I have just configured up a sg500 with a lacp trunk to an upstream switch.
I am getting native vlan mismatch on the individual ports of the lacp team.
24-Jan-2013 12:54:48 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi1/1/24.
24-Jan-2013 12:57:35 %CDP-W-NATIVE_VLAN_MISMATCH: Native VLAN mismatch detected on interface gi1/1/48.
[Code].....
1 week ago, I got a call from a client that reported a network outage, the client told me that, 3 switch has crashed he try to console but it just hang. I ask him, did you change something? he said he didn't change anything, he just pluged a nortelswitch to the cisco switch number 9, but that switch doesn't crash like the others (3,4,8). I check the uptime, and yes the switch never been powered off..
the topology look like this
____ 6500 ____
/ / |
1 2 3 4 5 ...... 9
the vlan is end to end vlan, so vlan span between all those switches. transparant. this is collapsed topology, core and distribution is the 6500 itself all of the 1-9 access switch are in the same rack, with no loopguard, and bpdu guard configured. and connected to the core using etherchannel. the problem is there is no log available to start the troubleshooting/investigation.
Is there a way to ask the above switch how much power it's supplying to various ports?I've found some stuff in POWER-ETHERNET-MIB, but it's only the main power supply and the up/down status of the various ports.
It looks like what I want is
[URL]
but my SG500 tells me:
snmpwalk -v2c -cpublic serverswitch 1.3.6.1.4.1.9.9.402
CISCO-SMI::ciscoMgmt.402 = No Such Object available on this agent at this OID
I have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
!
6509 configs:
!
interface Vlan50ip address 172.16.50.2 255.255.255.0!interface FastEthernet
[Code]....
we recently aquired a managed services job and have to do a overhaul of the vlan configs and have a whole dozen WC2948G's trunk between a set of ports as well as trunk out a LAG channel setup to non cisco equipment. the deal is the lacp-channel works properly on both ends but no routing of vlans between ports and between the lag trunk are working.
theres alot of settings in the config and im planning on clearing it and starting from scratch but before i do i want to know where my problem lies.
[code]...
Is there an SG300 or SG500 that has all ports as SFP ports?
View 1 Replies View RelatedI am trying to setup up a LAG with LACP between the switch and a Sinology DS1511+. Every time I enable LACP on the LAG I cannot get the ports to become Active Members.
View 1 Replies View RelatedI have an SG500 that is already deployed with some Access VLANs on it. The PVID is still the default 1. I am trying to change it to 19 with as little interruption as possible. If I just go to the VLAN Management Tab and change the Default VLAN to 19 and reboot the switch, will it migrate my management IP to the default VLAN without any trouble? Would it be less interruption to: Create VLAN 19, assign it an out of subnet IP address, change a port to PVID 19, connect directly to that port, go to that IP address, remove the original management IP from PVID1, change all the ports to PVID19 then change the management IP back to the original?
View 1 Replies View RelatedI have trunk etherchannel ports 47,48 which both have Vlans allowed on trunk 70,71. Everything works pretty fine. Now I am trying to add a new VLAN 72 to these ports.
conf t
interface FastEthernet0/47
switchport trunk allowed vlan add 72
exit
exit
So far so good. But when making the same command for port FastEthernet0/48 my switch stuck.
I have a switched network of C2980 & C3548 switches with multiple VLANs. I would like to understand the difference between Multi- VLAN ports and trunk ports. What circumstances would dictate using one over the other? If I configure the router port as Multi- VLAN, does the router still require sub-interfaces?
View 9 Replies View RelatedHow does the ESW 500 or SF300 line guarantee QoS of voice traffic when trunking switch to switch? I have (2) ESW 500 series switches in series. The phone on switch 1 have no audio issues, but the phones on switch 2 (the last in the series) have intermittent voice quality issues when dialing across a WAN circuit to another office. The phone on switch 1 do not have that issue though they traverse the same circuit. They are all using the same VLAN 100.
View 1 Replies View RelatedI have a Cisco SG300 switch on which trunks are configured. I have a server which sits on the switch via a trunk link of four network cables (4 Gbps total)on which LACP is enabled. I'm having trouble connecting to the server using VNC from a computer on the network. It doesn't happen all the time though, it's just random.
On looking at the logs of the switch, I saw something unusual. The trunk that connects the switch to the server is constantly removing all the member ports and adding them back again after a few minutes interval. That causes the trunk link to flip on and off all the time. What could be the reason that's causing it to happen? I know it could be the network cable but I'm using brand new cables and the server also is brand new.
if i have this config:
switch port mode trunk
trunk aloved vlan 50
will travel over this trunk untagged packets? For eg the V LAN 1 is by default native V LAN without tag. If i have created a bog ring with catalyst 3560x switches with no spanning tree on V LAN 1 can be the case of this config a loop ???
I am using upper config on interfaces that are connected the switches together in ring.
Other interfaces on switch have this config:
int range 0/1-4
switchport mode acc
switchport acc vlan1
int range 0/5-24
switchport mode acc
switchport acc vlan50
I am using vlan1 just for local switching without connection to internet! I am asking just because i have this king of messages in logs:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/27 (1), with SW3560x_BR8874 GigabitEthernet1/0/19 (50).
GI 1/0/27 and GI 1/0/19 have this config:
switchport mode trunk
trunk aloved vlan 50
I have a 3750 as a core and have a series of HP Procurve switches that are daisy chained using one port. I have two vlans on the port now (6 &9) and everything works fine, all switches communicate and end devices on the switches are also talking. There is a requirement to add a device towards the end of the chain which requires it to connect using Vlan1. Once I add Vlan1 to the port onthe 3750 I lose connectivity to all the HP switches.
View 4 Replies View RelatedI am looking into the possibility of using private vlan's for some dmz implementations however I do have what may be some very rudimentary questions. It seems straightforward how to configure the primary/secondary vlan configuration as well as associating them. However in my case I would be looking to configure the PVLAN on a 6500-vss platform acting as the router while all of the hosts which I would desire to have in the isolated vlan would be spread out across a number of older Cisco switches which only support "protected port" setup or Procurve switches all of which I do not have budget to replace with something newer. So in my scenario I would have a 6500 connected by trunk to multiple switches which only support a protected port setup such as a Procurve (top of rack) or a Cisco 2950. As the Procurve or 2950 would not support Private VLAN setup, do I then just configure the secondary vlan to be allowed across the trunk from the 6500, configure that vlan on the Procurve or 2950 (as vtp will not foward the info for the secondary vlan) and assign that vlan to the host port as well as setting it as a protected port and this will communicate just fine across the trunk to the router as well as stopping the protected port in top of rack switch 1 from being able to communicate to a protected port in top of rack 2,3,etc? If the above scenario is what needs to be done, do I just use a regular trunk or do I have to use a PVLAN trunk?
View 2 Replies View RelatedWe have 6509 VSS with FWSM Module and we have created two context on it, one is INTERNALL CONTEXT othe is EXTERNALL Context? We have spanned various VLANS in switches and FWSM context level. All VLAN Gateways are configured in context level.
Activity description : We had planned migration of these devices into a new Datacenter, it was a planned activity. During migration of devices from one Dc to a new DC we broke the VSS and kept the primary running and removed the secondary switch and migrated this secondary to new DC and powered this device ON in the new DC and checked all the config was very much fine but this device was OFF network as secondary was brought to new DC just to limit the downtime during the primary switch movement.
During the activity ( Primary switch movement )We powered off the Primary switch and mean time before shifting into new Data center We had brought up secondary switch which was already existing in the DC was put live in the network and it was working fine without any issues.
Later we had moved Primary into new data center and tried to put into VSS with the secondary , during this period the secondary device into went into RECOVERY MODE and primary device was not responding and devices went off network and immediatly we removed the VSL link and brought up primary into production network without secondary online in the network ( Without VSS just stand alone switch ) network started working, but bringing up the primary we found that some of the VLANS in the FWSM was deleted and some VLAN had misconfiguration ( example : say original VLAN ip 10.200.112.1 has become 10.300.13.1 ) also some of the access list as well as SVI was deleted making configuration mismatch.
Wanted to know while syncronization b/n primary and secondary switch in VSS if we pull out VSL link would create this type of issues.
Is there really any reason why you wouldn't use spanning-tree portfast on a trunk port other than a trunk between two switches? We have it enabled on all ports except for the fiber trunk between two non-stacked switches and the trunk ports connected to our Astaro firewall.I'd like to enable it on the ports to the firewall unless that would cause issues.
View 9 Replies View RelatedBest practices for an ASA5520. I'm currently running a pair of these as internal firewall for my organization, and have about 750 rules dictating traffic. A lot of the rules are for individual ports to specific server(s), some of them having 50+ ports opened. For example, Exchange has about 115 ports opened right now, anywhere from port 25 to 55000.
My question is that would it be better (faster, less strain on the ASA) to open a port range, (ie 52000-55000) or would the individual ports (ie: 52112, 52336, 52698,53441,53495, etc...) be ok?Obviously the individual ports are much more granular for security, but I don't want to take that into consideration now. Just strictly individual ports vs ranges.
A client is thinking of putting in a srp527w. they get assigned a static ip on the adsl interface (165.228.204.x), and then have been assigned another block(203.39.183.x/29).how can i have it so that i am able to forward individual ports from the external ip's, to selected internal ip's.
View 1 Replies View RelatedI'm new to managed networking. So I'm having trouble understanding how to set up my switches properly. I have a closed network with about 20 switches and 2 IDF's. No router, and no internet. I have a SLM 2024 in want to have 4 ports set up with a VLAN. I have another SLM2024 I want to be on the same VLAN some where else. Switch 1 uses port 24 GBIC as and up link port to one of the IDF's. Switch 2 uses ports 12 and 24 copper(LACP) to make a hop from another switch(ports 1 and 13 LACP)which inturn is connected to the same IDF on port 24 GBIC. How do I set up switch 1 ports 7,8,19,20? Also, how do I set up switch 2 ports 7,8,19,20? VLAN 11
View 1 Replies View Relatedwhat NATIVE VLAN is . What are the benifits of using this and when do we use this.
View 1 Replies View RelatedI have a Cisco 3750G-48PS Running IOS 12.2(40) and was wondering how many physical ports are supported in an LACP Configuration. Is it 4 or 8 ports in a single switch.
If I have a dual 3750 stacked together, and I want to configure (8) port LACP, Can I take (4) ports from each switch in the stack and LACP together.
I have a Cisco 6513 switches connected to HP VC Flex 10 Module. The (2) 10Gb ports on a Cisco Switch connected to VC Flex-10 in LACP mode.
I need to move those (2) 10Gb ports on Cisco Switch 10Gb Module to a different 10Gb module on a same Switch without bringing the ports down since it is a live environment.
What I would do is to configure a same port channel ID on a new 10Gb module and then move port one by one. unplug one port and connect to the new port on a module. While I will be unplugging the first port the other active port will keep sending traffic and as soon as I plug in on another port, both ports will be active.
We have 3 SG500-52 switches that are stacked and configured for layer 3 that replaced a couple of SG2010 switches a month ago. Switch units 1 and 2 are for servers and unit 3 for the workstations. The switches are connected with stacking SFP+ copper cables, 1 1M and 2 7M cables. The problems are occurring between the workstations and servers resulting in slow traffic on some links and connection failures. A repeatable failure occurs doing a backup from a PC on unit 3 to a server on unit 1 and 2 (2 port LAG). Moving the workstation to a port on unit 1 results in successful backups every time.
Initially I was able to confirm packet loss between my PC (on unit 3) and the servers using ping (ping -f -c 100000 -s 1460) of about .1%. The iperf program in udp mode also showed some packet loss and in tcp mode showed slow connections. A week ago I then upgraded the switches from v1.2.0.97 to v1.2.7.76 and rebooted. After that the ping and iperf tests show no problems although there are still slow connections to samba shares and the backups still consistently fail.
I suspect there is a problem with the stacking connections and have searched for traffic statistics on the stacking ports to look for errors but have not found anything. Doing a snmpwalk didn't reveal anything that I recognized. There are interface counters for all the ports except the stacking ports.
Am looking into using stacking and NIC teaming to create redunancy for user access to servers. What I am thinking is getting 2 SG500-28 switchs and configuring them in a stack that appears as one logical switch. Now on the servers I would configure 2 NICs to be a team so they appear as 1 logical interface, perferably in an active/active configuration using LACP. In this NIC team take 1 team member to switch A and the other to switch B, so each team member is on seperate switches.
Givent the scenario:
1) Will that work with the 500 series switchs? Reason for the switches is their price point is perfect for my client.
2) Besides the stack link will there also need to be a LAG between the switches or does the stack link do data traffic also?
I know very little about switches. This is the first time I've ever touched them. However, I'm the only one in the company who has the slightest knowledge on how to make them work.
4 vlans
vlan 1 - 192.168.32.1 - Existing network with Internet access
vlan 33 - 192.168.33.1
vlan 34 - 192.168.34.1
vlan 35 - 192.168.35.1
From the laptop on vlan 33 I can ping the management interfaces (192.168.x.1) for each of the vlans. However, I cannot ping anything on those networks.
Below is what I have with the config. Right now not much attached to these switches until they are setup.
Code:
config-file-header
poe-switch
[Code].....
I have the following problem in LMS 4.0. I see a lot of CDP syslog messages about Native Vlan Mismatch, but the LMS doesn't report it in the disrepancy report. Why?? The similar problem is with TRUNK VLAN Mismatch. The customer doesn't use VTP in his network. All switches are in the VTP transparent mode.
View 1 Replies View RelatedI have a 2811 Router (config below) with VPN configured. I can connect through the VPN and access devices on the native VLAN but I can't access the 10.77.5.0 (VLAN 5) network (I don't care to access the 10.77.10.0 - VLAN 10 network). This issue has been plagueing me for quite a while. I believe it's a NAT or ACL issue. VPN client IP pool is 192.168.77.1 - 192.168.77.10. [code]
View 4 Replies View RelatedIn our network environment, we have a 2960 switch sitting behind our router. Off of this we have a lot of external connections, like our external DNS, firewall, and VPN concentrators. I've configured a VLAN other than the default, moved everything into it and then shut VLAN 1. In this hardening guide it says that your native VLAN should be something other than the user VLAN, but if I am not using any trunk links, wouldn't I not really have a native VLAN? I attempted to make the link to our firewall a trunk link and then set the native VLAN to something else.
View 5 Replies View RelatedI have the new firmware running on my SG500 switch. I've also just finished creating my VLANs. My issue is that I can't delete the old default VLAN .... VLAN 1. More importantly, I can't seem to get DNS to work on the switch.
When I set a DNS server, the VLAN defaults to VLAN 1, and the option is greyed out and can't be changed. Why is it VLAN1? Why is it greyed out? How do I get DNS to work on the switch, for services like Time Servers?
Some background information of my current configuration.
VLAN 100
-Computer A
interface gi1/1/1
[Code]....
From computer A, i had run command prompt and ping 192.168.2.100(computer B) and successfully get a response. I had repeated the step but ping to a broadcast address (192.168.255.255) and it was unsuccessful.
Is PVID the same thing as "native vlan"? Can the native VLAN be changed on a SA520? Currently I believe it to be 1, I'd like to change the native VLAN to 10.
I have a scenario where I have a prexisting production LAN of 192.168.1.0/24 . It's a small organization (a church), but they purchased 3 Aironet 1130ag units. They want to have a "private" WLAN that is part of 192.168.1.0/24 , and a guest WLAN of a different subnet (I chose 192.168.20.0/24) . The two should never meet. There will likely never be a guest computer connected via ethernet. Guest computers would always have to connect wirelessly.
I left VLAN 1 on the SA520 192.168.75.0/24 subnet as default.I created a VLAN 10 , 192.168.1.0/24 subnet, and I created a VLAN 20, 192.168.20.0/24 subnet.Ports 1-3 of the SA520 are members of VLAN 1, 10, and 20 (cannot remove membership of VLAN1, which is pretty annoying).
Both are secured by WPA, and when I connect, the proper DHCP subnet passes from the firewall through to the wireless client, for each respective SSID.Ultimately, I'd like the SBS 2003 server to handle DHCP for VLAN 10, and have the SA520 handle DHCP for VLAN 20, but i'll take what I can get.
The original production LAN is connected via an unmanged switch.I'd like to trunk the unmanaged switch to Port 4 on the SA520. However, since the PVID (native vlan?) of SA520 is 1, and I cannot make Port 4 on the SA520 ony a member of VLAN 10, then anything traffic coming from the unanaged switch will automatically be tagged with VLAN1, correct? Thus causing the already existing production network to start receiving DHCP from the firewall in the 192.168.75.0/24 range.
Just trying to figure out how LAP manage clients in a h-reap setup.Have a setup with native vlan on 144 (switch and AP) and ssid tagging in other vlan... Got this on switch:
Jan 12 10:31:43.121: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0811.9695.9b04 on port FastEthernet0/42.
Jan 12 10:31:43.121: %PORT_SECURITY-2-PSECURE_VIOLATION_VLAN: Security violation on port FastEthernet0/42 due to MAC address 0811.9695.9b04 on VLAN 144
Jan 12 10:37:42.770: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0811.9695.9b04 on port FastEthernet0/42.
Jan 12 10:37:42.770: %PORT_SECURITY-2-PSECURE_VIOLATION_VLAN: Security violation on port FastEthernet0/42 due to MAC address 0811.9695.9b04 on VLAN 144
Wonder why clients MAC is seen on native vlan (and ofcourse also on taged vlan) ...?