I built a VSS pair with a couple of 6509's. This was our first pair so we took the opportunity to do some testing. One of the features we tested was the priority/preemption feature, which we decided not to use. After some time we shutdown switch 1 and relocated it to another building. Unfortunately, because of a lack of fiber, it was not connected to switch 2 for several months. Also, unfortunately, I failed to remove the priority commands. Now while switch 1 was "unconnected", we made changes to the config on switch 2. Months later, when the fiber was complete and I connected switch 1, preemption caused it to take over. I'm guessing switch 1 thought it's config file was the better one, and proceeded to overwrite switch 2's production config. I quickly disconnected the fiber but not before losing my production config on switch 2. We of course recovered from that with a backup, but now I need to connect switch 1 again. I have removed the priority command from switch 1 and rebooted it.
I have tried to downgrade the IOS on the 'X' to 122-55.SE5 however, i get errors regarding firmware incompatibility.
I am unable to upgrade the IOS on the 'G' to 150-1.SE3, as the size of the IOS image is larger than the available flash (Version 15 IOS for the 3750G (c3750-ipbasek9-mz.150-1.SE3.bin) is 16,074,189 bytes whereas the 3750G has 16MB of flash memory or 15,998,976 bytes total which mean the IOS will not fit).
Has not actually stacked these devices successfully? I understand there may be license implications of upgrading to 15 but at the moment I just want them to stack!
Has anyone implemented a working Nat on a Stick?I am looking for 3750 configurations for Nat on a stick.Our users need to access the camera monitoring from home as well as in work.We will like to setup the monitoring software with public address (and port) of the cameras, as the users use the same configuration at home and work.DNS will not work for us as the monitoring settings only accept IP.
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports x1 NAM x2 Sup720 Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports x1 NAM x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I have version 2 ssh configured on a Cisco 4507r-e. Unable to sync archives with CiscoWorks. V2.99 is unsupported on CiscoWorks. Does CiscoWorks need to be updated or does the switch?
cat4500-ipbasek9-mz.122-52 LMS 3.2 # show run ip ssh version 2 #show ip ssh SSH Enabled - version 2.99
what is the best way to remove configs from ports (GigE or Fa) in a 6500 that we aren't using anymore (i.e. best way to return a port to default). Remove each line one at a time or is there a command to default a port?
I am trying to research the possiblity of backing up IOS and configurations from an Etherswitch module, and being able to store the files onto the Host Router's flash (3925 ISR). and then being able to recover that IOS and configuration, in case I have to replace the Etherswitch Module.
I am begining to work to apply Qos on switchs (C2960 & C6500), and I still have a doubt about the necessity to consider the cos value. I indeed want to apply Qos for ToIP, Video, perhaps create a scavenger class, ans in all cases, I classify my packets with TCP/UDPB port and mark them with DSCP. So is it really necessary to study all the DSCP/CoS mapping problematics ? Is it not possible to make the configurations only on the base of the DSCP field?
I have a SG300-28P and a SF200-24P connected via LAG Group. SG300 routes. I also have 2 VC240 IP Cameras. They are connected on ports 18 and 19 on the SF300. If I lose power, reboot or anything that makes the switches restart, the configuration is not saved. I know this by the fact that after a reboot, ports 18 and 19 are placed in VLAN 4 Untagged. If I put them back in VLAN 2 Untagged, save the configuration and reboot, they are placed back in VLAN 4 Untagged.
I read something on here about firmware the other night from my iPad so today, I upgraded both switches to the latest firmware, 1.2.7.76. After the update, I could not access the IP Cams. I went back into the configuration and they were in VLAN 4 Untagged. I once again put them in VLAN 2 Untagged, saved the configuration and rebooted. They went back to VLAN 4UP.
There was previous discussion also about xml version of files or something and that a factory reset and setting the switch up from scratch would take care of it. I cannot do this, I am a seed corn salesman. Is there a simpler way? Like saving the config to TFTP and then uploading it after factory reset? There is LLDP settings for my IP Phones too that if I lost them, I would have no idea how to regenerate them to make my switch work again. Cisco tech support had issues with it when I first got them and they set it up via remote session so I am lost beyond this. I just know that I cannot keep going into the switches to change settings and not have them saved. I lose my security cameras and video recording.
At work, our proxy blocks everything except for HTTP(S), FTP, and a small handful of other company-specific ports on the _outbound_ connection. On my router, I like to port-forward SSH to my Linux computer server at home but since at work IT blocks out-bound SSH, I have to masquerade the SSH port-forward on my server to get past the corporate proxy. Normally, I've done this in the past by doing something like WAN:9090 (allowed by my IT) --> LAN:22 in my router's port forwards to get SSH routed to my Linux box from the web.
I recently purchased a Netgear FVG318 and it doesn't look like it supports this kind of configuration. In the Security->Firewall Rules->Inbound Rules section of the router configuration I see how to do a port-forward but they only have a drop-down selection of common protocols and will simply 1:1 forward the ports. It doesn't look like it allows to do mis-matched ports on the forward like I'd like to do.
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
The have around 80 staff and I think the current infrastructure is overkill for the size of the company. The current kit is old and they have no GB ethernet ports. They currently have:-
Core Switch: 1x Cisco c6509with a 48 port fast ethernet module (WS-X6248-RJ-45) and an 8 port fibre module (WS-X6408A-GBIC)
I'm looking to replace this with something with 72 ethernet ports and 8 fibre ports
Access Switches: 2x 3500Replacement needs at least 48 ports and 2 fibre modules each
and 2x 5500Replacement needs at least 72 ports and 2 fibre modules each.
I have two ISPs. Each is on it's own subnet connected to the 6509 MSFC/Switch. FW1 is on 100.1.100.0/30 and FW2 is on 200.1.200.0/30 subnet. My goal is route all traffice going to the Internet from subnet 10.133.3.0/24 to FW1 and all other subnets across the organization to FW2. I am not sure if I need to use ACL / Static route combo, or just a static routes or ACLS?
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
I would like to ask you if it's possibile to block routing between some Vlan for just once of them.
Maybe I can explain better:
I've got a Cisco 6509 with 4 configured vlan interfaces Int Vlan 10 10.10.1.0/24 Int Vlan 20 10.10.2.0/24 Int Vlan 30 10.10.3.0/24 Int Vlan 40 10.10.4.0/24
Vlan "10" is the phone voip Vlan and it must not talk with the others Vlan. The others Vlan can comunicate normally except with Vlan "10".
Pratically Vlan "10" needs to be isolated from the others.
This equirement comes becouse Vlan 10 is wireless and has the WEP key encryption (very weak protocol). Some Phone couldn't support the WPA2 key and I need to avoid an unauthorized external client, cracking the WEP key and connecting to this WiFi, could have free access to the others Vlan.
I have a problem on my catalyst 6509 on which I would like to do the following things :
I have some Vlans in which multicast is enabled. In tose Vlan theres is a router which is default router for equipements.
I had enabled multicast routing because some Vlan needs to exchange multicast informations, but I wolud like to make difference between Multicast traffic. For example I have 5 vlans:
Vlan 1 and 2 need to exchange Multicast informations but the don't need multicast information from Vlan 3 and 4 Vlan 3 and 5 need to exchange Multicast informations but the don't need multicast information from Vlan 1 and 2 Vlan 5 is independant Vlan but doesn't need to have multicast information from all others vlan.
Last problem, equipement on differents vlan can use the same Mulkticast group address. In this case, Multicast routing is not working between Vlan 1 to Vlan 2 and Vlan 3 to Vlan 4.
I need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
I have 2 6509-E chassis with SUP-720-VSS and classic line cards :-(. on October 2011 the switch reached 100% CPU on both devices and the entire network went down. Customer restarted the core so we lost all the log files and couldnt find out any root cause on the same. TAC engineer suggested to have some script configured on the system in case of CPU shooting up above 70%, it will create a file in flash and keep appending the logs to the same. Last week i got call from customer saying that the CPU again went high for around a minute on both the cores. Last time i added CoPP also on the switch in order to prevent the CPU reaching 100%. Still it went high and from the captured logs i saw that the process created the high CPU was Port Manager Per and SSH process. Attached the file created by the netdr capture command.
I have a customer that has a Catalyst 6509 with two Supervisor VSS capable and my Sales team sell another 6509 with just one Supervisor VSS capable. Simple question: Will VSS configuration will recognize that I have three Supervisors? It will work as QUAD-SUP solution or as a normal VSS solution?
We are trying to migrate from 1g to 10G, couldn't find any module on 6509-E which supports 10G on SFP+ ...I can see X2 and Xenpacks .. but not SFP + .what exactly this Xenpack means ?
We have connected a single F5 box with dual links to 2 different Cisco Catalyst switches using 802.1Q trunks. F5 is configured with RSTP mode and on Cisco Switch RPVST+ is configured.STP root bridge is hardcoded on the Cisco side. Loop Guard is globally enabled.On F5 STP link type is Auto, STP Edge port is disabled since that port is connected to the cisco switch.When we are failing over the F5 primary link to the secondary link we see 'Loop Inconsistent' on the cisco switch and things dont work after the failover.We have tried configuring the F5 as STP passthrough but that doesn't fix out the issue.I have checked out the forums and found out following recommendations
1. Configuring MSTP bw F5 and Cisco for better compatibility (Not possible from Cisco side because of a major change in large production setup)
2. Configuring VSS in Cisco switches (not possible due to hardware limitation)
3. Connecting F5 using single links to each switch (redundancy compromised)
I am wondering that on which default vlan does the F5 STP instance0 sends the STP BPDUs ? the term used on Cisco side is native vlan and others use PVIDs; that F5 default vlan should match the native vlan on cisco trunk side.
Tonight we were performing an IOS upgrade on our 6509 VSS to 122-33.SXI6. Both 6509's have dual Supervisor cards installed. Initially we had problems with switch 2 slot 5 supervisor returning to rommon however switch 2 slot 6 supervisor loaded correctly. After manually setting the boot var in rommon, switch 2 slot 5 supervisor reloaded correctly.
After all supervisor's were online we noticed when looking at " show switch virtual redundancy" that sw 1 & 2 slot 6 supervisors were running the correct IOS version but sw 1 & 2 slot 5 were running different IOS versions, however when looking at the show version we are running on the upgraded IOS??? See output below...
Why the active supervisor has loaded the incorrect IOS the VSS is running on the upgraded IOS? I have verified the IOS was copied correctly to each supervisor bootdisk, I see no issues.
My Switch Id = 1 Peer Switch Id = 2 Last switchover reason = none Configured Redundancy Mode = sso Operating Redundancy Mode = sso Switch 1 Slot 5 Processor Information :----------------------------------------------- Current Software state = ACTIVE Uptime in current state = 3 hours, 38 minutes Image Version = Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI9, RELEASE SOFTWARE (fc2)Technical Support:
We are looking to avoid the need to install an additional device in our network as our core 6509s are not being pushed by any stretch. However, we are having an issue getting the 6509 to assign DHCP addresses and perform NAT.
Most interfaces and V LAN's on the 6509 are using public IPs and have BGP routing at the edge. We have a trunk up link coming into the 6509 on a ws-6816 card via a SMF GBIC in slot 9, port 2 that feeds a wifi link where we are looking to provide guest access to our network.
We created 2 V LAN s on the switch 20 and 21. We assigned a private IP and network to the VLAN20 interface and assigned a new public /30 sub net ip to the V LAN 21 interface. The following configuration was applied which I thought was the required configuration based on how we would typically configure ISR routers for the same services...
ip dhcp excluded-address 10.200.200.1 ! ip dhcp pool WiFi_Pool network 10.200.200.0 255.255.255.0 default-router 10.200.200.1 dns-server 4.2.2.1 4.2.2.2 [ code]...
What am I missing in this configuration? Note that if I create an access switch port for v LAN 20 on the switch and plug a laptop in directly to the 6509, the laptop is unable to receive a DHCP address. If I assign the laptop an address in the 10.200.200.0 /24 range manually, I can ping 10.200.200.1 from the laptop, however, the laptop will not get to the internet as it appears to be failing to perform nat.
I have a network with four 6509s in a ring with 10Gb links. Two adjacent switches are at the home office, the other two at the DR site. The switches at each location are physically similar to each other with respect to what blades are in them. We went through an upgrade from SUP-720's to VS-SUP-720's recently, only at the DR site - basically a practice, with the home office conversion hopefully taking place next weekend.
We initially just brought up the two chassis separately, in non-VSS formation (stand-alone). So far, so good - everything was connected, all traffic was passiing, all links were up, everything was reachable: EVERYTHING worked. Then we made the conversion: step-by-step from the cisco.com page; create a virtual domain, make one switch switch 1, the other switch 2, create differently numbered port-channels on each 6509, add the SUP 10Gb links to the port-channel, do the conversion.
Here's where the trouble started. First of all, the two 10Gb links back to home office created a spanning-tree loop and we had to shut down one of the links. (Is there something that needs to be configured on those links to turn spanning tree on? Does VSS conversion turn stp off?) Secondly, though it worked while in stand-alone mode, the copper blade in the standby 6509 stopped passing traffic - it would take config, the links would come up, but you could not ping across those links. Interestingly enough, there was an access switch with links to each of the copper blades, and having them both up also caused a spanning-tree loop. adding a new port-channel and putting both links in it did nothing to alleviate the loop. This leads me to believe that stp is not working properly. I reiterate, that even though the loop occurred, nothing else plugged into that blade was pingable.
I have an interesting problem. I have a 6509 that I'm trying to swap the GBIC on. The switch is already using a GLC-SX-MM GBIC and it is up/up and passing traffic, but we are getting some errors and suspect it may be faulty.
I want to replace the GBIC with one of the identical model - a GLC-SX-MM. It was brand new, never been opened. When the new GBIC is plugged in the link light on the switch goes completely off (not amber) and the port goes into a down/down (not connect) state. There are no messages in the logs at all. It's like it doesn't even see it. If you plug the old GBIC back in then the link comes back up. I tried a different port with the same results.Thinking that the new GBIC may be faulty (even though it was brand new) I tried a second GLX-SX-MM, also new. That one does the same thing.
At that point I thought there might be a problem with that switch, so I tried the GBICs on the other 6509 in that pair. The other 6509 is running the same hardware and software. The GBICs will not work there either. If you move the old, suspected faulty GBIC from 6509-2 to 6509-1 then that it works.
The solution would seem to be that I have two faulty GBICs, but I'm having trouble persuading myself that I have two new ones, straight out of the package, that are both bad. Are there any other things to check on the switch? Here's the pertinent information:
switch#show ver Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI3, RELEASE SOFTWARE (fc2) <snip> cisco WS-C6509-E (R7000) processor (revision 1.3) with 458720K/65536K bytes of memory. Processor board ID SMG1109N3BK SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache [code]...
I'm moving into a new data center. I don't consider myself a network engineer or anything but I do understand the basics. The new data center I am moving into routes my network to me a bit differently than my old data center. The IOS on the Cisco 2621 is: c2600-i-mz.123-26.bin
I am assigned a /29 block which they configure as the routing network, it looks like this: Routing Network: A.A.A.0Routing Network Sub net Mask: 255.255.255.248Routing Network Def Gateway: A.A.A.1Customer Usable Address: A.A.A.4
I've been assigned a /28 block which is B.B.B.240/28. They stated that in order for me to use my allocated blocks, I had to act as my own gateway, routing the traffic through the routing network. This goes just a bit beyond my networking knowledge, though I still understand it, I just don't know exactly how to execute. I'm assuming my 2621 with 2 Fast Ethernet interfaces should be able to handle this routing scenario.
Any sample configs, or possible a link to a how to to get this setup? I was going to use FreeBSD to do the routing, but a appliance based Cisco router is much more attractive of an option to me.
Is there a way I can check the version of each device on two Cisco 6509 if they are Virtually connected (VSS)? When I enter the command show version, it only shows one result, unlike show module, you have an option to choose which switch by entering 1 or 2.
If i look at the Feature Navigator , it says that IP Base Supports OSPF and EIGRP. But if i look at the Cisco Link it contradicts the Cisco Feature Navigator.
[URL]
if I have 6509-E with VSS-SUP720-10G and want to run OSPF and BGP on the Switch. What is the IOS i require? WIll IP Base Suffice or i need to take Advance or Enterprise Image.