Cisco Switching/Routing :: 6500 Sup VS-S720-10G Traffic Forwarding In Active And Hot State
Jan 24, 2012
I have catalyst 6500s with two VS-S720-10Gs, one is in Active and one is in Hot state. Both Sup cards have two 10G uplink ports. How does the traffic forwarding works in this case on the uplink ports? Do these uplink ports actively forward traffic or it is only the uplinks ports on Active that forward traffic? I see CDP neighbors on both Active and Hot SUPs uplinks ports - it indicates that packets are flowing on both cards.
I want all uplink ports on both SUPs to actively forward traffic. Does it work? What is the config for this?
We have a pair of 6500 switches, each having a trunk going to each access switch. We set the spanning tree priority on Core1 so it is the root bridge for all VLANs. We have two different types of access switches:
-3550 setup as VTP client and ISL -2960 setup as VTP transparent and dot1q.
Pruning is disabled but we use "switchport trunk allowed vlan" to restrict which VLANs go through each trunk. When we need to permit a VLAN through a trunk, we simply run "switchport trunk allowed vlan add <VLANID>" on the access switch and both core switches. If it is a 2960 in VTP transparent mode, we must set the VLAN to active. Once this is done, a "show int trunk" will reflect the new VLAN in "Vlans in spanning tree forwarding state and not pruned" for Core1.
I recently went through this process to add VLAN 250 on a 3550 access switch, but the VLAN is not listed in STP forwarding state and not pruned. I tried removing the VLAN from the trunks and redoing it, but there is was no change. I tried adding VLAN 257, but the same behavior happened. I then tried trunking the same VLANs to a few other access switches. Three other 3550s experienced the same behavior, but I was able to trunk the VLAN to a few 2960 switches. At this point, I figured it might be related to some kind of limitation of VTP or the 3550 switches. I provisioned a new 3550 with the same IOS and settings (VTP client, ISL). To my surprise, all VLANs configured were in STP forwarding state and not pruned.
Running show spanning-tree on the core and access switch shows VLAN 250 as designated FWD. I confirmed we are not hitting the limits in "show spanning tree summary totals" on the Core or Access switches. I also confirmed we are not hitting the virtual port limit by running "show vlan virtual-port slot x."My next action might be to shut/no shut the uplink to Core1 from the access switch, but I'm not sure if that will fix it and even if it does, I have no clue what caused the issue.
I'm trying to configure a egress netflow in a 6500 (VSS) with VS-S720-10G supervisor. I foud some old posts and understood that netflow wasn't supported on 6500 but i found a new document and it seems that netflow is supported in Supervisor Engine 2T:[URL] Does the netflow still not supported in VS-S720-10G? It's weird because the command is supported:
#sh run int vlan 4 Building configuration... Current configuration : 353 bytes ! interface Vlan4 ip address X.X.X.X 255.255.0.0
I have two Cisco 6500 switches connected via fiber, this is my small network. One end goes to a provider, and the other end goes to a server. My IT department wants some sort of link state propagation since the provider keeps going down, but the IT team is unaware until they contact me.
We provide a Layer2 point-to-point circuit, access ports at the ends. We use V LAN's to transport the traffic. Please let me know if there is anything I could do to support link state propagation.
I am looking to implement VSS using our two 6500 series switches. The "Recovery Actions" when there is a Dual-Active situation says that the active chassis that detects a dual-active condition shuts down all of its non-VSL interfaces (except interfaces configured to be excluded from shutdown) to remove itself from the network, and waits in recovery mode until the VSL links have recovered. Does this mean that the Active chassis gets totally isolated thus triggering the modules on the Standby chassis to be active ?
From everything I read it seems like DFC is for forwarding packets. When I hear packets I think of layer3. If my 6500s are just being used as a big layer2 only switch do I need a DFC? I am being told the 6500 looks at the layer 2 frame and the layer 3 patch header information before forwarding the frame. How true is this?
We have a lot of IPX traffic flowing through a switched network and we are being asked to filter it from a network standpoint. At one point they were using IPX in their network, but no longer need to, so they still have a lot of machines spewing out IPX traffic. We have removed the IPX routing commands from our distribution switches, (Cisco 6500), but after running a short 10 minute Wireshark capture I'm still getting a good bit of IPX traffic from a lot of different devices.
I’ve configured a small WLAN for a school that wants to have wireless network access for their staff as well as for guests doing presentations. They want the staff to have access to everything on the 192.168.1.0 /24 network as well as the Internet. They want the guests to only have access to the Internet. I have attached a picture which shows how the network has been configured with 4 Cisco AP1242G AP’s attached to a Cisco SF302-08MP PoE switch and then to a Symantec Security Gateway to the Internet.
I can authenticate wirelessly to the STAFF SSID and ping anything on the 192.168.1.0 /24 network and access the Internet.I can authenticate wirelessly to the GUEST SSID and ping anything on the 172.16.1.0 /24 network, but not anything on the 192.168.1.0 /24 network (which is what we want). However, when on the GUEST network you can’t access the Internet. I added a default route to the Cisco 302-08MP switch to 192.168.1.1 (Symantec firewall) thinking that would forward the traffic from 172.16.1.0 /24 to the Symantec firewall out to the Internet, but that isn’t working.How would I go about getting the traffic from 172.16.1.0 /24 to hit the Symantec firewall and the Internet, without hitting anything else on 192.168.1.0 /24? Do I need to put the Symantec firewall in a different subnet like 192.168.2.0 /24? Am I missing anything else?I’ve worked with Extreme Networks & HP / 3Com CLI in the past, but never with Cisco and never with web based management
I'm performing tests with following desired scenario: We have several remote offices, connected to our HQ via MPLS. In these remote offices, we have several vlan's. Each vlan has it's own ip-range. The MPLS cloud is routed, so we cannot switch our HQ vlan's to the remote offices. In this case, the client pc is in a guest vlan which allows him internet access. The uplink for this internet access is hosted in our HQ datacenter.
basic scheme: client pc --> MPLS cloud (managed by ISP) --> 6500 switch LAN --> Checkpoint Firewall --> 6500 switch DMZ --> ASA Firewall
My test scheme: Client pc is in a subnet A (guest vlan range office). We receive this traffic on our first LAN 6500.
i have a strange issue with an HSRP Setup. I have two (S1+S2) 3560 as Core/Distribution Layer. Inter-vlan routing are enabled on both Switches. S1 and S2 are connected with an ether channel over four fibre ports. S3 -S5 are the (L2) access layer.
Gi0/1 on S1 and S2 are L3 ports, connect to a Linux Firewall.
HSRP is enabled, S1 is the active router and the STP root bridge.
But, my monitoring via cacti show me, that the Gi0/1 on S2 is active, too! But it should not be active? Only if S1 fails, should S2 the active switch.A client from the access ports on S3 - 5 gets traffic from the Internet via Gi0/1 from S2. Gi0/1 on S1 is active too, but will send mostly traffic to the Internet. Why is S2 active and why route it traffic from the Internet to the client?
we are using 7609 router. it forwarding traffic to wards my firewall which was not allowd in my router. when ever im checking for routes in router using show ip route x.x.x.x its showing SUBNET IS NOT IN TABLE, but in workmy firewall dropped connection i can able to see that networks.
we purchase only Cisco Supervisor Engine VS-S720-10G and use it in our old C6509-E chassis.Now the supervisor engine was dead,(means not working and no LED's are ON). How can i claim the RMA from cisco?
We purchase from one of our partner. We send it to them,they are not able to find the Serial number from the Supervisor Engine module (Because lot of serial numbers are on the board). Also the customer through the catoon.
Now how we can know which is exact serial number of sup? How to get RMA from the Cisco on which serial number?
On a Catalyst 6500, we configured a SPAN session with VLAN 300 as a source. We configured the session bi-directional ("both" keyword). We connect a sniffer on the SPAN destination port.
Strangely enough, we only see the traffic from the VRF to the firewall, but not the reverse traffic ! What can be the problem ?
We are upgrading two standalone 6509E chassis to a VSS system with new VS-S720-10G-3C cards. The 6509's have WS-X6748-GE-TX card with DFC3B daughter cards (see below). The compatablity matrix (see below) states that 67xx cards are supported but it goes on to state DFC3C or DFC3CXL cards are needed. So does this mean that the existing WS-X6748-GE-TX cards have to be upgraded or will they be supported?
Core #1Mod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ ----------- 1 48 CEF720 48 port 1000mb SFP WS-X6748-SFP SAL 2 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAD 5 2 Supervisor Engine 720 (Active) WS-SUP720-3B SAL 6 2 Supervisor Engine 720 (Hot) WS-SUP720-3B SAL 7 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL 8 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL
I got a new VS-S720-10G it had 122-33.SXH8b on there. I had to downgrade it to 12.2.33.SXI1 to match our other switches. I installed the file I use in all the other switches, s72033-adventerprisek9_wan-mz.122-33.SXI1.bin but the Sup is now is only booting up only to ROMMON mode.
Initializing ATA monitor library...
Self extracting the image... [OK] Self decompressing the image : ################################################# ################################################################################ ################################################################ [OK]
%SYSTEM-1-INITFAIL: Network boot is not supported.
System Bootstrap, Version 8.5(4) Copyright (c) 1994-2009 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory
We want to get L2 traffic amount (bit/byte) passing through a cisco switch (6500/3560 ...) for a specific VLAN. it can be via SNMP or CLI ...How can we do that?
We have 7 interfaces with rj45 connections.. all around 100Mbit per connection .. most likely in the future we will need a couple more interfaces.. i was thinking it would be better to take a WS-X6516-GE-TX card then a FE card as for example a WS-X6148-RJ-45 .Now we want to implement a 7606 with a SUP720-3BXL with 1GB dram for the RP(MSFC3)... so enough memory to support the 2x a FULL BGP table to two peers.
Q : Does the SUP720-3BXL work well with two peers sending the FULL BGP table ?
Q : And does that also work with a WS-X6516-GE-TX connected to the two peers sending the FULL BGP table ? .. or is it better to take a 6724 linecard with a DFC3-BXL so that the 6724 will lookup routes locally instead a 6516 will have the S720- perform the routing ? I know that adding the DFC's increases the bandwidth of the chassis significantly (40gbps per slot most 6700 linecards ,and 20gbps for the 6724 which is 1:2 oversubscribed )
Q: Or is it better to connect the two peers to the two SFP interfaces on the SUP720 , and connect the small routers and customer networks to the 6516 linecard?
I've been looking into IGMP snooping and have read that a L2 switch will forward multicast traffic to all ports connected to an interested receiver AND all mrouter ports. In a L2 'V' topology this results in all multicast traffic routed onto a VLAN being forwarded to the 2nd distribution switch. My question is how should a 6500 Sup720 deal with this unwanted multicast traffic? Both a Local SPAN of the RP and a Netdr capture suggest that this traffic is punted to the RP and ultimately dropped. Is this expected behavior or should the traffic be dropped in H/W?
The 6509 Series Switches support the scenario VSS Active-Active Chassis, I would like to setup both switch's as one virtual switch but working at the same time, not with Active - Stand By Chassis.
My plans it to create PortChannel accross both Switches 6509 in order to have 2 links one connected to one slot/switch and the other connected to slot/switch in the second 6509 for servers redundancy.
I am working on a network which has two ISP connections (Active/Active) terminating on router (ASR1000). From the LAN side (6500 switch) all the traffic need to be route on ISP1 but some of the specific subnets like 10.250.0.0/16 need to be route on ISP2 connection.
I am planning to use PBR and NAT with route maps. any documents or refrences are provided.
I would like to request assistance from all the gurus here for an issue i have with a Cisco 7513MX PSU. There probably arent many people who are aware of 7500 chassis as they are quite old.Isse: PSU 1 failed in chassis and we tried to replace it. Once replaced, we are getting the following output for it:
1#sh env all Arbiter type 2, backplane type 7513MX (id 2) Power supply #1 is TBD (id 0), Power supply #2 is 1200W AC (id 1)
We have been researching on the internet for answers but unfortunately due to the age of this model, there is very limited information available. We did find information which suggested to have BOTH PSU 1 & 2 with same revision. Right now the chassis is running only on PS2, we dont want to take down the chassis just to confirm the revision number on the PSU and there is no way to see that on the CLI. What we can do is get another pair of same revision PSUs, insert PSU1 first THEN take out PSU2 and then insert the same revision as PS1 in PSU2 slot but the moment we insert PSU1 in we get that TBD state which is not normal status and raises our doubts about putting the same revision PSUs with the method above, there is a chance that after we insert PSU1 in, the moment we take out PSU2, the chassis might not run on PSU1 due to its abnormal state.
We did an upgrade from NX-OS 5.1.5 to 5.2.4 and found all M1 line card interfaces were stuck in initializing state for long time.'show module' status says ok. And we cannot execute shut/no shut command under the interface. N7K-M108X2-12L & N7K-M148GT-11 are the two M series cards. Only option was to downgrade back for the time being.
N7K01# sh int e1/1 | in down Ethernet1/1 is down (initializing)
indicate why my ethernet ports are in suspended state for some reason, i need an indication why this may be and what i can do to fix this issue. configuration below. I have a 7010 which i'm using to connect to two 5510's. I have one vPC connecting the two 5510's to the 7010. I have a vPC domain configured between the 5510's. and no issues at all. My Nexus 7010 port channel members are suspended for some reason.
I am testing 2960 24 S with storm-control and Errdisable Port timer interval 60s , connected HUB on fa0/17 to make traffic / loop.After Strom Control detection the interface goes down thats ok after 60s they will try to recover the interface and going up although the loop is still there.For my understanding if the interface detect still a loop on that interface they will disable the port again for 60s and will check again. [code]
We have a number of 3750 stacks used as access layer switches connecting Siemens VOIP phones and then a PC that connects to the phone.
For example if I plug PC A to the phone that connects to port 13 I pick up an IP addressand all works as predicted now if I plug in PC A to any other VOIP phone that connect to another port on the same switch it goes in error disable state ITs like the switch is holding my PC mac address and locks it down with the port which in my case is Gi2/0/13.
I am cascading one new switch 3750G (int Gi1/0/1) with an existing 3750G (int fa1/0/26) switch.. But the interface fa1/0/26 goes in err-disable state even after NO SH.. also i have diable Spanning treebpdu guard and disable spanning tree portfast. But still the issue is not resolved.
We inserted a new module with 48 rj45 ports in a 4500 with just one supervisor module. We have two 4500, and we tried the new model in the other 4500 and it´s working properly and giving a OK status. Furthermore, the module´s LED status is green. We saw that there are 8 ports (from 17 to 24) that are in faulty state, so probably this is the cause for the faulty state for the module.
We tried already a Hw reset, replace/insert again the module...
We are almost sure that it can be a Hw failure. We are getting the following results different commands:
show module :
Mod Ports Card Type Model Serial No. 7 48 10/100/1000BaseT (RJ45) WS-X4548-GB-RJ45 JAXXXXXXXH M MAC addresses Hw Fw Sw Status
After a power problem at our data centre we find Module 11 of our Cisco 6513 Core Switch in PWR Down state.Show Module 11 returns: Status: PWRDownShow Power Status Module 11 returns: OperStatus Off (Module Reset due to an exception or user request).The command: Power enable Module 11 was issued and returned the following: %PM_SCP-SP-1-LCP_FW_ERR: System resetting module 11 to recover from error: Linecard received system exception. Errcode = 2509000001.%OIR-SP-3-PWRCYCLE: Card in module 11 is being powercycled Öff (Module reset due to exception or user request%C6KPWR-SP-4-DISABLED: Power to module in slot 11 set off (Module Reset due to exception or user request),We have restarted the switch twice. The module is currently not passing traffic causing downtime to services.
I have a Catalyst 2950G when I activate the switchport port-security, but I want to empty the black list of mac address because every time I connect a device, the port is automatically désacative, here is the port configuration:
