I understand on older IOS codes If the same hsrp group number is assigned to multiple standby groups, it creates a non-unique MAC address. Is this true on newer codes like 12.2(52)SE for 3750 & 3560?
View 4 RepliesI got the error in object when I try to add a new HSRP group in new vlan.All the HSRP group has the same HSRP group the 2.another way to provide clients's default gateway redundancy for each Vlan intead to use the HSRP?
View 4 Replies View RelatedI have two cisco 4506-E series switches ..
We are planning to go for HSRP redundancy for 32 VLANs. Means In a Cisco 4506-E switch , we will configure 32 vlans and among them 16 vlans will be primary and 16VLANs will be standby ans it is viceversa in another core-switch
My querie is How many standby groups can we create in Cisco 4506-E switch,
Is there any limitation..
If there is any limitation , can we go ahead with VRRP,GLBP? Are there any limitation in VRRP/GLBP? Is there any design related issue can we face if we use same group number to all VLANs?
Product details :
Model : Cisco 4506-E
Sup Model : WS-X45-SUP6L-E
IOS : S45EIPBK9-12254SG
What is the maximum group of HSRP Group that supports the WS-C3750G-24T-S running the IOS c3750-advipservicesk9-mz.122-44.SE2.bin?I have this message:Mensaje ERROR: %Platform already has maximum FHRP groups configured
View 6 Replies View RelatedI have 2 pairs of Nexus 5000 units (pair 1 and pair 2). A pair consists of 2 Nexus 5000 (A and B) connected to each other via a VPC containing 2 ports ie P1-5KA -- P1-5KB (vpc domain 6) and P2-5KA -- P2-5KB (vpc domain 10) [code] Hsrp exists between all four with a virtual address of 10.18.136.1. P1-5KA is the Active with P1-5KB as Standby.
I can ping between the four using their SVI addresses. I am unable to ping the HSRP virtual address .1 from P2-5KA or P2-5KB.I can ping ok only if I shut the VPC between P2-5KA or P2-5KB or define another mac address under the HSRP config other than the system default. IP Packet debugs show that ping sourced from P2-5KB to P1-5KA loop between P2-5KA -- P2-5KB. Pings sourced from P2-5KA to P1-5KA are transmitted but none of the 4 device debugs show a receive. both peer-gateway and delay restore 120 have been configured under all vpc domains and all units rebooted.
Can i have HSRP or GLBP between two different switch like 3550 and 3560?
View 3 Replies View RelatedI have a site that is very dense, but not high throughput. I have 4x48 port switches all 3560 and 1 2851 router. The switches are pretty much full to the brim but the site is never completly lit, they just like to move around a lot. However i wanted to provide this site with as much redundnace as possible. So my first thought was to build redundant pathing with the switches so that they could loose a switch and not have a single point of failure. So therefore I built a ring. SW1 to SW2, SW2 to SW3, SW3 to SW4, SW4 to SW1. To make this even more redundant against port hardware failure, i used two uplinks for each and built an etherchannel. is it good practice to use Etherchannel and Spanning Tree together?So i now have a good redundant LAN switching topology. I have multiple VLANs at the site so I am using Rapid-PVST. I did not set priorities on the switches as I don't think that is really truly necessary, but correct me if I am wrong!Ok so next step is to make sure that my WAN connection for all of these switches is redundant. I have a 2851 router, with 1 of the built in interfaces dedicated to our ethernet hand-off WAN connection (MPLS in this case using BGP routing). The other would be used as an uplink. I also got an additional card for the Router so that i can have redudant local LAN connections. I then built up some IRB bridges so that I could uplink the Router to SW1 and SW3. Is it good practice to use IRB Bridging on a Router to provide redundancy?So at this site i have the first part running, and it works pretty well but I have had 1 strage issue, which has to do with after a failure and re-convergence of spanning-tree, it seems that DHCP starts failing to work. I actually had to go into each of my switches make a dummy VLAN interface and put on helper-addresses to get them to work. They are not L3 switches (programatically speaking) so they should just forward the broadcast packet onto the router, which DOES have the helper-addresses programmed,Also at another site I have the bridge router setup configured, just without so many switches, and no etherchannel between the switches. This seems to work flawlessly, but the site is very small so performance issues would be difficult to spot since they are just thin-clients coming back to a Citrix server over a single T1.
View 1 Replies View RelatedMy actual Scenario
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1
-----------------------------------
| 4500 |
-----------------------------------
interface Vlan1
ip address 10.10.0.2 255.255.0.0
ip helper-address 10.10.0.1
standby 1 ip 10.10.0.1
[code]....
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
On a Cisco 3560 with IP services ver. 12.2(35)SE5 I have tried to config BGP with a 6-digit AS number, and it is not possible. What software is needed for 6 digit AS number for PI IP addresses, and do I need to buy a new switch also.
View 5 Replies View RelatedI am facing a problem in implementing HSRP. My scenario is like this, I have two 3750 switches and I have a server with two NICs. I want to run HSRP in these two switches. By the way the server is connected directly with the switches. I mean each NIC to each switch.we have teamed the two NIC (Active / Standby).what configuration need to done in switches to work HSRP.
View 4 Replies View RelatedI have a 3750 stack and want to confirm if I can run HSRP on the stack to two different ASR routers for redundancy purposes ?
It looks like the below :-
--------------------------------
| SW1 SW2 |
| 3750 Stack |
|------------------------------- |
| |
| |
----------- ------------
| P | | S |
| ASR1 | | ASR2 |
| ______| |_______|
How to configure hsrp in my client location.They have 1 no of router and 2 no of 3750 switch.they need to configure Hsrp in switch.
View 5 Replies View RelatedWhat should the duplex mode to be set on a routed port gi0/21 that are running HSRP ? I try setting the gi0/21 to full, but it caused the port to be down. The only way for the port to be up is setting it to half duplex.
Cisco 3750 Switch
==============
interface GigabitEthernet0/21
no switchport
ip address 10.200.104.34 255.255.255.248
[Code].....
What the different between using hsrp on vlan interface and on physical port (routed port) on Cisco 3750 Switch? Wha the benefits?
View 3 Replies View RelatedI have some question about HSRP in 3750 switch. I have two Cisco 3750 switch which configured HSRP. Let say, we have interface vlan 100 that join in HSRP group member 1. The configuration on both switch is like as follows :
SWI-3750-A (Active)
==========
interface Vlan100
description *** gateway User NPL ***
[Code]....
We have our WAN setup as explained in the attachment herewith. As of now, We have a IP 1 configured as HSRP IP in the LAN switch end at Site A and Site B. As per the HSRP priority, Site A's WAN router will preempt to be the Active WAN router. 1*1Gig link at both DCs connect to the respectve WAN router.
But with this setup, we experience a WAN outage whenever there is a link disconect at Site A - as HSRP fails over from Active to Standby(Site B) and again when the link at Site gets restored. To avoid this :
Is it possible to have the HSRP configured over a port channel at Site A and B (or atleast at Site A) ? In that case, will there be a need for the ISP to change their configuration except to configure a port channel ? The ISP has Cisco 7000 series router which connects to 3750 stack at DC lan.
We currently have a stack of 5 x 3750 switches and i want to remove switch number 3 (it has the least number of things plugged in). What will happen to switch 4 and 5 will they be renumbered 3 and 4, and will the config automatically update this if it does?
View 2 Replies View RelatedWe need to change the Channel-group settings in 3750 switch from Mode ON to Mode Active. We have tried once by removing the physical interfaces from the port-channel group but we lost the connectivity to the secondary switch. Any step by step procedure without losing the connectivity between switches.
View 2 Replies View RelatedI have a 3750 as core switch, adding 2 stacks of 2960S to connect. I want to establish etherchannel between the 3750 and each additonal 2960S stack, do the channel group numbers between the 3750 and the new 2960s have to match? 3750 has two channel-groups(1 and 2) already configured. Need to know, I would create 2 additional channel groups (number 3,4) for each of the etherchannels between the 3 2960S Stacks and 3750? OR channel-group # is local to the device.
View 5 Replies View Related1) current switch have below mentioned switch stack details
.
switch#sh switchSwitch/Stack Mac Address : fcfb.xyz.8b80H/W CurrentSwitch# Role Mac Address Priority Version State----------------------------------------------------------*1 Master fcfb.xyz.8b80 10 0 Ready3 Member 2893.xyz.3180 1 0 Ready
2) I am in process of changing switch member number from 3 to 2 , I executed the command on the global config mode " switch 3 renumber 2 "but I yet to reload the switch .
here I have I doubt . as currently the ports module are fas 1/0/1-48 and fas 3/0/1-48 under respective vlan . once I reload the switch is the switch port module number will get change to fastethernt 3/0/1-48 to fastethenet 2/0/1-48 ??? . if it happens the vlan configuation which configured on the fas 3/0/1-48 module also get configured automatically or I need to configure manually
3) as i said i have execuated the command : "switch 3 renumber 2 " , how to remove this or revert the change , as i checked in the running config this command not exist .
switch ( config) # switch 3 renumber 2WARNING: Changing the switch number may result in aconfiguration change for that switch.The interface configuration associated with the old switchnumber will remain as a provisioned configuration.Do you want to continue?[confirm]Changing Switch Number 3 to Switch Number 2New Switch Number will be effective after next reboot
Yesterday Cisco released IOS 15 code into the wild for the 2960 and 3560/3750 families but the link to the release notes is not working. Because I already have a whole bunch of 4500/Sup7's running IOS 15 I am thinking about taking the plunge with 30 3750-X's I have on order but want to review the release notes first. where they might be hiding?
View 4 Replies View Relateddoes cisco switch 3560 or 3750 supports MC-LAg ? if yes, then on what IOS? if no, then what are the devices which supports MC-lag?
View 1 Replies View RelatedI am working in an enterprise LAN environment. We have about 100 switches, mostly 3560 and 3750's. This is a typical Cisco network, yet it's flat. No routing on the access layers. The core switch does do the routing. We use an third party vendor network monitoring tool, and we use Secure CRT to remote into devices.
Here's the problem. There was a device we stumbled into that had not been put into our monitoring software. It has the same IOS as our other devices. All I can say is that it's the same version and type. Each device has a management v LAN. And each device has it's own management IP. An ACL exists to prevent unauthorized SSH access into the devices, yet allows the management v LAN scope to get in.
So, here's the problem...we can't SSH into our problem mystery device, let's call it Switch X. Switch X has an IP of 10.10.100.150. Now, I can be logged into it's up link device, let's call it switch B. Switch B has an IP of 10.10.100.130. The ACL allows all devices from 10.10.100.0/24 to SSH. Our PC's at our desk are also in the same management V LAN. SSH version 2 is on the configs, and the domain names are the same on these two devices.
So, let's be clear. From my desktop, I can connect to any device on my network EXCEPT switch X. When I try to connect using SSH, port 22...it just sits there until it times out. I can do the same thing to any other switch, and connect just fine. We are using TACACS+ and RADIUS as well, and they are up and running just fine. The configs on Switch X like I said are the same for switch B, except it's IP address of course. While logged into switch B, I can do a CDP neighbor and see switch X connected via trunk link. Both sides are running dot1q encapsulation, and both are in trunk mode. I can ping switch X from switch B. When I try to SSH from B to X..I get timeout with no connection.
So, I hiked over to the building where switch X is located. I consoled into the switch. I confirmed that the ACL is the same as the ACL for switch B. It is set up to allow the management v lan inbound on the VTY 0 - 15. Yes, it's access-class (name) in on both vty 0 4 and 5 15. It also is set up for transport ssh in and transport ssh out.
I rechecked the domain name on Switch X; it was correct. I also did a crypto key and regenerated the crypto key. SSH v2 came up. Again, while in Switch X, I can do a CDP neighbor and see switch B. But I cannot SSH from switch X to Switch B, or any other devices that I tried. Now, we did find a config error with VTP; the VTP domain name was different. But VTP has nothing to do with SSH. Just to placate my co-workers, I went ahead and renamed the VTP domain name (it's running transparent mode). After I regenerated the crypto key, I saved everything of course. I then reloaded the switch. When all came back up, I still could not SSH
This is a 3560 switch, and it is trunk to a 3750.
We have a couple of Cisco switches and connected a (Windows 7) laptop to one of them and it gets its IP address from a DHCP server.I can now ping the IP from all of the switches, no problem, also not when I log on to the core switch in the same VLAN as both notebooks. But from my (Windows 7) laptop, which is in the same VLAN as the target laptop, I cannot ping it.
I checked, default gateway is good on both sides, as are DNS servers.
Target notebook ---- Catalyst 3560 V2 switch === Core Catalyst 3750 switch (stack) === Catalyst 3560G switch --- My notebook
We have ip arp inspection and dhcp snooping enable in couple of 3750 and 3560 switches. Everything works fine, excepted few case that DAI packet rate trigger and errdisable the port. Later on we found out that most of computer that trigger DAI is Windows 7 and especially when they are in sleep mode. Not sure if anyone experiencing it with Windows 7. Also we have it rate limit at 64.
View 2 Replies View RelatedI feel that 3560 and 3750 perform differently with the following two commands:
srr-queue bandwidth shape 5 0 0 0
srr-queue bandwidth limit 50
On 3750, the bandwidth for queue 1 is limited to 100mbps x 50% / 5 = 10mbps
On 3560, the bandwidth for queue 1 is limited to the smaller value of BW / shape weight and BW x limit%.
Does it sound about right? is there a way to check for mls qos input queue drops? The show mls qos interface xxx stat only shows the output queue drops. Maybe for some reason the input queue never drops?
I believe the answer is yes, but incorperating more layer 3 features of our 3750's, I want to know if they fully support EIGRP or OSPF?
Also for a small business of 4 locations, each with a 10mbps fiber and a 1.5mbps mpls... wouldn't you say EIGRP would be easier? Want to look at making the failover automatic if the 10mbps fiber goes down between a site, then the network fails over to 1.5mbps mpls. When the fiber returns in service then the network automatically preferr the fiber again.
Currently we use static routes and if there is a provider outage we have to manually edit the config to flip flop the routes.
I heard that the WS-C3560E-24PD-S and the WS-C3750-48PS-S have a limitation on the number of 7945s supported (ie i can only run 10 or 15 on each switch before the power runs out). Any knowledge with these pieces of equipment verify the maximum supported? I'm having trouble finding documentation showing any maximums.
View 3 Replies View RelatedI have 2 routers ( Cisco 3845's) both running identical IOS's. Each router has identical 5 networks on it with one network each being different.I have HSRP set up on the identical 5 networks.Your standard Fail over senario.ON one of the routers one network is not seeing the other router in the same network, Will not Ping or traceroute.And HSRP stopped working ( both were thinking they were active. which of course brought the network to a halt. Non of the interfaces has any ACL on them, They are plugged into a Brand new Cisco 3560v2 switch. I have switches out the cables to eliminate that as an issues.
View 1 Replies View RelatedI've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
I am trying to find out what the maximum amount of HSRP/Standby groups a Cisco 3945 will support. I found this link that I think says 256 URL.
View 6 Replies View RelatedI am facing an isssues with 7609 for LAN switching , based on LAN (VRRP/HSRP) feature.Actually we are having ES+ cards (on 7609) and we are using multiple groups(say 350 vrrp groups) running on the router . the routers are connected as router 1>>> mux(which is working as switches)>>> router2
my questing are
1. does their will be "multicast packets" (for VRRP/HSRP group) "from backup router to Master router", when in stable state( ie when Master and backup are already chosen) , or the packet from backup to master should be unicast.I know for sure, the packet from master to back is multicast packets denstination to Multicast IP packet and To MAC address.I am not sure but I think from backup to master it should be multicast
2. what is frequency of these packets( from backup to master)
3. As i have multiper group on a single interface ( we are using q-in-q), when the connectivity from router's is broken, then does all the groups will muticast their active roll in the lan sengment "at once" or it will be in a groups say 100 groups at once, and after few ms few 100's and sone ( as is on OSPF or RIP)
we are in between troubleshooting I hope we get the ans( Actul problem we are seeing in the router's that we have 2 ports on active routers and 2 ports on standby router , but we are not seeing muticast on 1 port on standby router where as all other 3 ports are seeing multicast packets) [code]