Ask this question, if someone came across a 6513, one of the RJ45 ports are constantly falling.The question is how to disable logging on a specific portno logging event link-status does not work.
View 1 RepliesI have been getting the logs in my cisco 6513 switch [code] On further investigating in the module 9 which has a DFC card also , we found the source of this error whether it is a source of any upcoming potential impact or can be simply ignored
View 3 Replies View RelatedI have a cisco 2811 router set up as a nat/firewall gateway for my network. I've configured it for CBAC on using ip inspect and an access list.What I want is to use audit-trail to record network traffic (which means sending syslog messages to a server) concerning established sessions from my own network to locations in the outside. If i configure this using ip inspect audit-trail and no ip inspect alert-off, the configuration looks like this: [code] which works just fine, but there is the matter of icmp packets.
Since i use polling software that needs to check some machines in the outside part of the network, it is only natural that several icmp sessions are established through the Inspection Rule per minute. The problem is that since these sessions are recorded along with everything else, my syslogs are flooded with these (since i am using logging trap informational) to the point that more messages are generated about icmp than all other traffic combined, especially in non-working hours.What I am asking is a way for the audit-trail to be selecively disabled for icmp, so that the outgoing (echo) &incoming (echo reply) sessions can be established without generating syslog messages.
I'm encountering what I think is an issue on logging system on FW ASA 5520 - Asa Version 8.4(2), ASDM version 6.4(5). When I disabled the logging inside a rule from ASDM, or from console with the "log disable" option inside ACL, If I check in ASDM logging real time window I continue to see all the entry related to disabled rules. This is a correct behaviour about ASA logging ? How I can "hide" the entry related to disabled rules (this is what I need for troubleshooting purposes) ?
View 1 Replies View RelatedWe have 2 6513's that are linked via 2 10 gig interfaces, using an LACP channel.I received an alert this aft stating that the far 6513 was unreachable and the port channel int PO3 had gone down, the 2 10 gig interfaces had also gone down on either side. 5 mins later PO3 had resestablished itself and has been fine since. [code]
View 4 Replies View Relatedis it possible to shutdown a specific port on my 3750x and monitor this port at the same time .for example , im dealing with a mac authenticated network using port security , i want to shut down all the ports that are not used at the moment , however , if some one gets connected to the one of the shutdown ports i want to know the mac address of the user or atleast to know that i have someone who is just plugged in to the one of the shutdowned ports .
View 4 Replies View RelatedI am having issues with 'telnet' on port 2821 to a range of servers connecting through vlan interface from my core switch 6513 running s72033_rp-DVIPSERVICESK9_WAN-VM) version 12.2(33)SXH7, RELEASE SOFTWARE (fc3). The telnet on port 1556 and 13724 is ok.
View 1 Replies View RelatedI have two servers, connected on two(Different) 6513 directly connected switches. Both these servers are in the same Vlan.
I have to monitor communication these two servers. I have a system connected on one of the 6513 switch, where network tool wireshark is installed.
How to configure span port.
switch 6513-1# show run int Gi10/43 --------------------Server 1 is connected
switch 6513-2# show run int Gi9/45 ------------------------Server 2 is connected
switch 6513-2# show run int Gi9/46 ------------------------System on which network tool wireshark is installed.
I have created 5 new 2 Gig port channels on a 6513 WS-X6516A-GBIC blade connecting to 5 4510R+E switches. 3 of the 5 Port-channels show up/up. 2 show down/down. However, for the 2 showing down, a duplicate Po interface was created with an "A" appended to the name that shows up/up. E.g:
Port-channel26 unassigned YES unset down down
Port-channel26A unassigned YES unset up up
Each of the 4510s has a second 2Gig PO to another 6513 with an identical config and all of those come up fine.
we have a chassis 6513-E and a module WS-X6748-GE-TX, I'd like to know if could I put this module in any slot, since the documentation from Cisco says that any slot from a chassis 6500-E Series can support this module. And then in the documentation of WS-X6748-GE-TX says that this module is not compatible in the slots 1-8 of the 6513 chassis, only from 9th to 13th slots, in those slots from the 6513-E we already have 4x WS-X6748-GE-TX, and we'd like to know if could we put the module in the rest of the slots. The 6513, and 6513-E is kind of confusing.
View 4 Replies View RelatedHow much is the limit for the creation of PortChanel in a Core Switch 6509 and 6513?Is there a limitation byu hardware?
View 7 Replies View Relatedwhen plugging a Cisco 7060 to the specific switch port it does not power on. The inline power consumption is abnormally high compared to the other phones that are plugged in, maybe double the amount.
non Poe devices work on the same port.
I used multiple cables and phones.
I have a network with 3 segments and a 2921 router.v172.16.5.0/24, 172.16.0.0/27 and 172.16.2.0/23 .
I want to block all 135 TCP traffic from/to IP 172.16.5.5 to any host in other segment, but only TCP port 135 and only to the specified IP.
I have several SF300 switches deployed (SF300-08, SF300-24P). They are connected to IP Telephones (NEC) which communicate with the switch for auto voice VLAN on LLDP. The problem I am experiencing is that periodically the IP telephones are rebooted by the telephone vendor and when they do the switch puts that port into "Locked" port security mode and discards all traffic to the port. The IP telephones of course do not work. In other switch models, I have seen the ability to enable / disable port security switch wide or on a port by port basis. This model does not appear to have this feature. How to disable or why the phones would cause the switch ports to "lock"? There is usually one PC attached to each phone.
View 1 Replies View RelatedI have upgraded a couple of 2960G switches to 12.2.52SE and now discovered that TCP port 4786 is open on the switches.
I have looked in the document{URL}, trying to find a way to disable this function/port, but didn't find anything useful. Any way to disable this function/port?
We are using catalyst 2960S Lan Base IOS on Radio towers. We just bought 50 Accest points, thas are GPS synchronized. Problem is the APs need to be connected on L2-mac betwen each other. But at this time we are using port isolation on each switch (tower) by protected port function to isolate clients from each other.
My question is, is possible to specifi a Mac addresses in specific vlan thats can comunicate betwen protected ports? On tower is one Master unit and others are slave. I thing there is only 1 dirrection comunication - from master to slave.
I have a Cisco 2960G switch and one of the ports was configured with srr-queue bandwidth limit 90 - I need to remove this bandwidth limiting from this interface. [code]
View 2 Replies View RelatedI am testing 2960 24 S with storm-control and Errdisable Port timer interval 60s , connected HUB on fa0/17 to make traffic / loop.After Strom Control detection the interface goes down thats ok after 60s they will try to recover the interface and going up although the loop is still there.For my understanding if the interface detect still a loop on that interface they will disable the port again for 60s and will check again. [code]
View 7 Replies View RelatedWe have a number of 3750 stacks used as access layer switches connecting Siemens VOIP phones and then a PC that connects to the phone.
For example if I plug PC A to the phone that connects to port 13 I pick up an IP addressand all works as predicted now if I plug in PC A to any other VOIP phone that connect to another port on the same switch it goes in error disable state ITs like the switch is holding my PC mac address and locks it down with the port which in my case is Gi2/0/13.
interface GigabitEthernet2/0/13
switchport access vlan 726
switchport mode access
[Code].....
I have stacked WS-C3750E-24PD with Ten Gigabit Ethernet ports configured under ether-channel. It has c3750e-universalk9-mz.122-55.SE1.bin IOS installed on it. One of the Ten Gigabit Ethernet ports, goes to err-disable mode with following errors on that specific ports.
%SFF8472-5-THRESHOLD_VIOLATION: Te1/0/2: Tx power low alarm; Operating value: -31.0 dBm, Threshold value: -9.0 dBm.
%SFF8472-5-THRESHOLD_VIOLATION: Te1/0/2: Tx power low alarm; Operating value: -31.0 dBm, Threshold value: -9.0 dBm. (DROmx-1-1)
I have gone through some of CSC forums like {URL}. The workaround is to "Remove the X2 or SFP from the inactive up link port" which is not in my case.
I am trying to filter ARP answer arriving on a C6500 trunk port, for a specific vlan.Filtering conditions are:
- packet arrive from vlan ID x on the trunk (on only for this vlan ID)
- source MAC address = xx:xx:xx:xx:xx:xx
Thae aim is that the C6500 with never enter into its CAM table this MAC address.I looked at several methos like service policy or vlan filter, but no solution for the moment.
In our company 3nos Cisco 3750 (WS-C3750-48P) access switch in stake mode. All port are assigned with voice and data Vlan also Avaya IP connected with this switches. From last few days tow port 2/0/7 and 2/0/8 is showing amber and status is showing err-disable. At Avaya end it is showing a message “ETHERNET WAITING” in phone dispaly. I try to connect laptop directly with these ports but it is showing "Cross Connectivity". [code]
View 4 Replies View RelatedIs it possible to configure the span(switch port analyzer) port and restrict it to only listen to ingress and egress of TCP/1433 from the source port?
View 2 Replies View RelatedI am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.
Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked
We have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
Here's the info:
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS
Image:c3560-ipbase-mz.122-35.SE5.bin
This is the log from one switch:
31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2.
31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
And from another, which is almost the same:
5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state
5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3.
5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Here's the configuration of fe interfaces (they are all alike):
interface FastEthernet0/2
description Voice & Data Combo Port
switchport access vlan 11
switchport mode access
switchport voice vlan 15
[code]....
I am looking for the way how to disagle logging of one user. We are using one testing user for checking accesibility of ACS from large number of switches - this checking exhausting logs quite quickly. Is it possible to disable logging of such user?
View 2 Replies View RelatedMy syslog is full of %ASA-4-106023: Deny tcp src outside:---- by access-group "inbound-acl" messages. I did not configure an explict deny for the access list to log these denies.how I can disable logging of denied connections?
View 9 Replies View RelatedI'd like to know if there's a command I can run to turn off paging on my SF302 switch. So for example, when I run the "show logging" command on the CLI, I'd like to it return all the results instead of prompting me to hit space bar or enter.
View 3 Replies View RelatedI use a router RV082 with load balancing. My problem is when I try to access a specific site, I get the error message that my IP address changes and I can not use 2 ip address. I want to specify an ip range to always use the same WAN port.
View 2 Replies View RelatedIs it possible to enable an absolute value rate limit using QOS on a HP ProCurve 5406 switch for a particular IP range on a specific port? Is there a way to configure our HP 5406 with an absolute rate limit on "WAN" port for that server's IP range? I would like to limit it to only being capable of sending 1Mbps worth of traffic over the head end at once.Everything in the documentation points towards priority queues, which as far as I can tell, isn't really what I want.Baring accomplishing this goal using rate limiting is there a better way to prevent our services from accidentally saturating this connection?i thimkong about somthing like that:
class ipv4 rate-limit-port-A1
match ip 10.136.0.0/16 any
exit
policy qos port-a1-ratelimit
class servers-to-be-slowed action rate-limit kbps 1000
exit
interface A1 service-policy port-a1-ratelimit inI'm not sure about this.
Well I have been back and forth on this a while now...I have a 6513E chassis that is getting prepped for prod. I am currently testing sso functionality and I can only get it to work using the following images on both Sup Cards.
s72033-adventerprise_wan-mz.122-33.SXI5.bin
If I try any other image, smaller or bigger in size...it forces my Sup card in mod 8 to recycle " proxy request from peer ". I have tried K9 images and non K9 images. Here is an output from sh redundancy.
Redundant System Information : Available system up time = 4 minutes Switch overs system experienced = 0 Standby failures = 0 Last switchover reason = none [code]...
force something such as a Telnet client to use a particular outbound port when opening the TCP connection?
View 3 Replies View RelatedI have a new 6513 with 2 sup32's with IOS. This chassis will replace a working 6513 with 2 sup2's with CatOS.I need to pull the running config from the CatOS chassis and make it work on the IOS chassis. i can do this manually but was wondering if there are any trade secrets on doing this.
View 3 Replies View Related