Cisco Switching/Routing :: 6500 / ARP Not Learning Properly While Cluster Failover
Feb 20, 2013
I have a 6500 serious switch that one port (portfast enabled) hold a server .This server has sort of a Cluster configured for high availability .
During primary server failure the failover server acquires the cluster IP address (ie virtual IP).
Cluster IP 192.168.10.1
Primary server =192.168.10.2 Failover server =192.168.10.3
when failover happen , i am unable to learn arp. need to reboot the server for arp . After reboot i am getting different mac address(secondary) with cluster IP.
query:-normal clustering how mac address generating(means logicaly any mac address will be created or LAN card mac address)? Is ther any issue with portfast configuration(with out portfast configuration TCN will generate and max age timeout decrease 15 second from 300second) ?
Note : we checked a scenario same ip address with two system(ipconflit) and removed arp learned system from network and same thing happen we need to clear the arp manually in L3switch
View 3 Replies
ADVERTISEMENT
Jan 19, 2011
I had a problem with a FWSM of 6500 because the FWSM primary change to standby and after back to active.
View 1 Replies
View Related
May 23, 2011
a customer have 2 pix 525 with ver 7.0.1 in a failover configuration with serial cable and 2 sc fiber interface and 2 fastethernet 1 used for failover. the strange behaviour is that when i try to do traffic from inside to dmz or dmz to inside the maximum transfer is 862Kb/s to 1MB/s not more.... i don't understand what's happened. the show mem and show cpu are normal 7% mem used and 1-2% cpu used. attached you will find the configuration.
View 5 Replies
View Related
Nov 25, 2011
I am looking to cluster the aforementioned switches using the CLI. All the documentation that I have found all speak to performing the cluster configuration using CMS. I can only get to these switches via remote console so a GUI is out of the question for me. My ultimate goal is to configure these (2) switches for HSRP. Howver, everything that I found leads me to believe that I have to cluster in order to confiure the HSRP on these switches.
View 1 Replies
View Related
Dec 18, 2011
I need a L3 conection between a VSS Cluster and 2 Nexus 7000. Is ECMP the best solution ?
View 3 Replies
View Related
Nov 6, 2012
We have a vPC cluster of two Nexus 7009 that needs to be connected with a VSS cluster of two Catalyst 6509s. The VSS has been working fine for a while and the vPC cluster is new equipment.
Attached there is a detailed diagram of the connections; the VSS cluster connects the interfaces Ten1/2/8 and Ten 2/2/8 using the PortChannel 28 going to the the vPC cluster to the interfaces Eth 4/18 of each switch.
Both the vPC and the VSS are well configured; last night we tried to brought up the connection between the two clusters but only the first interface comes up within the etherchannel; the secondary one did not come up and shows (not receiving LACP packets).
We know Layer 1 is fine because if we remove the interface from the EtherChannel it does come up; but causes some STP loop and bring the network down; thus the solution is to form a EtherChannel.
At the VSS Clúster we see LACP packets being sent with sh lacp counters but we DO NOT see LACP packets being received in the interface of the secondary Nexus.
Right now, this is not possible to troubleshoot since it is a production enviroment; so I'm looking for problems with the configuration or recommendations to follow in order to apply them tomorrow night during a new maintenance window.
These are the configurations:
#######vPC cluster of Nexus 7009######
--N7K-1--
interface port-channel418
description Uplink 20 GE hacia VSS
switchport
switchport mode trunk(code)
View 3 Replies
View Related
Jun 21, 2012
I support an active VSS cluster using 2 x 6509E chassis with single Supervisor 3C modules in each chassis. I want to replace these with Supervisor 2T modules. All my service modules and line cards are supported with the Sup2Ts (I will also be implementing 6908 modules). Is there a document on the Cisco site for this? I haven't found one though I can find plenty that describe how to do a software upgrade.
(Note, I have a 3rd (non VSS) 6509E chassis that is also part of this core network and that will maintain VTP/V LAN's etc).
View 9 Replies
View Related
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
Dec 27, 2011
Cannot get my Intel WiFi Link 5300 wireless card to install properly on my my Latitude 6500 using XP SP3. I can go to the Intel website and download the latest driver but once everything has been downloaded and ran, then restarted the wireless icon says that my driver is not installed.
View 13 Replies
View Related
Dec 12, 2011
I have recently installed 4 3560 (WS-C3560X-48T-S) Switches. At first the switch comes up, indicating all connected ports with a green LED. Whenever i unplug a cable and plug it back in, the status LED will stay off. The same thing happens when I push the mode button and cycle throgh the different modes, i lose certain LEDs.
I'm using 12.2(53)SE2, another user reported the same issues under 12.2(55)SE1 .
View 4 Replies
View Related
Jun 20, 2011
Since the ACE supports only static routing, when pointing a default route from the ACE what is your preferred method when using multiple 6500s with an ACE in each in a failover scenario to prevent just pointing at one 6500? Static route to an HSRP address? Multiple static routes on the ACE, etc?
View 2 Replies
View Related
Nov 12, 2012
We have two Cisco 3560E layer 3 switches at the core of our network. The switches are configured as an HSRP pair and the clients on our network point to the HSRP address as their default gateway. So if CORE-A dies, then CORE-B will pick up the address and the default route for the clients will continue to be available.We also need to specify a few static routes on the core switch to allow us to get to specific networks. Is there a way to do this so that the routes failover in the same way that the default gateway does?
View 2 Replies
View Related
Apr 2, 2012
We're in the process of swapping in a new pair of ASA5520s and Catalyst 3750s to support two separate business units. We want Firewall A and Switch A to handle traffic for Org A (VLAN 100). Similarly, firewall B and Switch B should handle traffic for Org B (VLAN200). But we want to be able to fail traffic over in case of firewall or switch failure. Traffic between the two Orgs is being routed at the switch level. [code]
The uplink interface on each switch is currently a routed port with a static address on the uplink subnet. This works fine in a normal state. However, when we fail over one of the firewall contexts to the other chassis, this results in the inability to route internal traffic because the internal interface is now physically connected to a different switch with a different IP port address (obvious in hindsight). The question is, rather than a routed port, what would be the proper way to handle traffic between the switches and firewalls in a failover scenario? If I make the uplink ports into trunks, won't this cause all packets destined for either firewall to hit both both? Seems like that's not the way to go either? [code]
View 0 Replies
View Related
May 7, 2013
How to properly power down the Nexus 5000 and the fabric interconnect switches? I have looked up and down cisco's and google web for steps, but they are all coming back with the answer to just disconnect the power cables after you have power down all the windows os and exs servers. Before i do that, I just wanted to make sure that that's the correct way to do it or if there are actual commands that I will need to run on the devices to properly power down. I know that the FI do have a command to reboot, but i need them to completely be power down.
View 3 Replies
View Related
Jun 19, 2012
I have ASA-SM failover pair in two Catalyst 6500 switches. I send from switch to ASA-SM management VLAN 1234 to admin context for management purposes. I have another 3 contexts on ASA-SM. Can I have same managemenet VLAN1234 on each ASA-SM context? Can it work?
View 1 Replies
View Related
Feb 20, 2012
I am trying to configure ISP failover using IP SLA tracking in Cisco 3900 router(C3900-SPE100/K9).
I want to configure below commands:
R1(config)# ip sla 1
R1(config)# icmp-echo 2.2.2.2 source-interface FastEthernet0/0
R1(config)# timeout 1000
[Code].....
configure IP sla static route tracking in Cisco 3900 series router.
View 3 Replies
View Related
Jul 2, 2012
Currently I have a network that looks like this:
ASA5510 - - - Internet - - - ASA5510
| |
EIGRP EIGRP
| |
2821 -----------MPLS----------1841
BGP
The MPLS connection is currently down, I'm trying to run a failover Site-to-Site VPN over the internet. All of the examples I've read have both connections involved in the failover coming out of one device. Since I'm not working that way, what is going to be the best way to failover? Do I need to set up some sort of IP SLA in the config? Or can I somehow weight routes in EIGRP in a way that the connection will failover from Internet to MPLS when the MPLS goes down and vice versa when the MPLS connection comes back up?
View 2 Replies
View Related
Jan 9, 2013
Here iis a diagram of my current lab where I am using IP SLA to automatically switch from ISP 1 to ISP 2 should the connection go down (and vice versa)
My switches are C3550 Layer 3 switches. Both ISP's do work so connectivity is not the problem.
If I shutdown the fa0/19 port on SW1 the SLA kicks in and changes my defualt route out 10.0.1.0 without a problem. And when I do a no shut it comes back to tge 192.168.10.0 netowrk just as we would expect. No problem there.
When I disconnect the ISP 1 cell phone the SLA does switch the defualt route to the 10.0.1.0 netowrk. Okay, just fine so far. Here isthe problem, when i reconnect the cell phone the SLA does not come back to the 192.168.10.0 netowrk without first having to delete the SLA and then recresting it (both switches).
View 8 Replies
View Related
Jan 21, 2012
As per my understanding 6509 all slots are dual channel, so 9 slot * 40 per slot (20 g in and 20 g out) = 360 GB How cisco claim the 720 ?? What about the 6513 chassic switch fabric connection?
View 5 Replies
View Related
Sep 20, 2012
I am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
View 1 Replies
View Related
Apr 18, 2012
I've two Cisco 4500 running as core switches for huge and complex network. The two 4500 are going to act as dhcp server for several subnets. The easiest solution would be to split each DHCP pool in two, and assign the first half of the pool to one of the core switch and the second half of the pool to the second core switch. This would be a partial solution since if one of the two fails, the second core switch would not have enough dhcp leases available for all the devices connected for each subnet.For such a reason, I'm wondering if it the 4500 switches support a stateful redundant DHCP servers, so that the two switches can synchronize their DHCP lease tables. If this feature is available, I could define the same pools for both the switches without the risk of having duplicate ip addresses within the network.
View 3 Replies
View Related
Jul 27, 2010
IP SLA configuration fails over but cannot ping the 4.2.2.2 via Site B. Here is the output on Cisco 3750...
SW2#show runBuilding configuration...
Current configuration : 2901 bytes!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname SW2!boot-start-markerboot-end-marker!!!!no aaa
[Code].....
View 5 Replies
View Related
Sep 8, 2012
Below is a basic image of the HSRP and backup link setup for our LAN.
The virtual IP 192.168.178.50 resides on the primary router and fails over to the backup router. Internal default gateways for the switches are set to 178.50.
Switch1 is Layer3 and has two static default routes configured as:
ip route 0.0.0.0 0.0.0.0 192.168.179.50 track 1 - - - (interface line-protocol track)
ip route 0.0.0.0 0.0.0.0 192.168.178.50 2
And the primary router has a static route out 179.50 which tracks the interface (route goes down if interface is down), and a backup static route.
ip route (internal LAN) Gi0/1 track 1 - - - (interface line-protocol track)
ip route (internal LAN) Gi0/2 2
Everything works fine. If the primary router fails, Switch1 tears down the route across Vlan179, HSRP fails over the IP to the backup router and routing continues as normal. If the link across Vlan179 fails, the routers tear down the primary routes and again, things continue as normal.
The problem comes when the primary WAN link fails but the router remains up. This means the default route is still across Vlan179. Normally, Id set an IP SLA on Switch1 to track the WAN link BUT Switch1 only has the BASE IOS and the company wont pay for the Advanced IP IOS so I dont have IP SLA as an option.
How can I get the static default route to failover in the event that only the primary WAN link goes down?
View 12 Replies
View Related
Jul 16, 2012
Our servers are hosted at the Main site, site office A access to the Main site for Internet and servers. We are thinking NextG to take over when the link between sites goes down.
To start with, what is the configuration for 3750 at Site A and the Main site:
1) Trunking for both switches
2) Routing
3) the automatic failover configuration for the switch at Site A.
View 1 Replies
View Related
Jan 24, 2013
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
View 1 Replies
View Related
May 9, 2013
I'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15)
STEP 1: Created extended ACL to allow bootpc/bootps through DNS
ip access-list extended EACL_DNS
permit udp any eq bootps any
permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15
permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting)
permit 10.100.50.0 0.0.0.255 (server VLANs)
permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10
match ip address EACL_DNS
action forward
vlan access-map VACL_15 20
match ip address SACL_15
action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
View 3 Replies
View Related
Jun 2, 2012
I used to "ip routing" command in order to enable inter-vlan routing, for example with 3750 cisco. I have a 6503 cisco with SUP720 MSFC3. I was able to create some vlans but I can not configure inter-vlan routing.
sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
swsur(config)#ip routing
[Code]....
View 3 Replies
View Related
Oct 30, 2011
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
View 2 Replies
View Related
Feb 27, 2013
I have two Cisco ASA 5510s that I would like to configure in an active passive failover setup. The ASAs are at the top of our rack and handle all our routing. We have been only using one ASA unit with one line from our ISP connected to the WAN/outside interface of the ASA. We recently had our ISP setup two lines into our rack using HSRP. I do not know what equipment they are running upstream of our ASAs but it is HSRP so it should be a set of Cisco routers/switches. Originally I thought I could just connect the 2nd new line to our 2nd ASAs WAN/outside port and setup failover using a crossover cable between the ASAs. After doing this config I had problems accessing some of our IPs in the subnet that the HSRP is part of. If I disconnected the 2nd ASAs WAN/outside line everything was fine. After talking with my ISP they explained that I need to connect both of my lines into our L2 network and then from there into the ASAs. Currently below the ASAs I have two Catalyst 3560-X switches. They are connected together with an ISL trunk and ASA-1s inside network connects to switch-1 and ASA-2 to switch-2. One idea was to connect each of the HSRP lines to each of my current switches and then from the switches to the ASA's WAN/outside interface. Finally back down from the ASA's to the switches via the inside interface that we have currently. This kind of seems messy and a poor choice. The other idea is to get two switches that would sit above the ASAs and connect the HSRP lines to them with the switches connected together. They would then connect to the ASAs. I like this idea better but I don't like having to buy two more full switches for this. These switches would only use a couple of ports and only handle just the HSRP ISP lines to the ASAs. Putting in two more 3560-Xs would be a big waste of money and space for this. So I was thinking of using two Cisco SG200-08, 8 port gigabit basic managed switches for this.
View 5 Replies
View Related
Apr 2, 2013
I'm a bit perplexed atm with trying to set up multiple failover routes on a 2821 router. Let me say that I have more experieince in a switched network as routing is seldom required where I work atm. Here's my problem. I have a routing table set up as follows but only the primary routes work. The failover routes will not kick in once the primary route is not there.
ip route 10.32.11.0 255.255.255.0 128.32.8.11
ip route 10.32.11.0 255.255.255.0 128.32.24.11 100
ip route 10.32.12.0 255.255.255.0 128.32.8.12
ip route 10.32.12.0 255.255.255.0 128.32.24.12 100
ip route 10.32.14.0 255.255.255.0 128.32.8.14
ip route 10.32.14.0 255.255.255.0 128.32.24.14 100
Ip addresses are not exact but it gets the point across.
Why the failover routes are not failing over? The failover routes work if I remove the primary route from the config.
View 9 Replies
View Related
Sep 25, 2012
Any have experience on triggered failover on VSS deployment with 1 VS-720-10G-3C in each chassis? I tried using "redundancy force-switchover" but after that the 20G VSL is flapping up & down and cannot be up normally, we got 1 FWSM in each chassis, any configuration need to fit in this kind deployment? BTW, if I shutdown the power source of VSS active chassis, both FWSM & VSS can failover normally.
View 3 Replies
View Related
Apr 29, 2012
I have run into a problem testing static route failovers using ECMP. I have an edge device (SUT) that has 2 NIC interfaces to an internal Loopback. Each NIC is a unique Gi port on an 7609 VLAN tagged with unique IP subnets. The 7600 is configured to route the loopback via the 2 NIC. I am using CEF in the network for other traffic performance testing. Using an external sniffer we can verify that when a ping is initiated externall to the SUT loopback a specific path is selected by the router.
Ping host ------Network-----7609 Gi1/21 (172.16.110.9)-----------SUT Nic1 (172.16.110.10)
| |
| -------Loopback 137.168.68.114/32
| |
7609 Gi2/21 (172.16.110.73)------------SUT Nic2 (172.16.110.74)
[code]....
Now, when the selected path is taken out of server (pulling cable for example), the 7609 is not clearing the routing table to indicate that particular path is down and failing over to the secondary path. Other things I have noticed is the show ip cef still shows both peers as well as the arp table but the interface shows down (show interface gi1/21 for example). I am running 15.1. My understanding is that since the ports are directly connected to the router, the ports should be detected as down and any association of the IP for the down port should removed. This should trigger the static route to update the static route for the end destination to use the second path and traffic should continue.
ROM: System Bootstrap, Version 12.2(17r)S2, RELEASE SOFTWARE (fc1)BOOTLDR: Cisco IOS Software, c7600s72033_rp Software (c7600s72033_rp-ADVENTERPRISEK9-M), Version 15.1(1)S1, RELEASE SOFTWARE (fc1)
View 4 Replies
View Related
Jan 27, 2013
One of our customer has 3 ISP Line, out of which Two are Broadband and One is Leased Line. All 3 ISP interfaces are Etherent.
Now, they want Auto Failover with Load balancing among these 3 ISP lines.
Can we do same implementation in Cisco 1941 Router?? What licenses required in router for same?
View 1 Replies
View Related
