Create a port channel out of interface 3 and 4 of ASAConfigure 2 sub-interfaces in those Po interface (my inside vlan and the dmz)At the 4948, configure a trunked port channel out of a single interface (funny ), then do the same in the second 4948Connect ASA port 3 to the 1st 4948's single-interfaced port channel, ASA port 4 connects the same on the 2nd 4948.
View 4 RepliesWe purchased two new 4948 with two 10GE uplink ports and upgraded the devices to run IOS 15. My 6506 is running Sup 720 with s77233-adventerprisek0_wan-mz.122-33.SXI9. Currently we have 4948's connected to the same 6506's with no problems. Today I tried to add the new switches with new IOS and it caused of of my 6506 core switches to failover. I can't explain why because it was close to start of business and couldn't do much troubleshooting.
Currently we have four 4948 (running IOS 12.2(14) switches running Layer2 connecting dually to each of the two 6506 cores via 10GE fiber uplinks. I tried to add two more to the scenario, again running layer2 and dual-honing them to each of te 6506 switches. there are two 6506 core switches and they run HSRP and spanning tree is manually set to give priority to even vlans on one 6506 and odds on the other 6506. Also the new switches I tried to add did had rootguard applied as well as the uplinks.
We have to get this working and have no test environment to work with. We need to do this late this evening after close of business.
On another note, I have had problems upgrading some of my older 4948's to IOS 15. I followed Cisco's suggestion and upgraded the EPROM first and then the IOS upgrade took on three of the switches that were ordered rather recently. The four that were ordered in one batch will not take the upgrade even following Cisco's instruction and lots of other tricks. Nothing works. Having problems with IOS 15, in general?
So everything I've read on Cisco's documentation here: URL says that I can create a port-channel on two physical interfaces that will uplink to a VSS pair. However, the command is not recognized. What am I missing? I've tried executing "channel-group #" on the physical interface and tried creating the port-channel 1st and neither commands exist. I haven't seen it listed anywhere if it is only available after a specific piece of ASA software. If it is the software what version at a minimum I need to upgrade to? Below is an output from a show version
Cisco Adaptive Security Appliance Software Version 8.0(4)
Device Manager Version 6.1(3)
Compiled on Thu 07-Aug-08 20:53 by builders
System image file is "disk0:/asa804-k8.bin"
Config file at boot was "startup-(code)
Anyway, here's the situation I'm trying to configure several VLANs on my ASA to uniquely allocate to contexts, the VLANs will be trunked from my VSS. Unfortunately I'm not clear on how to achieve this, the configuration guide for 8.4 talks about multiple contexts and routed setups all which don't appear to apply exactly. I've configured the port channel at both ends and I've configured sub-interfaces on the port channel and assigned VLAN IDs. These sub-interfaces are then allocated to the contexts to set 'ip address' etc. I've not been able to successfully test this configuration and I am concerned that it is incorrect..
View 1 Replies View RelatedI'm doing some L2 cleanups across mutliple 6509E environments and I've found something consistent that I can't find in documentation. On all my pairs of 6509s where I have FWSMs bundled (6509-A has FWSM-1 is Slot 1 and 6509-B has FWSM-2 in Slot 1) I also have a port channel 305. Obviously when I do a "show run" or "show int desc" I don't see anything in slot one. It's a service module. But the port channel is referencing ports 1/1-6. And it's all in service/up. I was about to delete this as I thought it was some leftover config (TEST 6509s) until I went and saw the same things on our PROD 6509s. Is it cosmetic? Necessary? Can I delete it as part of my audit cleanup? Don't want to mess with it even in TEST without some information. Nothing on google that's clear and I can't find anything on CCO.
#################################################################################
6509-1#sho etherch 305 summ
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
[code]....
I have a 3560 8 port switch. Int gi0/9 is trunked to another switch downstream. When I try to configure int gi0/10 to trunk to a switch upstream the interface on the switch goes down and I have to either reboot the switch or plug directly into the switch and telnet into it to turn off trunking on the interface. When I configure trunking on the interface on the upstream switch that connects to this interface the same happens on that switch. The upstream switch is a 3750 with 12 sfp ports. Several interfaces are trunking to other switches from this switch. Spanning tree is not configured on the 3750 at all , and is not configured on either gi0/10 or gi0/9 on the 3560. I was consoled into the 3560 during a reboot after the interface went down, a message came up that said something like "Spanning Tree returning gigabit ethernet 10 to constant state" Why would I get this message if spanning tree is not enabled on the gig ports on either end of the trunk? There is no loop to require spanning tree to shut down an interface. I have several other 3560's configured as I would like to configure this switch and they are trunking without issue.
View 8 Replies View RelatedI'm unable to assign port E2/1 to port channel. I get following error:
NEXUS5K(config)# int e2/1
NEXUS5K(config-if)# switchport mode trunk
NEXUS5K(config-if)# channel-group 14 mode active
[Code].....
I've been looking at picking up a 16-24 port gigabit switch that supports trunking, vlans etc. for home use.
I've looked at the Cisco SG2/300's, HP 1810g-24 and the Dell 2816 and 2824 switches, and it seems like the Cisco's are the best buy (layer 3'ish features, same price as the HP) but there isn't much about them.
How to mirror port only http get packet on 4948 or 6500 ?
View 4 Replies View RelatedI have a rather large network with multiple VLANs and routing. Here's the layout:
5540 subinterface = gi0/2.18 = 10.16.18.1/24 TRUNKED to a 2960
2960 has an interface set to VLAN 18 (no IP) goes to a Cisco 4507 with an int. set to VLAN 18 (no IP)
4507 then has a trunk to a Cisco 7206
7206 then trunks to a Cisco 3845
3845 trunks to a 3750 (single)
3750 (single) trunks to a 3750 Stack
3750 Stack has int. set to VLAN 18 that goes to a 3750(lab) w/ int set to VLAN 18 w/ IP 10.16.18.251/24, VLAN502 = 10.202.255.1/30,
VLAN510 = 10.203.255.1/30
3750(lab) then has a trunk that connects to ASA 5510 w/ subinterfaces: e0/1.18 = 10.16.18.253/24, e0/1.510 = 10.203.255.2/30, e0/1.502 = 10.202.255.2/30
ASA5510 then goes to Internet
Any trunks are set to allow all VLANs. From the 2960 to the 3750 stack it's obviously all Layer 2 with trunking.
Issue:If I sit at the 5540, I can ping 10.16.18.251 and .253 with no problems. I can also ping 10.203.255.1 with no problems. Problem is that I cannot get to the other subinterfaces on the 5510 for VLANs 502 and 510. How do I ensure that my trunk is set up right? I have a route in the 5540 pointing to the 10.203 and 10.202 using the 10.16.18.251 address. It seems like a traceroute gets to the 10.16.18.251 address but then it stops. What route should be on the 5510 to make sure it gets back? The default route on the 5510 points to the Outside. I think it's something to do with the trunk that's just something I don't understand yet.
5510:
show int ip bri:
Ethernet0/1.18 10.16.18.253 YES manual up up
Ethernet0/1.502 10.202.255.2 YES manual up up
Ethernet0/1.510 10.203.255.2 YES manual up up
[code]....
[URL] I am not savy configuring ASAs at all and I can't get it to work. We are switching to a SIP trunk phone system and I am in charge of setting up the ASA to not only make it work but also make sure that there's packet priority or QoS.I've never configured something like this and I was giving another set of instructions to make sure that this is working:
[URL]
Configuration:
My configuration is very basic:
3 interfaces - Outside/Inside/Guest
ASA Version: 7.2(3)
ASDM Version 5.2(3)
Firewall Mode: Routed
Solution: When I tried following the instructions on brian-kayser's blog I get an error when I'm sending the following command:
shape average
^ Invalid marker
service-policy PRIORITY-POLICY
^ Incomplete command
I think it's because my version of ASA doesn't have this functionality but I don't know.
I have Cisco 3845 with two Gigabit interfaces configured as port-channel with sub interface and with QoS. However shape does not work.
[code]...
what is active/passive port-channel..? and how it will do load balancing when my network traffic is flowing on both the ports.
View 5 Replies View RelatedI have Cisco 3845 with two Gigabit interfaces configured as port-channel with subinterface and with QoS.However shape does not work, why? [code]
View 1 Replies View Relatedare port-channel interfaces supported in 6500s -w- SUP-2T?
Inquiring if able to bundle a couple of 10GB ports on a 6908 via port-channeling.
12.33 IOS doesn't it, but haven't completely confirm whether 15.1 IOS does.
So I have a current port-channel between two 6ks that I need to upgrade. There's too much traffic and the port buffers on the SUP7203B sort of suck. Microbursts are causing overruns like mad. Im going to move the 2x1gig port-channel to a 6724 and make it a 3x1gig port-channel. The switches carry production traffic across the link to the tune of about 400 meg during the lowest load time. Initially, I thought that I couldn't move the port channel without temporarily taking down the link but I think I have a workable solution now. Has anyone done this successfully before? Im curious what others have done. Also, to make matters worse, the existing port-channel is 'mode on' and I want to migrate to 'mode active' in the new channel
View 7 Replies View RelatedI want to do the inter vlan routing packet tracer file url...configuration of MLS are as bellow can anyone tell me why vlan on switch0 can not ping vlan on switch1. [code]
View 12 Replies View RelatedI have just been setting up a WISM2 in a test lab and for some reason the Supervisor is not creating a port channel on my 6500 as suggested in the WISM2 Deployment Guide. WISM2 is installed in an appropriate slot (according to same doco) and have attempted reset to factory defaults, removing and power cycling several times.
View 1 Replies View RelatedIs it possible to configure a Cisco 2801 router with Multipoint Port Channeling? A service provider dropped a 4.5Mbps ( 3x T1s ) to one of our customers without any equipment. They assume the CPE responsible. If so, any links to documentation on this configuration. If not, what device will they need to buy from Cisco that can bundle these 3 T1s together then feed it into their router?
View 6 Replies View RelatedI have configured my Nexus 7018 and 5548 as follow (see diag attached).Both 7000 and 5500 are vPC pair(po1and po2). Now I have created port-chanel between 7018and 5548 as port channel PO3 on 5500. Would it give me 20g bandwidth as PO3?or 10g only uplink to 7018? Do I need to config all four 10g links in PO3 on both 5500 and 7000 switches to achieve max b/w and failover?
View 4 Replies View RelatedI have port-channel configured on Nexus 5K (version 5.0.3) with below configuration.
interface Ethernet1/9
switchport mode trunk
switchport trunk allowed vlan 60
speed 1000
channel-group 105 mode active
[code]....
We have added GLC-SX-LH module to E1/1 and E1/10 and speed is set to 1000 (1Gig) Now other side of E1/9 and E1/10 are not connected. Port-channel status is down
Po105 1 eth trunk down No operational members 1000(D) lacp
show interface port-channel 105 shows different bandwidth (100) MTU 1500 bytes, BW 100000 Kbit, DLY 10 usec,question is under interface port-channel105 speed 1000 command inserted automatically.Now if we connect otherisde of interface, during port-channel comes up.what will be the port-channel interface bandwidth ? will it change to 2Gig(2000). Why speed 1000 command inserted automatically on port-channel.Since it is migration, we want to be more specific on the port-channel configuration?
What is the load balance method of 3750 port channel ( by source ip , or by source mac ) to diver traffic to paths? I have tried to use 10.242.104.101 and 10.242.104.102 as source ip, it will travel to the same link (G0/1) within one port channel (G0/1+G0/2). Howerver, if I later use 10.242.104.109, then this time it will traffic to G0/2 link. What's the concept behind.
View 1 Replies View RelatedHave 2 N2K with dual-connections to both 2 N5K, will all 4-ports of N5K will be the same port-channel. N2K as well ?
View 1 Replies View RelatedI need to increase the link capacity of 10GE to 20GE between two Cisco7609, so I feel the need to configure port channel between them, my little problem is that I have a SCE 8080 in the middle of both 7600 currently is configured inline. The SCE has 4 modules 1X10GE-L-V2 (currently in use 2), I was investigated and the truth is that I not found anything concrete about how to configure the SCE to "pass" etherchannel through it? What the SCE needs to support 20GE of traffic? (configuration and software)
I have two 10GE ports available on the SCE
I want to configure Port channel for WLC 5508 and cisco 3750 Stack Switch. What changes I need to make on WLC and where?
View 7 Replies View RelatedI need to configure a port channel between two sw 4507R. with port Giga, but those port are in different modules.
Sw-1
interface GigabitEthernet5/48
description **** Conexion Switch-2*****
[Code].....
I have a customer that would like a 40Gb port-channel between two 3750-x switch stacks. When I try to activate four 10Gb ports in the channel, they go into error-disable. However, I am able to create a 20Gb port-channel without issue. I have had my configurations verified to Cisco best practice.
Is there a limitation on the amount of throughput that the 3750-x can handle? According to the data sheet the 3750X-48T can handle 101.2mpps, based on two 10Gb uplinks so if my math is correct then a stack of two 3750X-48T should be able to handle 202.4mpps.
[URL]
I have 3750 core/distribution switches with routing enabled in two offices connected with copper link and L3 port channel interfaces. NewOffice#2 has moved about 5 miles farther away from office#1 and I have to deploy new core/distribution switch connect it to old core#2 via F.O and move all access switches with it. Old core will stay in old #2 offices as a bridge between office#1 and new office#2 Office#1core<->copper (Ethernet) <->oldoffice#2core<->f.o. <->new office#2core How I should configure port channels ports on oldoffice#2 core to act as bridge between office#1 core/dist and newoffice#2 core/dist without changing anything else (ip, etc) on whole network
View 1 Replies View RelatedI have 2 Cisco 6509 switches linked together via single Fibre as a trunk.I want to change this to a port channel where I will add another 3 fibre ports to the port channel but what order do I do this to minimise any disruption.
1-Configure PortChannel and add the 3 new ports, this will bring up the Port Channel but what effect will this have on traffic currently going over the single Trunk link? Will spanning tree go mad, how will switches react?
2-Convert existing Trunk link to Portchannel then add in new ports to PortChannel, I guess in doing this there will be a small hit on traffic as it changes to a port channel.
We have one cisco core switch 6500 series which was configured portchannel on several gig interfaces. This port is used as a trunk to enable communication between VLANs. The VLANs is where several high-end servers/hosts reside.After we disable / unbind the portchannel, the port turns amber. The following is what we did on the interface
1-no switchport command
2- make the port as access mode #switchport mode access
3- shut and no shut
4- clear arp
5- clear mac
what else can we do on that particular interface. It is just on that particular interface, the rest are ok.
We have 2 6513's that are linked via 2 10 gig interfaces, using an LACP channel.I received an alert this aft stating that the far 6513 was unreachable and the port channel int PO3 had gone down, the 2 10 gig interfaces had also gone down on either side. 5 mins later PO3 had resestablished itself and has been fine since. [code]
View 4 Replies View RelatedWe are running nexus 5018 in our DC.What is the difference betwen "channel-group 214 mode active" and " channel-group 216" Any difference?.. because i have problem with this config we are going build a server config?
We have problem with porth channel down.
5K# sh int po71
port-channel71 is down (No operational members)
vPC Status: Down, vPC number: 71 [packets forwarded via vPC peer-link]
I have setup LAG for one of our 5508 controllers and have connected 4 of the 8 ethernet ports to a 4507 switch. After configuring 2 port channels on the switch we are receiving a host flapping error between the port channels and it seems to be causing a serious slowdown on the switch. When I shutdown one of the port channels the error goes away and traffic returns to normal. I have the same configuration at other locations with the only difference being the switches used are 3750G-12S and I do not see the host flapping error. It appears to only be a problem with modular switches.
One other thing of note: I read a Cisco white paper on LAG and it suggested creating the port channels over 2 different modules. For example, put ports G4/24 and G5/24 in port channel 1 and G4/25 and G5/25 in port channel 2. I tried this but I still got the host flapping error.