We want to get L2 traffic amount (bit/byte) passing through a cisco switch (6500/3560 ...) for a specific VLAN. it can be via SNMP or CLI ...How can we do that?
note: there is no L3 interface on swtiches.
I have two WAP4410N plugged into my Catylist 3560 switches.One of these switches is my Default Gateway for the LAN.The only way I can get a device to connect to the WAP4410N is by assigning it a static IP. Then it works perfectly.
View 10 Replies View RelatedI have a 5K with 5 downstream 3560's. I now have a new 5k that I would like to add to the existing 5K as a HA peer. What is the best way to accomplish this with the least amount of downtime for the downstream switches.On the 3560's, i plan setting up port-channels once HA is setup on the 5k's.
View 1 Replies View RelatedHow do I limit broadcast/mulitcast traffic on a switchport to e.g. 5000 pps ? I don't want the port to shut down, just block or drop broadcast traffic that exceeds 5000 pps.
View 19 Replies View RelatedWe recently extended our access layer using a pair of 5ks with extenders. We have a pair of 6509s at our core and they handle the intra-VLAN routing with SVIs. I recently noticed that access hosts connected to the extenders cannot pass traffic between each other if they are in different VLANs. The strange thing is these same hosts can ping devices in other VLANs as long as the other devices are not connected to the 5k environment.
For example, consider the following hosts. Each host has their gateway set to the appropriate SVI on our core.
HostA - VLAN100 - connected to 5k extender
HostB - VLAN200 - connected to 5k extender
HostC - VLAN100 - connected to 2960 off our core
HostD - VLAN200 - connected to 2960 off our core
Each host can ping each other with the exception of HostA and HostB. As for specifics, we use HSRP (no VSS) between our cores.
When I ping between hostA and hostB, I see the egress packets on either 5k1 or 5k2. I then see ingress AND egress on Core1. There are no ingress packets on 5k1 or 5k2.The egress packets from Core1 show the correct destination MAC address of the target host. The mac address table shows the mac address on po31.
I have a sge2000p to install with a uc520. I have all data traffic passing ok but voice will not work. Phones to not get ip etc.
View 4 Replies View RelatedI have an Cisco ME3400-24TS-A Switch with is not behaving normal.
I have already erased its flash, uploaded new IOS but could not fix the issue. However it boots normally and pass all tests show in boot process. Issue is this the i cant access or ping the computers attached to its ports from one to other.
However i can ping the switch vlan 1 IP from all computers attached to it.
When i tried Debug All Command, its shows the following:
debug all
This may severely impact network performance. Continue? (yes/[no]): yes
All possible debugging has been turned on
Switch#
*Mar 1 00:03:41.467: special_oce_change_vectors: select debug vectors
[Code]....
I just purchased a new SF-300 managed switch for the purpose of using it on the DMZ, so we can mirror the internet port and monitor traffic for my company. I have set it up from the web interface to miror port 1 to port 2 and that's pretty much it. I decided to test it before putting it in production, by hooking it up to one of my core network switches, connecting a laptop to it and trying to get online. It doesn't even connect to my DHCP server to get an IP address. If I put the laptop back on the same subnet as the switch management IP, I can still connect to the switches web interface. Isn't the basic functionality of a switch to pass traffic?
I should also mention that I'm not a network engineer, so there might just be something I'm missing with regard to a default setting that needs to be switched off?
We have 2 FWSM modules in each 6500 switches. 1st module is having 04 firewall vlan groups with 18 vlan interfaces in a single context firewall. All are working fine with no issues. Recently we create one more vlan on MFSC and add into the same firewall module. However newly created vlan inside the FW is not able to communicate with outside and also outside users not able to reach newly created subnet. But within the firewall zones (other interfaces) it can communicate. Once we did packet capture we noticed that its hitting firewall outside interface only and when we ping we got TTL expired error. we have default routes to outside and there's no any route inside as new segment is within the firewall (no any hop).
I guess there's no limitation on number of vlans that we can assign on one firewall eventhough there is a limitation for number of vlan-group which is 16 max (but we are within that limit).
I need to implement the shaping VLAN only on the trunk link between the 6500 and 3560. [code]
View 8 Replies View RelatedWhich IOS version for me3600 supports 4-byte BGP?
View 1 Replies View RelatedWe have a lot of IPX traffic flowing through a switched network and we are being asked to filter it from a network standpoint. At one point they were using IPX in their network, but no longer need to, so they still have a lot of machines spewing out IPX traffic. We have removed the IPX routing commands from our distribution switches, (Cisco 6500), but after running a short 10 minute Wireshark capture I'm still getting a good bit of IPX traffic from a lot of different devices.
View 2 Replies View RelatedI am using Cisco 3560 as distrubution switch and want to limit port 445 traffic on 1 MB and applied rate limit statment on Gi0/1 port but switch unable to limit said traffic.rate-limit output access-group 120 1024000 128000 128000 conform-action transmit exceed-action drop.
View 25 Replies View RelatedAt one of my field offices I want to redirect internet traffic down a separate DSL connection instead of having it ride the T1 back to the main office then going out. At this office I have a 2600 router, 3560 switch, with a Fortigate firewall in between DSL connection and LAN, Fa0/0 on router and firewall are both plugged in to switch. I have seen posts that mention PBR or static routes which is the reccomended method for dealing with this?
View 6 Replies View RelatedI am experiencing a problem on a Catalyst 4510 (cat4500-ipbasek9-mz.122-53.SG.bin) with 802.1x configured. Client PCs are connected via a mini desktop switch to a Cat 4510 switched port in multi-auth mode. The configuration of the port follows:
!interface GigabitEthernet2/34 switchport mode access ip arp inspection limit rate 30 authentication host-mode multi-auth authentication port-control auto authentication periodic authentication timer reauthenticate server dot1x pae authenticator dot1x timeout tx-period 5 dot1x max-reauth-req 6 spanning-tree portfast ip verify source vlan dhcp-snoopingend
It happens from time to time that the Cat 4510 port stops passing traffic. Reconnecting the mini switch recovers the communication. Client PCs connected to the mini switch seem to be authorized at the moment when the problem occures. The RADIUS Termination-Action attribute is set to RADIUS-Request. The problem is not present if "authentication periodic" is disabled.
does 6500 with SUP-720 support nat on multicast traffic?
i know it support Multicast service reflection based on SXI4 which can facilitate me on destination address nat.
but if i need only source nat, does the defualt NAT feature supported on multicast traffic ?
I'm performing tests with following desired scenario: We have several remote offices, connected to our HQ via MPLS. In these remote offices, we have several vlan's. Each vlan has it's own ip-range. The MPLS cloud is routed, so we cannot switch our HQ vlan's to the remote offices. In this case, the client pc is in a guest vlan which allows him internet access. The uplink for this internet access is hosted in our HQ datacenter.
basic scheme:
client pc --> MPLS cloud (managed by ISP) --> 6500 switch LAN --> Checkpoint Firewall --> 6500 switch DMZ --> ASA Firewall
My test scheme:
Client pc is in a subnet A (guest vlan range office).
We receive this traffic on our first LAN 6500.
[Code].....
I have a 3560 switch where I have 4 ports connected, one is to our WAN provider - 10Mbps and the other three are connected to different customers who I want to get an equal share of the 10Mbps bandwidth.I'm fairly clued up about configuring modular QoS but I'm being thrown by the fact that you can't apply a service-policy outbound on the ethernet ports.
View 3 Replies View RelatedWe are in the process of rolling out iPads to our offices. As part of this implementation, we need to print from the iPads to our network printers. Our network printers are mostly HP and Xerox and do not have native Apple AirPrint capabilities. As such, we have been using the FingerPrint software to share out the network printers as Apple AirPrint printers. We have a mixture of switches at our offices. Most offices utilize a 3550 PoE switch. In these offices the AirPrint traffic is being transferred successfully and everything works great. In the offices which are using 3560 PoE switches, the traffic is never seen at the iPads. We are using EnGenius EAP300 access points connected into the Cisco switches to provide wireless access to the iPads. Both 3550 and 3560 switches are running iOS 12.2(25). What might be stopping/blocking the AirPrint traffic on the 3560 switches?
View 3 Replies View RelatedI use WS-C3560G-24TS and try both ios 12.2.50.SE1 and 12.2.46.SE but problem the same. The config as following,
interface GigabitEthernet0/1
no switchport
ip address 1.1.1.2 255.255.255.0
[code].....
but I find the int g0/1 output traffic only can achieve about 500kbps then I try config below,
interface GigabitEthernet0/1
no switchport
[code]....
I find int g0/1 output traffic only can achieve about 5Mbps,but if I change "srr-queue bandwidth limit xx" command xx to 20-90,the int g0/1 can achieve normal traffic bps, for example,
interface GigabitEthernet0/1
no switchport
[code]...
the int g0/1 output can achieve 2Mbps that is correct,just only when limit set to 10%,the traffic only can achieve half of limit bandwidth.
i have a 3560 connecting to a sp with limited bandwidth. i have one interface on the switch whose traffic i do not want to drop. i want this traffic to go into the high priority queue. i am not sure how this should be configured, but here is my best guess and my current qos configuration on the switch:
qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 1 4 6 7
mls qos srr-queue output cos-map queue 2 threshold 2 3(code)
since cos 5 is mapped to dscp 46 then this traffic would go into the priority queue. is this correct ?
On a Catalyst 6500, we configured a SPAN session with VLAN 300 as a source. We configured the session bi-directional ("both" keyword). We connect a sniffer on the SPAN destination port.
Strangely enough, we only see the traffic from the VRF to the firewall, but not the reverse traffic ! What can be the problem ?
I have catalyst 6500s with two VS-S720-10Gs, one is in Active and one is in Hot state. Both Sup cards have two 10G uplink ports. How does the traffic forwarding works in this case on the uplink ports? Do these uplink ports actively forward traffic or it is only the uplinks ports on Active that forward traffic? I see CDP neighbors on both Active and Hot SUPs uplinks ports - it indicates that packets are flowing on both cards.
I want all uplink ports on both SUPs to actively forward traffic. Does it work? What is the config for this?
I have issue with 3560 switch QoS configuration . I checked in cisco site about mentioned model QoS configuration.once we mark the frame and map the CoS to DSCP and once it enters into switch and it processes according to LAN QoS configured on interface
we have configured both the commands shape and share.
once it leaves the switch and enters into Edge router and if we do not have configured QoS in router which is normally MQC , how does it process each packet ?Do we need to have end to end QoS configured in LAN ?
The last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
I am trying to get my workstation to talk to a workstation on a different sub-net through a Cisco 3560 switch. The switch is running the following IOS version: [code]
My primary network is 172.16.0.0 and I am trying to connect to a device on a 192.168.111.0 sub-net. [code]
What would be the best way to get the two workstations talking via the switch?
I am trying to guarantee 100mbps for a vlan across a gig link. I have done some research and found this command for switches
mls qos srr-queue input priority-queue 2 bandwidth 20
However it doesn't seem to work for my 6500. I know the 6500 uses PFC for QOS but I have no idea how it works. how I can guarantee a vlan 100mbps across a 1gig link?
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
how to take the event log of Cisco switch 3560, its argent.
View 1 Replies View RelatedI have a 3560-48 switch running Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE3 and i need to implement basic QOS commands to the fast Ethernet interfaces as well as the gig interfaces and Also I need to create port channels on the switch and need what the port channel syntax are as well for that particular IOS version?
I have only read only access and i can't see what the QOS and Port channels syntax should be for that IOS version.
I'm in the process of configuring QOS on a 3560 routing switch in a GOLD, SILVER, BRONZE priority type scenario.
Firstly, I understand that this config will add a tag of "precedence 5" to a packet if it matches the "ACL_QOS_GOLD_In" access list. Question is does the router see this "precedence 5" tag and then sets the priority, or am I missing something in my config where at present it just sees the "precedence 5" and doesn’t act on it ?
Secondly, Since the "precedence 5" tag has already been added to the packets, do downstream routers see this tag and act accordingly or so I need to configure those is well ? [code]
configure QoS on 3560 switch i have taken the template from cisco configuration guide since we have different QoS configuration on each model.
below is the configuration :
configure terminal
mls qos
end
mls qos map cos-dscp 0 8 16 26 32 46 48 56
no mls qos srr-queue input cos-map mls qos srr-queue input cos-map queue 1 threshold 2 1 mls qos srr-queue input cos-map queue 1 threshold 3 0
[code]....
Currently all the cisco phones are connected to this switch and configuration with only one vlan that is voice vlan .
1) what is the outcome of this configuration , i mean, what will be the expected output ? end of the day we need to prioritize the voice traffic but why other commands including threshold and buffers are mentioned with respectives queues , if I need to explain that what am i expecting out of this configuration ?
2) this is LAN QoS which i understood but again , do i need to configure policy-map along with class-map which is MQC on this switch ?
3) i have edge router where i have MQC already configured but confusion with this switch which is working as a Access switch .
4) I referred the cisco QoS document for the respetive model whereas we have policy-map configured on the same switch with class-map .
My understanding is if we have configured the LAN QoS , and mapped the CoS value with DSCP , we need not to have MQC.