Cisco Switching/Routing :: 3850 Versus 3750x For New Deployment
May 6, 2013
What is the preferred access switch for new deployment. Choosing between 3850 and 3750x. I have to say that the 3850 wireless features will not be used in this deployment and 4 switch for stack is enough... Looked and read everything that I found in the press, I can not make an informed choice. I bow to 3850, but I was apprehensive following circumstances:1) not too positive reviews2) to long list of open caveats3) to long list of features are not supported in Cisco IOS XE Release 3.2.0SE4) IOS XE : (With regard to the first three points - yes, I understand that the product is new and it has not gone further stage of "childhood diseases" ...Regarding the fourth point - I understand correctly that this is the direction to be moving Cisco Systems and soon all products migrate from classical IOS to IOS XE and so on?
I have a network coming up for a switch refresh. Management is pushing for 2960s and I would like 3850s. We are running Cisco Voice and Video over the network. I saw a few things that seemed to be in favor of a Layer 3 switch vs. a Layer 2 switch. Some items like better performance due to switching based on IP vs. switching based on MAC. Some information that will show the 3850 to be a better choice or that the 2960 is capable.
I want to configure accesslists on my Catalyst 3750X-switches to protect different VLANs/networks. Any best-practices about inbound versus outbound accesslists? In my head it is more readable and easier to understand the config when accesslists are assigned outbound on the VLAN to protect instead of assigning them inbound on all possible source-VLANs. But of course, from a performance point-of-view it is better to use inbound access-lists to avoid un-necessary routing etc.
I've been asked to deploy an ASA in Transparent Mode because of concerns of putting another layer 3 hop between PE and CE routers running BGP.
Is there some problem with allowing BGP to flow freely through an ASA the is also terminating site to site and remote access vpn tunnels?
I just don't see the need for Transparent Mode here and you cannot have a standard DMZ setup with Transparent Mode: you have to use bridge groups to provide for multiple interfaces on the ASA and then have an external router route between those bridge groups.
what I'm missing here as to why Transparent Mode is needed (not needed)
I just started a evaluation license for IP Base on my 3850 switches. But i can't configure HSRP cause the commands are not there (I rebooted allready). Do you need enterprise for HSRP on the 3850?
I just started a evaluation license for IP Base on my 3850 switches. But i can't configure HSRP cause the commands are not there (I rebooted allready). Do you need enterprise for HSRP on the 3850?
With my brand new Cisco 3850 Switch, I got it configured with a LAN IP. Then, on my PC I opened up Cisco Network Assistant (version 5.8.5.1 which supports the 3850). I went to add the 3850 to the community by discovering the device, and was prompted with the user/pass box. The password I set was not allowing me to connect, and I realized it's because a username was required and I had not set up a username on the switch. So, I then configured an admin user with level 15 privileges on the switch. However, now when in CNA I try to add the 3850 to the community, it doesn't even prompt me for user/pass, it just says "unable to connect".
What do I need to do to add this 3850 to my community?
I have configured my new 3850 using the command line and all works well. I logged into the web interface expecting to see device manager with a pretty image of the switch etc.
However I am presented with the Express Setup page and even if i fill in all of the details again and click submit then nothing happens and this is all I can get.
We have a new stack of two Catalyst 3850-48T's running IOS XE 3.02.00 (we are upgrading to 3.02.01 this weekend.)We noticed the CPU usage is around 30% even when there is almost no traffic going through the switch. We haven't seen any indication that it is causing a problem, but is this considered a normal baseline?I attached my config (with passwords sanitized,) show ver, show controllers utilization, and show process cpu history.
I noticed this behavior is normal on 2900XL/3500XL switches, but I didn't find anything relating it to 3850 switches. Does the same thing apply to the 3850 switches? [code] url...
I just completed installation of a stacked pair of 3850s in my datacenter. While I was installing them, I noticed that the lights on ports 1-8 on one of the switches were on solid even though there were no cables connected to that switch. I don't see anything in the logs or anywhere else in the CLI that indicate a problem, however the lights remain on. This only happens on switch 1, not switch 2. Once I plugged the cable into port 1, it flashes normally with activity, but 2-8 remain on solid even though nothing is connected to them.
Before I put the switches in place, I had configured them at my desk with the console connection, and those lights were not lit up.
The indicators on the front of both switches are set in STAT mode. I thought initially I had hit the button and flipped it to a different mode, but that is not the case.
I pulled a brand new Cisco 3850 Switch out of the box yesterday. Following the Quick Start Guide, I put in the power module, powered it on, and waited for it to complete POST. Then, I plugged in an Ethernet cable between a laptop and the switch on a port in the front, and went to the web interface at https://10.0.0.1. I got to the Express Setup, and attempted to change the IP address of the switch to an IP on my LAN, along with other options. When clicking submit, it didn't appear to take. Upon refreshing in the Express Setup, the IP config was blank, so I once again configured it. This time clicking submit brought up a message that it was changing the IP address. I waited for it to finish, and when it looked done, I powered the switch off and took it to a different room to hook it up to the LAN for further configuration.
When plugging in the power at that point, the switch starts through the normal light process (System LED blinks green slowly), and then eventually the System LED blinks green very fast and never stops. It doesn't get to the point of having the system loaded and ready to log into. There's no amber lights, just the System LED flashing green fast. On the back, the Power module and all bay lights are green, and the Console light is green, but the Management port light is off.
I've tried using the reset button on the back of the switch two different times to reset it to default configuration, thinking I hosed it somehow, but it never goes past the fast blinking System LED.
Based on what i am reading on the Catalyst 3850 datasheet, the controller functionality comes by default if i have a IP Base of IP Services license on the switch. Is this correct or do i need additional license to enable the controller functionality?What capabilities does below license provide ?
LIC-CT3850-UPG (Primary upgrade license SKU for Cisco 3850 wireless controller)
We have our Nexus as our default gateway (101.1) and the default VLAN1 is setup with two subnets 101.X and 102.X. The DHCP server is using a superscope setup to accomodate the overflow of devices requesting IPs on 101, so when 101 is consumed persons are able to obtain a 102.X IP address. The setup is basic on superscope. The issue is some times the routing to the firewall with a 102.X is not always 100%. Somedays all goes well and the 102 subnet is routed out to the firewall and its a good day. However, such as today a 102.X address is not routing as it did 24 hours ago. I am perplexed as to why this is behaving unpredicatable. Here is running-config for VLAN1 to show the 102 as secondary address to VLAN1.
I search at all cisco pages about support of VSS quad supervisor 2T support.Even relase notes, q&a etc. But until now I don’t found any pros or contra. Customer use the newest IOS 15.1.1-SY Customer uses already several system with quad sup720, has also experience.Customers actual state is:With quad sup 2T the 2nd sup2t of each VSS-chassis drops in rommon.Without VSS the same sup2t comes up either as active or standby!
We currently have an existing 6506 in data center that we want to add another 6506 to and do a VSS implementation.I'm trying to minimize down time so our current basic plan was to do the following:
1. Bring up the new 6506 and configure it for VSS 2. Trunk a port between the new 6506 and the production 6506 3. Physicall move connections from the production 6506 to the newly connected VSS switch 4. After all physical ports have been moved, power off the original 6506 swap the supvisor card out for the new 2T Sup card 5. Configure original 6506 for the virtual domain and then connect the VSL's.
According to the documentation, to run "switch convert mode virtual" the standby unit has to be in hot standby. This means I can't run this prior to moving the connections over, which means once I run "switch convert mode virtual" it will reboot the switches (~ 9 minutes of down time). Is there anyway around this?
i'm using some catalysts 3560 with 10 VLANs and inter vlan routing. we use a windows deployment services server to install our workstations. the pxe boot works fine. the image is loading, and when the windows 7 PE is booting, the dhcp request failes. when i use a small not manageable switch between the computers and the catalysts, it works fine.all other things work fine.
I am still working on the design of my big project and always that you think that every thing is solve, appears a details.We need to deploy a fiber links to some buildings that will have access switches connected to the Core. I have been reading about ethernet ring topologies and quite differents to the hierarchical model because of the using of Ressilent Ethernet Protocol instead of STP or RSTP.My question is which of the next to scheme will be the best?
1.- Deployment an ethernet fiber ring topology with REP? Consider that the edge Switch of this ring will be my Core and this one is connected to my distribution switches in a hierarchical topology. In this situation, Acces Switch 1-A is connected to Acces switch 1-B, Access Switch 1-B to 1-C and Switch 1-C to the Core. Feel fre to recomend me wich switches and considerations are the best. We conssider 1 Catalyst 6506 Chasis for the Core and catalyst c2960s-48-TDL for acces, maybe the 3750x series. Each Acces node in the ring topology will have a maximun of 50 end devices.
2.- Deployment a Fiber ring but not connecting each switch with the next. In this case we want to ensure redundancy to the core wih equal costs path, but because of the ring each switch won´t have equal length link to the core. In this situation, Acces Switch 1-A is not connected to Acces Switch 1-B is connected directly to the core but the fiber cable will take the route to Access Switch 1-B, to Acces Switch 1-C and finnally to The Core Switch. This apply to the other to Switches. Note now that Acces Switch 1-A will have a 281 Ft link to the core and a second 1612Ft. link to the core. Here comes the question this differents lenght will negative affect RPVSTP ? or It doesn´t matter? Can i setup an etherchannel/load balance in this situation?
some of our switches have the switchport mode trunk command configured between the 3750 switches but other 3750 switches connected to our 6509 core switch do not have the switchport mode trunk command to permit Vlans from going across the swtiches instead it has an ip address and says no switchport what is the difference between does two. Is trunking used only for Layer 2 and L3 is used to route interface vlans?
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
We have recently implemented Windows Deployment Services on our local network, but everytime we do a multicast image deployment the network get flooded to point of total saturation.
We have Netgear switches and a Cisco 2800 series router. IGMP Snooping has been enabled on all Switches, however, we are unsure on how to implement multicasting on the router.
The whole network is flat - no VLANs over than the default VLAN1. We only want multicasting to work within our local network and does not need to go out the other side of the router as that is the connection to the internet.
How to get the Cisco router configured properly to enable multicasting to not flood the network. It seems that even if we were to image 4 PCs using multicast this is enough to completely get the network flooded.
Also, am I right in thinking that IGMP needs to be enabled on all of the Switches?
I own a Cisco 892W router. The router has 2 WAN ports and 8 switch ports. Now I know -
-WAN ports can create sub interfaces, assigne IPs, cannot be assigned to a VLAN - sounds very much like a routing port. (sh interface gives - Hardware is PQII_PRO_UEC)
-Switch ports are for VLAN assignment, trunking, IP assigment etc,. (sh interface gives Hardware is Fast Ethernet)
I know they are different but at the same time confuced what the difference are? I also know on some 3xxx series switchs you could say "no switchport" and translate a switch port to a layer 3 port. But on 892W you can't do this? Struggeling to understand the difference.
What is the difference between the Diameter and the Max Hops Remaining in RSTP/MSTP? Like Cisco, the maximun value for diameter is 7, but, can i have a ring topology with 10 switches in the Network?
We replaced a 3560 with a new 2960S and I'm only able to configure a single ip sla where before we had three ip sla entries on the 3560. Obviously, one is a L2 switch and the other a L3 switch. This is an expected difference between switches, correct?
On a csico 3750 switch I have ntp server < IP of stratum 1 Time Server> I want the swit to sync to the to time server and provide time to peers on my network. Do I have to be configured for ntp peer < IP of stratum 1 Time Server> for that to work?
I manage a network with a ghost server, a 3750G, several outside access, and some vlans.This is a very simplify view of this network:
The ghost server is on all vlans connected to a trunk port on the 3750G which is used as a central switch and for basic routing.All equipements connected to vlans 1, 2 or 3 are on 2950 switchs themselves connected to the 3750G on dedicated access ports, each in there respective vlans.
All equipements connected to vlans 1, 2 or 3 have as gateway a vlan interface on the 3750. (10.0.x.3)All the vlan interfaces have route-maps applied on them to redirect traffic to their dedicated outside access.The route-maps match only traffic destinated to the outside.
Everthing is working well but the multicast.When I create a ghost session on the server, I can see computer connecting on it, but the multicast never start.If I use directed broadcast it works with good perfs, but the CPU processes of the 3750 go high because of the IP Input (Till 99%).If I remove the route map from the vlan interface which is on the ghosted network, the multicast works but with poor perfs.If I shutdown the vlan interface the multicast works well with good perfs.
It seems my problems are tied with the Vlan interfaces but I don't know why.
This is a sample of the config:
switch 1 provision ws-c3750g-24ts-1u system mtu routing 1500 vtp domain SM vtp mode transparent ip routing
I encountered a problem migrating configuration from Cisco 4500 with IOS 12.2(53)SG4 to Cisco 6500-VSS with IOS 12.2(33)SXI7.
With 4500, we had 2 servers with JBoss running multicast to build up the cluster. They used 239.X.X.X multicast IP. There was no need to configure "ip igmp snooping vlan XX static XXXX.XXXX.XXXX interface X" neither static arp entry.
When we migrated to 6500 in VSS, we had to do:
mac-address-table static XXXX.XXXX.XXXX vlan XX interface X disable-snooping
With this command, the JBoss cluster worked well. The question is, ¿Is there any difference regarding IGMP in 4500 versus 6500?
At home we have a business Fiber line with 100/100 connection, right now connected to a Cisco 2911 Router.Problem with this one is that it doesnt give the cool neat config options you get on for example the new EA routers, nor does it support uPNP. Now I was wondering if it would be an idea to use the EA4500 (which i have here aswell, though atm not in use) instead of the 2911.does the 2911 offer that much more power and speed that it would be unwise to use a EA4500 on Fiber?
What's the difference between a Catalyst 4500 and a Catalyst 4500E series chassis? I believe it has to to do with supporting PoE+? Are the blades in both series interchangeable?
