I need to configure on a cisco catalyst 6509 two VACL. On cisco 6509 there are already two SPAN ports configured, there are problems configuring other two VACL?
These VACLs send traffic to a Traffic Analyzer (SIEM), there are particular configurations to facilitate the operation?
i have a catalyst 3750, in this switch i have 3 vlan, i need to secure trafic between vlans but im confused ,should i use ACL or VACL to secure ?which is the best ?if i use ACL to secure and limit ports between vlan, which is the best practice to apply the acl ( on th inside or outside of interface)
View 2 Replies View Relatedhow can i access the backup SUP from telnet/console while it's in the standby state?
View 3 Replies View RelatedWe have a 6509 running 5.4(2). We have set up a hyperterm session and connect to multiple devices, then we get to the 6509 and it will not work. When we reload the 6509 and we are consoled into it, we get data until it is finished reloading. Then the console connections is no longer there.
View 5 Replies View RelatedI am trying to find some background information regarding this error:
Cisco 6500 [SUP720-3B] %QM-4-AGG_POL_EXCEEDED QoS Hardware Resources Exceeded
Out of Aggregate policers.
What triggers this error? In this case, there are QoS policies configured at the interface level. The 'show platform hardware capacity' command shows that there are1024 policers supported. What counts as a policer? Is a policer each instance of a class using the police command? I see where there have been some suggestions to use VLAN based policies instead of interface policies and others suggesting to turn off 'qos marking statistics' but I would really like to understand the details of what causes policers to be used up and how to approach fixing this.
I am trying to understand how this works under the covers but can't seem to find any documentation anywhere defining the details.
I am trying to test (if possible) the idea of having 2 6509-E switches connected directly to each other while using VRF-lite (Sup 2T). The idea is to have 3-4 separate networks. For example Net-A, Net-B,Net-C, Net-D. There is no PE router*, just these two switches. Also, there sin't any other access layer switches. All users connect directly to the 6509-E's via switch 48 port switch blades.
Net-A and Net-B on separate VRF's, but able to talk to each other. Net-C and Net-D* on separate VRF's without being able to talk to any other. Net-D* will have a PE since it comes from an external network. This is something I would like to test in a lab environment, but I am not familiar with VRF's.
We have a switch Cisco Catalyst 2900 Series XL Model WS-C2924-XL-EN. 8 MB DRAM 4 MB FLASH
I already tried the discussions regarding flash_init dir_flash: boot and the likes.
By the way, I already downloaded the IOS for our switch through Cisco Website. Settings are default through Hyper Terminal
Here's the thing:
Whenever I transfer the .bin file using XMODEM, it prompted an error "Transfer cancelled by remote computer"
i have few catalyst switches (2960, 3750) and i can't upload to them any files by tftp from my laptop, but i can download from them, and this bug don't appears on two routers.I was change tftp server, type of connection (wifi, cable), turn off firewall on win7, but no dice.
View 2 Replies View RelatedI need to do one Catalyst 5500 as a TFTP server.Can I do it?Is the catalyst available to be a tftp server?
View 4 Replies View RelatedI have a Catalyst 4006 with Supervisor II engine. I have 48 port 10/100/1000 blades installed in it for connection to my servers. I am having a lot of problems with performance when connecting servers that are using 100 MB NICs. The speed of the connection is really bad. I have attempted setting the ports and NICs to 100MB Full duplex instead of auto-detect, but still get the same results.
I also have a 10/100 quad-port card installed in a NetApp filer. All four ports are trunked together and connect to 4 ports in the Catalyst. The ports in the Catalyst are trunked using the Port Channel feature of the CatOS. When I look at the port statistics on 3 of the 4 ports from the quad-card, there are a ton of runts and errors (both transmit and receive). The 4th port is fine, no errors.
I want to know the difference between the software that is Modular and the one that is not. What are the pros and cons ?
CAT6000-SUP32 IOS ADVANCED IP SERVICES SSH or CAT6000-SUP32 IOS ADVANCED IP SERVICES SSH (MODULAR)
My switches is still operating but when i ping the switch, there isn't any reply. No icmp reply from catalyst 2950 switch
View 6 Replies View RelatedDoes it have this switch some port mirroring capability (SPAN or other)?
View 2 Replies View RelatedWe have the next Settings in our SW. We crate an ACL and aplied to a SVI for Incomming Traffic, I understand that is not necesasry to allow the returning traffic in ACL, but we can't access to rdp for example when we add the ACL, if we remove it, the acces is ok, buet when we add again the access is deny, even we have a log entry, and the ACL i just for Incomming traffic. There is no another ACL.
See attached file
[code]...
I have the folowing nat configuration on my catalyst 6509-E with a sup720-10G that does not work, and gives a erros messague:
ip vrf testes
rd 6900:5
interface Vlan1111
description liga
ip vrf forwarding testes
ip address 192.168.63.91 255.255.255.248
ip nat inside
[code]....
This configuration generates the folowing error:
NAT: translation failed (A), dropping packet s=128.2.21.21 d=192.168.63.185
If i change the nat overload to a static nat, everything? Is there any wrong with this configuration ?
I have set up an ACL on my 3750 switch to deny icmp from PC A on our inside network to PC B on a different VLAN on our inside network using the following ACLs:
deny icmp host 10.1.17.15 host 10.3.10.4
deny icmp host 10.3.10.4 host 10.1.17.15
-- or --
deny icmp host 10.1.17.15 host 10.3.10.4 echo-replydeny icmp host 10.3.10.4 host 10.1.17.15 echo-reply
These ACLs belong to an access-list that also limits ip traffic to a few specific machines.When I try pinging from PC A I receive a reply message back from PC B. Shouldn't this configuration block any ICMP from PC A to PC B and from PC B to PC A? I would have expected the first ACL statement to block any packets associated with ICMP and when that didn't work I tried the second configuration.
IGMP Snooping configuration for Multicasting on Cisco Catalyst 3020
Our switch model is "Cisco Catalyst Blade Switch 3020 for HP" We are building HA (High Availability) Databases infrastructure. Currently, there are two nodes(hosts- servers) and two above switch for HA.
Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication. So my question is:
Q1> Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?
Q2> If 'yes', how can we configure the switch for Multicasting ?
Oracle uses 230.0.1.0 & 224.0.0.251 IPs with 42000 range port for Multicasting communication.
Is it possible to enable login by http (web interface) to catalyst 4006 switch with WS-C4006 Software, Version NmpSW: 6.3(5) ?
View 21 Replies View RelatedI have a problem with the time synchronization via NTP between a Catalyst 2960 and Catalyst 6509. When I configure the 6509 switch as a NTP reference on the 2960, it does not synchronize with the 6509's NTP server. There is no reachability or ACL-related issue between both switches.
As soon as I configure a second Catalyst 6509 (which is completely identical to the other 6509 and in the same subnet) as a NTP server for the 2960, the time sync with the second 6509 happens immediality.
The first 6509 switch works as a NTP reference for at least 50 other switches and routers in the network - so why not for this one more switch? I checked some "debug ntp packet" and "debug ntp events" outputs and can clearly watch the NTP requests going out of the 2960, but on the 6509 just nothing happens - no debug outputs for this specific 2960, while requests from other devices come in all the time.
Maybe you have already experienced this strange behaviour in the past or got some deeper knowledge in the Cisco NTP server implementation. I could think of some sort of "maximum client limit" in the IOS NTP server, but could not find any mechanism like this in the standard NTP specification. Eventually, you can approve that this is a IOS-specific issue.
I have several 2960s and 3750s and two 6506 (ws-cac-3000w) recently move to new location The power outlet is the same ,but Volt is different current 2960/3750 use this(one phase 3 wire) 220v and new location change to (from 3 phase 4 wire -> one phase 220v)6506 current using(one phase 3 wire) and will be change to (from 3 phase 4 wire -> one phase 220v)
I had search doc about power supply /cable , only show support single phase 220 v ,but not description vlot between each wire !!Does new location power outlet suit for 2960/3750s power and 6500 ws-cac-3000w ?!? Do I need chane power outlet back to current using?
I am getting alarms on Solarwind indicating interface down on "GigabitEthernet 4/7 - Gi4/d1" and "GigabitEthernet 4/8 - Gi4/d2" from our core switch 6509.Remote login to the switch does not show the interfaces when I do the "sh run" command. Now I am at site trying to identify and diagnose this fault.Looking at the numbering on the switch, it indicates to me the card where these alarms come from is from the 'intrusion dectection module'
how I may login and identify this interfaces and rectify these alarms.
I trying configure ASN traffic load balance, but doesn't works.I have one Cisco Catalyst 6509 and onde Cisco Ace10 module, in my context "PanWEB" i have the interfaces above: [code] If i try to establish a telnet session(telnet 10.96.202.10 80) i see the SYN packet passing through the ACE and going to the real server, but, the server do not response the SYN packet. I done a capture in the server using wireshark and could see that the IP address of the destination is the VIP and not the rserver ip address , this is a problem? Why can not I have the SYN + ACK from the server?
View 5 Replies View RelatedI'm receiving multicast traffic (400Mbps) on port 9/38 and sending it out on port gi9/48. I'm trying to achieve that traffic will stay within the card without using the switchfabric,
View 2 Replies View RelatedI have been having some issues trying to stand up an older WiSM that has been incorrectly configured by my predecesssor and has a bad Mgt IP so I am unable to telnet or SSH into it, nor can I console or session into it.
What I would like to do is to change the Mgt address for the WiSM controllers (1 and 2) by way of the Sup (not sure that is possible) because as it stands they are set to 169.254.1.1 and are unreachable even when directly consoled into them.
Core-A#sh wism status
Service Vlan : 52, Service IP Subnet : 10.104.52.2/255.255.255.0
WLAN
Slot Controller Service IP Management IP SW Version Status
-------------------------------------------------------------------------------------------------------
3 1 10.104.52.3 169.254.1.1 4.0.217.0 Oper-Up
3 2 10.104.52.4 169.254.1.1 4.0.217.0 Oper-Up
Core-B#sh wism status
Service Vlan : 52, Service IP Subnet : 10.104.52.1/255.255.255.0
WLAN
Slot Controller Service IP Management IP SW Version Status
-------------------------------------------------------------------------------------------------------
3 1 10.104.52.50 10.104.30.254 7.0.116.0 Oper-Up
3 2 10.104.52.51 10.104.30.250 7.0.116.0 Oper-Up
I hope to get this WiSM setup on Core A and get it configured like I have my Core B and then run them in a dual failover design with load balancing between the two.
I came across a Catalyst 6509 switch configuration and have noticed some strange thing on the ether channel configuration side, it appears that it have interface port-channel 2 and port-channel 2A, what was that mean? its the ether channel not forming and joined together?
What wrong with the below configuration that cause it to automatic created another port-channel (2A) interface in this case?
[code]...
I'm currently in the process of evaluating potential equipment options for a Core Router/Switch that will be running BGP with several Tier 1 ISP's, the table download from each ISP will be full (300,000+ Routes). I was looking at a 6509-E with dual SUP720-3BXL supervisors but after reading the below link I'm a little concerned by the maximum routes table: [URL]
Do I have to go to the VS based 720 supervisor as a minimum to support full BGP on a 6509-E? Does any experience of the above switch + supervisor combination under a full BGP table, how well does it work? I'm looking at long term using this as a consolidated core (i.e. a VRF for the Global Internet routing table + a VRF for internal data center traffic, plus maybe some more shared VRF's).
Would I be better keeping a Core switch by itself and just buying edge routers to run BGP?
I'm working for KOREA TELECOM, and currently providing MPLS VPN.We're planning to provide our customer with traffic report using NetFlow..
I read some documents which reads Netflow ver.9 can be enabled on Cisco GSR 12000 Series, but no mention about catalyst switches. Netflow ver 9 can be activated on catalyst 6500 series.. because the point where switch is located already have mpls encapsulated packet ( mpls vpn packet).
we have Supervisor Engine 720 10GE (VS-S720-10G) in slot 5 on Catalyst 6509-E. Slot 6 is free. We need to replace VS-S720-10G. Is it possible the following scenario
1. we will insert new VS-S720-10G into the slot 6
2. then we will remove the faulty VS-S720-10G from the slot 5
Will everything work without interuptions. Is any document where I can find step-by-step procedure how to replace VS-S720-10G ?
Our customer is willing to have a Cisco Nexus 5020 to provide server connectivity and this Nexus would go connected to their core switch 6509. They are concern about Spanning tree compatibility between the Nexus and the 6509. Are they fully compatible for Spanning tree?
View 3 Replies View RelatedI have seen links out there for a conversion tool to convert commands on a Catalyst type switch (6509) to newer IOS type switches(4500-e) switches but they all error out on me on a 404. Any link where I can get this conversion tool?
View 1 Replies View RelatedI am doing image upgrade on Catalyst 6509-E. During TFTP image transfer to sup-bootflash I always see !!!!!!!!!!!!!!!!!o!!!!!!!!!! "o" out of sequence packet. Although the image size seems to be correct at the end but there is always some "o" packets.
I am assuming not, but I haven't tried loading with the image after seeing this.
I bought a CCNA lab for doing practice.The lab kit is made of some 2600XM routers.These routers have only one "fast ethernet port 0/0".I don't understand how I can configure these routers whith: Static Routing, Defoulte Route etc etc if I have only one "fast ethernet port 0/0" and I don't have the "0/1 port" too.
View 5 Replies View RelatedSuppose a broadcasted IP packet reaches one of the integrated RJ-45 ports on a 2911 ISR G2, will it be possible to configure the router so that the other integrated RJ-45 ports, ESM/EHWIC modules installed on the router, as well as the MGF also recieve the packet? Technically, the router should act similar to a switch with the SRE behaving similar to a seperate machine connected via the MGF and other external machine connected to the ports of the router to recieve the broadcasted packet.
Also, if SNMP traps were generated from the router,Will it be possible to send the traps from the router via the MGF to the SRE installed on the router?