remain the same.example : at spot 30 i have IP address of 192.168.22.40...
Cisco DNA Center nodes lost network connectivity. Cannot SSH to nodes. Cluster and Enterprise port connected to Cisco Nexus Switches.
Cisco DNA Center kernel logs showing hung queue error messages. "sudo cat /var/log/kern.log"