Cisco Switching/Routing :: 6500 - Connectivity To Access Hosts Outside VRF
Nov 16, 2010
Currently have a setup where we have multiple SVI interfaces in a VRF on a Catalyst 6500 Switch. All these SVI belong to the same VRF. In order to achieve connectivity for hosts within the VRF to access hosts outside the VRF (Hosts reachabe via the Global Routing Table (GRT)) I am thinking I need to configure 2 things
1. Creating a summary route for all the subnets within the VRF in the Global Routing table.
<Config on 6K in Global Routing Table>
Note: 10.10.10.10 is the ip address of loopback 10 and this loopback 10 is in VRF Red
ip route 172.16.0.0 255.255.0.0 loopback10 10.10.10.10
2. Create a couple static routes within the VRF for networks that reside in the Global Routing table but which are not local to this 6K.
<Config on 6K within the VRF Routing Table>
Note: 1.1.1.1 is the ip address of loopback 1 and this loopback 1 is in the GRT or not assigned to a VRF
ip route vrf Red 172.32.32.0 255.255.255.0 loopback1 1.1.1.1 global
ip route vrf Red 172.32.40.0 255.255.255.0 loopback1 1.1.1.1 global
ip route vrf Red 172.32.50.0 255.255.255.0 loopback1 1.1.1.1 global
I have read through some posts and it seems to indicate that I cannot point to a loopback interface as it is not a point to point interface. How this solution can be achieved. The reason I was pointing to a loopback was so that I am not tied to a particular physical interface and for the summary route that was created in step 1 really not sure what L3 interface I could point to since I have multiple SVI's that are in the same VRF. Would I also need to create that same summary within the VRF. I don't intend to since I am assuming that once within the VRF the more specific connected interfaces would take affect and forward respectively.
In addition to the above I also need determining the forwarding behavior when there is a ip helper address configured under the SVI's which are in a VRF but the ip address for that helper is not part of the VRF. I would think if a static route is configured under the VRF for that helper address network pointing it to the Global Routing table it should work. The config for that would be
ip route vrf RED 172.32.52.5 255.255.255.255 loopback1 1.1.1.1 global
View 9 Replies
ADVERTISEMENT
Mar 21, 2012
I am running those modules in my Cisco 6500 chassis and having lot of connectivity issues. I lose network connectivity every 5-6 day at around the same time. I have (2) C7000 Chassis with HP VC-Flex 10 Modules connected via 20Gb LAB to each Cisco Cisco 6513 Switches. However, the OA Modules on C7000 are connected via 1Gb uplink to either 6548 and 6148 modules. I beleive this is causing the netwok connectivity issues.What modules would be recommended to replace 6548 and 6148 who only meant to be used for 1Gb desktop connectivity, and not for Server Farm.
When you use either the WS-X6548-GE-TX or WS-X6148-GE-TX modules, there is a possibility that individual port utilization can lead to connectivity problems or packet loss on the surrounding interfaces. Especially when you use EtherChannel and Remote Switched Port Analyzer (RSPAN) in these line cards, you can potentially see the slow response due to packet loss. These line cards are oversubscription cards that are designed to extend gigabit to the desktop and might not be ideal for server farm connectivity. On these modules there is a single 1-Gigabit Ethernet uplink from the port ASIC that supports eight ports. These cards share a 1 Mb buffer between a group of ports (1-8, 9-16, 17-24, 25-32, 33-40, and 41-48) since each block of eight ports is 8:1 oversubscribed. The aggregate throughput of each block of eight ports cannot exceed 1 Gbps. Table 4 in the Cisco Catalyst 6500 Series 10/100- & 10/100/1000-Mbps Ethernet Interface Modules shows the different types of Ethernet interface modules and the supported buffer size per port.Over subscription happens due to multiple ports combined into a single Pinnacle ASIC. The Pinnacle ASIC is a direct memory access (DMA) engine that transfers packets between back plane switching bus and the network ports. If any port in this range receives or transmits traffic at a rate that exceeds its bandwidth or utilizes a large amount of buffers to handle bursts of traffic, the other ports in the same range can potentially experience packet loss. The buffer assignment on these modules is documented in Buffers, Queues & Thresholds on Catalyst 6500 Ethernet Modules.A SPAN destination is a very common cause since it is not uncommon to copy traffic from an entire VLAN or multiple ports to a single interface. On a card with individual interface buffers, the packets that exceed the bandwidth of the destination port are silently dropped and no other ports are affected. With a shared buffer, this causes connectivity problems for the other ports on this range. In most scenarios, shared buffers do not result in any problems. Even with eight gigabit attached workstations, it is rare that the provided bandwidth is exceeded.
The switch can experience degradation in services when you configure local SPAN in a switch, especially if it monitors a large amount of source ports.
This problem remains if it monitors certain VLANs and if a large number or ports is assigned to any of these VLANs.Even though SPAN is done in hardware, there is a performance impact since now the switch carries twice as much traffic. Since each linecard replicates the traffic at ingress, whenever a port is monitored, all ingress traffic is doubled when it hits the fabric. The capture of traffic from a large number of busy ports on a linecard can fill up the fabric connection, especially with the WS-6548-GE-TX cards, which only have an 8 Gigabit fabric connection.The WS-X6548-GE-TX, WS-X6548V-GE-TX, WS-X6148-GE-TX, and WS-X6148V-GE-TX modules have a limitation with EtherChannel. For EtherChannel, the data from all links in a bundle goes to the port ASIC, even though the data is destined for another link. This data consumes bandwidth in the 1-Gigabit Ethernet link. For these modules, the sum total of all data on an EtherChannel cannot exceed 1 Gigabit.
View 5 Replies
View Related
Jan 16, 2012
I had a strange issue yesterday when onsite installing a new access switch.Port capacity full on a two switch stack of 3750 x48 PS switches (WS-C3750- 48PS-E)- New 2960 x48 PS - WS-C2960S-48FPS-L racked, with the plan of using it just as an edge switch via SFP Stacking cable.Setup the two connecting ports with simple initial config: - switchport mode trunk- no encapsulation option on the 2960, default dot1q- dot1q set on 3750 port- no shut on both sides.Connected the SFP Stacking cable but it didnt work:- %PHY-4-SFP_NOT_SUPPORTED: The SFP in Gi1/0/1 is not supported
This is ok as I had a backup:- Next step tried using 2 x Short Haul SFP SX GBIC's with LC - LC OFNP 50/125 fibre patch lead - no joy- Extra backup of 2 x Long Haul SFP LX GBIC's with the same fibre patch - no joy- Checked the fibre and it was not a cross over so transmit and receive going down the same side, switchedand still would not come up.- Used Fibre as a straight through and still the same.In all cases there was no indication of any life in the connection.It is pointing to a faulty fibre patch lead but I know it has worked in the past. Could it be something to do with the config or device incompatibility? Or any setting I need to activate?
View 1 Replies
View Related
Dec 21, 2011
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies
View Related
Nov 19, 2012
We have recently started as Internet service provider in an open metropolitan.
We use a Cisco 3560G Layer 3 switch, where we have all our vlan where we have konfiguerat ex. Switch (config) # interface vlan 150, an interface for each VLAN capabilities such as int vlan 1 - 10/10 int vlan 2 to 30/10, int vlan 3 100/10 and so on.
Our int vlan is configured as follows:
dhcp relay information trusted
ip address <x.x.x.x> <x.x.x.x>
ip helper-address <x.x.x.x>
Ports (ex. int Gigabit Ethernet 0/1) are configured as follows:
description Uplink
switchport access vlan x
[Code].....
Now the problem; we have a customer in ex. vlan 3 who needs to access a server provided by another customer in the same vlan (vlan 3), and access to each other in the same vlan is not possible. You can access the server from any other vlan, but when it comes to access to another host in the same vlan, you will not reach it.
We suspect that the energy company has configured with pvlan isolated. If we use the command ip local-proxy-arp on each vlan, it works to reach each other, but it seems that our 3560 becomes overloaded when ip local-proxy-arp is enabled and it streaming and use IP telephony it doesn't work. The response time at ping is longer and the loss of packets increase with ip local-proxy-arp enabled. The other operators in the metropolitan also uses Cisco 3560G so the hardware should be sufficient.
We have also tried to add no split-horizon, but it made no difference. How do we get around this without negative consequences? Probably need something that makes you allow to send out the same interface that it came from, because it works as long as you are in another vlan.
View 1 Replies
View Related
Mar 18, 2013
I've set up a simple lab network of two cisco routers 2611XM and to each router I've attached a computer (host). I have set up a dhcp ip addresses for each host. I've set up a correct routing as well on each router. There are 3 networks: 192.168.1.0/24 192.168.2.0/24 192.168.3.0/24 The first network between the first host and first router, second is between two routers and third is between the second router and second host. If I use first host (192.168.1.20) I can ping to any ip address (192.168.1.1 (router 1), 192.168.2.1 (router 1), 192.168.2.2 (router 2), 192.168.3.1 (router 2)) except the second host ip address which is 192.168.3.20. When I sit on the second host (192.168.3.20) i can ping to 192.168.1.1 (router 1), 192.168.2.1 (router 1), 192.168.2.2 (router 2), 192.168.3.1 (router 2) but i can't ping to the first host which is 192.168.1.20. I've even tried with attaching a switch to a router and assign it an ip address of 192.168.1.3 and the ping was echoing to it.
View 5 Replies
View Related
Nov 21, 2012
I'm working on setting up a template configuration for the Cisco ASA 5505 device that we'll use to configure more routers for various client needs. One of the requirements requested of me is the following: Internal hosts assigned a DHCP address are blocked from the internet Internal hosts with a static IP are permitted access to internet All internal hosts can communicate regardless of state
Now, I'm fairly new to this and I'm certain my terminology isn't correct so googling the problem has been fruitless. I have followed basic configuration guides and have configured the device to hand out DHCP addresses to hosts plugged in ports 1-7. If I'm plugged in and specify my address manually in the OS I am blocked from any access so I can only assume there is an access policy or some rule preventing me from authenticating against the router despite having set up VLAN1 to be the entire class C subnet. What sort of steps would I need to do to configure this? New access lists. For the record, the dhcp addresses are in the range of 10.100.31.64-10.100.31.95. VPN users are assigned an address from 10.100.31.220-10.100.31.240 and there seems to be no issues with that configuraiton. I don't wish to constrain what addresses a user can use should they specify a static IP (10.100.31.5 should be just as valid as 10.100.31.100).
View 10 Replies
View Related
Oct 17, 2012
I've a big problem with a loss of packets ICMP sent by different hosts in differents VLAN. Here my architecture:
Core Switch : 2 Switch's C6509 (Version 15.0 (1) SY1)- Mode VSS - One lien VSL , the other link is defective.Access Switch: C3750 , Connected to Core Switch through 2 fibre optique wires.Topology: redundant ring
When I send consecutive ping message I found always a missing of packets . Furthermore When I insert the "show ip traffic" command., the parameter "bad hop count" increase after a loss of packets. I've 2 hosts connected in my network and they send packets with TTL =127.
In the Core Switch I haven't configured the MEC because it gave me troubles with the packets multicast.
View 1 Replies
View Related
Feb 6, 2013
in switch 2960s ( c2960s-universalk9-mz.122-55.SE5 ) , i want to marking the traffic between two hosts (Data replication), i choose to use " mac access-list" to classify my trafic before apply the policy marking . but did'nt work . c
! my mac ACL
mac access-list extended test
permit host 000a.1a41.aa52 host 000a.1a41.1bc2
!
class-map match-all test
match access-group name test
[code]....
View 4 Replies
View Related
May 30, 2012
I am just setting up a simple scenario with a 1841. Server @ 172.31.1.1 cannot ping 172.31.0.254 or 172.31.0.105. It can ping 172.31.1.250. The router can, on the other hand, ping devices on both networks. This is just for testing routing theory so I don't know why hosts on either side of the network cannot ping each other.
I am only using the FastEthernet interfaces on Router 1841.
View 3 Replies
View Related
Jan 21, 2012
As per my understanding 6509 all slots are dual channel, so 9 slot * 40 per slot (20 g in and 20 g out) = 360 GB How cisco claim the 720 ?? What about the 6513 chassic switch fabric connection?
View 5 Replies
View Related
Sep 20, 2012
I am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
View 1 Replies
View Related
Jan 24, 2013
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
View 1 Replies
View Related
May 9, 2013
I'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15)
STEP 1: Created extended ACL to allow bootpc/bootps through DNS
ip access-list extended EACL_DNS
permit udp any eq bootps any
permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15
permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting)
permit 10.100.50.0 0.0.0.255 (server VLANs)
permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10
match ip address EACL_DNS
action forward
vlan access-map VACL_15 20
match ip address SACL_15
action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
View 3 Replies
View Related
Jun 2, 2012
I used to "ip routing" command in order to enable inter-vlan routing, for example with 3750 cisco. I have a 6503 cisco with SUP720 MSFC3. I was able to create some vlans but I can not configure inter-vlan routing.
sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
swsur(config)#ip routing
[Code]....
View 3 Replies
View Related
Oct 30, 2011
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
View 2 Replies
View Related
Mar 16, 2013
Where is the "ip routing" command in Cisco switch 6500 series?
is the ip routing enable by default accoridng to the: [URL]
View 3 Replies
View Related
Nov 25, 2011
i would like to check out what's the difference between the naming convnetion for the 6500 IOS.
I read the data sheet to support my POC deployment to support NCS v.1 the 6500 IOS need to upgrade to 12.2 (33) SXI
Is it able to work if i using SXJ instead of SXI, with the same IOS version 12.2 (33)?
View 3 Replies
View Related
Jul 24, 2012
I have tried to test copy tftp: numerous time with no success. I believe the reason it is failing is my laptop to Ethernet port is in vlan 62 and the tftp process operates in a different IP space.I am using gig 7/1 and configuring my laptop nic for x.x.x.254 mask 255.255.255.0. I can ping from laptop to gateway) and I can ping from the switch to my laptop using ping vrf production x.x.x.254. Can you tell me what vlan I need to set my laptop connection in or if there is something else I need to change to make tftp work on vlan62?Does TFTP only work in vlan1 or can it be changed?
View 2 Replies
View Related
Mar 25, 2012
how to upgrade IOS in switch 6500 connect in VSS from 12.2(33)SXI IOS to 12.2(33)SXJ?
View 3 Replies
View Related
Jul 16, 2012
We are setup like a hotel style workers camp. We have wings full of rooms and residents with 3750 stacks in them. Those switches connect back to our core 6500's. The network is mostly all Layer 3, interfaces are routed with IPs.
When it was built before my time they included an ACL for each wing so that residents couldn't access internal devices (IE SSH to 6500) but I've come to notice it's not working.
I see hits on the ACL for accepts but nothing is hitting the deny rule at the top.Here is the configuration below:
mls qos aggregate-policer INTERNET1 24000000 80000 80000 conform-action transmit exceed-action drop
mls qos aggregate-policer INTERNET2 24000000 80000 80000 conform-action transmit exceed-action drop
mls qos aggregate-policer INTERNET 24000000 80000 80000 conform-action transmit exceed-action drop
[Code] ....
View 5 Replies
View Related
May 6, 2013
On googling I came across documents that say OTV (Overlay Transport Virtualization) is supported on Cat 6500. Any authentic information whether OTV is supported on Cat 6500, especially with Sup-720B? FYI, Cisco Feature Navigator does not mention it.
View 1 Replies
View Related
Mar 19, 2012
SUP2T-D#sh proce cpu hist
11111111111 1111 1111 1111 1111
0000000000099999000099999000099999999990000999900009999999
0000000000099999000099999000099999999990000999900009999999
100 **********************************************************
90 **********************************************************
80 **********************************************************
70 **********************************************************
60 **********************************************************
50 **********************************************************
40 **********************************************************
30 **********************************************************
20 **********************************************************
10 **********************************************************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds)
SUP2T-D#sh proce cpu sorted
CPU utilization for five seconds: 100%/83%; one minute: 99%; five minutes: 99%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
416 3324188 879928 3777 13.05% 14.42% 14.45% 0 Spanning Tree
633 104408 5091 20508 1.50% 0.53% 0.45% 0 Env Poll
75 22000 298 73825 1.10% 0.13% 0.07% 0 Per-minute Jobs
168 69696 163563 426 0.39% 0.23% 0.22% 0 slcp process
2 532 1010 526 0.07% 0.00% 0.00% 0 Load Meter (code )
View 5 Replies
View Related
Feb 17, 2013
I am trying to guarantee 100mbps for a vlan across a gig link. I have done some research and found this command for switches
mls qos srr-queue input priority-queue 2 bandwidth 20
However it doesn't seem to work for my 6500. I know the 6500 uses PFC for QOS but I have no idea how it works. how I can guarantee a vlan 100mbps across a 1gig link?
View 3 Replies
View Related
Jul 12, 2011
We are getting ready to start testing Quad VSS for our production VSS environments we have done the research and per documentation it seems pretty straight forward.
I want to make sure that the dual to quad VSS is easily done across our multiple VSS setups and I am curious of those that have done this already have you ran into any gotchas on the turn up of the ICS Sup?
Also, just a ICS in a single chassis instead of one in both chassis of the VSS?
In one of our environments we have all single home devices going to VSS switch 1 and only dual homed devices. going to switch 2 so may be desireable to only install an ICS in the switch 1 VSS.
View 12 Replies
View Related
Aug 9, 2012
Cisco 6500 with 2T supervisor engine with following software Cisco IOS Software, s2t54 Software (s2t54-IPSERVICESK9-M), Version 15.0(1)SY1, RELEASE SOFTWARE (fc4)
The problem is that, I am not able to configure Multilayer Switching (MLS) (mls rp ip) in the global config command. Although the "mls" is visible on the config menu. but when I say "mls ?", the router prompt "unrecognize command"
Not sure if SUP 2T support MLS or it come with different name.
View 1 Replies
View Related
May 21, 2012
I have WS-C6509-E chassis with VS-S2T-10G supervisor.
Currently I have IOS " S2TIBK9-15001SY - Cisco CAT6000-VS-S2T IOS IP BASE FULL ENCRYPT "
Can I upgrade the IOS to " S2TISK9-15001SY - Cisco CAT6000-VS-S2T IOS IP SERV FULL ENCRYPT " without purchasing this IOS?
Will I face issue in TAC cases?
View 1 Replies
View Related
Dec 4, 2012
I am trying to block access to facebook and twitter on my router, to a certain range of ips, 192.168.1.8 - 254. I have been digging around and trying stuff but all I do seems to restrict everyone access to the internet.
View 5 Replies
View Related
Apr 7, 2013
I have a site to site vpn connection between ASA 5510 and PIX 515 which is working fine. There is no problem for hosts on any side of the tunnel to access a cross. However the local ip (192.168.20.1) on the client interface of my PIX is not allowed to access hosts on the other side of the tunnel. [code]
View 2 Replies
View Related
Nov 24, 2011
I have nx2000 boxes connected to nx7000 fiber module. There is a intermittent error occuring on nx7000 fiber module.
7000 fiber module drops down and all NX2000 boxes lose connectivity. When 7000 fiber module comes up, some equipment, not all, can not be reached through console port via network. These equipment are datacenter air conditioner console port, storage controller console port (iscsi controller interfaces run fine). It seems that handshake between these equipments and NX2000 ports are not fine.
View 7 Replies
View Related
Dec 13, 2011
From the multiplexer 9 ethernet connections are terminating in Cisco 2960G 24 port swith and it is connected through fiber uplink to one Cisco 3560G 48 port switch in first floor, which is connected to server.
How I will configure the 3560G to make communicate with 2960G and bring all these 9 ethernet connections to server. All the 9 connections are from different IP. and server also have different IP.
View 1 Replies
View Related
May 14, 2012
I have a Win 2003 server set up as my DHCP server. It is connected to port 13 of my SRW2048 switch.
Every port from 1-12 and from 25-36 get a "Limited or No Connectivity" error when I plug an ethernet cable in them from a computer (Win XP). However, all of the other ports receive an IP address and connect to our network just fine. I've noticed that they are all in the two right hand banks of ports,though, so I'm in need of assistance as to how I can get the first two banks of ports to behave the same way. In other words, I want all of the ports on the switch to be able to populate an IP address from the DHCP server attached to port 13.
View 8 Replies
View Related
Aug 10, 2012
Is it possible to use 1GB (SFP / Copper) on the built-in 8 x X2-10GB ports without any Network Module of 1/10GB. If so how.
View 2 Replies
View Related
