Cisco :: Command Sw Mode Trunk On C3560 Was Rejected?
Apr 16, 2012
recently i do some lab about trunking protocol using Layer 3 switch C3560 and layer 2 switch C2960, but i face a problem that i cannot configure trunk port on my C3560 using "switchport mode trunk" command, and after looking for the answer from google i found that i have to "remove" the "auto" mode of C3560 using "switchport mode dynamic desirable" and after that we can enter the "switcport mode trunk" command successfully.
and my question are, whether the "auto" trunk mode in switch layer 3 is a default mode or not? and why i should enter "sw mode dynamic desirable" command before "sw mo trunk" command ?
View 5 Replies
ADVERTISEMENT
Aug 24, 2012
Im trying to simulate a switch in Gns3 and i use 16ESW module in a cisco 3700 router. why im getting this record after i try to filter which vlans pass through my trunk port:Router(config-if)#switchport trunk allowed vlan 2,3,4 Command rejected: Bad VLAN allowed list. You have to include all default vlans, e.g. 1-2,1002-1005.
View 6 Replies
View Related
Oct 2, 2011
Cisco cannot login? Currently i cannot login to the two of my cisco 3560 with the password that i usually used to login. and it is strength to me that its Configuration register is 0xF.
[BEGIN] 10/4/2011 10:22:57 AMshoTC-NGN-C3560-1>show verTC-NGN-C3560-1>show version Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Thu 19-Jul-07 18:15 by nachenImage text-base: 0x00003000, data-base: 0x01300000
ROM: Bootstrap program is C3560 boot loaderBOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4)
TC-NGN-C3560-1 uptime is 50 weeks, 6 days, 9 hours, 34 minutesSystem returned to ROM by power-onSystem image file is "flash:c3560-ipservices-mz.122-35.SE5/c3560-ipservices-mz.122-35.SE5.bin"
[code]....
View 1 Replies
View Related
Oct 11, 2012
We have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
Here's the info:
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS
Image:c3560-ipbase-mz.122-35.SE5.bin
This is the log from one switch:
31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2.
31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
And from another, which is almost the same:
5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state
5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3.
5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Here's the configuration of fe interfaces (they are all alike):
interface FastEthernet0/2
description Voice & Data Combo Port
switchport access vlan 11
switchport mode access
switchport voice vlan 15
[code]....
View 3 Replies
View Related
Oct 11, 2010
Any way to test in a lab what would happen if a tech mistakingly added "switchport voice vlan XX" to a trunk port? I am try to do some RCA on an issue and this has been identified as a possible cause by one of my techs.
The config is Switch1------Switch2--------Switch3 Each interswitch connection is configured as a dot1q trunk with all vlans allowed. The link between switch2 and 3 is where switchport voice vlan 10 was added. Switch1 is a 3750 and 2/3 are 3560's.
View 8 Replies
View Related
May 10, 2012
I've previously used trunkports and vlans between my ASA and accesspoints, connected directly. Now I want to put a 2960S-24PS-L bewteen. Where should i define the vlans (in the switch or in th ASA?) and what ports to put in trunk mode? (the ones on the switch or the one between the switch and the ASA?)
View 1 Replies
View Related
Jun 15, 2011
We have a 5580 that we want to connect to each of our 7K's as an internal firewall. To minimize hassle, we will setup the ASA in transparent mode.I have been working on this all day today and have run into a stopping point. If I put vlan 20 on a subinterface on Te7/0 which will connect to N7K_1 it works great. When I try to put that same vlan on Te7/1 which connects to N7K_2, I get an error that says the vlan is already assigned to another interface.Our local Cisco SE told us that this would work.
My problem is that not all of our servers/systems are dual homed to both 7K's so I have to be able to get this to work because of potential asymmetric routing issues that we will be dealing with.How to get the 5580 to work in this configuration and can you share your config with me ?Using the redundant interface command isnt an option because I need for both interfaces to be able to route over both 7K's at all times.
View 3 Replies
View Related
Jan 20, 2013
Can I configure the Port at the ASA 5050 from Mode: access Port to trunk during the FW is running in a production area without console access ?As I know at the 5505 ist should work?
View 3 Replies
View Related
Mar 15, 2012
we have a scenario that consists of a Cisco 4507 series core switch with more than 20 vlans which is connected to a C2960G switch( in a nearby building) using a trunk by a fiber connection. Up to this point everyhting is fine . VTP domain is configured on the core switch and we have all of the 20 vlans present correctly on the edge 2960G wich is part of course of this same VTP domain.the fiber connection goes from core switch to a "in the middle location" where we have a fiber patch panel that is connected in a jumper style to another fiber patch panel going to the destination building where the C2960G sits.
Now imagine that Fiber connection from this middle location to the destination C2960 edge switch is down for any possible reason meanwhile the fiber connection from Core switch 4507 to the middle location is still intact.In the same time, in this middle location , we do have a wireless connection which links 1 Cisco 3750G switche ( a different infrastructure and different VTP domain) to another C3560G switch which sits on the same Room in the nearby destination building where we have the edge C2960G, An idea came to me is to connect one of the fiber port (core) in the intact fiber patch panel coming from Core switch 4507 TO an access vlan configured switchport in the 3750G switch ( this switchport will belong to a vlan designed only to trasmit the vlans on the trunk coming from 4507 core switch say VLAN 10) then connect one VLAN 10 access switchport to the destination C2960 edge switch ( the switchport on the c2960G is still a trunk)Will this solution work and all of the 20- 4507 core switch vlans arrive to the destination C2960G ? Or we do need something that tags the 2 VLAN 10 switchports like switchport dot1q tunnel like QinQ
View 2 Replies
View Related
Jan 16, 2013
This is regarding VLAN creation on C3750E switch.I want to create new Vlan 94 on this switch and also I want to allowed same interfaces like Vlan 95 & Vlan 96. [code]
View 7 Replies
View Related
Mar 27, 2013
I faced with a strange behavior of ME3600.For testing purposes I linked Cat3550 and ME3600 switches via trunk mode. All interfaces are in Up state. But I couldn't ping SVI200 of Cat switch from ME3600 and vice versa. [cde]
This scheme perfectly works with another L3 swithes. For example Catalist3750. I know that ME doesn't support VTP, DTP and so on. Also, I've tried latest software.
View 0 Replies
View Related
May 30, 2012
I bought an rv120w. Now i want to trunk 2 lan ports to an smart switch to get 200MB out of that link.
The trunk mode in there in the manual that came in the cd with the unit i bought but is not in the web console.
I have updated the IOS to 1.0.3.10 to see if th trunk mode was there but is not.
My question is,
1 is that trunking feature there in the ios?
2- If not, why is listed in hte manual that came with the unit?
3- if it is in the ios, is there a was to by pass the web console and configure this?
4- can i do i maybe backing up the config then, editing the file and restoring it?
Screenshot below is from the manual in hte cd that came with the router
View 2 Replies
View Related
Sep 19, 2011
I am trying to implement RBSCP on two 3845s running 15.1(4)M1 Adv Enterprise over a satellite link. The "show" commands all look correct, but whenever I policy route my machine through the RBSCP tunnel I dont even make it to the opposite side. However, if I remove the "tunnel mode RBSCP" command so it acts like a regular GRE tunnel, I route through it just fine. So I know its not a NAT, routing issue. [code]
View 1 Replies
View Related
Oct 22, 2012
Need to confirm purpose of command below
dot11 ssid TEST
vlan 4
authentication open
authentication key-management wpa
guest-mode ?????
Why we need guest-mode command in above config?
View 5 Replies
View Related
Apr 11, 2013
Is there really any reason why you wouldn't use spanning-tree portfast on a trunk port other than a trunk between two switches? We have it enabled on all ports except for the fiber trunk between two non-stacked switches and the trunk ports connected to our Astaro firewall.I'd like to enable it on the ports to the firewall unless that would cause issues.
View 9 Replies
View Related
Feb 12, 2012
we recently aquired a managed services job and have to do a overhaul of the vlan configs and have a whole dozen WC2948G's trunk between a set of ports as well as trunk out a LAG channel setup to non cisco equipment. the deal is the lacp-channel works properly on both ends but no routing of vlans between ports and between the lag trunk are working.
theres alot of settings in the config and im planning on clearing it and starting from scratch but before i do i want to know where my problem lies.
[code]...
View 6 Replies
View Related
Feb 14, 2013
I am currently setting up a 2800 Series router, and prefer a username/password type authentication rather than a single enable password. To do this, I did:
Router(config)# username <myuser> privilege 15 secret 0 <mypassword>
Router(config)# username2 <myuser> privilege 15 secret 0 <mypassword>
Router(config)# aaa new-model
Router(config)# aaa authentication login default local
This basically does what I want - when I connect to the router through console, it immediately asks me for a username and password. The thing is - as soon as I provide the right credentials, it takes me to USER EXEC mode (the default command mode). Is it possible to change that so that after entering the credentials, I go right into privileged exec mode?
Bonus question: As it is now, I just have no enable password, so when I login with my credentials, I issue "enable" to enter privileged exec mode without it prompting for an additional password. Is it safe to do it this way - having no enable password but requiring a username and password for login?
View 3 Replies
View Related
Aug 9, 2012
I am looking to replace the active supervisor (S720-10G) on our 6509E running in SSO mode. The new module already has the same IOs version as the standby supervisor.Once I have swapped the module how do I know that the config has sync'd correctly other than checking the logs? Is it a case of looking at the "Redundancy Mode (Operational)" state and ensuring is says SSO?Also, is there a command that will force a config-sync if it is running in a mode other than SSO?
View 1 Replies
View Related
Oct 23, 2011
What is PIM? give me an example when I will use and not use the PIM command.
View 4 Replies
View Related
Feb 22, 2013
I came across an interesting issue and thought I would see if anyone else has encountered it before contacting TAC.I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54).
View 2 Replies
View Related
Apr 23, 2012
I have two Cisco Catalyst WS-4510R-E switches with a single Supervisor V module in each chassis. Both Sup cards are now running 12.2(54) SG1; ipbasek9 firmware; yes, I plan to move both switches to 15 code but that's another story. Anyways, prior to the upgrade the one switch was running 12.2 (33) code; I suspect the code was never upgraded; running ipbase non - K9 code. The other switch was running 12.2(44) with K9 prior to upgrade to 12.2(54). With the background set, one switch reports the following:SwitchA (config)#r?radius-server redundancy regexp represourc rmon route-map router.
View 4 Replies
View Related
Nov 12, 2011
If something is rejected from the RAT and needs to be fixed..you would add to RAT or Relay list or...
View 12 Replies
View Related
Mar 10, 2012
I attempted to load RVS4000_WRVS4400N_IPS_Signature_v1.50.zip and received an error message "Signature file is not the correct type of version for this device". I have firmware version 1.3.3.5, and and current IPS version 1.42. why IPS v1.5 is rejected?
View 1 Replies
View Related
Mar 14, 2012
i received the below output,how to start a troubleshooting? the aaa server is cisco ACS 5.3
ERROR: Authentication Rejected: Unspecified.
View 1 Replies
View Related
Jan 10, 2011
I am deploying a Cisco 1841 in place of our basic DSL router.I have an ADSL WIC and FA0/0 connected to our LAN.LAN IP ADDRESS range is 192.168.1. 0/ 24 I have dynamic and static NAT configured. At this point although I have ACL's configured I have NOT implemented them as yet for the following reason. I am unable to recieve inbound SMTP traffic - now know my MX records are correct as this all owrks happily on our basic DSL router. I can send external emails no problem and all internal email works fine. [code] I am in the process of defaulting the router and programming the barbones to get the link working and see if inbound SMTP works then start building the blocks again.
View 4 Replies
View Related
Sep 20, 2011
We are setting up a WLC 7500 for the first time and are having a hard time trying to connect an LAP to the WLC. We have 1042 Access Points.Reason for last unsucessful attempt: to many concurrent ap image downloads
-Last Error Occurred: Lwapp discovery request rejected
-Last Error Occurred Reason: Too many concurrent AP image downloads
We only have 1 AP plugged in so far and it does recieve an IP address from DHCP.
View 15 Replies
View Related
Dec 17, 2011
I just configure VPN for end users in PIX515e with IOS 8 and get stuck with "Tunnel Rejected: User (msveden) not member of group (VPN-shared), group-lock check failed.". tell me how I add user to my VPN group?
View 1 Replies
View Related
Apr 27, 2012
I have Counterstrike Scource and am wanting to setup a deticated server. I have a netgear router with 27015 port open and my nat type is open, however it keeps on giving me the "steam validation rejected" error. BTW it works fine on LAN, just not online.
View 2 Replies
View Related
May 10, 2012
We are using WLC4402 for our Aironet 1240AG access points. The clients are connecting to the access points and are authenticating to the RADIUS server. I am seeing the logs in Server 2008 but they are being rejected due to Network Policy on the NPS server.
Where do I see the Authentication Type on the WLC4400 or the 1240's? In order for the clients (authenticated via Active Directory user) I have to set the Authentication in the NPS Connection Request Policy to "Allow clients to connect without negotiating an authentication method".
I do not have a certificate on the server and my method options are MS-CHAP-v2, MS-CHAP, CHAP, PAP, SPAP, and allow without negotiating. This RADIUS server was moved from Server 2003 IAS to Server 2008 NPS and there were no issues in Server 2003 IAS. I have all authentication methods allowed and it still gives me the error below. Only when I check "Allow clients to connect without negotiating an authentication method" it allows the authentication to proceed.
Client Machine:
Security ID: NULL SID Account Name: Fully Qualified Account Name: OS-Version:
Called Station Identifier: 00-17-a2-87-54-00: SSID NAME
Calling Station Identifier: 00-41-96-b6-e3-27
NAS:
NAS IPv4 Address: 192.168.90.24
NAS IPv6 Address: -
[code]...
Reason: The user attempted to use an authentication method that is not enabled on the matching network policy.
View 2 Replies
View Related
Oct 8, 2012
I have got my ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
View 12 Replies
View Related
Oct 24, 2012
I have a 3560-8PC in which the mgt vlan randomly (twice in one day or 2 weeks later) goes into the down state and will return w/o any interventaion 15-20 minutes later. Int G0/1 is the uplink to a 3750. I dont think its a layer1 issue at this time since i have seen it work just fine for over 2 weeks and drop again. I don't see any errors on the 3750 either.
WS-C3560-8PC 15.0(2)SE C3560-IPBASEK9-M
LOG:
----------------------------------------
.Oct 20 19:34:37.533 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changeds tate to up
[Code].....
View 5 Replies
View Related
Jan 28, 2013
I was working with Opmanager software to monitor my network, and i downloaded the Netflow plugin, i tried to enable the netflow on my core switch c3560 but I was surprised that it does not support the NetFlow, after many resersh most of URL's say it does not support until i found another URL from Cisco Says that it support Flexble netflow now, but i think we should update the IOS.
[URL]
View 6 Replies
View Related
Feb 7, 2011
I have some c3560 with system MTU set 1546 with interface VLAN10 whose MTU size is 1546 and there is no possibility to change it to another value. and we have some cisco 2600 where I can't set MTU bigger as 1500. I have a problem in establishing the OSPF adjacency between cisco 2600 abd 3560 , the command "ip ospf mtu-ignore" is set on both side but it doesn't work - the OSPF packets which are sent by c3560 are simply lager as 1500 bytes and are dropped by cisco2600.
the problem is that sometimes c7200 losses their BGP session, I would say in most cases it happens between NPE400 and NPE-G1/G2 whit error message like "session closed by a peer x.x.x.x" after some seconds BGP session goes again UP , and then after some minutes again DOWN .
it can be MTU problem, as the traffic passes those c35660 with MTU1500. The neighbour status showes that "transport tcp path-mtu-discovery" is enabled an all neighbours but it seems doesn't work. if I disable the path-mtu-discovery on the neighbours - the BGP session between them stays stable.
View 2 Replies
View Related
