Hi...I have a 3929 router that I am connecting to a 6509E using port-channel configuration; however, it seems like the router created a port-channel for each of the switch default vlans. Here is the configuration: ------ Router interface Port-channel1  no ip address  hold-queue 150 in interface Port-channel1.35  description Voice  encapsulation dot1Q 35  ip address 10.10.10.5 255.255.254.0  ip virtual-reassembly in interface Port-channel1.45  description Edge  encapsulation dot1Q 45  ip address 20.20.20.5 255.255.255.0  ip virtual-reassembly in ------ Switch interface Port-channel40  description = EDGE & VOICE =  switchport  switchport trunk native vlan 999  switchport trunk allowed vlan 35,45  switchport mode trunk  switchport nonegotiate end . Current configuration : 195 bytes ! interface GigabitEthernet1/3/40  switchport  switchport trunk native vlan 999  switchport trunk allowed vlan 35,45  switchport mode trunk  switchport nonegotiate  channel-group 40 mode on end ! interface GigabitEthernet2/3/40  switchport  switchport trunk native vlan 999  switchport trunk allowed vlan 35,45  switchport mode trunk  switchport nonegotiate  channel-group 40 mode on However after carefully looking at the configuration, I noticed that now a port channel exists for each of the pre-defined switch vlans (see below). Has anyone noticed this behavior? Is there anything I am doing incorrectly? Port-channel1.35           10.10.10.5     YES NVRAM  up                    up       Port-channel1.36           unassigned      YES unset  deleted               down     Port-channel1.37           unassigned      YES unset  up                    up       Port-channel1.38           unassigned      YES unset  up                    up       Port-channel1.39           unassigned      YES unset  up                    up       Port-channel1.40           unassigned      YES unset  up                    up       Port-channel1.41           unassigned      YES unset  up                    up       Port-channel1.42           unassigned      YES unset  up                    up       Port-channel1.43           unassigned      YES unset  up                    up       Port-channel1.44           unassigned      YES unset  up                    up       Port-channel1.45           20.20.20.5     YES NVRAM  up                    up      Thank you. ... View more

Hi,   We are trying to setup a tunnel between Location A and B (see diagram) to pass some traffic since our MPLS bandwidth is limited. However, I am not an expert at this type of configuration so I need help from the community. I am sure that more questions are going to come up as this evolves but this is it for now: What type of configuration (GRE, VRF, etc) do you suggest? And, Where should I terminate this tunnel (Firewall, 6509)?  I was thinking to route this traffic based on destination since I have a clear understanding of where it should go but I am open for suggestions?   For you to know:  6509 is running EIGRP with static route pointing to MPLS. No redistribution here Remote locations do not have a routing protocol currently Two Vlans are configured at the remote location 1.1.1.1 and 2.2.2.2   Thanks in advanced.  Ralph ... View more

Hi,  I am currently evaluating two NAC systems: ISE and Bradford and I wanted to see if anyone has had the opportunity to see both systems. Although we are a Cisco shop, I am looking for simplicity due to staff shortage.   In the event I decide to go with ISE, I would like to hear your personal challenges with the product during the deployment phase and those little things I need to keep in mind to avoid future headaches.    Thanks in advance ! ... View more

 Hi...  I am in the process of redesigning a location with about 150 users using  PoE IP Phones, printers, etc. We currently don't have any storage or servers at this location but we are looking at adding a few in the next years as well as wireless. I need suggestions regarding the type of chassis I need for this location. On the table, we have the following switches:  4507 Dual supervisor Dual power supply PoE cards Based on the head-count we have an open slot for growth; however, we can always us 4510E   3850 Stack Dual power stack Understanding that switches can have 10Gbps modules Support wireless by default Stack can have up to 9 switches providing growth room  Based on this and your experience, I would like to hear your suggestions and/or questions on what to use for this location.    Thank you for you help in advanced.  ... View more

Hi, I am about to purchase two 5515-X next generation firewalls and I need to decide what to do as far as the design goes so I need some help from the experts. This appliances seem to come with 6 1Gbps ports which is enough. In our LAN, we have two 6500 running on VSS mode and we are also going to get our second ISP. Doing the obvious which is cross-connect each firewall with the two 6500s and possibly with the internet routers. Is it something else you recommend? Planning to trunk a couple interfaces and connect them to a DMZ switch; however, how do I make that one switch redundant? Some of the vendors currently connected do not offer a redundant link in case of failure. I'll be deploying the devices as active/standby and this is because I have VPNs configured which it is my understanding that both devices can't be active with this type of configuration. Can someone advise on this matter? However, the company wants to use them both at the same time. Using two ISPs, how do I deal with the Public-Internal NAT? Any help is greatly appreciated. Thanks. ... View more