Cisco Switching/Routing :: 3560 What Protocol Should Configure To Prevent In Case One Core Fails
Feb 14, 2013
We have one core switch and we are planning to add a 6509. Both are none VSS.All the access switches are Catalyst 3560 series.
We plan to have all 3560s to have a link to each of the core. Without VSS, it is not possible to etherchannel to both core switches correct?What protocol should I configure to prevent in case one core fails? HSRP, VRRP, GLBP?
Do I need to run spanning tree protocol? if so which one?What is the best way to connect from each Catalyst 3560 for load balancing and redundancy? One to each core?
I have a 3845 router. Setup SSH Version 2generated rsa keys (1024)set login localtransport input ssh and telnet is enabled since I can't get ssh connection working When I connect using SSH, I get the following error. server refused authentication protocol.
I've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
i configure the uplinks as etherchannel, i configure two svi interface on core switch int vlan 51(192.168.51.1) and int vlan 50(192.168.50.0) for this two svi int i configured two dhcp pool , when any of the pc is requesting for dhcp add i am getting dhcp request failed/
I am deploying a pair of Nexus 5596's with 3750 POE switches in the closets. I'm looking for a best practice as how to configure the Nexus 5596 to support proper QoS for EF at the core.
I configure 3750 stack switch as core and 2960 stack switches as access layer switches.I connected my laptop to one of my core stack in VLAN 10 and I am pinging to one of my server in VLAN 1. What will be the minimum latency at the time of inter VALN routing
Currently all the cisco phones are connected to this switch and configuration with only one vlan that is voice vlan .
1) what is the outcome of this configuration , i mean, what will be the expected output ? end of the day we need to prioritize the voice traffic but why other commands including threshold and buffers are mentioned with respectives queues , if I need to explain that what am i expecting out of this configuration ?
2) this is LAN QoS which i understood but again , do i need to configure policy-map along with class-map which is MQC on this switch ?
3) i have edge router where i have MQC already configured but confusion with this switch which is working as a Access switch .
4) I referred the cisco QoS document for the respetive model whereas we have policy-map configured on the same switch with class-map .
My understanding is if we have configured the LAN QoS , and mapped the CoS value with DSCP , we need not to have MQC.
I want to configure Cisco 3560 SWITCH with IP cameras. I need to configure the ports connected to Camers. IP addresses to the Cameras has been assigned.
I purchased a WRT160N router last Friday. After setting it up, everything seemed to work fine, but after a couple of hours, the router stopped responding to any requests. The LEDs stayed on as if nothing had happened, but the router was dropping everything coming from both the WAN and a wired LAN interface. Since than, I had to restart it 3 times during the last 3 days.The firmware is 1.53.0, which seems to be the latest firmware for the European market - even when I try to get a newer firmware, this site only offers the US version 1.02.2.Should I update the firmware to the US version 1.02.2 ? Is there any difference between the 1.53.0 and the 1.02.2 version ? Is there a way to restore the original firmware in case the update fails ? I haven't found any link to 1.53.0 version..Also, does this firmware updating affect my warranty ?
As per the attached diagram: How do I configure the 2 ports on the 3560 (Ports 6 & 7) and the connected ports on each of the 2960 switches (Port 25) to provide redundancy.
If the up link from Switch A dies then I need the traffic to flow through the trunk and utilize the up link on Switch B with minimal delay (milliseconds).
How to configure cisco 3560 to force the client only can get ip by dhcp-relay server ?
The company i am working in has 5 vlans which have been set an lay-3 switch(3560), uses the dhcp-relay server .(in svi configuration: ip helper-address X.X.X.X) well , that works ok~
Now , I got my problem: I need to force the client only can get ip by dhcp-relay server, that means if anyone set static IP manunally , he can't really access to anywhere (to provent anyone set static IP with malignancy )
I know if a h3c router , how to set this configuration n svi configuration : dhcp relay security address-check enable ) the how to configure on a cisco 3560 ?
I am going to be putting an SG200-08 (8 port switch) inside a 2U rack mount chassis. To enhance cooling I thought I would remove the outer case. Are there, or would there be any issues with using the switch with the cover removed?
I want to configure a Cisco Wireless Lan Controller (4400 and 5500 series) with to data ports for failover? I think the primary and secondary ethernet connections should be configured as trunks. I cannot find anything on CCO about this or on the internet per se. I know how to configure for failover with APs but cannot find anything on how to configure the controller in case an the ethernet port goes down.
I have a SG 300-28 switch with the latest firmware installed running in Layer 3 mode.
I configured this router with 4 VLAN's where VLAN 1 is connected to the network router. All VLAN's call all communitcate with one another. How do I go about configuring VLAN's so that they can only communicate with the router and the internet and not each other?
i just need to know is is there any way to prevent network from MACflap.The best way will be when switch will disable the interface where the macflap was detected.I need to set this security feature on 2960s.
We have a couple of switches with a L3 Vlan 238 interface which runs PIM SM and OSPF, and HSRP. We have connected to this same segment telemetry processors which have raw socket interfaces configured - which means it picks up all IP packets which hit the interface and forwards them along.So we dont want the processor to recevie any of the 224.x.x.x switch housekeeping traffic? is there anyway to prevent that ?
At the core of my network I have two Nexus 5548's with the routing/L3 daughter installed. They have a default route that points to my ASA 5520 for Internet access. I have configured a VLAN that I do not want to have access to the Internet. What is the best way of preventing this access? ACL on the Nexus or Firewall rules on the ASA?
I want to know what is the best way to black traffic inside the same VLAN, this VLAN is a user VLAN, it means that I am talking about access layer.I wanted to use private vlan, but C2960S doesn't support this feature. Any other way to prevent any to any traffic in the user vlan, this vlan only have to speak at the Layer 3.
is it possible to prevent the users with static IP's to connect the Network?We use Cisco sw 4500 series as an access and distribution switches.Is there any features on the switches that fit my request?
I have one Cisco 3560, and it is connected to Firewall...I already turn on the ip routing, which is able to do interVLAN..In 3560, the static route is 0.0.0.0 0.0.0.0 192.168.2.2
We have 3560 switch with following IOS. version 12.2(55)SE3 and image name is C3560-IPSERVICESK9-M. On one of the interface we need to know what are traffic is flowing.
Do we have "ip nbar or ip route-cache" support on this switch IOS? Is there any other way to find out which protocol traffic is flowing through that interface.
i cant find any difference in these two devices when i am trying to compare throughput.I need upgrade our new POP and there will be around 4900 MAC adresses in VLAN 150 and 130 MAC adresses in vlan 200.Uplink is 1 gig routed internet connection and there is 14 downlinks to separate villages.i found a few differences for eg stack interface on 3750x but i dont need it.
I have a collapsed core design with routed ports between all components. Access layer switches, data center switches, core/aggregation. All routed (no spanning-tree at all).Now...I have to add an IBM BladeCenter with a BNT layer 3 switch to my topology. However, those nasties don't seem to support routed ports.How can I have a routed port on my cisco switch and a standard access port on the BNT and still establish an adjacency with an SVI? I am running OSPF, but I am labbing this in my home lab with 2 x 3550s and EIGRP.
On SW2: *Mar 1 00:57:00.711: EIGRP: Received HELLO on Vlan100 nbr 10.1.1.1 *Mar 1 00:57:00.711: AS 999, Flags 0x0, Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1 *Mar 1 00:57:02.303: EIGRP: Sending UPDATE on Vlan100 nbr 10.1.1.1, retry 9, RTO 5000 tid 0 *Mar 1 00:57:02.303: AS 999, Flags 0x1, Seq 17/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
I have bought Cisco ISR 881 C880DATA-UNIVERSALK9-M with c880data-universalk9-mz.150-1.M7.bin ios.
command "show ver" tell me:
License Information for 'c880-data' License Level: advsecurity Type: Permanent Next reboot license Level: advsecurity
So I have advsecurity. On cisco site there was a thing URL
"Table 5. Cisco IOS Software Features on Cisco 880 Series: Advanced Security Feature Set (Default)"
that tell me I have RIP protocol to use. But when I type "router rip" command and sub router sommands like: network, passive-interface, redistribution. There are no in runnning-config such things after all I've done. It have not been saved.
then the command "show licence":
#show license Index 1 Feature: advipservices Period left: Not Activated Period Used: 0 minute 0 second License Type: EvalRightToUse License State: Not in Use, EULA not accepted License Count: Non-Counted License Priority: None
I need even RIPv2 to have simple routing information to exchange.
And I don't know. Cisco 880 series is G2 or G1. Cisco ISR beginning from 890 series is G2. About 880 I don't know. There no informanion about it or at least I have not found it yet. On one 891 is the same problem. When I type "router eigrp 1" everything is great. But when "router rip" - do no work.
we are replacing network equipment at one of our sites. The network will have 12, 3750X switches(6 stacks) - one stack will be the core. A 1002 will be the WAN router to the Main campus. The 1002 will connect to the core via 2 ethernet cables. I'm debating whether to use L3 or L2 between the router and Core. I've heard that routing is more efficient if L3 is used and also I will be able to create an L3 etherchannel between the 1002 and Core switch. See the attached doc.
I need your input on how to appropriately introduce an N5K with Jumbo enanbled to a prexisting Core Network (Stack of Cisco 3750G Switches) without making any major alteration on the Core configs (everything is happy). The idea is to move two High I/O servers to the N5K during a transitional phase. I already have a fair understanding of what Jumbo-Frames are and what it does. Keep Jumbo-Frames within the N5K ONLY.
Conditions:
- Traffic is Data traffic, not storage/iSCSI - The servers host our ERP applications and MySQL that is accessed heavily by users - N5K to C3750G connectivity is a Port-Channel consisting of 4x1GB ports - The servers are to remain on VLAN 2 (Data VLAN) - The Core Switch is L3 and the boundaries reside here
I want to deploy the C3750X 24-port SFP switch as the core switch in a large Layer 2 switching domain.The switch will need to run:
+/- only 10 large VLANs, 6 VLANs with HSRP +/- 500 MACs total +/- 5 OSPF sessions default timers
standard PVST+ (no Rapid PVST+)i need around 27 SFP ports (24 + 4 on network module=28=ok, extra capacity by stacking)
Looking at the switching capacity of the specs (160 Gbps) this is much better than a C6500 with SUP32-GE !Will it be able to handle this or should i look for C6500+SUP32GE or C6500-SUP720 or maybe even C4500 ?
