I dont understadn how this works but basically I have enabled dhcp or so I thought bu clients dont get a lease. The vlan does but clients connecting to the switchports attached to the vlan do not get a lease and cant connect to anything. If I static the ip or use my server to issue dhcp then it's fine still some issues since I am cluceless but I dont understand what I have to do to get dhcp to work on the fa0-3 ports.
Router#sh running-config
Building configuration...
Current configuration : 1015 bytes
!
I have two VLANs - 10 and 20. 2 DHCP pools are configured on 2 1841's interfaces - 192.168.1.0 /25 and 192.168.1.128/26 with default router sitting on 192.168.1.1 and 192.168.1.129 respectively. No issues with obtaining IP address from any of those pools.Laptop connects to L3 3550 switch (switchport access vlan 10), which, in turn, connects to 1841 router through trunk (with VLANs 10 and 20 allowed).3550 is connected to 2960 through trunk with VLANs 10 and 20 allowed.Wireless router is connected to 2960.I can successfully ping my wireless router and outside world from 1841 from fa0/1 interface, but not from fa0/1.10 or fa0/1.20 sub-interfaces - all packets got dropped. My laptop can obtain IP from both pools (depending on port I connect it to), but can't ping my wireless router and anything beyond it.
We've been mocking up a test lab to test VSS on two 6500's. Each 6500 has one sup720 and a 6708-10ge blade and we've established the two 10ge links between the two chassis; the first from the each chassis' sup and the second from each 6708.My question is, what happens when the supervisor fails on one of the chassis?
Just checking if any switch reset after one PS failure (configured in default redundant mode). No crash file has been generated. Switch is running IOS 12.2(44)SG and PWR-C45-1400AC. After the switch went online we found that PS1 has gone bad. Haven't found any bug in the tool kit. [code]
in my simple network setup, I cannot resolve DNS queries from inside my NATted network. On the router I can ping both IP-addresses and names. Ping from the local machine works for IP-Adresses but not for names. When doing nslookup, addresses are not found and a SERVFAIL message is returned. I use a Cisco ISR 861 Router to connect our local LAN to the Internet (The WAN of the 861 is connected to another DHCP/NAT-Router, which in turn connects to the ISP-Modem). Addresses in the local LAN are DHCP-distributed, the DNS-Servers from my ISP are configured on the Router and the DNS-Information is distributed correctly to my local LAN machines (as I can verify by doing nslookup on Linux).
our backbone (6509) is connected to atm backbone (nortel passport) those are connected through giga Ethernet interface and running ospf in area 0. One week ago we lost the ip connectivity between those backbones, the interfaces were in up but the neighbor relation fail and it was kept in LOADING STATE, according we the logs the neighbor relation fail because a BAD LSA was received (error messages %OSPF-4-ERRRCV:Bad LSU adv and %OSPF-4-BADLSATYPE:Invalid lsa:Bad LSA chksum Type 5 were received during the outage)We check in cisco and this is quite normal behavior if we receive a bad LSA but the customer is asking why we have the same error message for long time and we didn't lost the neighbor relationship.
how many bad lsa we can receive before to lost the neighbor relationship.We receive two errors messages for bag lsa.. [code]
I have a Catalyst 4500 L3 Switch Software (cat4500e UNIVERSAL-M), Version 03.02.00.XO RELEASE SOFTWARE (fc2). So I just wanted to verify that the switch only does dot1q encapsulation because the switchport trunk encapsulation dot1q command does not work.
Looking for multicast over IRB interfaces. My full config below, works as expected on a Cisco 1760 router (IOS 12-4) but fails strangely on our Cisco 2800 (IOS 15-1) and Cisco 1941 G2 routers.
I use Windows 7 Enterprise and VLC 2.0.0 Two Flower as the multicast video receiver. On the 1760 router, I open VLC, request the video (rtp://@239.255.0.1:5004) and it plays flawlessly.
We have to upgrade the older outdated unsupported Cisco 1760 routers. We replace the Cisco 1760 router with a Cisco 1941 router. Configuration differs ONLY in the interface speeds; F0/0 to G0/0 and that is just bout it. Using the same Windows 7 Enterprise PC, I open VLC again and request the video -same as before; No video and no voice. We swap the 1941 out and put in the 1760 again, multicast works flawlessly. If we put the 1941 router back in, multicast fails again. We put the Cisco 2800 series router in and it also fails the same as the 1941 router.
Troubleshooting, I open VLC and request the same multicast video. On the same PC, I open Wireshark and start capturing packets, - and instantly the VLC video starts playing. I close Wireshark and the video stops. I open Wireshark and start capturing packets again and the VLC video starts playing again.
Wireshark shows the video packets are being received from the source when VLC is requesting the video. If I close VLC while Wireshark is capturing packets, Wireshark shows the video stream stops.
Shows the correct multicast sources, incoming and outgoing interface details
Incoming interface is Serial Outgoing interface is BVI Show ip pim rp Reveals the correct RP details
I am having issues with 'telnet' on port 2821 to a range of servers connecting through vlan interface from my core switch 6513 running s72033_rp-DVIPSERVICESK9_WAN-VM) version 12.2(33)SXH7, RELEASE SOFTWARE (fc3). The telnet on port 1556 and 13724 is ok.
I have this card installed onmy 3845 running version 12.4(18). But this card fails to show up.
here is what I found in a show tech.
WIC Slot 0: Unknown WAN daughter card WIC module not supported/disabled in this slot Hardware Revision : 2.0 Top Assy. Part Number : 800-27738-02 Part Number : 73-10677-02 Board Revision : B0 Deviation Number : 0 Fab Version : 02 PCB Serial Number : FOC******** RMA Test History : 00 RMA Number : 0-0-0-0 RMA History : 00 Product (FRU) Number : HWIC-2FE Version Identifier : V01 CLEI Code : COUIAFUCAA Base MAC Address : 001a.6c70.260b MAC Address block size : 2 Connector Type : 01 EEPROM format version 4 EEPROM contents (hex):(code)
I have a cisco 7606-S with dual RSP720-3CXL. Devices reloaded and now none of the RSPs are booting.When I have tried to take the console using only one RSP, card going to rommon mode after that it hangs. I guess its firmware is corrupted.
I'm setting up a new 4900m running cat4500e-ipbase-mz.122-53.SG5.bin. I'm attempting to create Port-Channels as a Trunk for uplink to a 4503 running cat4500-ipbase-mz.122-37.SG1.bin.When I attempt the command "switchport trunk encapsulation dot1q" it errors out.
I have a Cisco 2960S stack and I'd like to tune the timers so that packet loss is minimal if a switch fails.To simulate a failed switch I have reloaded it while running a continuous ping to a management address on the stack's SVI: [code] As I see the same results when a ping is directed through the single switch (switched), and through the firewall (routed), I'm inclined to think that this is due to the stack failover timers on the Catalyst 2960S.Is it possible to change the stack failover timers (i.e hold down, failover etc), to speed up the failover process?
We have an SLM248G switch which seems to be giving a few problems. When attempting to access the switch, the admin page loads but after logging-in, the admin portal page does not load fully, see screenshot.
Even after a factory reset (reset button held), the issue continues. Is there any other workaround for completely resetting everything?
I have a Cisco CBS3020-HPQ chassis switch running IOS 12.2.(25r)SEF3. One of the ports is in "disabled" state but when I try to unshut it, it doesn't work, the switch logs shows the following event:
%PLATFORM_ENV-3-LOOPBACK_PORT_POST_ERR: Gi0/1 can't be brought up because it failed POST in Loopback test
how do I resolve this, the port is unusable since I can not get it out "disabled" state.
I am unable to access a series of switches connected together through a management vlan. I receive the message "The server xx.xx.xx.xx at level_15_access requires a username and password." Entering the username and password fails and the same username and password message returns. I am able to ssh into the switch with the username and password that fails trying to access the switch with the browser.
How can I check the username and password for access with the browser?
I am trying to monitor switch performance. Is there a good way to monitor switch performance with the command line interface?
I have a stack of 4 Cisco Switch 3750 (1 x WS-C3750G-24T, 2 x WS-C3750-48P and 1 x WS-C3750V2-48PS) and I want to do an firmware upgrade of this stack. Actually, all the 4 switches are at the firmware version 12.2(50) SE1 "IPBase" and I want to upgrade them to 12.2(55)SE5 IPBase. According to the release notes, all the switches in my stack are supported.
To upgrade the firmware, I use the command "archive download-sw /imageonly /overwrite tftp://IP_Address/c3750-ipbaselmk9-tar.122-55.SE5.tar" The firmware gets uploaded correctly but then I get the error message "There is insufficient space in flash: to install the required image. Clean up some old images, and try again."
When I do a "show flash", I see that the switch has 5650944 bytes free of 15998976 bytes.
How can i upgrade my switches? Is there an error in my command which I use? Do I need to add an other option?
The problem is, the switches are located in a branch office and there is no direct access to them. Everything must be done remotely.
I work at a hospital and one of our department uses specialized software created by Varian Medical Systems. It has been brought to my attention that one of those applications has trouble opening during the day. I had the users demonstrate the issue and from what they explained to they are supposed to be able to open the application, log in, and be presented with a list of radiology images to choose from. Unfortunately, during the day this fails often and they have to try 3 or 4 times before it actually works. It behaves differently after 4 pm, and seems to work after the 1st or 2nd time at that time of the day. According to what I've been told this has been an issue as long as they can remember.
Varian has told me that they have done a number of things on their side to rule out their software and they think it is a network issue. We used Solar winds Engineer's Tool set (specifically the Network Performance Monitor) to monitor their switch and it is reporting no errors and the utilization graphs show that the ports involved have very little utilization. The most heavily utilized port is hovering between 10 and 5 person (Fa0/40). I've included a network diagram, but basically we have 1 10/100 Cisco 3350 switch (c3550-ipservices-mz.122-25.SEB4.bin), 4 clients, and 2 servers involved. They all are connected to the same switch at A-Full/A-100mbps. Although the Network Performance Monitor doesn't show any errors or over utilizaton of the ports in the the CLI I do see 35 output buffer failures and 35 under runs on the port connected to one of the servers (Fa0/40). They were a little higher and I cleared them about two weeks ago and then rebooted the switch, because I found that it could alleviate these types of errors.
They say the software use ports 5000, 55000, 55010, and 55020. We tried a packet capture, but I didn't have enough experience/knowledge to get anything useful out of it. I also checked the event logs on the clients and servers and nothing there indicates a issue in the software. They want us to replace the switch with a gigabit switch, but we have a REALLY limited budget and I would rather not if it isn't necessary. What I could try in order to rule out the network?
I have a 3845 router. Setup SSH Version 2generated rsa keys (1024)set login localtransport input ssh and telnet is enabled since I can't get ssh connection working When I connect using SSH, I get the following error. server refused authentication protocol.
We have one core switch and we are planning to add a 6509. Both are none VSS.All the access switches are Catalyst 3560 series.
We plan to have all 3560s to have a link to each of the core. Without VSS, it is not possible to etherchannel to both core switches correct?What protocol should I configure to prevent in case one core fails? HSRP, VRRP, GLBP?
Do I need to run spanning tree protocol? if so which one?What is the best way to connect from each Catalyst 3560 for load balancing and redundancy? One to each core?
At first I tried to port forward 25565 on my D-Link Router account, but that didn't work for anyone trying to connect through the External IP.
People can connect locally over my network and I can connect to the game via localhost, but like I said, no friends from abroad.
I've checked my External IP and that doesn't work, I've tried resetting my router to factory default and then reinstalling the firmware for the model, that didn't work. I tried removing the firewall altogether, and also just allowing 25565, but that didn't work. I also got my friend to take their firewall off as well.
(Also, it should be known, when I'm port forwarding I'm allowing access, and have 25565 set in both TCP and UDP. I tested to see if the port was open on Open Port Check Tool, but it said it was closed (connection timed out) even though I had it forwarded)
My Comtrend WAP5813n router, seems to be failing at port forwarding as I have configured it to forward ports,all the port checkers (offline and online) say those ports are open, yet I cannot access through them,it just fails to forward them(My server isn't blocking anything because it has worked on a previous router).
I am buying a Nexus 5K (N5K-C5548UP-FA) with the layer 3 card (N55-D160L3 - Nexus 5548 Layer 3 - Daughter Card).The switching capacity of it is 960 Gbps but I know I should expect less doing the Layer 3 function (it will only be used with static routing).What switching/routing capacity should I expect? How can I estimate it? What else should I consider?
I have an issue with accessing a Cisco NCS (ver.1.3.0.20) form the GUI interface. It claim the password is wrong...From the CLI I have access.... Ah I can just change the passwords I thought. But no way.. dosent work!
I have double-checked credentialn and access rules on the module and they seem OK. I am trying to add the module with the Admin credentials and ssh/telnet access is permited.
Is this the right way or I'm missing something. Module version is A2(3.2a)
I have a not-so newly installed LMS4.2 Linux appliance. Here is my configuration archive summary:
Config Archival Status No. of Devices Successful 7 Failed 1338 Partially Successful0 Total1345 Configuration Never Collected 1338
[Code].....
Which seems to mean that SSH does not work, which is false as I manually connects to the device from the LMS host successfully. Network devices access is authenticated against ACS servers using TACACS+ so there should be no problem with credential discrepency here.
We are using ACS v5.2.0.26.3 in 802.1X certificate based authentication. Now, when we added CRL functionality into ACS it fails in CRL validation and gives following error message:
LastErrorMessage=CRL PKI verification failed Certificate Revocation list [URL]
We have installed root, device and server certificates from CA, but for management we are still using self-signed certificate.
Question is, which certificate is used when validating downloaded CRL file - one used for EAP-TLS or one used for management interface?
How I can check which certificate ACS server is using for CRL validation?
I am using LMS version 3.2 and i am not able to generate EOS/EOL report with error no connection to Cisco.Saw an update i LMS portal as this:
Now Available! LMS 3.2:Patch for un-interrupted service of Cisco.com download for Device/Software/PSIRT/EOX updates (To be applied on or before 15-June-2011)
so upgraded the patch cwcs33x-win-CSCto46927-0.zip and restarted the demeon as read in the read me file for the patch.Now the job execution status is always shows running, its neither fail nor pass.
I have a 3845 that will not let me ping to the internet from my PC.On interface g0/0 I have a connection to a internet connection (another router), using DHCP to get it's address (it gives g0/0 IP 192.168.0.3).On interface g0/1, I have a connection to my LAN (I assign the interface IP 10.10.1.1).
I can ping the router. The router can ping the internet, do DNS resolution, etc.I have ensured routing is enabled. The only route I have configured is a default static route: 0.0.0.0 0.0.0.0 192.168.0.1.Oddly, if I choose 0.0.0.0 0.0.0.0 g0/0, I cannot ping sites on the internet from the router.
I tried setting up ip nat inside for my LAN and ip nat outside for the WAN/internet uplink, but this did not work.
This was the issue, I missed finishing the NAT setup.I can make the router ping out all day, and have my PCs ping the router, but getting the connection between the two is not working.
I try upgrade ACS 5.3.0.40 to new version 5.4.0.46. Everything looks ok:
ACS-machine/acsadmin# application upgrade ACS_5.4.0.46.tar.gz rep01 Do you want to save the current configuration ? (yes/no) [yes] ? Generating configuration. Saved the running configuration to startup successfully
% CARS Install application required post install reboot...
Broadcast message from root (pts/0) (Thu Dec 6 23:36:41 2012):
The system is going down for reboot NOW!
Application upgrade successful
But ACS machine (vmware instance) can't boot with this result: Volume group "smosvg" not found. (for details see attachment)
I am trying to upgrade ISE from 1.1.0 to 1.1.2.145 but failed. Find the details below.
DR-ise-pdp-01/admin# application upgrade ise-appbundle-1.1.2.145.i386.tar.gz ISE1 Save the current ADE-OS running configuration? (yes/no) [yes] ?
Generating configuration... Saved the ADE-OS running configuration to startup successfully Initiating Application Upgrade... Stopping ISE application before upgrade... Running ISE Database upgrade... % Application upgrade failed. check logs for more details.
We've got a central office (actually quite small) where several IPSec connections connect to. Two of these connections are Cisco 881 routers. One of them works fine, the other craps out after 24 hours (coincidentally also the IKE key lifetime). When I mean "craps out", it means the VPN worked fine from the get go, until 24 hours later. Only a reload will bring back the VPN tunnel. I've verified my PFS and DPD configurations are solid, because these kind of symptoms would most likely occur when these configurations aren't in order.
The two 881 configurations are quite similar. The only differences between the two are some details in the PPPoE configurations and (quite obviously) the IP address space for the two sites. Both operate on the premise of a point to point connection (no multipoint stuff going on here).
I am trying to join my ACS 5.1 to my AD. In the External Identity Stores > Active Directory I have put in the AD administrator details and hit the test button and the test succeeds.
However, when I try to save changes it fails with an eror saying it can't connect to the LDAP server.
Error while configuring Active Directory:Error while configuring Active Directory:Unexpected LDAP Error Can't contact LDAP server due to unexpected configuration or network error.Please try the --verbose option or run 'adinfo --diag' to diagnose the problem.Join to domain 'Mydomain.local', zone 'null' failed.
I have done this lots of times and never had any issue once the test connection succeeds.
I've checked the time and timezones on both ACS and AD and they are the same.
