I am planning on inserting a second Sup720 in my 6506 running in native mode. Here is how I have redundancy configured:
redundancy
mode sso
main-cpu
auto-sync running-config
The IOS version is:
s72033-ipservices_wan-mz.122-18.SXF8
I have two Catalyst 6506 in VSS mode with VS-S720-10G running 12.2(33)SXI1 IP SERVICES.I have two firewalls that communicate on to the other through a dedicated VLAN created on Catalyst 6506.
One firewall is able to ping the other one on this dedicated VLAN but if I send multicast traffic from firewall-1 I didn't receive it on firewall-2.I found a bug related to multicast issues on Cisco WS-C6509-E with VS-S720-10G. The bug ID is CSCtc59038.
We have two catalyst 6506 switches with 10 gb u plinks and around 120 edge switches cat 3750-x switches. Still the module on the core wheere servers are connected is 1000mbps port.Now if we induct a nexus switch to the datacenter what kinds of benefits we can reap In a virtulised environment as well as real environment?following are the some of the queries.Can we reduce the number of edge switches? ( by virtual environment), Inter operabaility between cat ios and nexus ios, how this will affect the environement,What will be the over all benefits ?, What are the cons of this induction ?
View 22 Replies View RelatedI would like to add a redundant supervisor to my core 6509. Is this tricky to do? I know they have to be running the same IOS. I am worried if I put the new supervisor in it will write over the exsisting running config.
Catalyst 6000 supervisor 2 (Active) WS-X6K-S2U-MSFC2
Policy Feature Card 2 WS-F6K-PFC2
Cat6k MSFC 2 daughterboard WS-F6K-MSFC2
How can we know that 6500 and 7600 series switch and router are running in native mode or in hybrid mode.
View 2 Replies View RelatedThe switch SG500X-48 has 4 SFP+ ( 10G ) ports - XG1, XG2, XG3/S1, XG4/S2 - and two configuration modes - standalone and "native stacking".
Can I use XG1 and XG2 SFP+ ports to connect servers when "Native stacking" mode is active ?
In our network environment, we have a 2960 switch sitting behind our router. Off of this we have a lot of external connections, like our external DNS, firewall, and VPN concentrators. I've configured a VLAN other than the default, moved everything into it and then shut VLAN 1. In this hardening guide it says that your native VLAN should be something other than the user VLAN, but if I am not using any trunk links, wouldn't I not really have a native VLAN? I attempted to make the link to our firewall a trunk link and then set the native VLAN to something else.
View 5 Replies View RelatedI have a simple question: In 6500 CatOS, we had that feature of image synchronization, which added the ability to download the image from the active supervisor to the standby via internal TFTP of the CatOS. Can this be done on IOS? I was looking fot this over the Internet and couldn't find anything.
View 1 Replies View Relatedif i have this config:
switch port mode trunk
trunk aloved vlan 50
will travel over this trunk untagged packets? For eg the V LAN 1 is by default native V LAN without tag. If i have created a bog ring with catalyst 3560x switches with no spanning tree on V LAN 1 can be the case of this config a loop ???
I am using upper config on interfaces that are connected the switches together in ring.
Other interfaces on switch have this config:
int range 0/1-4
switchport mode acc
switchport acc vlan1
int range 0/5-24
switchport mode acc
switchport acc vlan50
I am using vlan1 just for local switching without connection to internet! I am asking just because i have this king of messages in logs:
%CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet1/0/27 (1), with SW3560x_BR8874 GigabitEthernet1/0/19 (50).
GI 1/0/27 and GI 1/0/19 have this config:
switchport mode trunk
trunk aloved vlan 50
1 week ago, I got a call from a client that reported a network outage, the client told me that, 3 switch has crashed he try to console but it just hang. I ask him, did you change something? he said he didn't change anything, he just pluged a nortelswitch to the cisco switch number 9, but that switch doesn't crash like the others (3,4,8). I check the uptime, and yes the switch never been powered off..
the topology look like this
____ 6500 ____
/ / |
1 2 3 4 5 ...... 9
the vlan is end to end vlan, so vlan span between all those switches. transparant. this is collapsed topology, core and distribution is the 6500 itself all of the 1-9 access switch are in the same rack, with no loopguard, and bpdu guard configured. and connected to the core using etherchannel. the problem is there is no log available to start the troubleshooting/investigation.
SG-300 52 native VLAN blocking network packets
View 3 Replies View RelatedI am having trouble after creating a management vlan (99) on a 3550 switch.I have configured the vlan (99) and given it an IP (192.168.1.100) and a default gateway (my router address - 192.168.1.99).I can ping to the switch from a PC and vice versa. The management VLAN IP is fine but now I cannot ping to the router from either the PC or the switch.It seems that just by adding VLAN 99 with it's own IP address has now prevented pings from the switch/ PC to the router ?Due to the fact that I have created a new switch management VLAN with an IP, does this mean I have set up the router as a 'router on a stick' scenario ? [code]
View 4 Replies View RelatedWe are trying to setup a new configuration with 2960S as access switchs and a 4507 as a core switch.I want to protect the management IP VLAN of the swich using vrf on the 4507 so we :
SHUT VLAN 1 on every switch (2960 + 4507)
CREATE A NEW VLAN 289 (management vlan) -> IP network : 10.32.126.192/26
L3 VLAN on every switch
VLAN 289 in the VRF XXX on the 4507
create tunk between the switch and the 4507 :
switch mode trunk allowed vlan 200-230
sw trunk native vlan 289
so with this configuration on the 2960 the vlan 289 is UP/DOWN and UP/UP on the 4507 I can access to the 4507 using the IP in the VLAN 289 but i cannot access to the 2960 behind the 4507 CDP connectivity is ok?
I have a small home network currently using a cisco 841 which is working great. Host a web site and Exchange plus all 10 computers access the net using Verizon FIOS all works. I can even VPN in to my newtwork remotely.I can only VPN using the Cisco client. I would like to use the Native Windows Client and Ipads and Iphones. I believe they use PPTP and the Cisco client is using IPSEC.Which Cisco router can I get that would support all the above?
View 14 Replies View RelatedI am migrating an existing LAN from 3550 to 3750X-12S. In the existing configuation, I´ve got some trunks with native VLAN <> 1. The native VLAN is also used for user data transport. With IOS 15.0(1)SE3 on 3750X I recognized, that per default behavior PVST is not active for a VLAN defined as native, even if the corresponding trunk is up and trunking. My current workaround is to add a "switchport access vlan" command on the trunk even this one never should become an access port. With this statement only the switch is activating the PVST for the native VLAN. For all other vlans PVST works as exspected. [code]
View 6 Replies View RelatedI am configuring multicast in a environment where I have a 4506 at each site (4 total) and a 6506 as the core. Each 4506 is connected via layer 3 to the 6506. I have a mix of 3560s, 3548s, and 2960s connected to the 4506s and the 6506 via layer 2 trunk
I have multiple multicast sources and hosts communicating at a time (multiple cameras sending video / multiple computers receiving video). So this is not a scenario where there is 1 sender and many receivers. This would be many senders (~50) and some receivers (~10)
Sample Diagram:
->3560
|
6506 --> 4506 --> 3548
| |
| --> 2960
|
4506 --> 2960
|
-->3548
I configured ip multicast-routing on each of the 4506s and on the 6506. IGMP snooping is on by default on the 3560 and 2960 switches. CGMP is on by default on the 3548 switches.
I set up PIM sparse-dense mode and IGMP version 3 on each of the layer 3 interfaces for the 4506s and 6506 where they connect and on each VLAN that is sending or receiving multicast. Multicast is working throughout the network, however I am looking to verify the configuration as I scale this out to more clients on the network.
#1 - Is it correct to us sparse-dense mode in this configuration?
#2 - Do I need to configure a rendezvous points using AUTO-RP? (ip pim send-rp-announce INTERFACE scope TTL). Not sure here if I need to designate this and what to choose. Right now I do not have this and it is working, but documentation seems to infer that I need to designate this.
#3 - Is there any other configuration settings I should be considering? I hard to find real world configurations of multicast as examples or people that know multicast routing well.
I upgraded the IOS on 6506E, SUP 720-10GE, non-redundant, to a new one, rebooted OK. Switch seems to work fine but "show bootvar" shows the previous IOS name instead of the new one: s72033-advipservicesk9_wan-mz.122-33.SXJ3.bin.Removed the old IOS name on "boot var", gave it new IOS name, "show bootvar" now has correct new IOS name, write mem again and reloaded switch.It booted up OK but "show bootvar" still has the old IOS: "s72033-ipbasek9-mz.122-33.SXI2a.bin".According to IOS upgrade procedure, after all the upgrade IOS steps done, then just "write mem" then the "bootvar: will have the new IOS name, but on my switch it is always has the old IOS name ? How can I set the bootvar to new IOS name?
View 4 Replies View RelatedI have a Cat6506. There were 2 Sup 720 in it for redundancy. They told me they had problems with this thing in the past needing to go out and reboot the machine. I need to go out periodically because it goes into ROMMON. I type boot and it comes back up. One time though neither one would reboot. I had to take a third one out there and reconfigure it. Now it is starting to do the same thing. One thing I did notice is they never connected it to an UPS. It is plugged strait into the wall with power going to two outlets. I am beginning to think there are spikes in the power occurring and this is sending it into ROMMON.
View 6 Replies View Relatedconnection vss two 6506 which is the conector or speed (10g or1g) Sfp or x2 What is the connection that allows vss
View 4 Replies View RelatedAccess-group only allows me to set the mode.access-group > mode > prefer > port > int g2/1,Those are the only options available to me, it doesn't allow me to go.ip access-group <name> in or out or access-group <name> in or out.
I realize the commands may be a little off, I don't have a switch nearby. When I get on our 3750 there are no issues, it allows you to apply the ACL the conventional way. I just can't seem to find any way to apply an ACL on an interface on the 6506 though.
I have several closets with Cisco 3560 on the edge that I'd like to change the vlan that's used for the management vlan on each. In the core I have a Cisco 6509 with Sup720's.
I'd like to do this by changing the native vlan on the trunk port on the core 6509 interface that connects to the 3560. and leave the management vlan on the 3560 as vlan 1.
Seems trivial but what I tried didn't work and I didn't have the window to troubleshoot. I'll paste the simplified configs for the interfaces below
!
6509 configs:
!
interface Vlan50ip address 172.16.50.2 255.255.255.0!interface FastEthernet
[Code]....
We have a problem with CDP packets on sent by our Cisco 6509's. Unlike our other Cisco switches (4948G, 5020, etc.), the 6509 tags administrative traffic on the native vlan. As a result the CDP packets are sent with an 802.1Q header with a tag of 1. The other switches send the CDP packets untagged on the native vlan. This causes problems because we have non-Cisco devices in our lab that also receive and send CDP, but they do not process the packets that are tagged by the 6509. They see the packets from the 4948 and 5020 just fine.
How can I disable the administrative native vlan tagging on the 6509? Here is the current setup:
nwkdev-6509-1#show vlan dot1q tag native
dot1q native vlan tagging is disabled globally
nwkdev-6509-1#show interfaces gigabitEthernet 1/9/1 switchport
[Code].....
I tried to upgrade IOS from SXI2a to SXI9 in cat 6506 VSS. But the problem is that switch always boot with old IOS. I put the new IOS in sup-bootdisk and slave sup-bootdisk, bootvar is ok with new IOS: [code] Show bootvar is ok but switch always boot with old IOS SXI2a, some bug in IOS sxi2a???, I will try to delete de old IOS from sup bootdisk and try with the new one only.
View 5 Replies View RelatedI have PAT set up successfully on 6506 chassis - My outside address range is 78.24.112.114 255.255.255.240.Relevant parts of the config below: [code] This works fine but of course is only using the one IP address 78.24.112.114.how I can utilize the other outside addresses available or is this not really necessary? I've browsed through loads of Cisco docs.
View 2 Replies View RelatedWe purchased two new 4948 with two 10GE uplink ports and upgraded the devices to run IOS 15. My 6506 is running Sup 720 with s77233-adventerprisek0_wan-mz.122-33.SXI9. Currently we have 4948's connected to the same 6506's with no problems. Today I tried to add the new switches with new IOS and it caused of of my 6506 core switches to failover. I can't explain why because it was close to start of business and couldn't do much troubleshooting.
Currently we have four 4948 (running IOS 12.2(14) switches running Layer2 connecting dually to each of the two 6506 cores via 10GE fiber uplinks. I tried to add two more to the scenario, again running layer2 and dual-honing them to each of te 6506 switches. there are two 6506 core switches and they run HSRP and spanning tree is manually set to give priority to even vlans on one 6506 and odds on the other 6506. Also the new switches I tried to add did had rootguard applied as well as the uplinks.
We have to get this working and have no test environment to work with. We need to do this late this evening after close of business.
On another note, I have had problems upgrading some of my older 4948's to IOS 15. I followed Cisco's suggestion and upgraded the EPROM first and then the IOS upgrade took on three of the switches that were ordered rather recently. The four that were ordered in one batch will not take the upgrade even following Cisco's instruction and lots of other tricks. Nothing works. Having problems with IOS 15, in general?
I have a problem with high CPU load by DHCP Snooping process on Catalyst 6506 (WS-SUP720-3B, soft: s72033-ipservices_wan-mz.122-18.SXF11.bin). I have it enabled on 15 VLANS, in which there are subscriber devices residing, and sending DHCP requests through Cisco to DHCP server (Cisco acts as DHCP relay, and it's collecting the snooping database, I also use DAI).
Snooping database contains 6962 bindings now.
CPU load goes high only sometimes, and I don't have a clue, why it's going so high. It can load as high as 45-47% of CPU, like this:
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
116 81471244 322596368 252 42.95% 43.48% 36.06% 0 DHCP Snooping
When the load is high, the command: show ip dhcp snooping statistics is showing, that the overall quantity of
Packets Processed by DHCP Snooping is increasing rapidly. In normal situations, it's like 10-20 packets per second, but when the load is high, it's 1000-10000 pps.
But when I look at SPAN from my subscriber's VLANS, I don't really see any flood of DHCP requests, or something like that - everything looks as usual. Maybe, some of subscriber's devices are sending incorrect DHCP requests, that are causing packets to loop inside RP, or something like that? How can I detect that thing?
Also I thought, that if I enable the ip dhcp snooping trust mode on all of the Catalyst interfaces, the DHCP snooping will not process the subscribers DHCP packets, and I can, by exclusion of interfaces from one to one, detect, from which interface the problem is originating. But this seems to be incorrect, I turned the ip dhcsp snooping trust on all interfaces, and I still get spikes of CPU load by DHCP snooping process. Why it's still examining packets, even on trusted interfaces, is it ok?
And one more question - if I disable the ip dhcp snooping globally, will it clear all my existing bindings in snooping database?
I've been experimenting with the 'vlan dot1q tag native' command on a switch and it seems as though tagging the native vlan breaks vty access to my access point.With the 'vlan dot1q tag native' commnand applied, I lose management connectivity to the AP with 'no vlan dot1q tag native' applied, connectivity is restored. Why is this? Is it safe to say that one can access the AP via vty lines using ONLY untagged packets?
SWITCH
Model: WS-C3560G-24PS
Code: c3560-advipservicesk9-mz.122-46.SE
--Abbreviated CONF
vlan dot1q tag native
[code]....
I have a 6506-E with 720 Sup. I am trying to connect a server with HP 550SFP Nic to my 6506.If I plug the SFP from my server into my 6506 it will not link. When I plug that very same SFP into a 3750 it links fine. Makes me think that there is something I am doing worng on the 6506 Config.But, If I plug another server using a IBM LAN Card into the same port on my 6506 it connects and works fine so now I am starting to wonder.
View 4 Replies View RelatedWe currently have an existing 6506 in data center that we want to add another 6506 to and do a VSS implementation.I'm trying to minimize down time so our current basic plan was to do the following:
1. Bring up the new 6506 and configure it for VSS
2. Trunk a port between the new 6506 and the production 6506
3. Physicall move connections from the production 6506 to the newly connected VSS switch
4. After all physical ports have been moved, power off the original 6506 swap the supvisor card out for the new 2T Sup card
5. Configure original 6506 for the virtual domain and then connect the VSL's.
According to the documentation, to run "switch convert mode virtual" the standby unit has to be in hot standby. This means I can't run this prior to moving the connections over, which means once I run "switch convert mode virtual" it will reboot the switches (~ 9 minutes of down time). Is there anyway around this?
seeking for configuration assitance on etherchannel between catalyst 3750 and 6506
View 3 Replies View Relatedproblem to configure MWAM. I have installed MWAM module in 6506-E slot 2 with sup720-3B. After installing MWAM the Status is PwrDown. I tried to turn on the power but its not happening. MWAM is installed in slot 2 and here is the result of show module 2 My Sup720-eB IOS image is s72033-advipservicesk9_wan-mz.122-33.SXJ1.bin
6506-E#show module 2
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
2 3 MWAM Module WS-SVC-MWAM-1 SAD081203GK
Mod MAC addresses Hw Fw Sw Status
--- ---------------------------------- ------ ------------ ------------ -------
2 0003.feae.bb8c to 0003.feae.bb93 3.0 Unknown Unknown PwrDown
Mod Online Diag Status
---- -------------------
2 Not Applicable
I had these error messages on both my Cisco 2851 and on my Cisco Catalyst 6506.
On Cisco 2851:
%SYS-SP-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (4/4),process = SEA write CF process. [code]...
And on 6506:
Dec 27 15:20:55 MET: %SYS-SP-3-CPUHOG: Task is running for (2000)msecs, more than (2000)msecs (129/129),process = SEA write CF process.[ code]...
I have these IOS versions on my Cisco:
Cisco 2851: 15.0(1)M4
Cisco 6506: 12.2(33)SXI
i want to know if 1port of the 16 10Gbase-t Module (WS-X6716-10T-3C) for the Catalyst 6500E Series, can be connected to a 1Gbase Port of a 2900 ISR Routers, are they gonig to work at 1Gbps or, simply, they are not compatible?
If it is true, can i create a 4ports etherchannel between them? of course using the 16 1Gbase-T switch module on the Router.
