I got an invalid input message when I typed "ip routing". Is this the expected result? Does the 6509-E with Sup 720 and FWSM support "ip routing" command?
Version: 12.2(18)SXF5.
FWSM version: 3.1(4)
I have some routing problems between the switch and the fwsm.
switch(config)#ip routing
^
% Invalid input detected at '^' marker.
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
I have two ISPs. Each is on it's own subnet connected to the 6509 MSFC/Switch. FW1 is on 100.1.100.0/30 and FW2 is on 200.1.200.0/30 subnet. My goal is route all traffice going to the Internet from subnet 10.133.3.0/24 to FW1 and all other subnets across the organization to FW2. I am not sure if I need to use ACL / Static route combo, or just a static routes or ACLS?
View 5 Replies View RelatedWe have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies View RelatedI would like to ask you if it's possibile to block routing between some Vlan for just once of them.
Maybe I can explain better:
I've got a Cisco 6509 with 4 configured vlan interfaces
Int Vlan 10 10.10.1.0/24
Int Vlan 20 10.10.2.0/24
Int Vlan 30 10.10.3.0/24
Int Vlan 40 10.10.4.0/24
Vlan "10" is the phone voip Vlan and it must not talk with the others Vlan. The others Vlan can comunicate normally except with Vlan "10".
Pratically Vlan "10" needs to be isolated from the others.
This equirement comes becouse Vlan 10 is wireless and has the WEP key encryption (very weak protocol). Some Phone couldn't support the WPA2 key and I need to avoid an unauthorized external client, cracking the WEP key and connecting to this WiFi, could have free access to the others Vlan.
I have a problem on my catalyst 6509 on which I would like to do the following things :
I have some Vlans in which multicast is enabled.
In tose Vlan theres is a router which is default router for equipements.
I had enabled multicast routing because some Vlan needs to exchange multicast informations, but I wolud like to make difference between Multicast traffic. For example I have 5 vlans:
Vlan 1 and 2 need to exchange Multicast informations but the don't need multicast information from Vlan 3 and 4
Vlan 3 and 5 need to exchange Multicast informations but the don't need multicast information from Vlan 1 and 2
Vlan 5 is independant Vlan but doesn't need to have multicast information from all others vlan.
Last problem, equipement on differents vlan can use the same Mulkticast group address. In this case, Multicast routing is not working between Vlan 1 to Vlan 2 and Vlan 3 to Vlan 4.
I need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
View 26 Replies View RelatedI am migrating from Cisco 6509 IOS (12.2) to Nexus 7000 NX-OS (5.1(1)).I am looking for a equivalente NX-OS command for permit ipinip on IOS.
View 2 Replies View RelatedI have 2 6509-E chassis with SUP-720-VSS and classic line cards :-(. on October 2011 the switch reached 100% CPU on both devices and the entire network went down. Customer restarted the core so we lost all the log files and couldnt find out any root cause on the same. TAC engineer suggested to have some script configured on the system in case of CPU shooting up above 70%, it will create a file in flash and keep appending the logs to the same. Last week i got call from customer saying that the CPU again went high for around a minute on both the cores. Last time i added CoPP also on the switch in order to prevent the CPU reaching 100%. Still it went high and from the captured logs i saw that the process created the high CPU was Port Manager Per and SSH process. Attached the file created by the netdr capture command.
View 1 Replies View RelatedI have a customer that has a Catalyst 6509 with two Supervisor VSS capable and my Sales team sell another 6509 with just one Supervisor VSS capable. Simple question: Will VSS configuration will recognize that I have three Supervisors? It will work as QUAD-SUP solution or as a normal VSS solution?
View 7 Replies View RelatedWe are trying to migrate from 1g to 10G, couldn't find any module on 6509-E which supports 10G on SFP+ ...I can see X2 and Xenpacks .. but not SFP + .what exactly this Xenpack means ?
View 3 Replies View RelatedWe have connected a single F5 box with dual links to 2 different Cisco Catalyst switches using 802.1Q trunks. F5 is configured with RSTP mode and on Cisco Switch RPVST+ is configured.STP root bridge is hardcoded on the Cisco side. Loop Guard is globally enabled.On F5 STP link type is Auto, STP Edge port is disabled since that port is connected to the cisco switch.When we are failing over the F5 primary link to the secondary link we see 'Loop Inconsistent' on the cisco switch and things dont work after the failover.We have tried configuring the F5 as STP passthrough but that doesn't fix out the issue.I have checked out the forums and found out following recommendations
1. Configuring MSTP bw F5 and Cisco for better compatibility (Not possible from Cisco side because of a major change in large production setup)
2. Configuring VSS in Cisco switches (not possible due to hardware limitation)
3. Connecting F5 using single links to each switch (redundancy compromised)
I am wondering that on which default vlan does the F5 STP instance0 sends the STP BPDUs ? the term used on Cisco side is native vlan and others use PVIDs; that F5 default vlan should match the native vlan on cisco trunk side.
Tonight we were performing an IOS upgrade on our 6509 VSS to 122-33.SXI6. Both 6509's have dual Supervisor cards installed. Initially we had problems with switch 2 slot 5 supervisor returning to rommon however switch 2 slot 6 supervisor loaded correctly. After manually setting the boot var in rommon, switch 2 slot 5 supervisor reloaded correctly.
After all supervisor's were online we noticed when looking at " show switch virtual redundancy" that sw 1 & 2 slot 6 supervisors were running the correct IOS version but sw 1 & 2 slot 5 were running different IOS versions, however when looking at the show version we are running on the upgraded IOS??? See output below...
Why the active supervisor has loaded the incorrect IOS the VSS is running on the upgraded IOS? I have verified the IOS was copied correctly to each supervisor bootdisk, I see no issues.
My Switch Id = 1 Peer Switch Id = 2 Last switchover reason = none Configured Redundancy Mode = sso Operating Redundancy Mode = sso
Switch 1 Slot 5 Processor Information :----------------------------------------------- Current Software state = ACTIVE Uptime in current state = 3 hours, 38 minutes Image Version = Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI9, RELEASE SOFTWARE (fc2)Technical Support:
[code].....
We are looking to avoid the need to install an additional device in our network as our core 6509s are not being pushed by any stretch. However, we are having an issue getting the 6509 to assign DHCP addresses and perform NAT.
Most interfaces and V LAN's on the 6509 are using public IPs and have BGP routing at the edge. We have a trunk up link coming into the 6509 on a ws-6816 card via a SMF GBIC in slot 9, port 2 that feeds a wifi link where we are looking to provide guest access to our network.
We created 2 V LAN s on the switch 20 and 21. We assigned a private IP and network to the VLAN20 interface and assigned a new public /30 sub net ip to the V LAN 21 interface. The following configuration was applied which I thought was the required configuration based on how we would typically configure ISR routers for the same services...
ip dhcp excluded-address 10.200.200.1
!
ip dhcp pool WiFi_Pool
network 10.200.200.0 255.255.255.0
default-router 10.200.200.1
dns-server 4.2.2.1 4.2.2.2
[ code]...
What am I missing in this configuration? Note that if I create an access switch port for v LAN 20 on the switch and plug a laptop in directly to the 6509, the laptop is unable to receive a DHCP address. If I assign the laptop an address in the 10.200.200.0 /24 range manually, I can ping 10.200.200.1 from the laptop, however, the laptop will not get to the internet as it appears to be failing to perform nat.
I have a network with four 6509s in a ring with 10Gb links. Two adjacent switches are at the home office, the other two at the DR site. The switches at each location are physically similar to each other with respect to what blades are in them. We went through an upgrade from SUP-720's to VS-SUP-720's recently, only at the DR site - basically a practice, with the home office conversion hopefully taking place next weekend.
We initially just brought up the two chassis separately, in non-VSS formation (stand-alone). So far, so good - everything was connected, all traffic was passiing, all links were up, everything was reachable: EVERYTHING worked. Then we made the conversion: step-by-step from the cisco.com page; create a virtual domain, make one switch switch 1, the other switch 2, create differently numbered port-channels on each 6509, add the SUP 10Gb links to the port-channel, do the conversion.
Here's where the trouble started. First of all, the two 10Gb links back to home office created a spanning-tree loop and we had to shut down one of the links. (Is there something that needs to be configured on those links to turn spanning tree on? Does VSS conversion turn stp off?) Secondly, though it worked while in stand-alone mode, the copper blade in the standby 6509 stopped passing traffic - it would take config, the links would come up, but you could not ping across those links. Interestingly enough, there was an access switch with links to each of the copper blades, and having them both up also caused a spanning-tree loop. adding a new port-channel and putting both links in it did nothing to alleviate the loop. This leads me to believe that stp is not working properly. I reiterate, that even though the loop occurred, nothing else plugged into that blade was pingable.
I have been asked to research running VSS between 2 6509's between 2 sites?
I am just going through the whitepapers and need to establish the link requirements for such a setup.
Is it a valid setup?
Will I be OK doing a eFSU Upgrade from s72033-ipservicesk9_wan-mz.122-33.SXI2a to s72033-ipservicesk9_wan-mz.122-33.SXJ1?
I only have a single supervisor in each chassis.
Should I be ok with just following the eFSU upgrade instructions in the below?
[URL]
I have an interesting problem. I have a 6509 that I'm trying to swap the GBIC on. The switch is already using a GLC-SX-MM GBIC and it is up/up and passing traffic, but we are getting some errors and suspect it may be faulty.
I want to replace the GBIC with one of the identical model - a GLC-SX-MM. It was brand new, never been opened. When the new GBIC is plugged in the link light on the switch goes completely off (not amber) and the port goes into a down/down (not connect) state. There are no messages in the logs at all. It's like it doesn't even see it. If you plug the old GBIC back in then the link comes back up. I tried a different port with the same results.Thinking that the new GBIC may be faulty (even though it was brand new) I tried a second GLX-SX-MM, also new. That one does the same thing.
At that point I thought there might be a problem with that switch, so I tried the GBICs on the other 6509 in that pair. The other 6509 is running the same hardware and software. The GBICs will not work there either. If you move the old, suspected faulty GBIC from 6509-2 to 6509-1 then that it works.
The solution would seem to be that I have two faulty GBICs, but I'm having trouble persuading myself that I have two new ones, straight out of the package, that are both bad. Are there any other things to check on the switch? Here's the pertinent information:
switch#show ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI3, RELEASE SOFTWARE (fc2)
<snip>
cisco WS-C6509-E (R7000) processor (revision 1.3) with 458720K/65536K bytes of memory.
Processor board ID SMG1109N3BK
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
[code]...
Is there a way I can check the version of each device on two Cisco 6509 if they are Virtually connected (VSS)? When I enter the command show version, it only shows one result, unlike show module, you have an option to choose which switch by entering 1 or 2.
View 3 Replies View RelatedIf i look at the Feature Navigator , it says that IP Base Supports OSPF and EIGRP. But if i look at the Cisco Link it contradicts the Cisco Feature Navigator.
[URL]
if I have 6509-E with VSS-SUP720-10G and want to run OSPF and BGP on the Switch. What is the IOS i require? WIll IP Base Suffice or i need to take Advance or Enterprise Image.
We are running Cisco 6509-e and we are running load test and when traffic reach 80 mbps switch start reponding very slow. I checked CPU usage and it was using 100% and connection to the switch from outside to inside are 80K. once connection dropp Cisco release CUP and it start responding normal. [code]
View 4 Replies View RelatedCurrently have a pair of 6509 chassis setup with VSS. Only have the Sup and two line cards in each chassis. Would like to replace with a new pair of 6504E chassis. Is it possible to fail one chassis at a time and migrate to the new 6504E?
View 3 Replies View Related6509 - Not working
1 6 Firewall Module
2 8 Intrusion Detection System
3 1 Application Control Engine Module
[Code].....
The Policy applied to the interface is just completely ignoring the configuration.
I am sure it is related to the 6500 architecture in some way. Same config is fine on the switch with the higher version on the sup card.
I built a VSS pair with a couple of 6509's. This was our first pair so we took the opportunity to do some testing. One of the features we tested was the priority/preemption feature, which we decided not to use. After some time we shutdown switch 1 and relocated it to another building. Unfortunately, because of a lack of fiber, it was not connected to switch 2 for several months. Also, unfortunately, I failed to remove the priority commands. Now while switch 1 was "unconnected", we made changes to the config on switch 2. Months later, when the fiber was complete and I connected switch 1, preemption caused it to take over. I'm guessing switch 1 thought it's config file was the better one, and proceeded to overwrite switch 2's production config. I quickly disconnected the fiber but not before losing my production config on switch 2. We of course recovered from that with a backup, but now I need to connect switch 1 again. I have removed the priority command from switch 1 and rebooted it.
View 7 Replies View RelatedI have recetly upgraded our core switches (6509E) to SUP 2T from 32. Each core has 2 SUP's (hot/standby). out of 4 SUP engines, one is defective. i had received the new SUP from cisco. Currently my core swicth 2 is running with single SUP. Can i directly insert the new SUP engine in slot 6 (free)? will it automatically load the existing IOS from active SUP? what will happen if the new SUP has a different IOS other than the active SUP? Also is there a way to find out the IOS version without inserting in the chasy?
View 2 Replies View RelatedMy question is if I do not want to purchase any additional switches can I connect the devices to the 6509 and put them in their own separate vlans?I am a little fuzzy about the physical connections needed to make this design work as it is.
View 9 Replies View RelatedGot servers in vlan 10 ip range 10.0.0.0 and servers in vlan 20 ip range 20.0.0.0 at the same layer 3 switch. (c6509 sup720)I would like to block TCP traffic initiated from Vlan 20 to Vlan 10. But the servers in Vlan 10 needs to be able to open an TCP connections to Vlan 20 did test with the ACL thats blocking (ack/established/syn) but unable to get it to work.Or it works both directions or is works non directions.
View 4 Replies View RelatedWhat the little green/red light is on the back upper left corner of the switch is? It inside a little mesh and I belive it says vt_fail next to it.
Had water get on our switch over the weekend and this guy goes red when I fire off on demand diagnostic, but not relevant errors in any of the logs. Haven't gotten to the point where I am putting data back on the switch yet.
I've upgraded a 6509 switches wich are running in VSS, from IOS 12.2 (33)SHI1 to 12.2 (33)SHI5. After that I'm facing the folowing log messages periodically. [code] I know that this is a diagnostic result from TestUnusedPortLoopback feature. But this interface is disabled (shutdown).
View 5 Replies View RelatedI have a 6509 witch a sup vs-Sup2T, and I´m very confuse for to configure QoS. is diferent in the old supervisor..What is the command similar to map cos to DSCP.. look
This is a configuration in a sw 4507
qos map dscp 56 to tx-queue 1
qos map cos 1 to dscp 10
qos map cos 2 to dscp 18
qos map cos 3 to dscp 26
qos map cos 4 to dscp 34
qos map cos 5 to dscp 46
qos
In 6509 with sup2T and version 15.0.SY2 Im no sure.. I see two command
platform qos map cos-mutation testmap 4 5 6 7 0 1 2 3
and
table-map cos-discard-class-map 0 1 2 3 4 5 6 7
I want to setup HSRP between three 6509 switches with a single virtual ip for all the three switches.
know if its possible and share any site or config.