Currently I'm with a pure Cisco shop, running every LAN Switched infrastructure (even in the HQ datacenter) with PVST+, I'm noticing in the documentation I've read and labs I've created that RSTP is... great, and I've observed that even the uplinkfast functionality seems to be build in by just enabling rapid-pvst. Of course I'll propose a migration plan, document the network, diagram it entirely and provide effective steps to implement the change, but that's assumed from any get'go.
Today, we have a server running SNA that connects to router via the following. Vitrual Server --> Nexus 1000v ---->Nexus 7010 ---->2800 series router.We are trying to move server to new environment where it is Virtual Server ----> Nexus 1000v ----- Fabric Interconnect-----Nexus 55xx-----Nexus 7010-----2800 router.
As a part of a major network cleanup/standardization project I have been working on for several weeks, I am now looking at spanning-tree and trying to get my company into line with Cisco Best Practice. I currently have 3 switches in the data center that are spanning-tree root for different vlans. Before I changing vlan priorities in spanning-tree, I feel that I should change from PVST that everything is on now to Rapid-PVST. To minimize the momentary network disruptions from making the change, should I do the edge switches first and do the switches in the data center at the last ?
Related to this process is something that I want to do probably after the PVST to Rapid-PVST change. I am going to manually set the vlan priorities for each vlan on the main core switch. Assuming I set the vlan priority for each vlan on my main core switch (6509) to 4096, should I set the switch I want to be the backup to 8192 for each vlan and then set the edge switches to something like 12288 to keep them from getting up in the spanning-tree hierarchy and for general principle to leave nothing to chance ?
i have a 3560 cisco switch that supports PVST+ and another switch wich supports just STP, can i use these together? if yes, is there any special configuration ?
I need to setup a layer 2 network consisting of 14 switches interconnected in a ring. Obviously, the design of 14 switches in a ring network is dumb, not here to debate that. Unfortunately, it HAS to be a ring. I've been researching the best way to configure RSTP for this. From everything I've read all I really need to do is configure Primary/Secondary root bridge in the center, and change the Maximum Age field to at least 16 seconds? From what I've read you want a minimum of 3 second buffer + 1 second for each hop due to message age being added by each switch hop?
i have some ME-3600x. some of version 12.2 and one of version 15.5. te last one hast same config as all other. but if i check for rstp it sends.i know abount global config commands:
but there is no spanning-tree support. this causes many more problems. so it is important to solve spanning tee at first.is it possible without downgrading this device?
My entire switching network is enabled RSTP and I have purchased a new cisco 3560X series switch and I have not found RSTP feature in my switch.Is it available if I change the image? will cisco switches supports RSTP?
I have a network with spanning-tree mode mst, but, we want change this for spanning-tree mode rstp. I have two cores(6500) and need know what is the better mode for change this with no impact in my network?
We dont have distributing layer, like a "topology" below.
When I plug in a workstation to 3750 switch - it seems to take about 35 seconds before that workstation (hard coded IP) can ping the switch. You can see the console messages below. I configured RSTP and set this switch to root:
I have a 7609 with two LAG groups (Etherchannel not LACP) going to two separate devices that DO NOT participate in spanning-tree (Occam gear if you must know). I'm running 802.1w across the LAG groups but the convergence time is terrible! In essence, the 7609 is running spanning tree against itself (between the two blades). What can I do to fix my configuration?
If I disable the ports on the equipment connected to g1/17 & g1/18, it takes ~30 seconds for spanning tree to start forwarding on g2/17 & g2/18.When I bring the ports back up on the other side of g1/17 & g1/18 which are in a lag group, g2/17 & g2/18 immediately go into block mode while g1/17 & g1/18 start learning for another ~30 seconds!! [code]
i'm trying to type the command (config)#spanning-tree mode rapid-pvst on my Cisco 2950, but (config)#spanning-tree mode ? only shows me one option - pvst. I've checked the Cisco support page which suggests my version of IOS should support rapid-pvst.
Switch_1#sh ver Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
Configuring a network with Rapid Spanning Tree Protocol. There's a combination of Cisco 3650s, 2950 and 2960 switches. It is a flat Layer 2 network with a single VLAN. CLI configuration?
RSTP port role in the switches are flapping if broadcast data is flowing through the ring. Also I've tried applying broadcast suppression to all the port to 64kbps for ports of 100Mbps/1Gbps, All the devices I'm using are L2 switches.
I have an alcatel 6850 switch connected to a 3750. Two connections (cables) are used between the switches. The two connections from the alcatel are in different vlans 10 and 60 , but the cisco ones are in the same vlan ie 1 (I know not best practice but keep with it ). The cisco cables are connected into port 1 and 4. Port 1 is forwarding and 4 is blocking. The 3750 is configured with basic default pvst configuration.The alcatel is the root bridge. As can be realised traffic from alcatel on vlan 10 cannot pass traffic to the 3750, This was established by the spt seeing the same mac from the root bridge therefore blocking port 4.To stop this from blocking in this scenario I was going to use bpdufilter.
I can not enable to rapid- protocol in catalyst 6513, does not support for it, only support pvst.
Someone how can i enable to rpvst? You know if is necessary to upgrade IOS, it has s72033_rp-ENTSERVICESK9_WAN-M - 12.2(18)SXF9 IOS. The cisco software Advisor could not localized the features fot this IOS.
Our customer use catalyst switch that spanning tree be PVST+ mode.I take SG300 connect with this catalyst switch.Does it support ?If it support,how to config on SG 300 ?
We have two L3 3750 switches running HSRP and routing for various Vlans on our corporate network. Rapid PVST is running across our entire WAN. We are introducing a third party solution for remote communications over MPLS. When interconnecting this equipment to our core network, we have experienced less than desirable failover times of 32 seconds and recovery times of 60 seconds. The vendors engineers are telling is that the interoperability between IEEE spanning tree and Rapid PVST is the culprit.
They are suggesting two scenarios - either converting our corporate network to MST (which I prefer not to do but provides us the fastest fail/recovery times) or adjust the timers on our Rapid PVST forwarding timer to 4 seconds. What would the implications be to change these timers on our network, and if I choose to do this, do I only do it at the core (on the two devices that would become root bridge)? I have been doing some reading that says to not mess with the timers, but nowhere do I see reasons why.
Stange problem which I encountered today, I have a Cisco 2960 which is connected to a netgear. The switch started showing itself in CDP and was running STP. I checked the cables physically today and noted 3 uplinks to the netgear, all port on the Cisco active and forwarding and green lights.
The Cisco was running STP, I changed it to R-PVST and the lights on the Cisco went crazy and I got the message port flapping on the switch but the switch did not block any ports (all ports on same vlan).
There after I changed it back to stp and the switch blocked the other up links apart from one.
I have two locations DC and Corp connected to each other via Point to Point Circuit. I have forced the two core switches setup as GLBP pair to be primary and secondary for certain VLAN's including VLAN1.I have a switch in our Corporate office 3750 which is where the point to point circuit terminates. VLAN1 SVI is manually shut on that switch. Also the priority on VLAN1 is increased manually like this, "spanning-tree vlan 1 priority 28672".
Now the issue is that the Primarey Root Bridge in the DC is the root bridge for VLAN 1. But this other switch 3750 in our corporate office also is a root bridge for VLAN1. [code]
3750 switch connects to Blade-switch_1 and Blade-switch_2 Spanning-tree mode is configured as rapid-pvst on 3750 switch, do I need to configure rapid-pvst on both blade-switches or keep the default pvst config.3750 is running VTP domain HQ and transparent mode Both Blade_switches are running VTP domain CLI and transparent mode To configure Etherchannel between 3750 and blade-switch_1 do I need to have all devices in same vtp domain?
I need to move from ASA 8.4(1) to 9.0(2). Reading [URL] it seems to be a quite safe upgrade cause I do not have IPv6 ACL and I have only IKE v1. The following is not very understandable to me,No Payload Encryption for export—You can purchase some models with No Payload Encryption. For export to some countries, payload encryption cannot be enabled on the Cisco ASA 5500 series. The ASA software senses a No Payload Encryption model, and disables the following features:
# –Unified Communications # –VPN #
You can still install the Strong Encryption (3DES/AES) license for use with management connections and encrypted route messages for OSPFv3. For example, you can use ASDM HTTPS/SSL, SSHv2, Telnet and SNMPv3. You can also download the dynamic database for the Botnet Traffic Filer (which uses SSL) and redirect traffic to Cloud Web Security. Reading [URL] under 'Limitations and Restrictions' I find this point moving to 8.4(2), which I also dont understand,Currently in 8.4(2) and later, the PAT pool feature is not available as a fallback method for dynamic NAT or PAT. You can only configure the PAT pool as the primary method for dynamic PAT. For example, if you enter the following twice NAT command that configures a PAT pool (object2) for fallback when the addresses in object1 are used up, you see the following error message:
hostname(config)# nat (inside,outside) source dynamic any object1 pat-pool object2 interface round-robin ERROR: Same mapped parameter cannot be used to do both NAT and PAT. ERROR: NAT pool allocation failed.
You can alter this command to make it PAT-pool only by removing object1; the PAT pool is used as the primary method, instead of as a fallback method:
I have recently moved, taking my PC (Windows Vista) from the UK to Norway. My Norwegian partner has a Wi-fi network set up in our new home via his cable TV service (Lyse) and I purchased a Netgear wireless network adaptor so I could get into this. It says I am connected to his network and I entered the correct network security key but I only get 'limited connectivity' which seems to not include internet access. 2 iPhones & 2 other laptops regularly network in so there is nothing wrong with the network per se. The trouble seems to be that mine is a desktop PC.
I had a LAN from home in my 'connections' so I deleted that (and deleted my UK broadband connection) and in the LAN settings box, I unchecked 'automatically detect' & and checked the proxy server box.
Currently trying to set up the above so that if an access service is not matched then it will go to the next one. Looking at the logs what happens is - our auth is set to AD so it matches that - then it isnt in the correct ext AD group and goes to default deny access.
Cant see how to get around this - the only continue command is in the advanced area of the auth - but i cant set up ext ad groups on the auth. How do i get this to move between access services if it doesnt match the ext AD.
We have an old Cisco 2600 series router, running a single T-1 line, AT&T is the carrier. Very standard stuff.
The T-1 works perfectly on the old router. Cisco 2600 with a WIC-1DSU-T1 card. We have a brand new 2911 router with a VWIC3-1MFT-T1/E1 card in it. The circuit runs 100% clean and trouble free on the old router. When I plug it into the new router, it shows up/up but has a massive number of errors on the line, and the circuit is not usable. There are no timing slips or anything like that.
I have another site using the same router and card with the same configuration on that T-1 and it works perfectly. Zero errors. This site (in a different city) is totally slammed with errors. We already replaced the T-1 card and still have the exact same issue.
I've actually been doing this a long time, and I've tried all of the usual things, adjusting line build out, changing clock source, checking and re-checking configs. Nothing seems to reduce the error rate.
I personally think it has something to do with the Smartjack. Like maybe their LBO is too high or too low, and the old router card was more/less sensitive than the new one?
This is a layer 1 issue and is not defective hardware or defective configuration. I am looking for T-1 insights or bugs/issues.
I used my Pix config to setup the ASA 5505.Everything seems to be right. I used ASDM to view settings and it seems right. I am missing something minor, but I am going blind looking at it.
I can remote into the network from outside, but internatlly I cannot get out of network. No internet or email is passing through.
I have a customer moving from a 5505 to a 5510. They are currently running websense express, which monitors and filters traffic based off of a port mirror on the ASA. Can this function still be performed on the ASA5510? If so, I am having trouble figuring out the method.
I have a 'Comcast Business Gateway' a friend gave me and I would like to use it instead of the regular gateway. The business gateway has extra Ethernet ports on the back where as the regular gateway just has one for your router. I plugged in the business gateway and I couldn't access the network. I used 10.1.10.1 which I thought was comcast's default but to no avail. I am not a tech so I am now stuck.The whole reason I am trying to do this is because the wireless routor is in the house, with a ethernet wire running to the shop. This distance is about 60 feet. I have the computer pluged into the wire but I can't get the printer or the other computer to connect to the wireless. I would like to connect the Business Gateway to the house wireless and then run the hard wire to the shop and connect another wireless router to the wire and run the shop on its own wireless. I tried one of the wireless extenders and it does not have enough juice.
When using my laptop, my mouse will at times not move. Also when typing, the curser will jump from where you are typing to other areas on the page (to the middle of other words, beginning, or where?
It was so much easier to transfer from xp to win7, but now that I upgraded both to win7 I can't just simply share it and transfer my files. I need to share 1 entire drive, what's the easiest way to do it.
