We have ip arp inspection and dhcp snooping enable in couple of 3750 and 3560 switches. Everything works fine, excepted few case that DAI packet rate trigger and errdisable the port. Later on we found out that most of computer that trigger DAI is Windows 7 and especially when they are in sleep mode. Not sure if anyone experiencing it with Windows 7. Also we have it rate limit at 64.
View 2 Replies
I have enabled IP DHCP snooping on a 24 port 3560 switch (v small office) and let the database fill up, now I have added dynamic arp inspection on the single vlan and I amd getting these errors.
Apr 23 16:15:34: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/5, vlan 1.([5835.d9b0.b9d1/172.30.5.2/0000.0000.0000/172.30.5.3/16:15:33 BST Tue Apr 23 2013])
Apr 23 16:15:39: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:39 BST Tue Apr 23 2013])
Apr 23 16:15:40: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Fa0/8, vlan 1.([0004.f2be.55e4/172.30.5.5/0000.0000.0000/172.30.5.8/16:15:40 BST Tue Apr 23 2013])
[Code] .....
I have a network of 3750's configured for DAI with DHCP Snooping implanted and working with windows XP for around a year. Now we've changed a couple machines for windows 7. I have a floor with around 200 workstations on XP and about 4 on Seven.Two of these WIN7 are triggering the err-disable for arp inspection (configured by default to block interfaces sending over 15 arp pps) I noticed that when I go on windows -> network and I do a refresh, sometimes (most of the time after boot up or idle time) it will trigger the massive arp response on the network. I noticed that all hosts on the network updated their arp entry for that computer(win7) at the same time, for some reason I don't know. The windows 7 tries to reply over fifty arp requests for its IP which caused the port to be put on err-disable.There were no applications running on the windows7 computer at the time of the tests, only wireshark and its default services.This computer has configured:DHCP with WINS Its on a windows domain has netbios over TCP.
View 1 Replies View RelatedI have port on cisco 3560 goes to error-disable,what is the cause of this issue,pls be noted this interface has BPDU Guard enable
View 3 Replies View Related have problem with switch. 3560, Some of gi ports have outdiscards errors and switching is very slow.
ServerSwitch>show int counters errors
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize OutDiscards
Gi0/1 0 0 0 0 0 8722
Gi0/2 0 0 0 0 0 157
Gi0/3 0 0 0 0 0 0
Gi0/4 0 0 0 0 0 0
Gi0/5 0 0 0 0 0 0
Gi0/6 0 0 0 0 0 446
Gi0/7 0 0 0 0 0 0
Gi0/8 0 0 0 0 0 0
Gi0/9 0 0 0 0 0 0
Gi0/10 0 0 0 0 0 0
Gi0/11 0 0 0 0 0 0
Gi0/12 0 0 0 0 0 1705658
Gi0/13 0 0 0 0 0 9
Gi0/14 0 0 0 0 0 74
Gi0/15 0 0 0 0 0 0
Gi0/16 0 0 0 0 0 0
Gi0/17 0 0 0 0 0 9
Gi0/18 0 0 0 0 0 0
Gi0/19 0 0 0 0 0 0
Gi0/20 0 0 0 0 0 0
Gi0/21 0 0 0 0 0 0
Gi0/22 0 0 0 0 0 0
Gi0/23 0 0 0 0 0 922
Gi0/24 0 0 0 0 0 0
But in monitoring i see only 80 Mbit max bandwith utilization on gigabit links.
My switch is getting restarted and the error shown is : System returned to ROM by error - Debug Exception (Could be NULL pointer dereference)
View 4 Replies View RelatedYesterday Cisco released IOS 15 code into the wild for the 2960 and 3560/3750 families but the link to the release notes is not working. Because I already have a whole bunch of 4500/Sup7's running IOS 15 I am thinking about taking the plunge with 30 3750-X's I have on order but want to review the release notes first. where they might be hiding?
View 4 Replies View Relateddoes cisco switch 3560 or 3750 supports MC-LAg ? if yes, then on what IOS? if no, then what are the devices which supports MC-lag?
View 1 Replies View RelatedI am working in an enterprise LAN environment. We have about 100 switches, mostly 3560 and 3750's. This is a typical Cisco network, yet it's flat. No routing on the access layers. The core switch does do the routing. We use an third party vendor network monitoring tool, and we use Secure CRT to remote into devices.
Here's the problem. There was a device we stumbled into that had not been put into our monitoring software. It has the same IOS as our other devices. All I can say is that it's the same version and type. Each device has a management v LAN. And each device has it's own management IP. An ACL exists to prevent unauthorized SSH access into the devices, yet allows the management v LAN scope to get in.
So, here's the problem...we can't SSH into our problem mystery device, let's call it Switch X. Switch X has an IP of 10.10.100.150. Now, I can be logged into it's up link device, let's call it switch B. Switch B has an IP of 10.10.100.130. The ACL allows all devices from 10.10.100.0/24 to SSH. Our PC's at our desk are also in the same management V LAN. SSH version 2 is on the configs, and the domain names are the same on these two devices.
So, let's be clear. From my desktop, I can connect to any device on my network EXCEPT switch X. When I try to connect using SSH, port 22...it just sits there until it times out. I can do the same thing to any other switch, and connect just fine. We are using TACACS+ and RADIUS as well, and they are up and running just fine. The configs on Switch X like I said are the same for switch B, except it's IP address of course. While logged into switch B, I can do a CDP neighbor and see switch X connected via trunk link. Both sides are running dot1q encapsulation, and both are in trunk mode. I can ping switch X from switch B. When I try to SSH from B to X..I get timeout with no connection.
So, I hiked over to the building where switch X is located. I consoled into the switch. I confirmed that the ACL is the same as the ACL for switch B. It is set up to allow the management v lan inbound on the VTY 0 - 15. Yes, it's access-class (name) in on both vty 0 4 and 5 15. It also is set up for transport ssh in and transport ssh out.
I rechecked the domain name on Switch X; it was correct. I also did a crypto key and regenerated the crypto key. SSH v2 came up. Again, while in Switch X, I can do a CDP neighbor and see switch B. But I cannot SSH from switch X to Switch B, or any other devices that I tried. Now, we did find a config error with VTP; the VTP domain name was different. But VTP has nothing to do with SSH. Just to placate my co-workers, I went ahead and renamed the VTP domain name (it's running transparent mode). After I regenerated the crypto key, I saved everything of course. I then reloaded the switch. When all came back up, I still could not SSH
This is a 3560 switch, and it is trunk to a 3750.
We have observed that one of the 3560 switch was rebooted with "System returned to ROM by address error at PC 0x0, address 0x0"
View 1 Replies View RelatedWe have a couple of Cisco switches and connected a (Windows 7) laptop to one of them and it gets its IP address from a DHCP server.I can now ping the IP from all of the switches, no problem, also not when I log on to the core switch in the same VLAN as both notebooks. But from my (Windows 7) laptop, which is in the same VLAN as the target laptop, I cannot ping it.
I checked, default gateway is good on both sides, as are DNS servers.
Target notebook ---- Catalyst 3560 V2 switch === Core Catalyst 3750 switch (stack) === Catalyst 3560G switch --- My notebook
I understand on older IOS codes If the same hsrp group number is assigned to multiple standby groups, it creates a non-unique MAC address. Is this true on newer codes like 12.2(52)SE for 3750 & 3560?
View 4 Replies View RelatedI feel that 3560 and 3750 perform differently with the following two commands:
srr-queue bandwidth shape 5 0 0 0
srr-queue bandwidth limit 50
On 3750, the bandwidth for queue 1 is limited to 100mbps x 50% / 5 = 10mbps
On 3560, the bandwidth for queue 1 is limited to the smaller value of BW / shape weight and BW x limit%.
Does it sound about right? is there a way to check for mls qos input queue drops? The show mls qos interface xxx stat only shows the output queue drops. Maybe for some reason the input queue never drops?
I believe the answer is yes, but incorperating more layer 3 features of our 3750's, I want to know if they fully support EIGRP or OSPF?
Also for a small business of 4 locations, each with a 10mbps fiber and a 1.5mbps mpls... wouldn't you say EIGRP would be easier? Want to look at making the failover automatic if the 10mbps fiber goes down between a site, then the network fails over to 1.5mbps mpls. When the fiber returns in service then the network automatically preferr the fiber again.
Currently we use static routes and if there is a provider outage we have to manually edit the config to flip flop the routes.
I heard that the WS-C3560E-24PD-S and the WS-C3750-48PS-S have a limitation on the number of 7945s supported (ie i can only run 10 or 15 on each switch before the power runs out). Any knowledge with these pieces of equipment verify the maximum supported? I'm having trouble finding documentation showing any maximums.
View 3 Replies View RelatedI'm having some problems when upgrading the IOS of my Catalyst 3750 switch through a tftp server. I've been surfing the net and found that there seems to be a problem when the image file is larger than 16M but this is not my case.I erased the flash to be sure that there was enough memory space to upload the image but didnt work.I also tried with archive download-sw /overwrite command and using a ftp server but the problem is the always the same: [code]To make sure it was not a problem of my computer or tftp server, I tried with a different computer and with a different tftp server but the same happen. I also tried with a 3750V2 and still the same. Even when trying to backup the current IOS to my computer, I got "error writing".
Then, I have tried to do the same with a different model of switch, a WS-C3560-48PS and it works perfect.I still need to try using Xmodem but Xmodem takes ages to finalize the process.
Have a small stack of two 3750 routers. Get the following error message every few secounds:
%STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state DOWN
%STACKMGR-4-STACK_LINK_CHANGE: Stack Port 1 Switch 1 has changed to state UP
Now I replaced the stacking cables but no joy. It was ok for an hr or so but then the error messages popped up again. Also random links on this stack back to access layer user switches have been going up and down randomly. So I have decided to take the next step and upgrade the IOS.
Although when I try and copy a new IOS I get the following error:
%Error writing flash:/c3750-ipservicesk9-mz.122-55.SE6.bin (No space left on device)
Seems this image is 130MB while the image that is currently on it is 74MB and free space is 54MB. How do I get the image onto the router? If I delete the current image from flash will that cause the router to stop functioning?
Also I noticed there seems to be more than one flash directory. See below:
copy tftp: ?
flash1: Copy to flash1: file system
flash2: Copy to flash2: file system
flash: Copy to flash: file system
null: Copy to null: file system
nvram: Copy to nvram: file system
running-config Update (merge with) current system configuration
startup-config Copy to startup configuration
system: Copy to system: file system
vb: Copy to vb: file system
The current router image seems to be in flash1 and flash 2 also. Could I delete the image from flash1. Upload it there and then boot the router from flash1?
I've been fighting what seems to be an increased number of outqueue drops on our core stack and edge switches for the last 3 or 4 weeks.(The core consists of a stack of 5 3750s in 32-gig stack mode. The wkgrp switches are 3560s. all are at 12.2.52) The wkgrp switches are directly connected to users. We use Nortel IP phones with the phone inline with the user PC. auto-neg to 100/full. [code] However I have tried turning off QOS on a couple of workgroup switches (no mls qos, but left individual port configurations the same) but am still seeing drops.Since I have disabled qos on the switches in question (no mls qos) (not the core tho) I am presuming these commands have no affect on the switch operation and therefore cannot be related to the problem. With QOS turned off one would presume that it is general congestion - especially at the user edge where busy PC issues might contribute. So I wanted to see if I could see any instances of packets in the output queues building up.
I wrote some scripts and macros that essentially did a snapshot of 'show int' every 20 seconds or so, and looked for instances of 'Queue: x/' where x was greater than zero.What I found after several days of watching the core stack, and a few of the workgroup switches that are most often displaying the behavior, was that I NEVER saw ANY packets in output queues. I often saw packets in Input queues for VLAN1, once in a great while I would see packets on input queues for fa or Gi interfaces, but NEVER on output queues. [ code] Additionally, when I look (via snmp) at interface utilization on interfaces showing queue drops (both core and wkgroup), they are occurring at ridiculously low utilization levels (as low as 4 to 8%). I've tried to look for microbursts between the core and a wkgroup switch where the core interface was experiencing drops, but haven't seen any (using observer suite). [code] While the queue-drop counts aren't critically high at this point, they are happening more frequently than in the past and I would like to understand what is going on... In most cases, no error counters are incrementing for these interfaces. Is there some mechanism besides congestion that could cause output queue drops?
We have a stack setup with 2 C3750x-12s and 5 C3750x-48p switches. We have two of these stacks. One is working and responding with snmp just fine. Our second one is showing the errors in the logThe only difference i see between the two stacks right now are the sw versions.
View 1 Replies View Relatedpower supply problem...?Switch cisco WS-C3750-24P is showing "Unavail" from sh env all.Switch3750#sh env all FAN is OK,TEMPERATURE is OK,SW PID,Serial# Status Sys Pwr PoE Pwr Watts,Does it means that power supply 1 was removed? failed?,Do you know about another command to see more details?
View 3 Replies View RelatedWe have a number of 3750 stacks used as access layer switches connecting Siemens VOIP phones and then a PC that connects to the phone.
For example if I plug PC A to the phone that connects to port 13 I pick up an IP addressand all works as predicted now if I plug in PC A to any other VOIP phone that connect to another port on the same switch it goes in error disable state ITs like the switch is holding my PC mac address and locks it down with the port which in my case is Gi2/0/13.
interface GigabitEthernet2/0/13
switchport access vlan 726
switchport mode access
[Code].....
I am taking only undersize errors on catalyst 3750 trunk interface (attached some outputs)...the other end is a 4500 switch and the interface is clean..can this be related to any bug ? this is my root port and often leading to trouble sometimes STP BPDUs transportation are affected..
View 4 Replies View RelatedI recently upgraded my network to have two 3750x core, one interface on the Cisco is connecting to a Net gear switch via a fiber converter. I am keep getting the vlan flapping error message in my log as below.
003396: Sep 17 01:46:16.328: %SW_MATM-4-MACFLAP_NOTIF: Host 5c0e.8ba7.0a5c in vlan 2 is flapping between port Gi2/0/15 and port Gi2/0/13
003397: Sep 17 01:46:19.843: %SW_MATM-4-MACFLAP_NOTIF: Host 5c0e.8ba7.0a5c in vlan 2 is flapping between port Gi2/0/15 and port Gi2/0/13
003400: Sep 17 01:49:58.769: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/17, changed state to down
[Code] .....
After my research i think this is a looping issue but I'm unsure how to address it.
I am trying to copy IOS from unix box to 3750 switch
archive tar /xtract tftp://192.168.1.5/c3750-ipserviceslmk9-tar.122-55.SE7.tar flash:
%Error opening tftp://192.168.1.5/c3750-ipserviceslmk9-tar.122-55.SE7.tar (Timed out)
i get error
i can ping the unix box from the switch.Here is switch flash info
sh flash
Directory of flash:/
2 -rwx 6484 Mar 1 1993 00:02:53 +00:00 vlan.dat 4 -rwx 1929 Feb 4 2013 22:59:34 +00:00 private-config.text 5 drwx 128 Jun 22 1993 16:14:21 +00:00 c3750-ipservices-mz.122-25.SEE2 458 -rwx 20848 Feb 4 2013 22:59:34 +00:00 config.text 6 drwx 64 Jun 22 1993 16:21:05 +00:00 c3750-ipservicesk9-mz.122-35.SE2 460 -rwx 12961 Mar 1 1993 00:05:47 +00:00 config.text.bak 461 -rwx 3096 Feb 4 2013 22:59:34 +00:00 multiple-fs
15998976 bytes total (5166592 bytes free)
I am receiving the following error message on a Cisco 3750 switch stack. Need troubleshooting this error message.
00:03:13: %SW_MATM-4-MACFLAP_NOTIF: Host 00d0.7400.2730 in vlan 600 is flapping between port Gi2/0/3 and port Gi2/0/2
i'm using some catalysts 3560 with 10 VLANs and inter vlan routing. we use a windows deployment services server to install our workstations. the pxe boot works fine. the image is loading, and when the windows 7 PE is booting, the dhcp request failes. when i use a small not manageable switch between the computers and the catalysts, it works fine.all other things work fine.
View 9 Replies View RelatedI have an SF-300-24 port switch and am having an issue. When a device says "Who has 192.168.0.1" (which is the default gateway) two devices are replying in the affirmative, and therefor the MAC address table is getting screwed up. I know the correct MAC address of 192.168.0.1 is 00:1b:21:95:02:b0, so how do I tell the router to disgard any packets that say otherwise? I tried to figure out DHCP snooping and IP source guard, and ARP Inspection, but I am not getting anywhere and keep losing connectivity to the switch.
Obviously a device on the network is misconfigured, unfortunately it is a large wireless network and the misconfigured device is 30 miles away on the top of a mountain. I am hoping to bandaid it locally and then eventually go out and fix the offending equipment.
I have problem with icmp traceroute configuration. When I enabling icmp error inspection in global policy, my traceroute results through ASA 8.2.4 looks like this: My traceroute [v0.75]
icmp inspection and ttl decrement on ASA is enabled. Also I configured ACL on outside interface to permit ICMP completely.
I am really stuck in enabling ip routing though a simple task. I have configured 10 v LAN's in stacked 3750 switches have ip base image. I want to enable ip routing for inter V LAN communication but it is giving this error:
%COMMON_FIB-4-ISSUENCODEWRONGLEN: Message IPv6 global features, rev B for slots 2 (0x4) is wrong length (10, should be 7).
The router 1841 is connected directly to the layer switch. the network diagram is below:
Office A --> Switch (L3) --> Router 1841 --> Internet --> Office B
However, when I transfer the file from Office A to office B, the speed very slow ( only around 40 kb/second), and there are an input error and CRC error:
Cisco-R1841#sh interfaces FA0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 0019.e02f.03dd (bia 0019.e02f.03dd)
[Code]......
Do I need the Universal image to perform stftp on a 3750 or 3750-X?
View 8 Replies View RelatedCisco 3560 does not support "set ip next-hop verify-availabilty". I need this command in my config. "set ip next-hop" do not do the same job.
View 8 Replies View RelatedThe last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
