Catalyst 6509E Switch running IOS version 12.2. Created a new VLAN layer 2, created it layer 3 with an IP address. Issued the state active command and the no shutdown command. when doing a show vlan, shows in the list and active. When doing show int vlan xx, shows as down. Need to get it to be up, have attempted to assign a port to that VLAN in hopes it will come up, but still no go.
View 5 RepliesIn my setup , i have one core switch 4506, 3750 access switches and 4948 server switch.i have created the mngmt VLAN in every switch.the problem is i can ping the every device mngmt ip from any internal network,but my server switch mngmt ip i am not able to ping.trunk link is configure between the core and server,access switches.What is the problem with 4948 switch?
View 7 Replies View RelatedThe customer has 4 6500 switches. 2 Physical locations, and 2 switches at each locations. The locations are connected via 1 200mpbs metro ethernet(layer 2). We ran into an issue during a DR exercise. We had created a VLAN for DR testing purposes, that did not have any SVI configured, but the VLAN did exist on one of the 6500s. When the customer restored a VM to the DR VLAN, we lost connectivity to the production server. After some troubleshooting, we found the cause to be the same mac address showing up, but in a different vlan. Once we removed the DR vlan from the 6500 all was well. It seems like switches are ignoring the VLAN in the mac address table, and forwarding to the incorrect ports. The switch is not reporting any mac flapping in the logs. No spanning tree topology changes are occurring. Code version is 12.2(33)SXJ2 on all switches.
View 1 Replies View RelatedI'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15)
STEP 1: Created extended ACL to allow bootpc/bootps through DNS
ip access-list extended EACL_DNS
permit udp any eq bootps any
permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15
permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting)
permit 10.100.50.0 0.0.0.255 (server VLANs)
permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10
match ip address EACL_DNS
action forward
vlan access-map VACL_15 20
match ip address SACL_15
action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
can i have 4 links from an ESX server to 6500 , each link represents a trunk link carries each the same 2 VLAN , 100 and 101 , keep port-channel out of the picture , does it work well?
View 12 Replies View RelatedWe have Nexus 7k running as my core with a 6500 manageing my server farm and IP services servers (call manager, IPTV ...)My edge switch are 4500s. We currently have RIP2 running between and the switchs and each 4500 is managing its own VLANs.The IPTV uses IGMP snooping and multicasting to broadcast the video feed. The problem that came up is that the we cannot configure a gatewar for the setup boxs for the IPTV system. They will only work on a single VLAN and they are spread all over the network.Can we configure only this VLAN to be propagated over our RIP network???
View 2 Replies View Related1 week ago, I got a call from a client that reported a network outage, the client told me that, 3 switch has crashed he try to console but it just hang. I ask him, did you change something? he said he didn't change anything, he just pluged a nortelswitch to the cisco switch number 9, but that switch doesn't crash like the others (3,4,8). I check the uptime, and yes the switch never been powered off..
the topology look like this
____ 6500 ____
/ / |
1 2 3 4 5 ...... 9
the vlan is end to end vlan, so vlan span between all those switches. transparant. this is collapsed topology, core and distribution is the 6500 itself all of the 1-9 access switch are in the same rack, with no loopguard, and bpdu guard configured. and connected to the core using etherchannel. the problem is there is no log available to start the troubleshooting/investigation.
I can see drops on one of our busy L3 vlan in the input queue and are going up very frequently.System image file is "sup-bootflash:s72033-psv-mz.122-18.SXD3.binHardware = 6509
View 1 Replies View RelatedI need adding a vlan to the trunks bundled in port channel. I know how to add v lans to a port channel with Cisco IOS but with CAT OS.
I have 2 ports bundled to form ether channel in switch which is running CAT OS. There are already few v lans allowed in the trunk of each interface. now I need to add one more v lan.
For Example:-
v lan 135 needs to be added in addition to the existing v lans.
clear trunk1/2 1-112,115,117-134,136-4094
set trunk 1/2 on dot1q 113-114,116,135
and similarly on the 2nd interface
so if I add vlan135 to the trunk one after another will it cause any service disruption?
We have a pair of 6500 switches, each having a trunk going to each access switch. We set the spanning tree priority on Core1 so it is the root bridge for all VLANs. We have two different types of access switches:
-3550 setup as VTP client and ISL
-2960 setup as VTP transparent and dot1q.
Pruning is disabled but we use "switchport trunk allowed vlan" to restrict which VLANs go through each trunk. When we need to permit a VLAN through a trunk, we simply run "switchport trunk allowed vlan add <VLANID>" on the access switch and both core switches. If it is a 2960 in VTP transparent mode, we must set the VLAN to active. Once this is done, a "show int trunk" will reflect the new VLAN in "Vlans in spanning tree forwarding state and not pruned" for Core1.
I recently went through this process to add VLAN 250 on a 3550 access switch, but the VLAN is not listed in STP forwarding state and not pruned. I tried removing the VLAN from the trunks and redoing it, but there is was no change. I tried adding VLAN 257, but the same behavior happened. I then tried trunking the same VLANs to a few other access switches. Three other 3550s experienced the same behavior, but I was able to trunk the VLAN to a few 2960 switches. At this point, I figured it might be related to some kind of limitation of VTP or the 3550 switches. I provisioned a new 3550 with the same IOS and settings (VTP client, ISL). To my surprise, all VLANs configured were in STP forwarding state and not pruned.
Running show spanning-tree on the core and access switch shows VLAN 250 as designated FWD. I confirmed we are not hitting the limits in "show spanning tree summary totals" on the Core or Access switches. I also confirmed we are not hitting the virtual port limit by running "show vlan virtual-port slot x."My next action might be to shut/no shut the uplink to Core1 from the access switch, but I'm not sure if that will fix it and even if it does, I have no clue what caused the issue.
I have a really weired thing happening on 6509 device with one of my customers.The device has a SUP 2 (MSFC2) with version 12.2.18SXF17B.
any VLAN interface once administratively down or simply down shows on "show interface status" output as VLAN.While it supposed to show "Routed". However once the port is up it is shows "routed" like it should.
I need to implement the shaping VLAN only on the trunk link between the 6500 and 3560. [code]
View 8 Replies View RelatedI managed to create VLAN 30 (mgmt) and VLAN 888 (blackhole) on this SG 300 switch. Now I've configured ports 1-6 untagged on VLAN 30 and left ports 7-8 untagged in VLAN 1. Port 10 is my uplink to my router, which config looks like this:
interface gigabitethernet10
spanning-tree portfast
spanning-tree guard root
switchport trunk allowed vlan add 30
switchport trunk native vlan 888
If I connect a device into port 7 or 8, I get no IP address from the relevant DHCP server on my router. Thus, I thought I could add VLAN 1 to the trunk, but here's the surprise:
swi01-zg-#configure t
swi01-zg(config)#int gi10
swi01-zg(config-if)#switchport trunk allowed vlan add 1
VLAN 1 : VLAN was not created by user.
I have created 5 new 2 Gig port channels on a 6513 WS-X6516A-GBIC blade connecting to 5 4510R+E switches. 3 of the 5 Port-channels show up/up. 2 show down/down. However, for the 2 showing down, a duplicate Po interface was created with an "A" appended to the name that shows up/up. E.g:
Port-channel26 unassigned YES unset down down
Port-channel26A unassigned YES unset up up
Each of the 4510s has a second 2Gig PO to another 6513 with an identical config and all of those come up fine.
I am testing on lab equipment (2 Catalyst 3550 and 1 Catalyst 3560) HSRP version 1 and 2.I successfully created a load balancing between the two Catalyst 3550 on a couple of vlans (11 and 12) on ver 1
now, just adding the command "standby xx version 2" my hosts on the 2 vlans are completely unable to ping the virtual IP def. gw on debugging i checked that msgs are exchangedthe two cat 3550 are seeing each other on HSRP (active / standby roles)the real ip addresses are pingable rebooted the swiches (just as a last resort try)deleted arp chache on hostsremoved the auth on hsrp all of this no effect.
i also tried to modify the priority on the cat 3560 (before he was on both vlans in standby) to make it the active one and with the same config it worked flawlessly.
My only idea is that there is a bug on CATs 3550 (IOS: c3550-ipservicesk9-mz.122-55.SE4.bin) [code]
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies View RelatedI see these errors on my 6500 router which acts as my server farm and has hundreds of servers connecting to it. I have just taken over these routers from another guy and think the errors may have been there for quiet awhile. I have another router which doen't seem to have these errors. Can you tell me how to turn off netflow? Will it cause any problems to my server farm? Is there a risk to the router if I disable something?
I ask this cause the server guys are having problems with certain servers. I am not sure if they are because of this or not. I really would like to clear the logs. [code]
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies View RelatedI have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
i need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
I have a 3750G switch in my production network that only has VLAN 1 on it. All ports are in a default state and VLAN 1 is disabled. The switch is passing traffic but shouldn't having the default VLAN shut down cause the ports not to pass traffic? If I start to create VLANs will that cause the switch to stop passing traffic?
View 4 Replies View RelatedI am trying to setup a L2tpv3 VLAN-to-VLAN tunnel.My setup has two Cisco 890 router with Cisco IOS Software version 15.0(1) M4. These routers are connected directly on FastEthernet port 8.
One linux machine is connected on FastEthernet port 0 on each router. The two linux machines are on same vlan. I am trying to establish a vlan-to-vlan tunnel between the routers and send traffic between the linux machines.
I followed the case study 11.4 from [URL] and configured the l2tp-class and pseudowire-class. However, the vlan interface configuration is different on 890 router.
I configured a vlan interface as follows.
(config)#vlan 200
(config)# interface FastEthernet 0
#shutdown
#switchport access vlan 200
(config)# interface vlan 200
I don't see the 'xconnect' command in this context. What's wrong with my configuration?
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
I have a cisco L2 SG300-10p Managed switch . I want to configure one port as a turn but cant find the command Encapsulation dot1q . Its a poe switch i want to use for both internet and voip in separate vlans.
View 1 Replies View RelatedIs there a way to turn off 802.1x authentication messages to the console of a 3750 switch? The issue we have is that we like to monitor the terminal when remotely configuring our switches. However, every time a computer authenticates to the network we get messages and sometimes quite a few depending on the situation.
View 3 Replies View RelatedOne of my engineers issued a command to turn off port security on a number of ports using the range command. The command failed on the first attempt due to a tacacs auth failure which I suspect is due to a low tacacs timeout value. The engineer then reduced the number of ports in the range command and re-issued the config change after which the switch just crashed and rebooted.
The logging buffer on the switch displays the following:
000072: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: System previously crashed with the following message:
000073: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
000074: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Technical Support: [URL]
000075: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Copyright (c) 1986-2009 by Cisco Systems, Inc.
000076: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Compiled Wed 22-Jul-09 07:03 by prod_rel_team
000077: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED:
[Code]........
I have done some searching and this could be related to bug CSCsq71492. I have tried using the output interpreter but it is still down.
I have not been able to find the option to turn on LLDP for our Polycom (Lync) Phones. Is this not an option for this model router (C1861)?
View 1 Replies View RelatedAs per my understanding 6509 all slots are dual channel, so 9 slot * 40 per slot (20 g in and 20 g out) = 360 GB How cisco claim the 720 ?? What about the 6513 chassic switch fabric connection?
View 5 Replies View RelatedI am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
View 1 Replies View RelatedI used to "ip routing" command in order to enable inter-vlan routing, for example with 3750 cisco. I have a 6503 cisco with SUP720 MSFC3. I was able to create some vlans but I can not configure inter-vlan routing.
sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
swsur(config)#ip routing
[Code]....
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
View 2 Replies View Relatedmodel: SG300-52
version: 1.1.0.73
Switch is running in layer 3 mode.How can I turn off mDNS broadcast coming from the vlan interface on the switch.Getting mDNS broadcast from switch every 5 seconds.