we recently had on our network a simple layer 2 loop problem, with big effects.Here is the situation: we have a C3750 switch, with STP activate on all ports.We don't have total control on this switchs, and for some reasons, it is possible that people connect a 2d switch on it (Cisco or non-Cisco).What happened several times is a classic case: a person interconnect 2 ports of this 2d switch, creating a loop. As the loop is created on the 2d switch only, the 1st switch detect no loop, the the uplink port keeps up.Afer this loop created, a broadcast storm occurs through the link between 1st & 2d switch .. and the storm propgates all over the LAN.I try to find some solutions to avoid that. One thing I would like to do is to find a mecanism on the first switch, which can permit to block the uplink port on the 1st switch if it sees the same MAC address as source in the 2 directions.Note that storm control, even configured to a quite low value (ie: 2Mbps) is not efficient enough to protect equipment (we have had big CPU impact on LAN equipments).
Do Cisco Catalyst (IOS) and specially Cisco SG300/500 support a similar feature to HP's Loop Protection or DLINK's Loopback Detection? This is an interesting feature to avoid loops caused by unmanaged switches.
It is understood that sub-50 ms ERPS convergence can be achieved with certain HW/SW combinations.
1) What are the platforms supported (and with what FW/SW) has this been tested ?any results that can be shared?
2) Link failure detection in GigE on Copper is slower compared to GigE over "pure" Fibre; so no sub-50ms would be possible with Copper ring ports.is sub-50ms convergence achievable with "combo SFP ports" ?
I Like To Intentionally Create A Layer 2 Loop in My LabI have 2960 and 3750 switches and servers with multiple NIC's and also Some PC's and Hubs. Connections and Commands And Features Which Sould Be Disabled or Enabled)
I have a network where if an end user attaches an hub to the network, or rather one of those cheap unmanaged 8-port mini-switches and then plugs the two ends of the same cable into two ports of that mini-switch, all the network goes down. Loops are generated and many uplinks are shut down in err-disable state due to the loopback reason.
I know I could discourage the use of those mini-switches using port security. I even have NAC (cisco) deployed on the network, but there are cases where that mini-switches are allowed by the managment.In those cases, is not possible to exactly know wich hosts (mac addresses), and even how many of them will attach the network concurrently.As I know, they could even chain many mini-switch one to another. Of course, when even a single mini-switch is allowed on the network, it raises as a security hole.
Is there a way to allow the use of those devices without the risk of network outages? Some STP protection method? The best would be to have the Cisco access switch to get aware of the loop on its affected switchport (where the mini-switch is attached), immediately shutting down that port (to avoid loops on the network) and maybe sending an SNMP trap or a syslog message.
We are using Cisco Catalyst 2950 and 2960 for our access layer.
I have a problem to solve in our data center, see attached drawing. HW: Our core switches consists of two stacked C3750 with ip routing. What I want to do is probably simple but I haven't been able to figure out the best method.
VLAN10 and VLAN20 should not be able to communicate with each other. (ACLs?)VLAN10 will have it's own default route/firewall. Both VLAN10 and VLAN20 should be able to send server backups to server in VLAN30. All 3 V LANs come in on a trunk from a pair of stacked C2960-S. I need it to be able to scale if we have 50 VLANs for instance, hopefully without long complicated ACLs. I've been considering VRF's, PBR but can't decide what's the simplest solution to this problem. I have never done this before so I would prefer to start off on the right foot.
I am having troubles to get 2 C3750-X switches WS-C3750-X-48P-L) to stack. They are both running iOS 15.0(2)-UNIVERSALK9, and are licensed for IP Base.
If I connect stack port 1 of switch 1 to stack port 2 of switch 1, and stack port 1 of switch 2to stack port 2 of switch 2 I get the following:
WS-C3750-X_STACK1_SW1>show switch stack-ports summary Switch#/ Stack Neighbor Cable Link Link Sync # InPort# Port Length OK Active OK Changes Loopback Status
I have tried restarting (powering off for about 1 min and turning back on) simultaneously, and powering off switch 1 for 1 min and switch 2 for 2 min. I have also tried both enabling the stack ports, and disabling followed by enabling.
I have a cable from an SFP module in a WS-C3750-48P with 12.2(55)SE1 running to a Gigabit port on a Cisco WLC. After the switch recovers from a power failure, the gigabit autonegotiation fails. The cure is a long drive to unplug and reseat the SFP. Note this happens at too many similar sites for this to be a loose connection. Interface shutdown then 'no shutdown' is not sufficient. The state is 'line protocol is down (not connected)'. Interface is configured for switchport mode trunk (auto speed, auto duplex). Command 'switchport nonegotiate' makes no difference. Is there a more powerful command than 'shutdown' which might toggle the interface signals? Is there some way of resetting the SFP? sh int gi 1/0/1 displays 'media type is 10/100/1000BaseTX SFP' and zero packets received.
I would like to apply policing on a C3750 interface, for all traffic matching 10.0.0.0 / 8, except for sub net 10.0.0.0 / 24. I plan to apply the following configuration, with an ACL that denies 10.0.0.0 / 24 then accept 10.0.0.0 / 8. I am quite sure of the answer but need a confirmation about the following configuration correct ? (10.0.0.0 / 24 will be not blocked, and no policing will be apply on it?)
ip access-list extended TEST deny tcp 10.0.0.0 0.0.0.255 any eq 5000 permit tcp any 10.0.0.0 0.255.255.255 any eq 5000 [code]....
I have a stack of 2 C3750-switches (WS-C3750G-24TS-1U) with IPBASE-firmware (12.2(52)SE).
When I ping to a machine (in this case a virtual one), the replies are always received on the port where the machine is connected, but on the port-channel connecting to the stack of the 'pinging device' the reply comes only for certain initiators, and not for all.
Setting: Gi1/0/6: Device/Server I want to connect too ; defined as access port Gi1/0/25 + Gi2/0/25, as Port-Channel 1: The location of the devices I connect (read as: the uplink to the stack of the PC's), defined for Dot1Q-trunking
Monitoring setup: Source ports: Both: Gi 1/0/6, Po1 (or Po1 replaced by both interfaces)
For the machines which can ping the server I see 2 echo (ping) requests, followed by 2 echo (ping) replies ... So once seen on the Po1, and once seen on the interface Gi1/0/6.
However for other machines, the 2nd reply is missing ; which must be caused by the dropping of these packets in the switch. At least, I my opinion this must be the reason... But I can't see any (change of) output drops at int Po1, nor at Gi1/0/6. The CPU doesn't seem to have high usage, and even then, I don't think the error would be constant, as it's always failing for some PC's, and never for others... (at least for a certain time, a few hours it can be constant, the problem dissapears from time to time).
I am trying to reproduce a Spanning-Tree loop in my lab that occurred on Ops, and for the life of me I cannot break it. The loop is very simple:
Cisco 2960------------FW that doesn't forward STP traffic-----------Cisco 2960
This created an STP loop. In my lab, I am substituting the FW for another Cisco 2960 with STP disabled and BPDUFilter on ingress/egress ports to stop the switch from sending BPDU's to the downstream switch to keep it in the dark, as the FW did on Ops.
We have several of these WS-C2960S-24PS-L running 12.2(55)SE5 C2960S-universalK9-M and need to upgrade to a better.IOS since we have a sitution where CPU would get to 100% but we have only a few ports connected.Also we have several of WS-C3750-48P running 12.2(55) SE6 C3750-IPBASEK9-M.
We are deploying the ISE MAC address authentication by-pass (mab) feature in our network as an alternative to port security on the switch port. Works well except for certain devices e.g. printers, snmp modules, and Unix/Linux Operating systems which can range from 5-10 minutes to never in authentication/opening the port.
Is it possible to upgrade a c3750-stack one member at a time to avoid downtime? I need to keep L3-functionality up.
If I have one etherchannel from access-switch (2 channel-ports in 3750, in different stack-members), my 3750-stack as a distribution layer switch, and another etherchannel (also spread over multiple stack members) to core, can I upgrade the entire stack without traffic interruption?
We have a bunch of switches that are running fine but the running-config file is missing and we can't save the config to the tftp server. IOS is c3550-ipbasek9-mz.122-37.SE1. I've got lots of these switches running the same code that are just fine.
We have a couple of cisco SGE switches connected to a single DELL, between the cisco switches we have a trunk interface. I'm not sure which setting should be configured on the switches to get it working because a loop is occuring.
I have a Catalyst 3560-X PoE that suddenly stopped working. I plugged in via console and below is the output I received. It scrolls constantly and I am unable to enter ROMMON mode or stop it from scrolling. I've read of a possible problem with the IOS version but I'm unable to verify due to not being able to stop the scrolling.
Switch uptime is 4 minutes, 4 seconds cisco WS-C3560X-24P (PowerPC405) processor (revision A0) with 262144K bytes of memory. Processor board ID FDO1522R2AY
We recently wanted to swap our existing WS-SUP720-base with a WS-SUP720-3B in a 6513 chassis.Had the existing configuration config saved in a txt file and replaced the supervisor. Booting went fine and we pasted in the original config. There was one failure message about unnsupported command but didnt take further notice."boot system flash sup-bootflash:" was probaly the line that the 720-3B didnt support.After wr mem and reload it went in continious loop and rebooting due to inncorrect boot device. Had to put back the old supervisor and have now the 720-3B in a 6504 chassis. Tried some commands in rommon, but are not getting any further.
I have 8 switch stack consisting of six WS-C3550-48P and two WS-C3750G-16TD running software vesrion 12.2(25) SEB1. When I added new C3750v2-24PS (running image 12.2(50) SE5) in stack so I up-graded the image of existing 8 switches with latest veriosn 12.2(50) SE5. Once I have done with the upgrade then all ports of my stack switches went down after around five minuts. Is it image compatibility issue with existing switches or something else?
Our client having one c3750 with ipbase license switch.They are connected server and end switches to that switch.Our customer want to increase the speed to accessing the server at that time I am told to use etherchannel.Customer happy about this and implement the etherchannel configuration.Now i need to configure etherchannel upto 4 physical link.server are connected on port no Ge1/0/10,they want to bind four phical link GE1/0/10-13.how to configure etherchannel in this switch?
I have two layer 3 switches C3560 and C3750 Cisco switches with ios version "ipservices-mz.122-35.SE5".Now with the current ios version, these layer 3 switches are not supporting object group.so my question is , do i need to upgrade the ios, for this feature, if yes, which version ?
I have a new building to add to our campus and I have been encouraged to run single mode fiber. All of my other buildings are connected with multi-mode fiber. I just want to make sure i will not have an issue if I run single mode to the new building with SM SFP's.
Is there a way I can downgrade the firmware on a C3750 v2 switch 24TS-S v07 to 12.2(35) SE5. I have added this new switch to an existing stack but the FW is not compatable. I believe the answer is to upgrade the rest but I cannot afford any down time as they are used to run a CCTV securiy network 24/7. I have included details below to assist with my problem. Switch 4 is the one with a version miss match.
LNB-SWI3750-CTR-01#show verCisco IOS Software, C3750 Software (C3750-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Thu 19-Jul-07 19:15 by nachenImage text-base: 0x00003000, data-base: 0x01080000 ROM: Bootstrap program is C3750 boot loaderBOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEE4, RELEASE SOFTWARE (fc1) LNB-SWI3750-CTR-01 uptime is 19 weeks, 3 days, 22 hours, 46 minutesSystem returned to ROM by power-onSystem image file is "flash:c3750-ipbase-mz.122-35.SE5/c3750-ipbase-