Cisco Switching/Routing :: 4500 L3 / 500 Invalid Port Command
Nov 14, 2012
i just want to ask whether i should do some configurations or not on my cisco switch 4500 L3 regarding the error of 500 invalid port command when host try to access FTP active on to FTP server, i just did static route on gig interface with no switchport mode to that host network, all traffic type was allowed except the FTP with active mode?
I have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..
Most of the 4500 Switches in our network are giving the similar error for so many ports
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on p t Gi2/6 in vlan 100
Its impossible to do a wireshark packet tracing for all the ports.
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
On 45XX catalyst , bandwidth is allocated across six 8-port groups, providing 1 Gbps per port group. Example for the following line card : WS-X4448-GB-SFP
I want to know if there is the same mecanism on 3750X switches. I mean is bandwidth allocated across a group of ports like on 4500 catalyst ?
On a 4500 switch port , defined as access vlan 10, if the user connects his own dhcp server ( instead of the normal pc that should be connected ), will it cause issues with my existing network. the existing network is all static ip. In above case, will the dhcp server start looking out and assign dhcp ip's , if a user unknowingly removes his static ip and changes to obtain ip via dhcp option on the lan properties.
We have recently purchased a Cisco 4506 that has several Gigabit Ethernet modules installed.One of the Ethernet Gigabit modules - a WS-X4424-GB-RJ45 - is being picky with who it talks to at Gigabit Ethernet.
If I plug a laptop into one of it's RJ45 ports using a Cat 6 cable, nothing happens. No link light, no notification of link up or down on port statistics, absolutely nothing.If I plug a server into the same port it works fine at Gigabit Ethernet (even using the same Cat 6 cable).I can get the module to recognize a laptop if I fix the speed/duplex on the laptop to 100Mb/Full. I have tried this with other staff laptops from different vendors (HP / Dell / etc.) all with the same result.
The module directly underneath this module - a WS-X4448-GB-RJ45 - works fine for both laptops and servers. We have tried swapping the module positions but to no avail.
I configured the interfaces individually at L3 and could ping across each link Example:
4500 Switch 2: 6500 Switch 1 int t5/1 - int g3/17 1 Gig fiber link tore down config tried second set of interface int t6/1 - int g8/17 1 Gig fiber link Ping successful
Few days ago I faced a issue in which one of ours 4500 stopped providing poe on some ports in one line card. I called TAC and ran some diagnostics. However, there is a command that I found and it is NOT DOCUMENTED on 4500 reference guide! The command is "diagnostic monitor poe". This command actually detects/recover POE hardware failures! After executing this command, poe start to work again?
We have a single 4500 connecting to two non-cisco devices. We need to enable port channelling or link aggregation between these two.The links are carrying mulitple vlans , hence are trunked and the ip address on either side is used for routing.
From each of the two non-cisco device, i am taking 2 ports each to connect to the 4500.On each non-cisco device side, two ports will bundle together as one aggregated interface (ae1) and the other will be called ae2.
my query is how do i do the configuration for etherchannel on the cisco 4500 side , as it will need two different Po's( port channels).I need a single ip address on both sides of port channel to be present for routing.
I am trying to implement priority queuing (LLQ) on a pair of 10GE links between a 4507 with Sup6E and a 4948 which are configured as an etherchannel. I am unable to configure a priority queue on the 4507. I am running into the following issues:
I want to have a priority queue for voice traffic and specify minimum bandwidth for a critical application. If I configure a class with the priority command it will not let me use the bandwidth command on another class unless the priority class is policed. If I try it without the police command I get the message "bandwidth kbps/percent command cannot co-exist with strict priority in the same policy-map ". If I add a police statement to the priority class then I don't get this error.
When I try to apply the resulting service-policy to the physical interface it says "% A service-policy with non-queuing actions should be attached to the port-channel associated with this physical port" and does not add the command to the config.
If I try to associate the same policy-map to the port-channel rather than the physical interface it says "% A service-policy with queuing actions can be attached in output direction only on physical ports" and does not add the command to the config.
All of the other interfaces on the 4500 are working OK. The trunks have auto qos voip trust configured and access ports are marking the critical application traffic.
The 4507 is running 12.2(44)SG1 EnterpriseK9. I don't have the luxury to upgrade blindly to fix the problem unless I can identify a specific bug that is causing the problem.
i have 4507R with dual supervisors (WS-X4013+10GE) with IOS cat4500-ipbasek9-mz.122-46.SG.bin the supervisor module are in 3 and 4, and I want to connection port 5, but i have interface and line protocol down "inactive" error.
So I realized to use command "hw-module" to change the module to GE port. However, I am not able to use the command as" I cannot use the command "hw-module uplink" as well.
I am looking to find a command or counter to tell me if a cisco switch port on a 4510 was ever up and passed traffic. I want to shutdown all unused switchports on our access switches. But before I do that I need to make sure device is just not off or the person is away on vacation. If I do sh int interface, is there a counter I can reference.
Im trying to follow along documentation i see via train single videos and some online resources. I am trying to enable port security.I have a Catalyst 3546 XL when i type in "rtr1# switchport ?""port-security" is not only of the options to choose from. I have already set this as an access port.
a switch port is shutdown, but when i use NO SHUTDOWN command it is working and shows administratively down. like this command does not affect on it. i should enable this port? what can i do btw, port is not in errdisable and portfast is enabled.
Any way to test in a lab what would happen if a tech mistakingly added "switchport voice vlan XX" to a trunk port? I am try to do some RCA on an issue and this has been identified as a possible cause by one of my techs.
The config is Switch1------Switch2--------Switch3 Each interswitch connection is configured as a dot1q trunk with all vlans allowed. The link between switch2 and 3 is where switchport voice vlan 10 was added. Switch1 is a 3750 and 2/3 are 3560's.
show cdp neighbors command shows two devices connected through the same local port?I have a Cisco 3560 that when I issue the "show cdp neighbors" command I get the following results: [code]
the question is why is this showing that Gig0/3 is being used twice to connect to two different devices. I have verified there is no hub connected to this port and in fact Switch3 is not connected to Switch1 at all yet it still shows up in the CDP table.
I have cleared the CDP table on every device at this location and still get the same results.
I have problem with Cisco ACS 4.0 "Windows" with core 4500 switch "cat4500-ENTSERVICESK9-M 12.2" the problem shows only on one device "x.x.x.x" the problem is " Authen failed-------badcred------External DB user invalid or bad password" i can see it in failed attempt. on the same side i can see in Passed Authentications for same record "Authen OK", i can login to the mentioned switch using my ACS credentials and not local database credentials
can debug this from ACS if not how can view the authentication records from core switch?
A customer wants to upgrade an IOS Base (cat4500-ipbasek9-mz.122-25.SG4.bin) of a WS-C4507R Cisco, for a IOS that have a enterprices functionalities.We install an IOS cat4500e-entservicesk9-mz.122-53.SG5.bin, but we had the following results:
config-register = 0x2102 Autobooting specified file using Variable BOOT ..... Current BOOT file is --- bootflash: cat4500e-entservicesk9-mz.122-53.SG5.bin
I bought a cisco router last week. The reseller said it is a brand new one. However, when I try to set it with console cable connecting to PC, the default password does not work. I tried to use control+break to get access to rommon for password recovery. The tera term pro displayed nothing at all! In thin case, what should I do to setup the router? Dose the reset button in the back work to restore the router to factory setting(which means i can use default username and password)?
Is there a known bug for Nexus 7K version 6.0(4) related to route redistribution?I have few vlan interfaces and being redistributed to the BGP.vlan interfaces are all up ang pingable.After configuring redistribution, vlan route is not in the bgp table.sho ip bgp is saying "path invalid"
BGP routing table entry for 10.165.101.192/28, version 26302 Paths: (3 available, best #3) Flags: (0x180c0021) on new-list, is not in urib, need resync with RIB, exported, has label vpn: version 47719, (0x100002) on xmit-list local label: 492294
Issue I am having with a Cisco 4507? Below is the error i am receiving.
Feb 14 10:06:09 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 508 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112 Feb 14 18:44:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 119 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112 Feb 15 00:51:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 366 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
My company has an 881-w ISR that provides wireless and wired network functions for our small office (about 20 users). I was attempting to create a new V LAN (another story), and was able to create the V LAN (4) and assign it a new IP. However, when i came in today, and when i attempted to connect to the ISR, the serial console started spewing this over and over:
Now, I did leave the console session up overnight, as that's the only thing that I can think of. As expected, our service contract had expired. I did reboot the ISR, and I am looking to see if this can be fixed, or symptomatic of a larger issue, and time to replace? At this point i can't even get it to stop, and thus cannot log in.
I have configured DHCP snooping on a WS-3560G-48PS running IOS 12.2(58)SE2 ipservicesk9 variant.When I enable DHCP snooping clients don't get IP addresses, when DHCP snooping is disabled, everything works fine.I have set up a SPAN port and run a capture (attached) on the traffic. Wireshark notes the Seconds elapsed field appeared to be encoded in little-endian but only on some packets. Apart from that, I can see nothing wrong with the DHCP Offer responses from my DHCP server.Attachment config.txt contains the interesting parts of the configuration. Please note g0/32 has been set to ARP inspection trust as without working DHCP snooping it would require a static bind.Is there any way of figuring out which option can't be parsed? Is there a way to force forwarding of unparsable DHCP packets while still running DHCP snooping?
Does the 4500 support VSS (Virtual Switching System) ? On the official product overview page it says: 1.6 Terabits capacity with Virtual Switching System (hardware-ready)What means Hardware ready ? Does it mean that it supports VSS in the same manner as the 6500 ? The reason I'm asking this question is that I didn't find any info on the Internet about this. We would like to upgrade our network by interconnecting the 2 sites with Layer 2 redundant links (Layer 2 extension), but I'd like to use the both links in a load-balancing manner, which can be a real pain in the *** with STP. The choice is between 4500 and 3750 stackable core switches. The 6500s are very expensive.