Cisco Switching/Routing :: 8192 / STP Root Bridge Is Pointing At FWSM?
Feb 11, 2013
I have two 6509s both with single FWSMs running in transparent mode with bridged Inside and Outside VLANs.I have my Core A set to STP priority of 8192 and Core B set to 16,384 to make Core A the root for all VLANs.Problem I have is when I look at spanning-tree on Core A for Inside VLAN 324 it states to get to the Root go via PO100 (Cost of 9) and that the Root also has a Priority of 8192, but as the designated Root has a lower MAC address it's pointing to the etherchannel. PO100 is L2 Etherchannel between the Cores.Moving accross PO100 to Core B and running the show spanning-tree command I can see that to get to the Root Bridge I need to go via PO272. PO272 is the internal Etherchannel to get to the FWSM on the Core B Switch. This shows a cost of 6 to get to the Root and a mac address of the Root Bridge which resides on Core A (Outside VLAN 124)To give some perspectibe,theoutside VLAN of the pair has it's STP ROOT on the Core A switch as intended?
View 1 Replies
ADVERTISEMENT
Feb 16, 2013
I config vlans 21-23 on 3750 A and B switches.I config B switch to be Root Bridge for all vlansspanning-tree vlan 1,21-23, priority 4096 sh span tree on B switch 3750B# sh spanning-tree.
View 18 Replies
View Related
Jan 18, 2012
I have an Extremely Old switch that I need to connect to my network. Because it is so old I don't want it to become the Root Switch.
what is the command to change the priority. (Honestly I don't remember if it has to be a lower number 1 or a higher number ). Always get that mixed up. I've read about root guard, but I would like to prevent it manually. (It is a small network after all)It is a Cisco 2950.
View 3 Replies
View Related
Apr 24, 2012
Can I associate the non-root bridge model 1310 to the root bridge model 1400? Is there any problems on the configuration I need to be aware of?
View 7 Replies
View Related
May 3, 2013
We have a problem with a Cisco 1400 Bridge. This equipment can not bridge to the other root or not root mode. I can see a message "Interface Dot11Radio0 Radio transmit power out of range" and the MAC Address of Dot11Radio0 appears with 0000.0000.0000.I set the local power to 18 but the MAC Address is still in 0000.0000.0000.
View 1 Replies
View Related
Sep 19, 2012
Why is it when I set the port priority for example to 8192 and I then do a show spanning-tree vlan 1 it shows as 8193, does it add the vlan number? so if it was vlan 10 it would be 8202?
View 7 Replies
View Related
Apr 9, 2012
I want to connect two buildings. Let's call them Building A (main) and Building B.
„A“ is the main building and provides a wired LAN to an AAA server (192.168.1.2) and the WAN gateway (192.168.1.1). There I placed a 1262N with the IP 192.168.1.3 connected to the wired LAN and configured it as Root-Bridge. Let's call it AP01.
„B“ is a pretty large building and has a wired LAN from one end to the other end.
So I placed two 1262N there, each at one end.
The first 1262N is configured as non-root Bridge (AP02) and connects to the Root Bridge (AP01). The IP address of AP02 is 192.168.1.4.
The second 1262N is configured as Access Point (AP03) and connects to the non-root Bridge (AP02) via the wired LAN. The IP adress of AP03 is 192.168.1.5
My Questions:
1. Do I need tell AP02 about the AAA Server in Building A or acts AP01 like a AAA Proxy for AP02 because of it Root Bridge functionality?
2. How Do I tell AP03 that it should use AP02 as a gateway to building A?
View 2 Replies
View Related
Apr 18, 2013
A customer has a wireless PTP bridge using a pair of 1410 bridges. The non-root bridge event log shows the RSSI polling information message indicating the link's signal strength; ie. -42 dBm. It updates every few seconds or so. The root bridge does not show this information in the event log. Both bridges have the event log configuration options set identically, all messages types are enabled. I can't find any reference to this in the documents. Is this by design? I thought that maybe a root bridge if it was set up as a multi-point might be overwhelmed if it was showing/scrolling RSSI from multiple non-roots.
View 3 Replies
View Related
Oct 16, 2012
I have a setup where - I have a cisco stack (4X SGE2010 Switches) trunking over to a 3COM switch. Both switches believe to be the "ROOT" of the network. Note The 3COM is running RSTP as opposed to the Cisco Stack which is running normal STP. To my understanding of STP - Essentially STP is not functioning! Both switches believe to be the "ROOT" so they don't shut ports down. (We are currently having major issues with ports going up and down for seconds at a time on both switches)
View 3 Replies
View Related
Jan 12, 2012
I have 2 3550 12G switches that I use as core fiber switches. Switch 1 is the primary for 1/2 the V LANs and Switch 2 is the primary for the others using MST with 2 instances (I am not including the default 0 instance). I am using HSRP to provide redundancy. So far so good.
Recently a tenant in my building would like to use their own switch for data but still needs access to a V LAN on mine for voice. Again not a problem as I can configure a trunk port and give them what they need. My concern is that if they try to configure STP on their switch can they take down mine. Are there some preventions that I can put into place, such as root guard, that work with MST? What happens if they too set up MST can they kill mine?
Switch 1 is the root for 1/2 the v lans and Switch 2 is the backup root. The scenario is flipped for the other 1/2.
View 3 Replies
View Related
Apr 1, 2013
I have two locations DC and Corp connected to each other via Point to Point Circuit. I have forced the two core switches setup as GLBP pair to be primary and secondary for certain VLAN's including VLAN1.I have a switch in our Corporate office 3750 which is where the point to point circuit terminates. VLAN1 SVI is manually shut on that switch. Also the priority on VLAN1 is increased manually like this, "spanning-tree vlan 1 priority 28672".
Now the issue is that the Primarey Root Bridge in the DC is the root bridge for VLAN 1. But this other switch 3750 in our corporate office also is a root bridge for VLAN1. [code]
View 17 Replies
View Related
Dec 15, 2012
in my LAN the all access layer switchs/stacks are connected directly to core backbone switch (cisco 6509) via sfp fiber-optic, i want to protect my spanning tree setup with the "root guard" command.
1. where would i set this ? on uplink ports on access layer switches ? or on core backbone ports to which the access layer swithes connect to?.
2. can this be set on active (production) ports without downtime?
View 5 Replies
View Related
Nov 13, 2012
I have a cisco 3560 8 port switch. I really would lime to have the webinterface enabled. So i downloaded the archive from cisco. I extracted the archive to the flash of the switch. After rebooting the device everythings looks fine, but the html folder is a subfolder. It looks something like this: flash:c3560.../htmlI my understanding to enable the webinterface the html folder should be here flash:htmlHow do i move the html folder from the subfolder to the root?
View 1 Replies
View Related
Oct 18, 2011
i got the problem with 1300 bridges,root bridge with omni antenna and non root with sector antenna , it can associate and can pin each other , but whenever i try to browse several web pages its get timed out and radio was down.
View 5 Replies
View Related
Jul 18, 2011
Any working configuration between two BR1310's in Root/Non-root mode? The documentation is vary vague and i can't find anything more secure than WEP. Is it possible to use WPA with radius authentication?
View 1 Replies
View Related
Nov 14, 2011
I want to set up FWSM 4.1 on Cat6509 with multiple bridge groups in one transparent context. (as the manual says it can support up to 8 bridge-groups and the intent is to save security contexts) For a host in VLAN21 (b1_inside) to talk to a host in VLAN41 (b2_inside), traffic needs to be go out to MSFC which routed back the traffic through the FWSM. My question is how can I define a default route per bridge-group, I would assume FWSM should take the following two default routes per bridge-group interface but it won't;
route b1_outside 0.0.0.0 0.0.0.0 10.11.75.1 1
route b2_outside 0.0.0.0 0.0.0.0 10.11.76.1 1
seems like it allows only one default route per the context and gives me an error - "ERROR: Cannot add route entry, possible conflict with existing route"
How can I achieve outside per individual bridge-group?
FWSM context config:
Interface VLAN11
nameif b1_outside
bridge-group 1
security-level 0
!
Interface VLAN21
nameif b1_inside
[code]...
View 2 Replies
View Related
Nov 17, 2012
I have a vlan defined in FWSM for server farm there is a one server with two IP addresses and teaming has done on it how ever from FWSM i am able to ping both IP addresses but from core 6509 switch i am only able to ping one ip address. from FWSM show ARP command displays the same virtual mac addresses against both IPS of the same server.
View 2 Replies
View Related
Oct 8, 2012
We are planning to upgrade the IOS on our two 6509E supervisors in the next few weeks. We currently run IOS 12.2(33) SXI1 and are upgrading to 12.2(33) SXJ3. At the moment the two supervisors are in SSO mode and after reading many articles it says that when the images are different on the two supervisors they are in RPR mode. When you then reload the active supervisor it will reboot all the line cards.
1. Is above correct? Will my line card reload?
2. We also have a FWSM installed, When/If the line cards are rebooted does the FWSM also reboot?
View 1 Replies
View Related
Jan 19, 2011
I had a problem with a FWSM of 6500 because the FWSM primary change to standby and after back to active.
View 1 Replies
View Related
Feb 7, 2012
Configuring FWSM in a 6509. When I set "firewall vlan-group 40 40-42,251", it results in: "No more than one svi is allowed. Command rejected.".
I had "firewall multiple-vlan-interfaces" set for a previous use of this module, but took that off with the "no" command. Suspect that is the issue, but do not see how to resolve. Seems similar to bug CSCsr48563, but I am at the fixed code for that bug.
View 1 Replies
View Related
Sep 25, 2012
Any have experience on triggered failover on VSS deployment with 1 VS-720-10G-3C in each chassis? I tried using "redundancy force-switchover" but after that the 20G VSL is flapping up & down and cannot be up normally, we got 1 FWSM in each chassis, any configuration need to fit in this kind deployment? BTW, if I shutdown the power source of VSS active chassis, both FWSM & VSS can failover normally.
View 3 Replies
View Related
Dec 20, 2007
My company has acquired a Catalyst 6513 with a FWSM module installed on it. I have been reading lot of documentation on [URL], but still have some problems configuring the FWSM:
The 6513 has 10 SVIs configured, each of them with an IP address. These 10 SVIs are binded to 10 VLANs which I need to secure. These SVIs are used for routing all the Inter-VLAN traffic inside the switch. The documentation says it is recommended to use just one SVIs for connecting the switch to the FWSM, although you can use more than one using the command "firewall multiple-vlan-interfaces". I don't want to use this command because it seems a pretty more difficult configuration, since you have to use policy routing after using this command (or that is, at least, what documentation says).
When I try to "send" to the FWSM more than one VLAN that are configured as SVIs on the switch I get this error message:
"No more than one svi is allowed, command rejected."
If I delete the IP address of those SVIs, then I can to "send" those SVIs to the switch with no problem at all. But I need the SVIs to have IP address configured, since they are needed for routing Inter-V LAN traffic.
So, the question is: how can I route all the inter-VLAN traffic using just one SVI on the switch? Should I use the FWSM for inter-VLAN traffic routing?
View 15 Replies
View Related
Sep 30, 2012
I have 2 6509 chasis with one SUP720-3B in each and current IOS is s72033-ipservicesk9_wan-mz.122-18.SXF4 and 2 FWSM with version is 3.3.1 I need to upgrade FWSM system software to 4.1, after checking FWSM 4.1 release notes, I thought of upgrading IOS to latest version to 12.2(33)SXJ.I got new 2 CF of 512MB and downloaded the new IOS on them and need to upgrade 6509 IOS first to meet the requirement for FWSM upgrade.
View 1 Replies
View Related
Jan 22, 2012
I would like to know the meaning of 'set max-parse-length 8192' on ACE.Looking at Cisco documentation I found:"you can set the maximum number of bytes to parse for generic protocols by using the set max-parse-length command in generic parameter-map configuration mode.You can set the maximum number of bytes to parse for generic protocols by using the set max-parse-length command in generic parameter-map configuration mode.' what a set max-parse-lenght is?
View 1 Replies
View Related
Dec 1, 2012
I need to replace an ADSL modem and have a spare 857W. Can I use this to act as a simple bridge between the ADSL PPPoA connection and the FW WAN port?
[ CISCO 857W ]
ISP - PPPoA - BRIDGE - FW WAN
I have a block of Public IP's so the PPPoA Dialer 0 connection would get x.x.x.185/29 I would like to bridge this directly to the FW WAN port and set that to x.x.x.185/29 with a gateway of x.x.x.186/32.Currently I am using it in router mode with no NAT or FW and am losing a Public IP as I need to set the FW WAN as x.x.x.186 with a GW of x.x.x.185 I am setting BVI 1 as x.x.x.185/29 and Dialer0 as IP Unnumbered BVI 1.
View 1 Replies
View Related
Nov 20, 2012
I need to set up a L2 llink between my LAN and this 1921 router. I though IRB would do it but its not working yet. Here is the topology- I dont want to see another hop on this 1921 rtr so I hope I can just trunk it or something with IRB. Not working.
View 6 Replies
View Related
Dec 7, 2011
I have 3750 core/distribution switches with routing enabled in two offices connected with copper link and L3 port channel interfaces. NewOffice#2 has moved about 5 miles farther away from office#1 and I have to deploy new core/distribution switch connect it to old core#2 via F.O and move all access switches with it. Old core will stay in old #2 offices as a bridge between office#1 and new office#2 Office#1core<->copper (Ethernet) <->oldoffice#2core<->f.o. <->new office#2core How I should configure port channels ports on oldoffice#2 core to act as bridge between office#1 core/dist and newoffice#2 core/dist without changing anything else (ip, etc) on whole network
View 1 Replies
View Related
Nov 8, 2012
I have 3 VLANs here that need to be on the same network segment. They are going to be used by our Wi-Fi network (with Aironet APs), bound to 3 different SSIDs (as Aironet APs doesnt allow multiple SSID per VLAN), each one with a different authentication method and server.Is there a way to bridge those VLANs together with a Catalyst 3750 switch? I tryed configuring an IP address on one of the VLAN interfaces, then configuring a bridge with the vlan-bridge protocol (Catalyst 3750 doesnt have the "ieee" bridge protocol type) and put all 3 VLAN interfaces on the same bridge-group, but it didnt work (even with "bridge x route ip").I also tryed configuring IRB bridging, with the 3 VLAN interfaces on the same bridge-group and an IP address on the BVI interface (the way I used to do with old 2600 routers). Same result.(actually, I didint test to see if the interfaces are actually being "bridged", but I see neither of them can reach the router)
View 1 Replies
View Related
Oct 8, 2012
I have two separate offices in the same building that I'm trying to connect. They are physically far apart so I cannot connect them wirelessly. I have had an ethernet cable run from the main office to the second office and physically connected it to a WET200. I can see the WET200 on my router in the main office. In the second office, I want clients to be able to come in and connect wirelessly to the WET200 which will then connect them to my router and internet connection. The WET200 is the correct device for this?
View 2 Replies
View Related
Jan 14, 2012
In preparing for an upcoming upgrade of our serverswitches (N7K and N55K), I've run into a wellknown issue with ISSU and Bridge Assurance, where ISSU is not supported when, among other, BA is enabled.
My topology is quite simple (see attatched jpg). A pair of N7K's as distributionlayer switches running in vPC mode with BA between them. The N55K's are dualhomed across the two N7K's through vPC, but each N55K operate indvidually, that is vPC is not running between them. The jpg shows a simplified topology, but I have several N55K's attached.
During the deployment of this network, we enabled BA downstream towards the N55K. In hindsight, maybe I could have excluded this option, but currently it's in operation and is also hindering me in doing ISSU on my N55K's. Now, the easy solution would be to simply revert to normal span-type mode and since the N55K is running LaCP upstream towards the N7K's, we've managed to stay clear of STP's shortcomings, so I believe I'm good even without BA.
Unfortunately, I don't have sufficient equipment at my disposal to set up a lab and test the impact of disabling BA between the N7Ks and N55Ks in a running enviroment. And since our server/application enviroment is somewhat fragile (that's putting it mildly), I'm trying to come up with an educated guess as to what impact to expect, if I concurrently (or as close as a manual intervention can get) re-configure the two ends of the channel to use span-type normal. I would expect the upstream port on the N55K (channel-port) to temporarily be suspended and having to go through the usual rstp cycle on both ends before coming operational again.
View 2 Replies
View Related
Mar 29, 2012
We have a 6513 with about 8 switches in it. I installed a Intel Pro PT NIC in a Dell PE2850 and setup the Team setting which created a bridge in the network connections.
10 minutes later, every server connected on that 'blade' went down and rebooted.
This happened once before to another tech here (I didn't know at the time it would do this but after he saw it he pointed it out)
View 2 Replies
View Related
Feb 15, 2013
I have a WLC 2106 which is configured and working as follows: [code] how do i get the AP at Site B to use the local server (10.0.28.x) to hand out DHCP leases?
View 3 Replies
View Related
Aug 1, 2011
I have a 2511 TS linked into my CCNP lab and configured it with default gateway pointing to my ADSL router. The TS has a staic local IP in my LAN also I have port forwarding set up on my ADSL router to direct all Telnet (not cofigured for ssh yet) sessions to the TS.
The TS is linked to the ADSL router via the transceiver module ( CentreCom AT-210TS) which feeds the ADSL router with ethernet connection.I have tried to access the TS from a remote location but with no joy, fortunately I also have it consoled to my PC so I SSH to the PC and then run my terminal emulator from there. Using SSH to the PC and then minicom to the TS when doe this way (Remote Location>Ubuntu>minicom>TS) I can see the ethernet interface has no MAC address when i do a sh internet eth 0 mac is set to 0000.0000.0000.
I don't want to be connecting via ssh to PC before accessing the TS but instead just want to connect to the TS; for the life of me I still can't explain what's going on.
View 1 Replies
View Related
