know if Private Vlans are supported on the Cisco 4900m switch when set in VTP version 3 and VTP disabled?Most documents just specify VTY transparent mode without mentioning the version, trying not to assume since this is production.
View 1 RepliesI have this 4900M running version 12.2(54)SG1. I the log I get this 3 lines:
May 8 08:32:15: %C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: (Suppressed 429 times)flCam0 aPErr interrupt. errAddr: 0xC48 dPErr: 1 mPErr: 0 valid: 1
May 8 08:32:24: %C4K_L3HWFORWARDING-4-FLTCAMPARITYERROR: (Suppressed 866 times)FL Tcam Perr with no FwdEntry Hw index: 3144 Hw entry: Sw entry:
May 8 08:32:45: %C4K_SWITCHINGENGINEMAN-4-TCAMINTERRUPT: (Suppressed 432 times)flCam0 aPErr interrupt. errAddr: 0xC48 dPErr: 1 mPErr: 0 valid: 1
They seems to be coming on regular basis, repeating every minute. I've tried Google and the most relevant info I can find is this {URL}. But it says "Upgrade software to IOS version 12.2(52)SG or later OR 12.2(50)SG4 or later. ". I'm already running 12.2(54), so why does this 3 line repeatedly show up in the log every minute.
Why I got below error message when config Private VLAN?
Error: while enabling/disabling service: private-vlan, err: Private-vlan is not allowed in F2 VDC (0x40e4005d)
We need to connect several DSLAMs on the 4900 switch, every DSLAM has 4 VLANs configured (VOIP service, MGMT, ADSL Private, ADSL Public), and sends the traffic for each service tagged with appropriate VLAN id according to the table:
VOIP: 608
MGMT: 594
ADSL PRIVATE: 2900
ADSL PUBLIC: 2930
On the DSLAM side it is very simple configuration, just a normal trunk with 4 VLANs transversing the link. On the 4900 I need to isolate the traffic for ADSL PRIVATE & PUBLIC service so DSLAMs connected to the same switch do not have L2 connectivity between them. For VOIP and MGMT they must communicate with each other. DSLAM acts also as a VOIP GW so it must communicate with other DSLAMs for VOIP service. Also VLAN 200 is configured on ME 4900 for switch management traffic.
This 4900 Switch connects to MPLS PE router, which offers L3 VPN service for VOIP & MGMT service, and L2 VPN for ADSL service (PPPoE traffic to BRAS). Fortunately we have ES+ linecard to support many ethernet features. I tried this config:
1) VOIP, DSLAM-MGMT, MPLS-MGMT configured as normal VLANs
2) ADSL PUBLIC & PRIVATE configured as isolated secondary VLANs, primary VLAN for ADSL PRIVATE is 2008, for PUBLIC 2308
3) Configure DSLAM facing ports on ME 4900 as private-vlan trunks
4) Configure ME 4900 uplink port to MPLS PE as a private-vlan promiscous trunk
5) Configure ethernet services on MPLS PE for each tag that comes from ME 4900 (ES+ cards are awesome, i love them:D )
6) Apply L3 VPN service for VOIP and DSLAM-MGMT, and L2 VPN for ADSL service.
But at least this last command should list on spanning tree forwarding state also the ADSL VLANs or not?
Here is the output of the show interface switchport.
I have 2960 cisco switch. I want to configure private vlan. But it is not getting configured in cisco 2960. Is there any other way to configure that in switch.
View 1 Replies View RelatedI have the need for private vlans in isolated mode to backup some hosts on a secured network. We are using Cisco Nexus 5020 with the fex 2148 for copper-ports - and I tried to implement this setup: [code]
The Cisco Nexus 2000 Fabric Extender does not support PVLANs over VLAN trunks used to connect to another switch. The PVLAN trunks are only used on inter-switch links but the FEX ports are only meant to connect to servers. Since it is not a valid configuration to have an isolated secondary VLAN as part of a Fabric Extender port configured as a VLAN trunk, all frames on isolated secondary VLANs are pruned from going out to a FEX.
the "only" limitation should be the trunk option - but as far as I can see from the output from my nexus this is not correct .We are running NXOS: [code]
I have a Cisco 3750 with private VLANS configured.. VLAN 2 is the "primary", VLAN 3 is "isolated" and VLAN 4 is "community". This is all working correctly, however I now have the need to another VLAN called "production". I need the production VLAN to be able to reach all the private VLAN hosts (community and Isolated), and vice versa
View 2 Replies View RelatedHaving problem pinging from Host A on ESX1 to Host B on ESX2. Each host are assigned the same port-profile. If I put 2 host's on the same ESX machine using the same port-profile, they are able to ping each other.
n1kv-vsm# sh port-profile name xxx-prod-40port-profile xxx-prod-40 description: type: vethernet status: enabled capability l3control: no pinning control-vlan: - pinning packet-vlan: - system vlans: 1 port-group: xxxl-prod-40 max ports: 32 inherit: config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown evaluated config attributes: switchport mode private-vlan host switchport private-vlan host-association 40 400 no shutdown assigned interfaces: Vethernet3 Vethernet4
System-uplink profile is trunking all vlans.
Is it possible to assign 2 ports to a vlan on this switch and have the 2 machines connected to those ports be able to see each other without having to go off of the switch? If so, how would it need to be setup on the switch?
View 4 Replies View Related We have a 24 port and 48 port 3560 E switches with identical IOS the 48 port switch supports private vlan while 24 port switch doesnt
configure private vlans on 24 ports 3560e and is it best practise to configure private vlan on this platform(3560)?
IOS version : C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9-mz.122-55.SE3.bin
I have defined a trunk between a nexus 5k and cat 3750 as a pvlan trunk - now I would like to add redundance and performance and tried to establish a vpc between my par of nexus's and the 3750 stack - but the nexus tell me that the port-channel doesn't support pvlan's - and then - ehh - do I get any benefits of running the trunk as a pvlan trunk at all?
interface Ethernet1/4
switchport mode trunk
speed 1000
switchport private-vlan trunk allowed vlan 550-552
switchport private-vlan mapping trunk 550 551-552
[code]...
I'm not sure if I'm missing something basic here however i though that I'd ask the question. I recieved a request from a client who is trying to seperate traffic out of a IBM P780 - one set of VIO servers/clients (Prod) is tagged with vlan x going out LAG 1 and another set of VIO server/clients (Test) is tagged with vlan y and z going out LAG 2. The problem is that the management subnet for these devices is on one subnet.
The infrastructure is the host device is trunked via LACP etherchannel to Nexus 2148TP(5010) which than connects to the distribution layer being a Catalyst 6504 VSS. I have tried many things today, however I feel that the correct solution to get this working is to use an Isolated trunk (as the host device does not have private vlan functionality) even though there is no requirement for hosts to be segregated. I have configured:
1. Private vlan mapping on the SVI;
2. Primary vlan and association, and isolated vlan on Distribution (6504 VSS) and Access Layer (5010/2148)
3. All Vlans are trunked between switches
4. Private vlan isolated trunk and host mappings on the port-channel interface to the host (P780).
I haven't had any luck. What I am seeing is as soon as I configure the Primary vlan on the Nexus 5010 (v5.2) (vlan y | private-vlan primary), this vlan (y) does not forward on any trunk on the Nexus 5010 switch, even without any other private vlan configuration. I believe this may be the cause to most of the issues I am having. Has any one else experienced this behaviour. Also, I haven't had a lot of experience with Private Vlans so I might be missing some fundamentals with this configuration.
I am looking into the possibility of using private vlan's for some dmz implementations however I do have what may be some very rudimentary questions. It seems straightforward how to configure the primary/secondary vlan configuration as well as associating them. However in my case I would be looking to configure the PVLAN on a 6500-vss platform acting as the router while all of the hosts which I would desire to have in the isolated vlan would be spread out across a number of older Cisco switches which only support "protected port" setup or Procurve switches all of which I do not have budget to replace with something newer. So in my scenario I would have a 6500 connected by trunk to multiple switches which only support a protected port setup such as a Procurve (top of rack) or a Cisco 2950. As the Procurve or 2950 would not support Private VLAN setup, do I then just configure the secondary vlan to be allowed across the trunk from the 6500, configure that vlan on the Procurve or 2950 (as vtp will not foward the info for the secondary vlan) and assign that vlan to the host port as well as setting it as a protected port and this will communicate just fine across the trunk to the router as well as stopping the protected port in top of rack switch 1 from being able to communicate to a protected port in top of rack 2,3,etc? If the above scenario is what needs to be done, do I just use a regular trunk or do I have to use a PVLAN trunk?
View 2 Replies View RelatedI am just going to deploy some new 4900Ms for a customer. Want to know if configuring management for 4900 (everything like NTP, AAA, SNMP , DNS ) is doable through management interface in management VRF and there are no caveats to be aware of.
View 1 Replies View RelatedI would like if is possible to stack a Cisco 4900M with a 2960S. I know it is not the most common situation but i need it.
View 1 Replies View RelatedI have an issue with couple of Cisco 4900M switches. We just got them and tried to use the TwinGig Converter on the 4 ports 10G module.
The problem is that the switches sees the new module in slot 2 and when we are inserting the TwinGig Converters we are getting the error message and when we are trying to type the command this command it does not work."hw-module module <slot> port-group <group> select gigabitethernet",When we go to config T, the only thing we can type is "hw-module module <slot> and if we do a ? the only thing is available is logging and power and we can't type
Port-Group or anything else. Is this a hidden command or we have to something else?
on a Cisco 4900M running IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 15.0(2)SG1, RELEASE SOFTWARE (fc4) I'm getting a lot of packets on CPU Q "L3 Glean, 6".What is that queue and what could be the root cause?
Packets Received by Packet Queue
Queue Total 5 sec avg 1 min avg 5 min avg 1 hour avg
---------------------- --------------- --------- --------- --------- ----------
Host Learning 1563 0 0 0 0
L2 Control 1138188 3 0 0 0
Ttl Expired 2 0 0 0 0
L3 Glean, 6 4889394 4067 4381 3367 779
[code]....
Is it possible to use 1GB (SFP / Copper) on the built-in 8 x X2-10GB ports without any Network Module of 1/10GB. If so how.
View 2 Replies View RelatedI have a client whom has a 4900M switch as their SAN switch. They are getting ready to upgrade their SAN to use 10G.I had quoted them a price for an X2 module, but I am unclear based on pictures I have seen of the part number
X2-10GB-SR
whether or not the X2 module plugs into the X2 slot on the switch, AND then also has to have a transceiver put in it to receive the SC ends of the Fiber jumper, or whether the SC ends of the fiber jumper plug into the X2 module directly.
I would like to know if i can and how stack a Cisco 4900M with a 2960S. I know it's not the most common but i need it.
View 2 Replies View RelatedFirst time user of cisco hardware and we just purchased the 4900m catalyst switch. My question is very general. I am simply hoping to network 3 servers together and I do not wish to do any fancy or advanced configuration. Can I simply use the web management interface for network administration and setup? I just downloaded the Catalyst 4500 Series Switch Cisco IOS software configuration guide and they talk about Cisco View network management system, is this my answer or is this what most people use for basic configuration and administration?
View 3 Replies View RelatedI currently have IOS image cat4500e-entservices-mz.122-53.SG5.bin. According to my research it appears SPAN is supported on this OS. However, after looking at procedure notes using websites like here:
[url]... I cannot find and obviously not figure out how to use the SPAN command. My main objective is to simply setup a port mirror on one of my TenGigabitEthnet interfaces and from what I read SPAN is the best way to setup a tap interface on a cisco switch.
I am just going to deploy some new 4900Ms for a customer. Want to know if configuring management for 4900 (everything like NTP, AAA, SNMP , DNS ) is doable through management interface in management VRF and there are no caveats to be aware of.
View 1 Replies View RelatedWe have to cisco WS-C4900M with Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-IPBASE-M), Version 12.2(53)SG5, RELEASE SOFTWARE (fc1).We have four gigabit link connected between those two switches.We have create a LACP port channel with those four ports on both switches. Ether-channel is up and running and defined with a load-balancing method of src-dst-ip.But when we test the load-balancing, it's not using the src-dst-ip rule with the XOR: [code]
View 5 Replies View RelatedI have 4900M with X2-10G-LX4I need to have a link from it to 3560X GLC-SX-MM using MM Fiber Patch Cord.any configuration required in 4900M to change the speed of X2-10GB-LX4 to 1GB ?
View 2 Replies View RelatedMy current version IOS is cat4500e-ipbase-mz.122-53.SG5.bin. I just got a new version cat4500e-entservicesk9-mz.122-53.SG5.bin.I put the new version in bootflash: directory and tried various methods of starting the IOS up to run the new version but it always started in the original ipbase version. My start-config shows:
boot-start-marker
boot system flash bootflash:cat4500e-entservices9l-mz.122-53.SG5.bin
boot-end-marker
and I even deleted the ipbase version in the bootflash: directoy so then my switch would not even boot up at all and hung in rommon. In rommon I tried
boot bootflash:cat4500e-entservicesk9-mz.122-53.SG5.bin
and the result I got back was
File has bad file magic number: 0x0
So I had to point the switch to my tftp server and boot back into a back up copy of ipbase. how I can get my new IOS version to work? I understand I might have to download it again but I just got it so I am skeptical it is a bad file. [URL] as a procedure guide and I do notice some of those commands/steps do not work on my 4900m switch.
I have been trying to get the http server enabled so I can access Cisco Network Assistant. I have my interfaces configured but for some reason the server in not running, port 80 is still closed. [code]
View 2 Replies View RelatedI' ve three 4900M switches equipped with the WS-X4920-GB-RJ45 module and the WS-X4908-10GE module. Now I'm started to setup these switches in our lab environment for the first time. They behave a little bit strange in comparison with the C3750 series which I used before and which I will replace by these powerful machines.
I tried to setup these switches to be managed through the management port. I configured IP address, default route in the management vrf, set the source-interface for tftp,ssh,ftp and tacacs to use the management port. Ping using the manangement port was successful. After finishing theses steps I configured the TACACS and AAA settings accordingly the informations I found on CCO. I tested the settings with "test aaa group authentication" command- without success. On my Cisco ACS no request was received and the switch told me he could't reach the tacacs server. Other switches in the same IP subnet are working without failure, so firewall or server should not be the problem.
I am little confused with all these SFP types.
Can I use GLC-LH-SM, GLC-LH-SMD and SFP-GE-L with Twingig converter module? When I used Cisco configuration tool, the only option is GLC-LH-SMD for 1000BASE-LX.
I was wondering if a interface numbering scheme is available for the 4900M. Configuration includes 1 x 8Port 10G and 1 x 20Port 1G modules. would like to understand How the slots are addressedInterface AddressingTwinGig interface addressing
View 10 Replies View RelatedGot a question for 4900m with TwinGigi Converter. I bought couple TwinGigi Convert thinking to use it on fix module ports (8 * 10G ports on 4900m ten1/1 to 1/8). I follow TwinGigi configuration guide [URL]however, I am getting Invalid commands on hw-module:
Switch(config)#hw-module module 1 ?
logging Logging
Switch(config)#hw-module module 2 ?
logging Logging
power Enable/disable power to module in specified slot
[code]...
here is show ver and show mod:
Switch#show ver
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-IPBASEK9-M), Vers
ion 15.0(2)SG2, RELEASE SOFTWARE (fc3)
Technical Support: [URL]
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 07-Dec-11 20:20 by prod_rel_team
[code]...
Would like to know if the Cisco Catalyst 4900M Switches are stackable?
View 2 Replies View RelatedI am slowly working my way though the setup and configuration of our new 4900m switch. The switch will have a pretty basic operational configuration. We are simply going to network 3 servers together through the swtich. Anyhow, I have been fallowing the guide at this site: [URL]
Basically the switch is brand new and I just setup things such as the clock, the banner, and the hostname. Anyhow, at various points in the guide such as the configuration of the telnet password and especially the interface gigabitethernet I get the "invalid input detected at '^' marker". I also did a show interfaces and noticed there was not any gigabitethernet interfaces but there was a
"FastEthernet1 is down, line protocol is down Hardware is Fast Ethernet for out of band management, address i"
Anyhow, my thinking is continuing on with the guide and at least try to setup the interface for the management port so I can then use the cisco network assistant gui to then configure the rest of the switch.