If I setup 4948E's in HSRP configuration. And I connect devices to the Standby Unit that do not require redundancy. Will there be any issues passing traffic? I don't believe that standby unit blocks the traffic but wanted to confirm.
View 5 Replies
I am facing a problem in implementing HSRP. My scenario is like this, I have two 3750 switches and I have a server with two NICs. I want to run HSRP in these two switches. By the way the server is connected directly with the switches. I mean each NIC to each switch.we have teamed the two NIC (Active / Standby).what configuration need to done in switches to work HSRP.
View 4 Replies View RelatedI have been reading several posts in this forum to try to understand ACL behaviour on a standby HSRP 6500, I would be glad to get this cleared.I have two 6509 running HSRP for all Vlans...I created VLAN 100 with standby ip address 192.168.1.129 255.255.255.128
Active 6509 (SW01) ip is 192.168.1.130/25, priority 120
Standby 6509 (SW02) ip is 192.168.1.131/25
I have created a DHCP server on the standby 6509 only on the same VLAN 100 with a defaul router of 192.168.1.129 (i.e. the hsrp vip). I connected a pc directly to the ethernet port on the standby 6509 and put it under VLAN 100 and it obtained its ip 192.168.1.200 from the ios dhcp.Now I want to restrict this PC (and any other on its subnet) to access only a remote server 172.168.10.10 and nothing else. I have created the following access list, allowing traffic to the remote server, ospf and hsrp updates,ios dhcp...
Extended IP access list SWRES
10 permit ospf any any log (172 matches)
20 permit ip any host 172.168.10.10
30 permit ip any host 224.0.0.2
40 permit udp any host 255.255.255.255 eq bootpc
50 deny ip any any log (52 matches)
I have applied this ACL on both the 6509s under interface VLAN 100 ip access-group SWRES in
1. When I ping different subnets on the 6509s from the PC, I still receive icmp replies although I expected the acl to pass traffic destined for the remote server only. I do get deny log messages on the Active 6509, but not on the standby 6509 where the PC is connected.
2. Is permitting bootpc in the acl enough for IOS DHCP server and client operation? Do i need to explicitly permit access to the defaul-router configured in the DHCP, which happens to be the VLAN 100 gateway ip and hsrp vip as well (192.168.1.129)
3. I do get deny logs on both the 6509s from the PC trying to access the local VLAN 100 broadcast address on ports 137, 138.
%SEC-6-IPACCESSLOGP: list SWRES denied udp 192.168.1.200(137) -> 192.168.1.255(137)
I am running HSRP on three 4506 switches..S1(active) S2( standby) and S3(listen)..S1 is active for all the vlansRight now, I wanted to make S3 active for two vlans: vlan 10 and 19What would be the impact to the end hosts?Also, can you tell me why the arp is not syncing for all the three devices? [code]
View 4 Replies View RelatedI have my hsp setup where switch A and switch B share active/standby roles among several vlans. In the last few weeks, i have seen trouble tickets where connectivity is lost and upon investigation i discover that i can ping physical interface IP addresses for both standby and active devices but not the standby IP. I have also validated configurations and layer 2 paths and they haven't been broken.
What I end up doing is failover to the standby device and back and the problem clears, reachability is restored. My question is whether I am solving this the right way. If so, what is it that would cause the standby IP to not be reachable and how does my solution fix that? N/B the switches are catalyst 6509's.
I am working on two Nexus 7010 with 5.1.5 NX-OS version. I configure HSRP traditionnaly, Nexus 1 with a priority of 200 and Nexus 2 with a priority of 100 for all vlan.
When I change the priority of a vlan to 200 to 50 for example, Nexus 2 become active and Nexus 1 standby. The problem is that when I do a traceroute from a PC the packet take the Nexus 1 as defaut gateway all the time.....
For information I have a peer link between the 2 Nexus for vPC.
My actual Scenario
1 x 4500 and 1 x 3560?They are gateways of 8 Vlans?They are doing HSRP in each of those Vlans?The 4500 is the Active?There is a DHCP Pool for each of those Vlans on both gateways using "ip dhcp excluded-address" I ensured that the range of provided ips by each DHCP server will not be overlapped Obs.: Reducing the lease time, I ended with the calls bringing related problems.
OK, every thing is blue, every thing is fine.But the network diagram is realy complex(41 switchs, 89 uplinks), and depending of how is the network flow, one or other server answer first or latter.
For many reasons I would like that the secondary DHCP server would answer only if the primary DHCP server goes down.To me, the bigger reason is that DHCP database would be only in one DHCP server.But there is other reasons.
I passed by many frustrated solutions:Try to force a delay on the answer on one of the servers. - Impossible.Try to disable DHCP server, and, using EEM, enable it only if router became active in HSRP. - I couldn't do It.
What I'm thinking now is use the HSRP resource to resolve it.On both routers I would put a "ip helper-address" pointing to an Virtual_HSRP_IP.And depending on which router is the active, him will answer the request.
My first doubt is:Would it work?The second doubt is:Could I use the same Virtual_HSRP_IP that exists on that Vlan(see example 1),or I would need to point it to a Virtual_HSRP_IP in a different Vlan(see example 2)?
Example 1
-----------------------------------
| 4500 |
-----------------------------------
interface Vlan1
ip address 10.10.0.2 255.255.0.0
ip helper-address 10.10.0.1
standby 1 ip 10.10.0.1
[code]....
One of our customer , where there 2 6509 switch , one is Core_sw1 and other is Core_sw2 , catering about 32 Vlan , and HSRP in running for all Vlans , till here no problem , now there internet Router which having one Internet link , which connected and configured on Core_sw1 in a way that one interface of Core_sw1 is given Public IP and there is vlan 85 which internet vlan and vlan 85 ip are natted with that public IP with one simple static route given toward internet router , this is how internet is working ok.
Now i have configured vlan 85 in hsrp as all other are , how can give redundancy to vlan 85 user , that if Core_sw1 get down , internet traffic can get out through Core_sw2.using same internet router with single internet link .i am not talking of ISP redundancy , but Vlan 85 in Core_sw1 goes down , other Core_sw2 will server internet.
Normally when we do HSRP with vPC on N7K the device will be Active/Standby in control plane but it will be Active/Active in data plane. In this case any traffic reach to standby device it can forward traffic directly to uplink which is not my desire. My goal is all traffic should pass through active (control plane) device in every case unless active device totally dead. So Is it possible for Nexus 7000 to be HSRP Active/Standby in Data Plane ?
View 4 Replies View RelatedI have router connected to 2 3550 switches directly. 3550A and B switches are running HSRP. OSPF is running between Router and 2 switches.
From Switch B i can ping the Router Wan interface but not the internet sites. from Switch A i can ping any sites?
Switch B
3550SMIB# sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1
[Code]......
I need to connect a 6500 switch with a 4948 switch using 10G optics. On 6500, line card used is WS-X6704-10GE and I am aware that WS-X6704-10GE is a xenpak and 4948 ports are X2. What is the way to make the connection between xenpak and X2 work?
View 3 Replies View RelatedI've tried to upgrade a redundant setup from 8.2(4)4 to 8.2(5)22 ending with a stanby ASA continuously crashing after config sync phase. On the first crash it even corrupted the flash, leaving me no choice than initializing the box from scratch.
View 4 Replies View Relatedi have a 6509 connected via layer 2 (VLAN1) to a 3750 (e.g. VLAN1 10.1.1.1)then to the HQ via Metroethernet(L3). Is it possible to connect the 6509 to an ASA that already has VPN connectivity to the HQ using HSRP? Also need to mention, the VPN connection is supposed to be the redundant connection if Metroethernet link fails.
View 3 Replies View RelatedHow to configure HSRP with Statefull NAT using the application redundancy of the IOS XE? I want to have static NAT using the HSRP groups for clients and SNAT. (I want to achieve this as in normal IOS -[URL] High Availability NAT with HSRP)The configuration that I have on the 1st ASR. The configuration is similar on the second ASR
redundancy
mode none
application redundancy
group 1
name NAT-HSRPIN
[code]...
IP nat inside source static 10.10.10.20 "real ip address" redundancy 1 mapping-id 1 extendable.
I understand that the PCEX-3G-HSPA requires and a sim card. I also have a PCEX-3G-CDMA-V. Does this require a sim card as well? And if so, where is the sim card installed?
View 1 Replies View RelatedI am trying to find out what the maximum amount of HSRP/Standby groups a Cisco 3945 will support. I found this link that I think says 256 URL.
View 6 Replies View RelatedMy question is if I do not want to purchase any additional switches can I connect the devices to the 6509 and put them in their own separate vlans?I am a little fuzzy about the physical connections needed to make this design work as it is.
View 9 Replies View RelatedI cannot boot IOS, when i reload this switch it go to ROMMON. I try to uploand IOS but it still has problem. i think i may wrong some point during i did uploand.
This is problem
Switch#sh bootvar
BOOT variable = cat4500-entservicesk9-mz.150-2.SG3.bin,1;bootflash:cat4500-entservicesk9-mz.150-2.SG3.bin,1;bootflash:cat4500-entservicesk9-
[Code].....
My cisco 4948 switch is generating the below error,how do i troubleshoot this error.
*Mar 13 00:09:33.451: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 14 times)Packet received with invalid source MAC addre ss (00:00:00:00:00:00) on port Gi1/37 in vlan 1Gi1/37- to this port another 2950 switch is connected by trunk link.and to this switch end host is connected i.e.thin client
MAC Support: 16000
Backplane: 18Gbps
Forward: 28Gbps
VLAN's: 4000 (q-in-q support)
Jumbo Frame Supported
Supported 8000 static routing
!Supporting Stack!
Cisco 4948 supporting stackable? which product do you recommend to these criteria?
I am updating the iOS for a 4948 the bootflash is empty so all i can get into is the rommon. There is no option for x-modem. How can I put the iOS onto this device? [code]
View 2 Replies View RelatedWe had to transport one of our 4948 10 GE to another Data Centre and when we got it there and tried to power up its System Status LED was red and we cannot even get console to the device.
We can try to see if the switch is completely dead and needs replacing or is there something we can do to get it back up and running again?
We purchased two new 4948 with two 10GE uplink ports and upgraded the devices to run IOS 15. My 6506 is running Sup 720 with s77233-adventerprisek0_wan-mz.122-33.SXI9. Currently we have 4948's connected to the same 6506's with no problems. Today I tried to add the new switches with new IOS and it caused of of my 6506 core switches to failover. I can't explain why because it was close to start of business and couldn't do much troubleshooting.
Currently we have four 4948 (running IOS 12.2(14) switches running Layer2 connecting dually to each of the two 6506 cores via 10GE fiber uplinks. I tried to add two more to the scenario, again running layer2 and dual-honing them to each of te 6506 switches. there are two 6506 core switches and they run HSRP and spanning tree is manually set to give priority to even vlans on one 6506 and odds on the other 6506. Also the new switches I tried to add did had rootguard applied as well as the uplinks.
We have to get this working and have no test environment to work with. We need to do this late this evening after close of business.
On another note, I have had problems upgrading some of my older 4948's to IOS 15. I followed Cisco's suggestion and upgraded the EPROM first and then the IOS upgrade took on three of the switches that were ordered rather recently. The four that were ordered in one batch will not take the upgrade even following Cisco's instruction and lots of other tricks. Nothing works. Having problems with IOS 15, in general?
I am planning to upgrade Cisco 4948 IOS upgrade. We have few with older code( 12.2(25)EWA7), when issue sh version shows as Catalyst 4000 L3 Switch Software. while newer version of the switch show as Catalyst 4500 L3 switch.
1 Is this/(sh ver output) just because of the Older code ?
My 2 question is according to release note : [URL]
You need to upgrade your ROMMON before the IOS . 2 What is the approximate time it take to do this ROMMON upgrade ?
I have 4948E module switch at customer site and below is the show version output. Image on the switch is not supporting 'AUTO QoS' as i need to enable Auto Qos on it to prioritize Voice traffic. Which image supports Auto QoS feature . Image should have L3 functionality also i mean it should support Routing protocols. I tried to enable auto QoS using by configuring "QoS' globally but no luck...with existing image.
{ URL}
ROM: 12.2(44r)SG9
Hobgoblin Revision 20, Fortooine Revision 1.22
Switch up time is 12 hours, 1 minute
System returned to ROM by reload
[ code]...
Configuration register is 0x2012
Switch#sh boot flash:
-#- --length-- -----date/time------ path
1 25793234 May 31 2011 15:20:20 cat4500e-entservicesk9-mz.122-54.SG.bin
2 25005209 Mar 08 2013 09:53:18 cat4500e-entservices-mz.122-54.SG1.bin
70033408 bytes available (58249216 bytes used)
I'm connecting the two devices above and I need an LC to SC fiber cable. It should be pretty simple but I've seen two different types of LC/SC cables - one is 8.3/125 and one is 62.5/125. I believe the 62.5 is an older cable type but when looking at the detail sheets for each of the SFPs I see that both of these support a 62.5 or 50 micron core size.
View 2 Replies View RelatedI would just like to confirm if it is possible to create a 2x10G etherchannel on a 4948.
View 4 Replies View Relatedupgrade IOS in cisco 4948 switch, I do not have admin right and network access
View 22 Replies View RelatedI am trying to setup the management vrf on the 4948 10GE so that my TACACS requests will use that vrf for out-of-band purposes. The vrf is working properly because I can ping the TACACS server using the vrf but the logins do not work. I see this error in the tacacs debug:
TPLUS(00000016)/0: Connect Error No route to host
Looking at the release notes, it states that my version (12.2.54 SG1) does support vrf aware tacacs but the documentation seems to be a bit off because i do not get a server private command option as stated in the configuration doc after configuring a tacacs server group:
[URL]
Here is my config:
ip vrf mgmtVrf
rd X:X
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
ip address x.x.x.x
[code]....
I need to replace a faulty fan unit on the catos WS-6509 switch. this Catos switch does not support show inventory so any other catos commands which will show me this part id?
View 2 Replies View RelatedWe currently run 7206 routers with VAM cards and are able to configure the devices to perform stateful failover of tunnels from router to router. When moving to the 7604 with 15.1 IOS there are not any examples of how to set up the stateful failover of the tunnels between devices. We have the devices in the SSO mode are not able to understand how to get the redundancy between the devices functioning.
View 1 Replies View RelatedIn my setup , i have one core switch 4506, 3750 access switches and 4948 server switch.i have created the mngmt VLAN in every switch.the problem is i can ping the every device mngmt ip from any internal network,but my server switch mngmt ip i am not able to ping.trunk link is configure between the core and server,access switches.What is the problem with 4948 switch?
View 7 Replies View RelatedWe have Cisco 4948 switches running in production. We want to moniter the trunk link through SNMP.If trunk link fails SNMP need to send notification to server.
View 1 Replies View Related
