Cisco Switching/Routing :: ASA 5505 Connected To WS-C3560G-48PS
Nov 2, 2011
I recently removed a catalyst 2950 switch code version: c2950-i6q4l2-mz.121-13.EA1 ?I had an ASA 5505 connected as a switchport access to the 2950 on port 44. We will call the VLAN that the ASA sits on: VLAN 404. The 2950 had a trunk to our catalyst 6509 distribution switch carrying that VLAN 404. We also have a another VLAN for computers that sits on: VLAN 129, this is a standard DHCP vlan and it accounted for the rest of the switchports. The 2950 also has this trunked to our 6509 distribution switch.
Everything was working fine with that setup.After replacing the 2950 with a 3560 we started running into problems. The 3560 was configured the same exact way as the 2950. What was happening is that computers that sat on VLAN 129 started experiencing packet loss and were unable to work. It's as though the ASA was taking over the switch.
Is there a protocol that is enabled by defult on the 3560 that would do this?
We are using WS-C3560G-48PS connected via UPS power supply. Whenever raw power supply gets fluctuates few of the IP phones (Alcatel) gets reset although switch is remain up and running. We checked the same by disconnecting the raw power supply but we didn't found any packet loss from the node which are connected through this switch. But few IP phone gets reset. What could be the reason
This switch randomly reboots throughout the day. I checked the stacks info and reported it was using crashinfo_12 (report below). I have access to the switch throughout the day if more config info needs to exported.
Cisco IOS Software, C3560 Software (C3560-IPBASEK9-M), Version 12.2(50)SE1, RELEASE SOFTWARE (fc2) Copyright (c) 1986-2009 by Cisco Systems, Inc.
I've got two two 3560s switchs, (WS-C3560G-48TS-S) that I'm trying to connect to each other using the GB ports over Fibre. We purchased the following GBICs, SFP 1000SX Transceiver and when we put them in the port it shows (err-disabled). Below is some information I pulled from one of the ports, but doesn't matter what port I use they all say the same thing.
ProdSwitchSW1#show run int g0/51 Building configuration... Current configuration : 37 bytes ! interface GigabitEthernet0/51 end
I am in the process of upgrading our stack of 4 switches consist of WS-C3750G-48PS. Upon reading release notes found that there are two versions of release notes 1 day apart, the one 02 Sep 2012 saying that WS-C3750-48PS is not supported in this version. Then in release next day 03 Sep 2012 that note has been removed. Which one is correct. Is it supported with my model of switch or not. Also unable to update boot path in the stack switches, "switch all" is not supported in the current IOS. Any other way to update it. Master switch has new boot path but unable to change in slaves.
We recently connected a RPS 2300 to our switch WS-C3750G-48PS-E with IOS c3750-ipservicesk9-mz.122-53.SE2.bin.However i do not see any RPS details in the"show env" output.I believe i should get the RPS Name and its Serial and the port number in the output, but i am not finding it in the output. I did reload the switch but still couldnot get this udpated.
Just spoke to the TAC and didn't get the information needed. When configuring ip dhcp snooping database I am adding this to my configuration:ip dhcp snooping database scp://dhcpsec@192.168.1.50/home/dhcpsec/switch1.dhcp.database.txt..I assumed that to do this I would either specify the password on the command line, similar to the way its done when using ftp/http, or that I would need to create a public/private key.I have enabled scp and can manually copy a file from the switch to the linux server. So I believe I have all the aaa commands correct. Cisco WS-C3560G-24PS System image file is "flash:/c3560-ipservicesk9-mz.122-55.SE.bin".
I am having WS-C3560G-48TS switch with ios(c3560-ipbasek9-mz.122-58.E2.bin) and I am trying to use IPv6 feature in this switch model. More over I've upgraded this switch with many ios but none of them not supporting IPv6 feature. ios which supports IPv6 feature?
I have a WS-C3560G-24PS service as a distribution switch with six (6) WS-C2950T-24 connected to it. In looking at the utilization on the inter connect links no one is running close to a gig speed and this includes the link between this switch and the core. The CPU load (6%) and memory utilization (30%) on the switch do not seem bad so what else does one watch to see if it needs an upgrade?
We are starting tohave discussions about any needed upgrades on the network. I have an ocassional user that complaines about low performance but looking through the network I can find nothing glaring on a consistent basis that says an upgrade is warranted. I am however looking at things such as the above. Utilization on links, CPU, memory, etc.
We have 2 x C6506E and 2 x C3560-48's, they are all interconnected via port channels at 2Gb per channel. The 6506's are running CEF but the 3560's are not (The 3560's carry all our server traffic).When I do a show CEF on the 3560's it says %IPv4 CEF not running. There does not appear to be a global command to enable CEF on these switches.Is this an IOS version option or is not supported on the hardware platform?
I want to upgrade the IOS version of 3750 48PS switches. these stacks are located on different building some of the them having 2 members and some have 3 members in a stack.step by step to upgrade the IOS of these switches.
I've been experimenting with the 'vlan dot1q tag native' command on a switch and it seems as though tagging the native vlan breaks vty access to my access point.With the 'vlan dot1q tag native' commnand applied, I lose management connectivity to the AP with 'no vlan dot1q tag native' applied, connectivity is restored. Why is this? Is it safe to say that one can access the AP via vty lines using ONLY untagged packets?
We had some problems with 3560G-48PS-S switches and PoE for our phones. IOS is 12.2(50)SE3. There were some problems after power outage. The switches didn't reboot because we have two eletric circuits. But after the problems we had no PoE on all ports.
The switches logged to following syslog message:
%ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi0/17: Power Controller reports power supply VDD under voltage
I can't find any informations in the error message decoder for that. But there was another thread here with quiet the same message, but another problem regarding RPS2300.
After reloading the device all works fine again. The workaround with the commands "power inline never" and "power inline auto" I didn't know till today.
Some information about that syslog message?
My guess is that there was a voltage swing and the switch powered down its supply? Is that possible?
In my office we bought 7 cisco 3750X - 48PS switches. We configured Data Stacking between those switches. We also want to configure Power Stacking between those 7 devices.
I found in the Data Sheet that we can only configure 4 devices in power stacking at a time. If it is like that how to configure the rest of 3 devices. Need configuring power stacking between those devices in a better way..
power stack cable part no we have is CAB-SPWR-30CM
I have a 3750-48P when plugged in has fans that spin up, but no lights on the front of the chassis. Does this mean the power supply is bad? If its bad, why do the fans power up? Also, i am not receiving any data through the console.
I have a switch 3560v2 with an IOS 12.2(50) SE1.All the lights ON and console error message below:POST: inline power post failed for port 0 up to port 15.Then, the system hanged and all lights (indicator) ON.
I need to replace an older 3560 with a new 2960-S and am wondering if the SX SFPs I already have will be compatible with the 2960-S. [code] I cannot find any way to get the part numbers of the SFPs.
I have configured DHCP snooping on a WS-3560G-48PS running IOS 12.2(58)SE2 ipservicesk9 variant.When I enable DHCP snooping clients don't get IP addresses, when DHCP snooping is disabled, everything works fine.I have set up a SPAN port and run a capture (attached) on the traffic. Wireshark notes the Seconds elapsed field appeared to be encoded in little-endian but only on some packets. Apart from that, I can see nothing wrong with the DHCP Offer responses from my DHCP server.Attachment config.txt contains the interesting parts of the configuration. Please note g0/32 has been set to ARP inspection trust as without working DHCP snooping it would require a static bind.Is there any way of figuring out which option can't be parsed? Is there a way to force forwarding of unparsable DHCP packets while still running DHCP snooping?
I had a strange issue yesterday when onsite installing a new access switch.Port capacity full on a two switch stack of 3750 x48 PS switches (WS-C3750- 48PS-E)- New 2960 x48 PS - WS-C2960S-48FPS-L racked, with the plan of using it just as an edge switch via SFP Stacking cable.Setup the two connecting ports with simple initial config: - switchport mode trunk- no encapsulation option on the 2960, default dot1q- dot1q set on 3750 port- no shut on both sides.Connected the SFP Stacking cable but it didnt work:- %PHY-4-SFP_NOT_SUPPORTED: The SFP in Gi1/0/1 is not supported
This is ok as I had a backup:- Next step tried using 2 x Short Haul SFP SX GBIC's with LC - LC OFNP 50/125 fibre patch lead - no joy- Extra backup of 2 x Long Haul SFP LX GBIC's with the same fibre patch - no joy- Checked the fibre and it was not a cross over so transmit and receive going down the same side, switchedand still would not come up.- Used Fibre as a straight through and still the same.In all cases there was no indication of any life in the connection.It is pointing to a faulty fibre patch lead but I know it has worked in the past. Could it be something to do with the config or device incompatibility? Or any setting I need to activate?
I have a c3560 that on Port 1 I can not get any device to talk to the DHCP server.Previously there was a client connected to this port however over the weekend he stated he lost connectivity.
In my troubleshooting I have connected that client to another port and now he is good to go...I connected my laptop and tried to connect to the network however I could not.I checked the logs and did not see anything that lead me to think it was having problems.
Is there another way to shut this down and hopefully start it back up without having to restart the entire switch?
After powering up a WS-C3750-48PS switch, Normal POST LED flashing of lights does not happen, instead the switch is stuck in SYST Mode on the front panel. My attempt to hold down the mode button upon powering up for 15 sec fails to reboot the switch. I cannot console to the switch. Is this switch unrecoverable? Should I RMA with TAC?
I am in the process of upgrading our stack of 4 switches consist of WS-C3750G-48PS. Upon reading release notes found that there are two versions of release notes 1 day apart, the one 02 Sep 2012 saying that WS-C3750-48PS is not supported in this version. Then in release next day 03 Sep 2012 that note has been removed. Which one is correct. Is it supported with my model of switch or not.also unable to update boot path in the stack switches, "switch all" is not supported in the current IOS. Master switch has new boot path but unable to change in slaves.
We have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
Here's the info:
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS Image:c3560-ipbase-mz.122-35.SE5.bin
This is the log from one switch:
31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state 31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2. 31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
And from another, which is almost the same:
5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state 5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3. 5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down 5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Here's the configuration of fe interfaces (they are all alike):
interface FastEthernet0/2 description Voice & Data Combo Port switchport access vlan 11 switchport mode access switchport voice vlan 15
We have two switches of the same model (WS-C3560-48PS-S) that are not providing PoE. I'm trying to remotely determine what the cause of the issue is.
Here is some output.
Hostname#show power inlineAvailable:0.0(w) Used:0.0(w) Remaining:0.0(w) Interface Admin Oper Power Device Class Max (Watts)--------- ------ ---------- ------- ------------------- ----- ----Fa0/1 auto off 0.0 n/a n/a 15.4Fa0/2 auto off 0.0 n/a n/a 15.4Fa0/3 auto off 0.0 n/a n/a 15.4Fa0/4 auto off 0.0 n/a n/a 15.4Fa0/5 auto off 0.0 n/a n/a 15.4Fa0/6 auto off 0.0 n/a n/a 15.4Fa0/7 auto off 0.0 n/a n/a 15.4Fa0/8 auto off 0.0 n/a n/a 15.4Fa0/9 auto off 0.0 n/a n/a 15.4Fa0/10 auto off 0.0 n/a n/a 15.4(code)
Has any come across show ver memory details on 3750G-48PS as below, One of our Catalyst 3750G running software 12.2(44)SE2 shows unexpected DRAM as below:
cisco WS-C3750G-48PS (PowerPC405) processor (revision F0) with 0K/12280K bytes of memory. This would equate to around 11MB memory which does not seem right... Is it a known IOS bug?
We are setting up a test lab in our DMZ. The path to the internet is basically like this. Anything past the firewall is irrelevant. For this lab lets assume it is vlan 300.
LAB SW ---> DMZ-SW ---> ASA FW ---> INTERNET LAB IP Range = 172.16.300.0 /24 GW = 172.16.300.1 (On FW int) Trunked all the way through.
I have an int vlan set up on the LAB SW. It is being trunked to DMZ SW. DMZ trunks it to ASA FW where there is a failover with a redundant switch.On the ASA the interface 0/2 is a subinterface 0/2.300 being used as the default gateway.
I have DHCP running in a specific range on the LAB SW and do get an ip address when plugged in. I cannot ping the default gateway on the ASA FW.The GW is defined using default-router command for 172.16.300.1 i.e. default-router 172.16.300.1?
We are running ospf on the firewall. There appears to be a pattern with ospf and a similar subnet setup elsewhere. I was wondering based off of this info would configuring ospf for 172.16.300.0/24 allow me to ping the GW from a client on the LAB SW.Secondly. I trunked 300 on the DMZ SW but I didnt add the vlan to the configuration. i.e. conf t <enter> vlan 300 <enter> Does this really matter? Or is having the vlan in the configuration only pertain to access mode on interfaces?
We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]