Cisco Switching/Routing :: 4500-E On SUP II Plus TS - Force Enterprise Services IOS
Jan 2, 2012
What would happened if a force a cat4500-entservicesk9-mz.122-54.SG on a SUP-II-Plus+TS? Considering that:
- The same IP base file tha is used on a SUP-II-Plus+TS is used uma a SUP-V
- The file size os the ent services IOS is just a bit bigger the ip base IOS.
- Especially the EIGRP were supported on the SUP-II-Plus+TS pior the 12.2-25
We need full support to EIGRP(or OSPF) because of the H.A that are been implemented and need to test it...
My current version IOS is cat4500e-ipbase-mz.122-53.SG5.bin. I just got a new version cat4500e-entservicesk9-mz.122-53.SG5.bin.I put the new version in bootflash: directory and tried various methods of starting the IOS up to run the new version but it always started in the original ipbase version. My start-config shows:
boot-start-marker boot system flash bootflash:cat4500e-entservices9l-mz.122-53.SG5.bin boot-end-marker
and I even deleted the ipbase version in the bootflash: directoy so then my switch would not even boot up at all and hung in rommon. In rommon I tried
boot bootflash:cat4500e-entservicesk9-mz.122-53.SG5.bin and the result I got back was File has bad file magic number: 0x0
So I had to point the switch to my tftp server and boot back into a back up copy of ipbase. how I can get my new IOS version to work? I understand I might have to download it again but I just got it so I am skeptical it is a bad file. [URL] as a procedure guide and I do notice some of those commands/steps do not work on my 4900m switch.
I am working in an enterprise LAN environment. We have about 100 switches, mostly 3560 and 3750's. This is a typical Cisco network, yet it's flat. No routing on the access layers. The core switch does do the routing. We use an third party vendor network monitoring tool, and we use Secure CRT to remote into devices.
Here's the problem. There was a device we stumbled into that had not been put into our monitoring software. It has the same IOS as our other devices. All I can say is that it's the same version and type. Each device has a management v LAN. And each device has it's own management IP. An ACL exists to prevent unauthorized SSH access into the devices, yet allows the management v LAN scope to get in.
So, here's the problem...we can't SSH into our problem mystery device, let's call it Switch X. Switch X has an IP of 10.10.100.150. Now, I can be logged into it's up link device, let's call it switch B. Switch B has an IP of 10.10.100.130. The ACL allows all devices from 10.10.100.0/24 to SSH. Our PC's at our desk are also in the same management V LAN. SSH version 2 is on the configs, and the domain names are the same on these two devices.
So, let's be clear. From my desktop, I can connect to any device on my network EXCEPT switch X. When I try to connect using SSH, port 22...it just sits there until it times out. I can do the same thing to any other switch, and connect just fine. We are using TACACS+ and RADIUS as well, and they are up and running just fine. The configs on Switch X like I said are the same for switch B, except it's IP address of course. While logged into switch B, I can do a CDP neighbor and see switch X connected via trunk link. Both sides are running dot1q encapsulation, and both are in trunk mode. I can ping switch X from switch B. When I try to SSH from B to X..I get timeout with no connection.
So, I hiked over to the building where switch X is located. I consoled into the switch. I confirmed that the ACL is the same as the ACL for switch B. It is set up to allow the management v lan inbound on the VTY 0 - 15. Yes, it's access-class (name) in on both vty 0 4 and 5 15. It also is set up for transport ssh in and transport ssh out.
I rechecked the domain name on Switch X; it was correct. I also did a crypto key and regenerated the crypto key. SSH v2 came up. Again, while in Switch X, I can do a CDP neighbor and see switch B. But I cannot SSH from switch X to Switch B, or any other devices that I tried. Now, we did find a config error with VTP; the VTP domain name was different. But VTP has nothing to do with SSH. Just to placate my co-workers, I went ahead and renamed the VTP domain name (it's running transparent mode). After I regenerated the crypto key, I saved everything of course. I then reloaded the switch. When all came back up, I still could not SSH
I was wondering if I can force catalyst 2960 to skip startup config stored in NVRAM and boot with no config everytime it is powered. I tried to find it on google and in cisco white papers but still no luck. I found only commands that begin with "set boot config-register ... ", but switch acts like it does not know these commands.
I am looking to replace the active supervisor (S720-10G) on our 6509E running in SSO mode. The new module already has the same IOs version as the standby supervisor.Once I have swapped the module how do I know that the config has sync'd correctly other than checking the logs? Is it a case of looking at the "Redundancy Mode (Operational)" state and ensuring is says SSO?Also, is there a command that will force a config-sync if it is running in a mode other than SSO?
How to configure cisco 3560 to force the client only can get ip by dhcp-relay server ?
The company i am working in has 5 vlans which have been set an lay-3 switch(3560), uses the dhcp-relay server .(in svi configuration: ip helper-address X.X.X.X) well , that works ok~
Now , I got my problem: I need to force the client only can get ip by dhcp-relay server, that means if anyone set static IP manunally , he can't really access to anywhere (to provent anyone set static IP with malignancy )
I know if a h3c router , how to set this configuration n svi configuration : dhcp relay security address-check enable ) the how to configure on a cisco 3560 ?
It would be so easy but failed to upgrade 3560X switch to ip services licence is bought and paid for mail and log from the CLI and tftp server attached
I have a new 3560G to set up a small network for a remote site. I configured the vlan and an SVI as the gateway. The switch is also the DHCP server for the LAN. I configured Gi0/2 as L3 port, connecting to the nearest neighbor. My network runs EIGRP so i advertised the routes into the EIGRP process. The switch forms EIGRP neighbors and learns all routes in the enterprise network. The problems I'm having now are: 1. The switch learns all routes in my enterprise LAN and can ping devices in the enterprise LAN, but I can’t ping any interface on the switch from the enterprise LAN. 2.
I want to turn on EIGRP functionality on my layer 3 3750 stack. I noticed I was only running an IPBASE license. When I do show license all I notice I have an evaluation of IP SERVICES image (see output below). Can I use this evaluation license? Would it be same as the full license or would it have limited functionality? Also, how do I make it the active license?
Q9-Switch#sh license all License Store: Primary License Storage Store Index: 0 Feature: ipbase Version: 1.0 License Type: Permanent License State: Active, In Use License Priority: Medium License Count: Non-Counted
License Store: Evaluation License Storage Store Index: 0 Feature: ipservices Version: 1.0 License Type: Evaluation License State: Active, Not in Use, EULA not accepted Evaluation total period: 8 weeks 4 days Evaluation period left: 8 weeks 4 days License Priority: None License Count: Non-Counted
I have 3750 Switch and need to activate the ipservices on it , it is need a license file to switch from ipbase to ipservices , if i installed the ipservices image from cisco site , do i still need an activation key to use it??
Network newbie need to verify all necessary services and protocols on a new WS-C6509-E are turned on. This layer 3 switch will be used to connect to servers.
i'm using some catalysts 3560 with 10 VLANs and inter vlan routing. we use a windows deployment services server to install our workstations. the pxe boot works fine. the image is loading, and when the windows 7 PE is booting, the dhcp request failes. when i use a small not manageable switch between the computers and the catalysts, it works fine.all other things work fine.
I'm building a wired closet to aggregate user's connections, Im planning to have 5x 3750X stacked switches and there is a need to run EIGRP, I'm thinking to order one switch with IP service image while the rest will run IP base image, is it workable scenario and what are the drawbacks of such combination of images ?
is there a document that explains the compatibility of 3750 series that can be stacked together? for example can we stack 3750-x with 3750-v2 without the power sharing? Can we stack a L3 3750 with L2 3750 without upgrading the L2 switch IOS to ip services?
I'm building a wired closet to aggregate user's connections, Im planning to have 5x 3750X stacked switches and there is a need to run EIGRP, I'm thinking to order one switch with IP service image while the rest will run IP base image, is it workable scenario and what are the drawbacks of such combination of images ?
The model WS-C3750X-24T-L is only Lan Base. We need this switch to use EIGRP Protocol. Does it exist a License for supportting IP Base o IP Services Feature Set?
I have a cisco 2821 router where as a cisco 2960 switch with connect on router as a trunk & one user vlan . this is my WAN router all traffic are internal . i have 2MB data connectivity on my WAN side. i have to Give a specific Bandwith on my SAP traffice . like when SAP traffice will come they all time get around 50 % bandwidth of my channel. If SAP resuest are not comming then other traffice will get full bandwith .
I have A 3560x running 12.2(58)SE2 and jus tupgraded to IP services to allow Enhanced EIGRP as found on feature navigator. I need to run full EIGRP and disable Stub.
however, when I try to disable it, I get this error:
dist2-3560x(config-router)#do sho licenseIndex 1 Feature: ipservices Period left: Life time License Type: Permanent License State: Active, In Use License Priority: Medium License Count: Non-Counted Index 2 Feature: ipbase Period left: 0 minute 0 second Index 3 Feature: lanbase Period left: Life time License Type: Permanent License State: Active, Not in Use License Priority: Medium License Count: Non-Counted dist2-3560x(config-router)#no eigrp stub connected summaryEIGRP is restricted to stub configurations only on this platform.
I have installed the license and rebooted. by all indications th elicense is installed and should allow for Full EIGRP routing.
We have recently implemented Windows Deployment Services on our local network, but everytime we do a multicast image deployment the network get flooded to point of total saturation.
We have Netgear switches and a Cisco 2800 series router. IGMP Snooping has been enabled on all Switches, however, we are unsure on how to implement multicasting on the router.
The whole network is flat - no VLANs over than the default VLAN1. We only want multicasting to work within our local network and does not need to go out the other side of the router as that is the connection to the internet.
How to get the Cisco router configured properly to enable multicasting to not flood the network. It seems that even if we were to image 4 PCs using multicast this is enough to completely get the network flooded.
Also, am I right in thinking that IGMP needs to be enabled on all of the Switches?
open specific ports on 1941w Integrated Services Router.This specific router is a wireless VPN router that has a wired module and a wireless module and VPN so I'm getting 3 subnets on my network - 192.168.1.. for the wired connections, 10.100.1.... for wireless LAN connections and 10.100.2... for VPN remote connections.I know that by default all connected computers can access my Linux server data through telnet so the telnet port is open by default, the problem is that I have some other software licensing system on my Linux box that needs to be accessed through port 27000 and most of my users are using wireless connections and can't access that license because post 27000 is closed.what is the comand to open this post or any other port that I need to be open on the wired module, wireless module and VPN or at least poit me to somewhere where I can find all the commands that I can use for this router?
Does the 4500 support VSS (Virtual Switching System) ? On the official product overview page it says: 1.6 Terabits capacity with Virtual Switching System (hardware-ready)What means Hardware ready ? Does it mean that it supports VSS in the same manner as the 6500 ? The reason I'm asking this question is that I didn't find any info on the Internet about this. We would like to upgrade our network by interconnecting the 2 sites with Layer 2 redundant links (Layer 2 extension), but I'd like to use the both links in a load-balancing manner, which can be a real pain in the *** with STP. The choice is between 4500 and 3750 stackable core switches. The 6500s are very expensive.
How to know 4500 SUP7-E's MIB ?Our customer use MS SCOM 2012 SP1 get the OID are 1.3.6.1.4.1.9.1.1286, but we use IOS MIB locator, we can not find this MIB id.
below are the IOS sh version information :
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.02.00.SG RELEASE SOFTWARE (fc4) Technical Support: [URL] Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Tue 26-Apr-11 18:09 by prod_rel_team
What is the correct way to lic VSS on a 4500 SUP7L-E ? url... Under Table 5 - Support by Image Type; VSS is listed as available on IP Base (SUP7E only) and a plain Yes under Enterprise Services, inferring that you need Enterprise Services lic on SUP7L-E to get VSS? url...Under Table 1 - Minimum License for VSS; IP Base or higher (7-E) or special license (7-LE and Catalyst 4500-X)Can find no option on CCO / configuration tools to list a 'special' VSS license for 4500R+E chasiss with dual SUP7L-E and IP Base.How are you meant to purchase/license VSS on 4500E Chassis + SUP7L-E ?
