I need to find out what is killing my Ethernet wan circuit urgently, It is a Ethernet trunk port with v lans tagged across it.
its a 3560x switch.
I configured span with the replicate keyword, but I'm not seeing all the traffic I'm sure.
I'm using wire shark.
Is there anything I can do to find what is causing this?
I have a 3750g connected to a "core" switch stack of 7 other 3750g's via 2 GigE ports in a trunk. This is currently in a switchport mode access port- channel so only the default vlan data is sent over. Now we have a need due to physical location of these switches, to allow vlan20 (DMZ) from this 3750g to the switch stack. I will configure a few ports on the switch stack for vlan20 and they need to be able to talk to the stand alone 3750g.To do this I will change the port channel on both endpoints to
-switchport trunk ecapsulation dot1q
-switchport mode dynamic desirable
also making the appropriate change on the interfaces belonging to this trunk.My question is, now that its a trunk port that carries multiple VLANs, how much is the bandwidth reduced on that 2gbps link?I have a very active VLAN (10) on the stand alone switch, but on the core I'm not going to be assigning VLAN 10 to any ports. So does traffic from VLAN10 even come across the trunk (wasting bandwidth) if no ports on the core side are assigned to it? I really just need vlan 1 and 20 (for now).
If there is something that cant control the bandwidth of our internet.
The problem is that one person is constantly hogging our internet by downloading and such and making it impossible to play games.
So is there anything that can make it so he cant use that much bandwidth so we can play without constant lag?
We have two catalyst 3560X 24T-S switches connected on two separate LANs (both the networks are redundant to each other). The last port of the switches are connected together?
View 15 Replies View Relatedi tried a stab and multicasting a FOG image to 4 machines the other day, and i had experienced odd and strange issues.
here is what i encountered:,100% cpu usage on our core switch,core4507#sh processes cpu hist
9999999999999999999999999999999999999999999999999999999999
7777888888888877777888888888888887777788888888888888888887
100 **********************************************************
[Code]...
pinging the SVI on the core and or pinging on the core to other devices resulted in MAJOR latencies, packet loss due to the cpu usage, etc.... no other network operations were affected, i could communicate with the rest of the network, and under 1-2ms latencies. i noticed it due to my opsview server flagging the core as down (SNMP OID's wouldnt return a value)
it lasted the whole time i was multicasting, i kept a close eye on it. i highly considered canceling my job, but everything ran smooth.when i looked at the cpu sorted history i saw 2 processes, IP Input, and cat4k mgmnt hipri
We recently upgraded the switch to which an old security device was connected. It worked fine on the old switch's FastEthernet port, which was configured for speed 10 and duplex half, as that is what the device required. The new switch is a 3560X with all Gigabit ports, but the security device's port, also configured with speed 10 and duplex half, does not connect properly.As a temporary test, we daisychained another switch that has FastEthernet ports, and the security device works again.Is there anything else that needs to be added to the configuration, when using Gigabit ports at 10/half?
View 4 Replies View RelatedI have 2 Cisco 6509 switches linked together via single Fibre as a trunk.I want to change this to a port channel where I will add another 3 fibre ports to the port channel but what order do I do this to minimise any disruption.
1-Configure PortChannel and add the 3 new ports, this will bring up the Port Channel but what effect will this have on traffic currently going over the single Trunk link? Will spanning tree go mad, how will switches react?
2-Convert existing Trunk link to Portchannel then add in new ports to PortChannel, I guess in doing this there will be a small hit on traffic as it changes to a port channel.
can i have 4 links from an ESX server to 6500 , each link represents a trunk link carries each the same 2 VLAN , 100 and 101 , keep port-channel out of the picture , does it work well?
View 12 Replies View RelatedWe have 7 3560's in 7 different locations connected to our providor for wan access. Our provider has given us a copper cable at each point and we have connected it directly to our 3560 switch at each location. Each port is configured the same way at each location. Each switch is running eigrp.All of the switch ports on each switch are configured as a trunk and vlan 299 had the ip address for the eigrp connection: [code] This setup is working as each switch see's all of the other switches as an eigrp neighbor. We have also made sure that the switch at our head office has spanning tree priority for vlan 299.
So the problem is, if there is a change in the topology at one of the locations it usually causes one or more of the other connections to go down for some reason. We just cannot pinpoint what is causing this change. There are no log's or anything other than an eigrp hold time expired message.?
I have a pair of 3560's configured with dot1q trunks between them carrying a number of VLANs.
Once deployed there will be a requirement for these physical trunks to be disconnected from time to time. Knowing that this is inevitable I am trying to minimise the period of time for the trunks to recover once the physical connectivity is reinstated.
All of the VLANs on the switches are configured for Spanning Tree Rapid PVST. Current time for the trunks/VLANs to come up is around the 4 second mark.
Is it possible to rate limit on a L2 trunk port on a 3750?
current port config and ios are as follows;
interface GigabitEthernet1/0/50
description *** Connection to Fiber Link ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,172
switchport mode trunk
end
flash:c3750-advipservicesk9-mz.122-46.SE.bin
i was wondering if the "srr-queue bandwidth limit 10" command would work to limit the output from this interface to be 10 % of the port bandwidth and then the same command could be done on the other side.
we have a scenario that consists of a Cisco 4507 series core switch with more than 20 vlans which is connected to a C2960G switch( in a nearby building) using a trunk by a fiber connection. Up to this point everyhting is fine . VTP domain is configured on the core switch and we have all of the 20 vlans present correctly on the edge 2960G wich is part of course of this same VTP domain.the fiber connection goes from core switch to a "in the middle location" where we have a fiber patch panel that is connected in a jumper style to another fiber patch panel going to the destination building where the C2960G sits.
Now imagine that Fiber connection from this middle location to the destination C2960 edge switch is down for any possible reason meanwhile the fiber connection from Core switch 4507 to the middle location is still intact.In the same time, in this middle location , we do have a wireless connection which links 1 Cisco 3750G switche ( a different infrastructure and different VTP domain) to another C3560G switch which sits on the same Room in the nearby destination building where we have the edge C2960G, An idea came to me is to connect one of the fiber port (core) in the intact fiber patch panel coming from Core switch 4507 TO an access vlan configured switchport in the 3750G switch ( this switchport will belong to a vlan designed only to trasmit the vlans on the trunk coming from 4507 core switch say VLAN 10) then connect one VLAN 10 access switchport to the destination C2960 edge switch ( the switchport on the c2960G is still a trunk)Will this solution work and all of the 20- 4507 core switch vlans arrive to the destination C2960G ? Or we do need something that tags the 2 VLAN 10 switchports like switchport dot1q tunnel like QinQ
I have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
!
6509 configs:
!
interface Vlan50ip address 172.16.50.2 255.255.255.0!interface FastEthernet
[Code]....
So I took a laptop with wireshark and plugged it into a nexus 5000 port that is configured as a trunk with 3 vlans allowed on it. The laptop was seeing all kinds of traffic on the wire, most of it was not involving my laptop.
For example: Server A VLAN 10= 10.10.10.1 Server B VLAN 20= 10.20.20.1 and wireshark laptop is plugged into a trunk port which is allowing those vlan's. The vlan's are routable.
10.10.10.3 is seeing the entire conversation when 10.10.10.1 backs up 10.20.20.1 even though it has no reason to see it. It is as if the trunk is spanning traffic to the laptop port. No span is setup however. It's really weird. This is not just broadcast traffic, but actual tcp taffic between Server A and B. Why would a trunk port see traffic between 2 other servers talking to each other on the vlan.
Trunk port configuration below:
Interface Ethernet 141/1/3
switchport mode trunk
switchport trunk allowed vlan 10, 20
I need adding a vlan to the trunks bundled in port channel. I know how to add v lans to a port channel with Cisco IOS but with CAT OS.
I have 2 ports bundled to form ether channel in switch which is running CAT OS. There are already few v lans allowed in the trunk of each interface. now I need to add one more v lan.
For Example:-
v lan 135 needs to be added in addition to the existing v lans.
clear trunk1/2 1-112,115,117-134,136-4094
set trunk 1/2 on dot1q 113-114,116,135
and similarly on the 2nd interface
so if I add vlan135 to the trunk one after another will it cause any service disruption?
We had a core switch (Cisco 4503), distribution switches(Cisco 3750) and access switches in our network and consists of many vlans. Almost all vlans uses DHCP Pools. But for few vlans DHCP is not yet configured due to initial design poblems. Recently one of the rogue user in vlan 1 connected to one of the access switch send rogue arp packets to the network (suspecting arp packet with interface vlan 1 ip of core switch with wrong mac-address (gateway ip of vlan 1)) and resulted in a prolonged network outage for the vlan 1. Any way we are going to seggregate vlan 1 into different vlans, but before that we need a temporary plan to block such kinds of attack like enabling DAI in the switch. I have checked the DAI implemenation feasibility with my knowledge and found that it is not possible to configure to the access switches(Cisco 2960) in which the user directly connected. But found that Distribution switch connected to that particular access switch seems to be able to configure since DAI commands are available to configure in switch.
Is it possible to block ARP packets with the interface vlan 1 IP Address with rogue mac-address by configuring DAI in the above mentioned Distribution switch and the port connected to the mentioned access switch?
I'm trying to trace a host and I'm getting stuck at the port channel mac addresses. I need to find out where the server is connected to and the switch it lives on.
Please read below:
Step 1) Log into the core (MSFC): Code...
How do I find out where this physical server lives? I keep getting the mac for the trunk ports which is being used for all VLANs.
The server is hanging off some switch but I need to track it down to the last end.
I have a Cisco Wireless LAN Controller WCL2112 model. It's currently plugged into an HP Procurve switch on a trunk port. That HP switch is plugged into my Cisco stack on a trunk port. I can reach the WCL just fine through the LAN. But when I plug the WCL directly into the Cisco stack on a trunk port, I can't reach the WCL at all, unless I connect to it over wireless. The interface shows it's conneccted and up/up. But no communications are sent across the line. I did a wireshark and can see only ARP request from the WCL. The trunk port on the stack is set to:
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
The WCL has 3 VLAN's on it and the SSID of VLAN 1 is our office wireless. If that matters. .The Cisco Stack is 4 switches. cisco WS-C3750X-48P
Any way to test in a lab what would happen if a tech mistakingly added "switchport voice vlan XX" to a trunk port? I am try to do some RCA on an issue and this has been identified as a possible cause by one of my techs.
The config is Switch1------Switch2--------Switch3 Each interswitch connection is configured as a dot1q trunk with all vlans allowed. The link between switch2 and 3 is where switchport voice vlan 10 was added. Switch1 is a 3750 and 2/3 are 3560's.
we recently aquired a managed services job and have to do a overhaul of the vlan configs and have a whole dozen WC2948G's trunk between a set of ports as well as trunk out a LAG channel setup to non cisco equipment. the deal is the lacp-channel works properly on both ends but no routing of vlans between ports and between the lag trunk are working.
theres alot of settings in the config and im planning on clearing it and starting from scratch but before i do i want to know where my problem lies.
[code]...
Is there really any reason why you wouldn't use spanning-tree portfast on a trunk port other than a trunk between two switches? We have it enabled on all ports except for the fiber trunk between two non-stacked switches and the trunk ports connected to our Astaro firewall.I'd like to enable it on the ports to the firewall unless that would cause issues.
View 9 Replies View RelatedI want to configure switch port bandwidth limit for my Catalyst 2960-48, is there any hardware / ios limitation? can I configure it at all 48 switch ports?
View 1 Replies View Relatedhow can i limit bandwidth on a gig port of 2960 or 4506e switch?
View 9 Replies View RelatedI'm intending to purchase a switch for work,and I need to limit the bandwidth of one of the ports to 25 Mbit upload and 25 Mbit download (we have 100/100 Mbit connection and the customer is only paying for 25). I been trying to find information on how this could be "properly" done and what kind of switch I need to buy. As far as I have understood, most L2+ switches support outbound rate limiting, but not inbound, and as I only want the customer to have 25 mbit up and down, I need both.
I been looking at a Cisco Catalyst 3560 switch, and I'm first and foremost wondering if I can limit the inbound AND outbound bandwidth on this switch? Perhaps it can even be done on a simpler, cheaper, switch - as I rather not spend more money then necessary?
Lastly, how to do it, limit the inbound and outbound bandwidth on a single port (perhaps on the above mentioned switch, if possible), to 25 Mbit?
WRT54GL has an option to restrict or share the bandwidth equally to each ethernet port or wireless? I need this option in a low bandwith area because the first computer connected to the router who makes some traffic (e.g. youtube) takes all the bandwith allocated by the ISP. url...
View 1 Replies View RelatedI am looking a 16 or 24 Port Ethernet (NON POE) card for my 2800 Cisco Router NM-16ESW is EOL/EOS and the replacement is shown as SM-ES2-24 However SM-ES2-24 is not supported on Cisco 2800 Series.
View 2 Replies View RelatedI have a Cisco 2851 router and need an additional gigabit Ethernet port. How to get the part number I need to order?
View 3 Replies View RelatedHow to remove the config from an ethernet port on a Nexus 5548 - send it back to factory default.
View 1 Replies View RelatedI have stacked WS-C3750E-24PD with Ten Gigabit Ethernet ports configured under ether-channel. It has c3750e-universalk9-mz.122-55.SE1.bin IOS installed on it. One of the Ten Gigabit Ethernet ports, goes to err-disable mode with following errors on that specific ports.
%SFF8472-5-THRESHOLD_VIOLATION: Te1/0/2: Tx power low alarm; Operating value: -31.0 dBm, Threshold value: -9.0 dBm.
%SFF8472-5-THRESHOLD_VIOLATION: Te1/0/2: Tx power low alarm; Operating value: -31.0 dBm, Threshold value: -9.0 dBm. (DROmx-1-1)
I have gone through some of CSC forums like {URL}. The workaround is to "Remove the X2 or SFP from the inactive up link port" which is not in my case.
I've recently set up a PC-based IP PBX in our small business which uses a SIP Trunk for up to 3 simultaneous voice calls. Ports needed to operate include 5060 (SIP-UDP) and then a huge range of high-number UDP ports which I believe is for the 'media' or audio. Let's call the range UDP 49,152 to 64,512. I only know a little about the SIP protocol but my understanding is that each call will randomly use a few ports from this range across which will pass audio, Is there a need to have such a wide range of ports open? If my SIP trunk is only capable of 3 simultaneous calls then it seems only 9 or so of those open ports could get used at once. Could I not just open, say a range of 100 ports and be fine, thereby reducing the security risk?
View 4 Replies View RelatedHere's my problem. I'm going to be using Cisco 1941 routers at a bunch of remote sites. All of these sites have 2 comm paths out. Some of them have 2 IP/VHF radios and some have 1 IP/VHF radio and a copper link using Patton ethernet extenders. From the VHF radios the data hit our MPLS network back to our HQ and the sites with copper go directly back to our HQ. Everything ends up at a Cisco 4948 switch. The problem I'm having is that I want the routers at the remote site to use one ethernet port (G0/0) as the primary and the other (G0/1) as the backup interface. I've tried the backup interface command but the problem is that depending on where an outage occurs the ethernet link to either the radio or Patton stays up so it never switches over. We're using OSPF as our routing protocol and I'm sure there's something that can be done with it but I'm not sure what.
View 4 Replies View RelatedI have a 2610 router. How can I tell if the built-in ethernet port is only a 10BASE-T or if it's a 10/100 port? Is there a "Show" command to give me this information or did it only come one way? I have found conflicting information on this :-( If it's only 10BASE-T, can I upgrade it to 10/100?
View 8 Replies View RelatedI have a 2821 router and need to add another Ethernet port.
However, all the Ethernet modules seem to be End of Sale and the suggested replacements are only compatible with the ISRg2 range.