We are trying to configure RSPAN at one of our sites in order to record voice calls using CallRex. We have it working successfully at another site using RSPAN (smaller site with 4x 3560 PoE switches), but when trying to set it up at this site, it causes "instability" for the voice network to say the least (some phones display one-way audio, UCM down message on the phone...not good). The calls are actually recording successfully on the CallRex server, but we cannot leave the RSPAN config in place due to the issues it causes. As soon as the RSPAN commands are removed, everything behaves normally. Here is the relevent config:
The config is pretty stright-forward, but as mentioned above, is causing major problems when turned up.CPU / memory levels are normal. Nothing shows up in the sh log on either the Edge or Core switches.
I have a question about RSPAN, is this feature only supported on 6500 and 4500 switchs?
we have 2 3560 switches and want to use RSPAN to monitor different source ports.I checked thorugh the cisco feature navigator and the IOS we have on 3560 has the RSPAN fature listed in them.
3750 Stack (Voice gateway for phones configured on the 3750 and has a VPC nexus) + + + + + + (Nexus5596) ++++++++++ (Nexus5596) (Gateway for all other vlan like PC / servers / etc) + + + + + + 3750x access layer (VPC to Nexus) [CODE].....
We have Nexus 7009 switch and want to configure the span session
We are using F2 and M2 card both are in seperate differeent VDC.And out server is connected to M2 card on eth 4/6 and want to monitor the traffic from vlan 161Which is made on F2 card.
I have a RSPAN session configured between a Cisco 3750 and Cisco 2950 switches and I dont see the traffic I am expecting to see on the destination port. I only see broadcast traffic .. HRSP hellos etc. Below is what I have configured on both switches.
we want to record voip telephone?Presently im using wireshark on a laptop to test the rspan session
Here is how it's configured
CORE_SWITCH is Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 28 WS-C3750G-24TS 12.2(52)SE C3750-IPBASEK9-M 2 52 WS-C3750G-48TS 12.2(52)SE C3750-IPBASEK9-M
[code]....
Ive created the vlan 33 on my core switch and remote SPAN VLANs 133 Core switch is vtp server so i double checked on all switch and vlan 33 and 133 are present When i listen to conversation with wireshark we are only recoding voice of the one who is answering and we don't hear the other person talking?
the phone connects to the 3750-A access layer switch (VTP mode client) which connects to the nexus 5596 (The nexus is the layer 3 device and set to vtp mode server) and finally we have a Voice recorder that connects to another access layer 3750-B switch.(VTP mode client)
For voice recording I need to setup RSPAN and the nexus5596 does not support RSPAN will the following have any impact on the nexus
IF I move the 3750-B to VTP server mode and run the command remote span on the VLan I need to Rspan its going to update the VTP data base in short it will update the vlan.dat file for all the switch in that VTP domain.
AS the vtp update reaches the nexus saying there is a change (keeping in mind the nexus does not support rspan not sure hows its going to handle that request and how its going to update its vlan.dat file)
Is it going to incremment the VTP revision number? can it crash the vlan.dat file on the nexus ? or do nothing and ignore the update and stop the update from proceeding to the 3750 A switch?
I'm attempting to create an erspan session between a Nexus 5000 and 6500 to get traffic from a FEX interface on the 5000 over to a sniffer off of the 6500. The Nexus and 6500 are directly connected with a 10G link, but I added a separate 1G link between the two for the erpsan traffic. I created a routed interface on the 6500, and and SVI on the Nexus. The Erspan session came up, and looked ok from both sides, but as soon as we got a burst of traffic this morning the CPU on the 6500 spiked to 99%. I used 'debug netdr capture rx' to determine the traffic was coming in from the erspan port and subsequently shut down the new interface on the 6500. why this caused a CPU spike? Here are the relevant configs from each device:
The last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
I have tried to make policy based routing on Cisco 3560. I use ipservices ios (SW version 12.2.(50)SE3 and SW-IMAGE C3560-IPSERVICESK9-M) For below configuration there is no problem and pbr is working.
“Access-list 100 permit ip host 1.1.1.1 host 2.2.2.2 Access-list 101 permit ip host 1.1.1.1 host 3.3.3.3 Route-map pbr1 permit 10 Match ip address 100 Set ip next-hop verify-availability 1.1.1.2 1 track 11 interface fasthethernet 0/1 ip policy route-map pbr1”
But when i add another sequence to the "pbr1" with another sequence number like that.
“Route-map pbr1 permit 11 Match ip address 101 Set ip next-hop verify-availability 1.1.1.3 1 track 12”
pbr is not working. Switch gives message "PLATFORM_PBR-3-UNSUPPORTTED_RMP:Route-map pbr1 not supported for Policy Based Routing”"ip policy route-map pbr1" command not shown in the running config. And "show ip policy" output is blank.Configuration guide says you have insert many sequence to the route-map with the same name. And also this command is not in the unsupported command list.
I am trying to get my workstation to talk to a workstation on a different sub-net through a Cisco 3560 switch. The switch is running the following IOS version: [code]
My primary network is 172.16.0.0 and I am trying to connect to a device on a 192.168.111.0 sub-net. [code]
What would be the best way to get the two workstations talking via the switch?
I implemented access list on cisco 3560 switch but it never works. I want to block access from network B to Network A and allow from Ato B Network A. 10.0.12.0/24 Network B 10.0.24.0/24
The configuration is interface Vlan1 description Data VLAN
We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing. We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.
I have a 2504 WLC connected to a Catalyst 3560 which has multiple vlans and is connected to a 2800 series router. I know the catalyst is L3 but I am needing nat functions to get outside to the internet. From my 2800 series router I am able to ping out to the internet, also I am able to ping the vlan interfaces on the catalyst switch. Problem is from the catalyst switch I can ping the inside and outside address of the 2800 but I cannot get any further then that. I cannot ping the 2800 router gateway. Not sure what I am doing wrong as far as routing.
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz, Intel64 Family 6 Model 42 Stepping 7 Processor Count: 4 RAM: 6049 Mb Graphics Card: Intel(R) HD Graphics 3000, -1988 Mb Hard Drives: C: Total - 584878 MB, Free - 114018 MB; Motherboard: ASUSTeK Computer Inc., U56E Antivirus: MSE
I am unsure whether this is a software or a hardware issue at this point, but 4+ other computers have no issue connecting to the wifi so I am fairly certain the modem / router are working correctly.Basically, I feel like I am playing Russian Roulette with connecting from my laptop. Initially, my laptop connects perfectly fine to the wifi upon boot up, but then it will randomly disconnect and a ! will appear on my taskbar icon. When I open the Network and Sharing Center it will state the it is getting hung up at the "identifying..." process. I will then "troubleshoot" the problem which will take a concerning long time only to return with a couple of different results (I have no idea why these vary). Either it will state that windows can not find a solution and the taskbar icon will turn into what looks like an ethernet plug with a red X on top of it, or the troubleshoot will return with results stating the the "wireless connection adapter and the LAN adapter are disabled" and it will allow me the administrative action of enabling these. Upon re-enabling them, my laptop will again connect completely fine... until the whole cycle repeats itself. And another possible result I get upon troubleshooting is that "the default gateway is not available". Whenever the first or third results occur from troubleshooting the only solution I have found is to restart my laptop (upon which the ABOVE issue occurs) and try again to connect upon reboot.
Here some pictures of the troubleshooting results:
Initial results I receive after directly plugging into the ethernet cable:
Results of troubleshooting if I choose to "skip this step" and not plug into an ethernet cable:
Upon clicking "Try these repairs as administrator":
I have ran Malwarebytes, MSE, defragmented, and cleaned out all my temp files, so in the slim chance it was some type of virus/cookie/malware then it isn't that.I have attempted a lot of solutions to this problem, including an update of all my drivers (which I found my wireless driver was outdated) but updating the driver did not resolve the issue.
I am trying to upgrade the IOS in 3560 but I am facing one issue. Its flash is 15MB & available space is 8MB whereas the IOS is of 11MB. How can I upgrade the IOS without upgrading the flash?
We bought a 3560 PoE switch to replace tons of PoE-injectors but when connecting the devices our logs were flooded with
Mar 11 15:09:20.725: %ILPOWER-7-DETECT: Interface Fa0/7: Power Device detected: IEEE PD Mar 11 15:09:20.725: %ILPOWER-5-INVALID_IEEE_CLASS: Interface Fa0/7: has detected invalid IEEE class: 7 device. Power denied Mar 11 15:09:20.968: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/8, changed state to down Mar 11 15:09:20.985: %ILPOWER-7-DETECT: Interface Fa0/7: Power Device detected: IEEE PD Mar 11 15:09:20.985: %ILPOWER-5-INVALID_IEEE_CLASS: Interface Fa0/7: has detected invalid IEEE class: 7 device. Power denied
While the message seems quite clear im wondering if there's any workaround on the problem?
I have a Cisco SW ( 3560 ) with one Trunk link to my router ( 7606 ), Trunk link is fully utilized so i need to add 2nd Trunk.Shall all move some customers from old trunk to 2nd one and create a new subterface for them ?I am think if i can create bundle and add subinterfaces under this bundle ?Add two GE ports to be memeber of this bundle ?
We have a IP-phone system connected to port 1 on a 3560 switch, the phone system tags traffic with dscp. The switch uplink is on port 24. Is this configuration correct:
I have a 3560, which is being used as our core router that I have recently installed. It still has the standard IOS which came with (C3560E-UNIVERSALK9-M) it but I need to implement policy based routing so need to upgrade it and have downloaded c3560-ipservicesk9-mz.122-58.SE2.bin and indeally would like to install it in the morning before people start work.
I have 2 questions, 1, Is the ipservices capable of PBR as I have been reading conflicting reports, in fact my friend who works for Cisco has advised that it is not possible on the 3560.
2, When I do upgrade will there be any current configurations that are not compatible with the new one, I wouldnt image that there would be any but just wanted to make sure as it would be the biggest headache ever if it went wrong.
I have a 3560 POE that will no longer boot and I am not able to load a fresh copy of software onto it. It appears that it has lost all data. When I attempt to TFTP a new IOS, I receive that following error:
Transfer cancelled by remote system
I have tried using dir flash: to see what is contained in the flash directory but I receive the below message:
unable to stat flash/: no such device
I am stuck in rommon mode so when I do switch: dir command, I don't even see flash as being a filesystem. The below list are the only systems registered.
I have issue with 3560 switch QoS configuration . I checked in cisco site about mentioned model QoS configuration.once we mark the frame and map the CoS to DSCP and once it enters into switch and it processes according to LAN QoS configured on interface
we have configured both the commands shape and share.
once it leaves the switch and enters into Edge router and if we do not have configured QoS in router which is normally MQC , how does it process each packet ?Do we need to have end to end QoS configured in LAN ?
I found that when I enabled layer 2 auto QoS in 3560 switch, I need to wait so much time to open a file in network drive. Howerver, when I disable the Qos. It can improve a lot. I have used a sniffer to capture the packet to see. Those default packet is in DSCP 0. Therefore, I think majority packet will drop to queue 4. How can I increase the buffer and threshold in order to improve queue 4 performance.
We have two L3 3560's. One 3560 has an upstream MPLS router. The other 3560 has an upstream backup VPN router. Both of these 3560's are L3 switches with IP routing enabled. I created a PBR on both so that specific traffic routes through the MPLS router, while other traffic routes over the backup VPN router. I'm trying to apply the PBR to the SVI's, on each switch. However, when I do a "sh run", the PBR does not appear under either SVI. I've enabled the SDM Routing template, made sure that ip routing was enabled, and even verified that the IOS has the capability. Not sure what else to check for.
I've a question about QoS classification on Cat3560 From
"When QoS is enabled with the mls qos global configuration command and all other QoS settings are at their defaults, traffic is classified as best effort (the DSCP and QoS value is set to 0) without any policing. No policy maps are configured. The default port trust state on all ports is untrusted."
Now, when mls qos cos override is configured on a port, how is the switch behavior ? From documentation "All the incoming QoS values are assigned the default QoS value configured with this command". However I believe the port state is "untrusted".....so which DSCP values are assigned to them ? Is used a Qos-to-dscp map to derive the QoS label from the (overridden) QoS value also in this scenario ?
All switches are multilayer switches ( 3560) Pc1 and PC2 are running Cisco Soft phones. If we configure SW3 with: int f1/4 mls qos trust dscp.
1)Does the above command require SW3's f1/4 be configured as layer 3 port not layer 2? ( My reasoning is since Sw3 has to get to Ip header to process DSCP values, therefore Sw3'f1/4 should be configured for layer 3 operation.)
2) What if sw3 were not 3560 but layer 2 switch such as old 2900 series. can layer 2 switch be configured with: mls qos trust dscp.? Will layer 2 switch be able to interpret dscp values and perform QOS ? ( My understanding is layer 2 switch should not be able to read dscp values ). I will be posting few more questions on the above scenario.
I upgraded our 3560-48-ps switch from c3560-advipservicesk9-mz.122-35.SE5.bin to c3560-ipservicesk9.mz.122-55.SE4bin and is having issues now.
Since I upgraded to the new IOS our older machines on the network can no longer connect to the domain and is not getting an IP address sh ip dhcp binding and sh ip dhcp conflict does not show any output, however all newer machines on the network received dhcp addresses without any problems and can connect to the network and internet.
For testing purposes I put the old IOS back on the switch and the older machines could connect again and received dhcp addresses.No other changes were made to the config.
I did a comparison on Cisco's website and both IOS's support DHCP. Not sure why the new IOS would not give any output when I ran the commands.older machines : Apollos and NCS (They all have XP service pack 2 with Intel 2.8 processors.)
