We have two L3 3750 switches running HSRP and routing for various Vlans on our corporate network. Rapid PVST is running across our entire WAN. We are introducing a third party solution for remote communications over MPLS. When interconnecting this equipment to our core network, we have experienced less than desirable failover times of 32 seconds and recovery times of 60 seconds. The vendors engineers are telling is that the interoperability between IEEE spanning tree and Rapid PVST is the culprit.
They are suggesting two scenarios - either converting our corporate network to MST (which I prefer not to do but provides us the fastest fail/recovery times) or adjust the timers on our Rapid PVST forwarding timer to 4 seconds. What would the implications be to change these timers on our network, and if I choose to do this, do I only do it at the core (on the two devices that would become root bridge)? I have been doing some reading that says to not mess with the timers, but nowhere do I see reasons why.
As a part of a major network cleanup/standardization project I have been working on for several weeks, I am now looking at spanning-tree and trying to get my company into line with Cisco Best Practice. I currently have 3 switches in the data center that are spanning-tree root for different vlans. Before I changing vlan priorities in spanning-tree, I feel that I should change from PVST that everything is on now to Rapid-PVST. To minimize the momentary network disruptions from making the change, should I do the edge switches first and do the switches in the data center at the last ?
Related to this process is something that I want to do probably after the PVST to Rapid-PVST change. I am going to manually set the vlan priorities for each vlan on the main core switch. Assuming I set the vlan priority for each vlan on my main core switch (6509) to 4096, should I set the switch I want to be the backup to 8192 for each vlan and then set the edge switches to something like 12288 to keep them from getting up in the spanning-tree hierarchy and for general principle to leave nothing to chance ?
3750 switch connects to Blade-switch_1 and Blade-switch_2 Spanning-tree mode is configured as rapid-pvst on 3750 switch, do I need to configure rapid-pvst on both blade-switches or keep the default pvst config.3750 is running VTP domain HQ and transparent mode Both Blade_switches are running VTP domain CLI and transparent mode To configure Etherchannel between 3750 and blade-switch_1 do I need to have all devices in same vtp domain?
i'm trying to type the command (config)#spanning-tree mode rapid-pvst on my Cisco 2950, but (config)#spanning-tree mode ? only shows me one option - pvst. I've checked the Cisco support page which suggests my version of IOS should support rapid-pvst.
Switch_1#sh ver Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1)
I can not enable to rapid- protocol in catalyst 6513, does not support for it, only support pvst.
Someone how can i enable to rpvst? You know if is necessary to upgrade IOS, it has s72033_rp-ENTSERVICESK9_WAN-M - 12.2(18)SXF9 IOS. The cisco software Advisor could not localized the features fot this IOS.
I have two locations DC and Corp connected to each other via Point to Point Circuit. I have forced the two core switches setup as GLBP pair to be primary and secondary for certain VLAN's including VLAN1.I have a switch in our Corporate office 3750 which is where the point to point circuit terminates. VLAN1 SVI is manually shut on that switch. Also the priority on VLAN1 is increased manually like this, "spanning-tree vlan 1 priority 28672".
Now the issue is that the Primarey Root Bridge in the DC is the root bridge for VLAN 1. But this other switch 3750 in our corporate office also is a root bridge for VLAN1. [code]
When I plug in a workstation to 3750 switch - it seems to take about 35 seconds before that workstation (hard coded IP) can ping the switch. You can see the console messages below. I configured RSTP and set this switch to root:
I have two switches claiming to be the root bridge for the same vlans. The 3750-X stack was configured to be the root for vlans present and the 2960S was brought online over the weekend to replace another one. This is the command I used to attempt and make the 3750-X stack the root
spanning-tree vlan 1-2,10,50,101,200,900,999 root primary diameter 4 The IOS converted that to this spanning-tree mode rapid-pvst spanning-tree loopguard default spanning-tree portfast bpduguard default
My colleague and I have been having a discussion about using rapid spanning tree in the access layer. Most of our infrastructure has been migrated to a routed access layer with 3750s.
The idea was brought up to configure the switches with rapid PVST. On the surface, it seems like a better idea, faster convergence, in the event that spanning tree ends up being used for some reason. My colleague prefers sticking with standard PVST. His argument is that, in the event of a layer 2 loop, some consumer-level switches filter out BPDUs and if the control plane is overwhelmed, the shorter timers of rapid PVST just puts that much more of a burden on the CPU trying to regain control, whereas with standard PVST it will have around 20 seconds before it starts to engage. (It may still be overwhelmed, but the longer timer delays the additional burden.) He says he's seen this problem with rapid PVST and that his opinion is backed up by our Cisco rep. (I haven't spoken to him yet.)
In our model, it should be very rare -- pretty much never -- that we would layer 2 span another switch off of our access stack.
One suggestion I saw is to use BPDU Guard, which is a good suggestion as well.
But we have had experiences with overloading the control plane on a 3750. I believe that concern is valid. If the CPU can't service spanning tree. But I'm interested in hearing about other experiences people have had in terms of rapid spanning tree in the access layer, end users plugging in unauthorized devices and creating loops, and the effects when using rapid spanning tree vs standard spanning tree.
I have an alcatel 6850 switch connected to a 3750. Two connections (cables) are used between the switches. The two connections from the alcatel are in different vlans 10 and 60 , but the cisco ones are in the same vlan ie 1 (I know not best practice but keep with it ). The cisco cables are connected into port 1 and 4. Port 1 is forwarding and 4 is blocking. The 3750 is configured with basic default pvst configuration.The alcatel is the root bridge. As can be realised traffic from alcatel on vlan 10 cannot pass traffic to the 3750, This was established by the spt seeing the same mac from the root bridge therefore blocking port 4.To stop this from blocking in this scenario I was going to use bpdufilter.
Stange problem which I encountered today, I have a Cisco 2960 which is connected to a netgear. The switch started showing itself in CDP and was running STP. I checked the cables physically today and noted 3 uplinks to the netgear, all port on the Cisco active and forwarding and green lights.
The Cisco was running STP, I changed it to R-PVST and the lights on the Cisco went crazy and I got the message port flapping on the switch but the switch did not block any ports (all ports on same vlan).
There after I changed it back to stp and the switch blocked the other up links apart from one.
We have about 200 spokes (2811 routers), each one connected to two hubs(7206VXR with NPE-G2) via a separate DMVPN. DMVPN is over MPLS cloud provided by the local operator. On the hubs we get very frequently these type of messages
.Feb 9 16:00:10.402: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.X.X.X (Tunnel3) is down: Interface Goodbye received.Feb 9 16:00:11.658: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.X.X.X (Tunnel3) is up: new adjacency
On the spoke Feb 9 13:36:48: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.X.X.X (Tunnel0) is down: holding time expiredFeb 9 13:36:51: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 200: Neighbor 10.X.X.X (Tunnel0) is up: new adjacency
I think the default eigrp hello and holding timers (5,15) are not suitable since these are wan links.
I'm looking at adding a Cisco 3750-X switch running c3750e-universalk9-mz.122-55.SE1 (IP base license) into a stack of 3750-G switches running c3750-ipbasek9-mz.122-55.SE1.bin Given that the version and feature sets are the same I don't forsee any compatibility issues. Would there be any reason why a universal image wouldn't stack correctly with other switches running the single .bin file?
We have a stack of switches that is at the max number of members allowed in the stack. Problem is we are running out of port density and need to add more ports. So instead of adding a whole new stack I would rather replace 2 of the 24-port swicthes with 48-port switches.
If the two 24-port swicthes we are removing are stack members and neither of them are the stack master, I should be able to replace the 24-port switches with the 48-port switches without bringing the master offline? If the new 48-port switches are running the same IOS version as the current 24-port swicthes, they should add themselves to the stack?Would I have to tell the new 48-port swicthes what switch numbers they are replacing in order for them to be added to the stack since we are at the max number of members?Also since the 48-port swicthes are replacing 24-port switches will the master give the 48-port switches the configuration for only the 24-ports?
Some deep technical questions regarding the AP541N access point? What I want to know is, if the AP has: - Watchdog per IP - ACK time adjusting - Site Survey.
To enable our receptionits to print a guest user ticket on a small A8 ticket printer I'm looking for a way to adjust the layout and formatting of the guest account credentials page.
I have searched through the javascript and css files but with no success.
some of our switches have the switchport mode trunk command configured between the 3750 switches but other 3750 switches connected to our 6509 core switch do not have the switchport mode trunk command to permit Vlans from going across the swtiches instead it has an ip address and says no switchport what is the difference between does two. Is trunking used only for Layer 2 and L3 is used to route interface vlans?
I have a deployment of AIR-CAP35021 APs. They are in 2 buildings with multiple floors. They are installed in a row down the hallways. I want to increase the power levels by using the controller and not configuring the APs individually. I have set the TPC value to -50 but I still do not reach the outer walls of the floors in some areas. I need to know what to set the Max Power Level Assignment or Min Power Level Assignment to to get the APs to power up some more. If the MAX value is 30 and the default is 30 then how to adjust that value?
I have a network with a Catalyst 3750 as the main switch and then some Catalyst 2960 switches that are plugged in to that. I have a server running windows server 2008 with a couple of virtual machines running in Hyper-V. I created 4 VLANS listed below and gave the 3750 the following IP Address.I would like the 3750 to only be configurable from VLAN 40 but currently every VLAN can connect to it, I noticed in the standard web page settings there was a setting for "Management VLAN" but it was set to 1 and would not let me change it, I kinda assumed that was for the management port in the back.-Now the tricky part, I was trying to set up routing between the VLANs and so far I have only been able to get a sort of "all or nothing" routing to work. I can turn IP routing on and add two or more VLANs to the routing and it works fine. But what I was hoping to do is create a couple of "junction vlans" that would only route to one or two other vlans. For instance, I wanted to create a VLAN 100 that routed to VLAN 20 and 30 but nothing else. I also want to route VLAN 1 just to VLAN 30, and so on. I am able to do each one of the cases but only one, it seems like the switch only supports one "routing table" am I missing something or is this just a limitation of the switch?
Is a 3750 sw capable of handling full routing tables and what can you recommend in a small mutihomed BGP router or switch capable of handling full routing tables?
I have a network with several catalyst 2960 switches and one catalyst 3750. I have created two VLAN and set up the proper routing and everything is working fine there. I have a client/server application that used multicast in the initial start up for the client to determine available servers, the issue is one of my clients is on a different VLAN then the server. I am able to route the multicast using MVR as long as both the server and the client are plugged into the 3750 by creating a static route, making the server a source port and the client a receive port. Unfortunately I need the client and the server plugged in to different 2960s. My question is how do I establish multicast routing between the two and perferably do it dynamically (always route multicast traffic from one VLAN to another).
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]
I have the task of replicating the router config on a 3825 router on a 3750 switch. Reason is we are taking out the router and replacing it with the switch to make use of the router for other functions.
Below is main part of the router config:
! ip source-route ip cef ! ! multilink bundle-name authenticated ! license udi pid CISCO3825 sn FCZxxxxxxx ! vlan internal allocation policy ascending
[code].....
The 3750 switch I have runs C3750E-UNIVERSALK9-M, Version 12.2(55)SE3 on a LAN BASE license.
The first thing I have done is to order for a license upgrade to IP BASE which would give the support for OSPF routing.I do not see much of an issue with the Interface configs, however, I am not too sure about replicating the routing config on the switch.
My question is can I run the commands as shown for the OSPF routing on the switch? If not, can I get suggestions on how best to set this up on the switch?
In 3750 switch,I have configured intervlan routing.I have three vlans Vlan 10,vlan 20,Vlan 30 and I have assigned IP address for that Vlan.In vlan 10,I have connected one systen gigabitethernet 0/1 interface.From my system I am able to ping vlan 10 ip address but I can't able to ping other vlan ip address (vlan 20,vlan 30).Is it possible to up the protocol for all that time.
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
I have a simple design with 3750. I configured a route-map which define a next hop. I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR? I think of CEF .
In our datacenter we have a 3750 stack with IP base image. I have enabled PBR and reloaded the switch. Show sdm prefer says i am using default template. The reason i want to use PBR is that we have 2 firewalls on the same work and want to be able to have granular control over which gateway out of the network they use but still be able to access all internal resouces accross wan and locally.
Created access list to identify traffic:
access-list 10 permit 10.2.3.59 (test workstation on vlan 3)
Created policy:
route-map TestASA permit 10 match ip address 10 set ip next-hop 10.2.0.3
Assigned policy to the user vlan3:
ip policy route-map TestASA
Results:It changed the default gateway to the above gateway but i could not access any resources on any other vlan, could not access resouces accross wan.
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net. My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20,I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2),my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to,go out to the internet.
I have a simple design with 3750.I configured a route-map which define a next hop.I defined this route-map on a policy on a vlan interface.When I test some ping and a debug ip policy and it seems that my policy never match.Is there any mechanism that prevent the switch from using PBR?
