Cisco Switching/Routing :: Cat 6509 - DHCP Conflict On VSS
Apr 21, 2013
We have VSS configured between Cat-6509 switches (s72033-advipservicesk9-mz.151-1.SY.bin)..For the voice vlans,dhcp scope is configured within VSS and ip addresses are assigned to ip phones from these pools configured within VSS.Cat 3750 stack is connected with dual links to this vss. IP phones are connected to cat 3750 switches and desktop is connected back to IP phone. For data vlans IP addresses are assigned from external dhcp server.
Currently we are facing lot of ip conflicts for ip phones and after clearing the dhcp conflicts, IP phones starting getting IP addresses..(sufficient IP's do available in the dhcp scope for IP address assignment). (What exactly the role of no ip dhcp conflict logging command......)
View 4 Replies
ADVERTISEMENT
Nov 30, 2011
We are looking to avoid the need to install an additional device in our network as our core 6509s are not being pushed by any stretch. However, we are having an issue getting the 6509 to assign DHCP addresses and perform NAT.
Most interfaces and V LAN's on the 6509 are using public IPs and have BGP routing at the edge. We have a trunk up link coming into the 6509 on a ws-6816 card via a SMF GBIC in slot 9, port 2 that feeds a wifi link where we are looking to provide guest access to our network.
We created 2 V LAN s on the switch 20 and 21. We assigned a private IP and network to the VLAN20 interface and assigned a new public /30 sub net ip to the V LAN 21 interface. The following configuration was applied which I thought was the required configuration based on how we would typically configure ISR routers for the same services...
ip dhcp excluded-address 10.200.200.1
!
ip dhcp pool WiFi_Pool
network 10.200.200.0 255.255.255.0
default-router 10.200.200.1
dns-server 4.2.2.1 4.2.2.2
[ code]...
What am I missing in this configuration? Note that if I create an access switch port for v LAN 20 on the switch and plug a laptop in directly to the 6509, the laptop is unable to receive a DHCP address. If I assign the laptop an address in the 10.200.200.0 /24 range manually, I can ping 10.200.200.1 from the laptop, however, the laptop will not get to the internet as it appears to be failing to perform nat.
View 7 Replies
View Related
Mar 9, 2010
Is it possible to have multiple dhcp pools for multiple VLANs? The switch is a 6509 and/or 4506 catalyst. I don't want to use server-based products.
View 5 Replies
View Related
Mar 15, 2011
I have a Cisco 3750 running DHCP. We have a lot of guest users on the network, so the DHCP conflict table fills up quickly, and when it does, users can not get on the wireless network. I have to go in and clear the DHCP conflict log. (clear ip dhcp conflict *) and the problem is resolved. I see in the Cisco documentation if you don't have a DHCP database agent configured you should disable that log. I just want to make sure what the steps are and the ramifications are of disabling that log. Would IP address's still be freed up to use on the network? It also said about enabling 'ip dhcp ping' so DHCP will ping the address first to see if it's available.
View 3 Replies
View Related
Jun 13, 2012
DHCP conflict on 881-W with the internal AP?I have (12) 881-W chassis in the field. They are running DHCP services to the wired users as well as to the internal AP for reachability / management / etc. The scope for the internal AP is a /30 so only one address is in the scope and it is intended for the internal AP. This serves a a point to point link between the internal AP and the internal Router inside the 881-W chassis.
Somehow the 881-W DHCP server is getting out of synch and a conflict is occurring. It seems at some point, either at boot-up or lease expiration/renewal, the DHCP server is performing a ping to verify that the address is not in use. The AP has this address assigned prior and replies to the ping causing a conflict. I noticed an AP down today, checked the 881-W uptime and the conflict correlates to the same time. I have to manually clear the conflict and everything works as it should.The existing 12 881-w's could grow to 100's over time, so the manual intervention of clearing the conflict is not going to scale. I really want to stay away from static reservations.
View 1 Replies
View Related
May 2, 2012
I just found out that one of our 10 3750's has been assigned with an IP Address that is in conflict with a PC that has been in production long before this 3750 was deployed in our environment. Good thing it is servicing devices on a separate vlan. The conflict IP Address is assigned to the default vlan of the switch so we can connect to it from the core.If I change the IP Address of the switch, will it reboot and momentarily disconnect the devices connected to it?
View 14 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Nov 21, 2011
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports
x1 NAM
x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
View 2 Replies
View Related
Jun 3, 2012
I had problem with IP conflit address from cisco router 2911 , all the time the router respond with ARP reply (duplicate use of IP : x.y.z.t with the same Mac Address ) and the IP subject of conflit dosen't appear in any router's interfaces configuration (basic configuration without dhcp) ,the problem was solved problem when I desactivete proxy arp but I can't understand this behavior , why arp proxy respond to all IP address with same Mac even the IP dosen't exist in router ?
View 4 Replies
View Related
Feb 7, 2012
I have switch 2960 and router that connect with one interface to that switch. the link is trunk and Router function is inter vlan routing between 4 vlan. This netwrok has only one ip address space that is 10.10.2.0/24 and work without problem. We connect cisco switch 2960 with optic link to another switch that in stack 3750 which configured as trunk link and allowed only 3 vlan between them. In the other side netwrok which consist the switch 3750 we have different subnet ip address that switch working in layer 3 too. the problem is that when I permit vlan 210 in the switch 2960 only layer 2 between this switch and the 3750 in network that consist th ip address 10.10.2.0/24 devices, if I disconnect and then connect pc to network he says that he has ip conflict and in the log he show mac address of router that has vlan 210 subinterface configured with 10.10.2./24 subnet. But how I gibe back vlan 210 from permited vlan in trunk devices start normaly working. If I again put vlan 210 to permit vlan in that trunk devices again said that there are conflict ip address and show mac address vlan 210 router subinterface.
View 10 Replies
View Related
Oct 8, 2012
Im setting up SBS 2011 in a new office. From what I understand, SBS 2011 needs to be the network DHCP server for everything to run well under Active Directory. The conflict is with a FIOS router, that also �needs� to be the DHCP server in order to communicate with a set-top box (MOCA bridge.) Verizon lists a handful of network configurations with multiple routers that might work, although completely unsupported. Is it possible for router, SBS2011, and set-top box to coexist in harmony on the same network (preferably keeping DHCP server on the SBS box)?
View 5 Replies
View Related
Sep 8, 2012
I have a network topology which you can see on image. All routers are Cisco 3745 with IOS (C3745-ADVENTERPRISEK9-M), Version 12.4(12). SW1 is L3- switch Cisco Catalyst WS-C3560E-24TD with IOS (C3560E-UNIVERSALK9-M 12.2(58)SE2). [code] After that I have problem. When PC with OS Windows 7 begins to work in corporate network, it sees "coflict ip addresses" and doesn't work with network. I've used wireshark and seen, when the PC send arp request a SW1 always send arp reply (see attached file). I think problem with command "ip sla responder", but I haven't searched information about it and I want understand this is bug or normal functioning.
View 1 Replies
View Related
May 10, 2013
I configured an DHCP server on cisco 3750 switch . Wher in w3750 gets connected to plain l2 switch 2960 on floor and machine gets connected to 2960 port. [code] Below is the description of problem:
-> The Cisco 3750 switch is the DHCP server. VLAN 108 is named as internet vlan.
-> Ports in Cisco 2960 switch has been configured with "switchport access vlan 108".
-> There were no problems at all and everything had been working smoothly.
-> 3 days back, users started complaining that they couldn't access the internet. Up on troubleshooting the issue, I found out that there was an issue with the DHCP server as the computer couldn't get any IP address at all. After setting static IP address, the internet started working again.
If I bind IP to MAc address reservation on core 3750 switch for some time of moment it works but after that machine gets unreachable .I restarted the 3750 switch and also all the 2960 switches over the weekend, however, the issue still hasn't been resolved yet. I did issue the command "clear ip dhcp conflict *", clear ip dhcp binding * but no joy at all.
View 2 Replies
View Related
Nov 11, 2012
I have some DHCP trouble since I subnetted my network with a 2921. My clinets are in 172.16.2.0/23 and DHCP servers are in 172.16.5.0/24.Sometimes, randomly I guess, I get NACK from my DHCP server, and if I look into DHCP logs I got something like this:
15,11/09/12,09:52:27,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:28,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:29,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
[code]....
View 6 Replies
View Related
Apr 3, 2012
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
View 1 Replies
View Related
Jan 11, 2012
we've had an issue with our network, we have 2 6509 connected with redundancy, which are connected with 2 x 4900 Switches, from which are connected to a ESX Chassis for visualization, the thing is that the ESX stopped working, and the 4900 switches, and the main core were suffering from overload, they hang on it very well, in order to stop the overload, one of the links to the ESX Chassis were disconnected from one of the 4900 switches. The CPU usage from the 4900 and the core(6509) went down below 40%, and then they started to migrate the virtual servers from the chassis to another 2 chassis that were added right after. They were actually working well, but suddenly the 6509 changed to the other supervisor after everything was OK. We were wondering what could have been the cause of this, maybe the virtual servers migrations, maybe the overload from the ESX ? We also had a few question, is there any need to reload the cores every few months as a planned task ? Because the cores have been up for more than 1 year. And also is there any kind of of tool to monitor the CPU status, or the status overall from the cores or the switches ?
View 3 Replies
View Related
Apr 11, 2012
The have around 80 staff and I think the current infrastructure is overkill for the size of the company. The current kit is old and they have no GB ethernet ports. They currently have:-
Core Switch:
1x Cisco c6509with a 48 port fast ethernet module (WS-X6248-RJ-45)
and an 8 port fibre module (WS-X6408A-GBIC)
I'm looking to replace this with something with 72 ethernet ports and 8 fibre ports
Access Switches:
2x 3500Replacement needs at least 48 ports and 2 fibre modules each
and 2x 5500Replacement needs at least 72 ports and 2 fibre modules each.
View 13 Replies
View Related
Feb 26, 2012
If client gateway = 192.168.64.9 then next-hop = 192.168.64.8 else use default-route 0.0.0.0
I know it's possible to do a route-map match ip-address ACL list. But is it possible to match on gateway?
Some info about hardware and config:
6509-E in VSS (IOS 12.2(17r)SX5) withVS-S720-10G supervisor.
All routes are static, IP for 192.168.64.9 is on SVI vlan.
View 3 Replies
View Related
Mar 6, 2012
I have two ISPs. Each is on it's own subnet connected to the 6509 MSFC/Switch. FW1 is on 100.1.100.0/30 and FW2 is on 200.1.200.0/30 subnet. My goal is route all traffice going to the Internet from subnet 10.133.3.0/24 to FW1 and all other subnets across the organization to FW2. I am not sure if I need to use ACL / Static route combo, or just a static routes or ACLS?
View 5 Replies
View Related
May 29, 2012
We have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies
View Related
Nov 8, 2012
I would like to ask you if it's possibile to block routing between some Vlan for just once of them.
Maybe I can explain better:
I've got a Cisco 6509 with 4 configured vlan interfaces
Int Vlan 10 10.10.1.0/24
Int Vlan 20 10.10.2.0/24
Int Vlan 30 10.10.3.0/24
Int Vlan 40 10.10.4.0/24
Vlan "10" is the phone voip Vlan and it must not talk with the others Vlan. The others Vlan can comunicate normally except with Vlan "10".
Pratically Vlan "10" needs to be isolated from the others.
This equirement comes becouse Vlan 10 is wireless and has the WEP key encryption (very weak protocol). Some Phone couldn't support the WPA2 key and I need to avoid an unauthorized external client, cracking the WEP key and connecting to this WiFi, could have free access to the others Vlan.
View 5 Replies
View Related
Nov 14, 2012
I have a problem on my catalyst 6509 on which I would like to do the following things :
I have some Vlans in which multicast is enabled.
In tose Vlan theres is a router which is default router for equipements.
I had enabled multicast routing because some Vlan needs to exchange multicast informations, but I wolud like to make difference between Multicast traffic. For example I have 5 vlans:
Vlan 1 and 2 need to exchange Multicast informations but the don't need multicast information from Vlan 3 and 4
Vlan 3 and 5 need to exchange Multicast informations but the don't need multicast information from Vlan 1 and 2
Vlan 5 is independant Vlan but doesn't need to have multicast information from all others vlan.
Last problem, equipement on differents vlan can use the same Mulkticast group address. In this case, Multicast routing is not working between Vlan 1 to Vlan 2 and Vlan 3 to Vlan 4.
View 6 Replies
View Related
Mar 6, 2012
I need to setup my 6509 with PBR going to two different Firewalls. The 6509 has vlans and multiple serial interfaces. What/where do I install the policy-maps? I want to direct one of the vlans to one firewall and the other vlans and wan subnets to the other firewall.
View 26 Replies
View Related
Aug 7, 2011
I am migrating from Cisco 6509 IOS (12.2) to Nexus 7000 NX-OS (5.1(1)).I am looking for a equivalente NX-OS command for permit ipinip on IOS.
View 2 Replies
View Related
Mar 3, 2012
I have 2 6509-E chassis with SUP-720-VSS and classic line cards :-(. on October 2011 the switch reached 100% CPU on both devices and the entire network went down. Customer restarted the core so we lost all the log files and couldnt find out any root cause on the same. TAC engineer suggested to have some script configured on the system in case of CPU shooting up above 70%, it will create a file in flash and keep appending the logs to the same. Last week i got call from customer saying that the CPU again went high for around a minute on both the cores. Last time i added CoPP also on the switch in order to prevent the CPU reaching 100%. Still it went high and from the captured logs i saw that the process created the high CPU was Port Manager Per and SSH process. Attached the file created by the netdr capture command.
View 1 Replies
View Related
Aug 3, 2012
I have a customer that has a Catalyst 6509 with two Supervisor VSS capable and my Sales team sell another 6509 with just one Supervisor VSS capable. Simple question: Will VSS configuration will recognize that I have three Supervisors? It will work as QUAD-SUP solution or as a normal VSS solution?
View 7 Replies
View Related
Nov 16, 2011
We are trying to migrate from 1g to 10G, couldn't find any module on 6509-E which supports 10G on SFP+ ...I can see X2 and Xenpacks .. but not SFP + .what exactly this Xenpack means ?
View 3 Replies
View Related
Sep 1, 2012
We have connected a single F5 box with dual links to 2 different Cisco Catalyst switches using 802.1Q trunks. F5 is configured with RSTP mode and on Cisco Switch RPVST+ is configured.STP root bridge is hardcoded on the Cisco side. Loop Guard is globally enabled.On F5 STP link type is Auto, STP Edge port is disabled since that port is connected to the cisco switch.When we are failing over the F5 primary link to the secondary link we see 'Loop Inconsistent' on the cisco switch and things dont work after the failover.We have tried configuring the F5 as STP passthrough but that doesn't fix out the issue.I have checked out the forums and found out following recommendations
1. Configuring MSTP bw F5 and Cisco for better compatibility (Not possible from Cisco side because of a major change in large production setup)
2. Configuring VSS in Cisco switches (not possible due to hardware limitation)
3. Connecting F5 using single links to each switch (redundancy compromised)
I am wondering that on which default vlan does the F5 STP instance0 sends the STP BPDUs ? the term used on Cisco side is native vlan and others use PVIDs; that F5 default vlan should match the native vlan on cisco trunk side.
View 2 Replies
View Related
May 15, 2012
Tonight we were performing an IOS upgrade on our 6509 VSS to 122-33.SXI6. Both 6509's have dual Supervisor cards installed. Initially we had problems with switch 2 slot 5 supervisor returning to rommon however switch 2 slot 6 supervisor loaded correctly. After manually setting the boot var in rommon, switch 2 slot 5 supervisor reloaded correctly.
After all supervisor's were online we noticed when looking at " show switch virtual redundancy" that sw 1 & 2 slot 6 supervisors were running the correct IOS version but sw 1 & 2 slot 5 were running different IOS versions, however when looking at the show version we are running on the upgraded IOS??? See output below...
Why the active supervisor has loaded the incorrect IOS the VSS is running on the upgraded IOS? I have verified the IOS was copied correctly to each supervisor bootdisk, I see no issues.
My Switch Id = 1 Peer Switch Id = 2 Last switchover reason = none Configured Redundancy Mode = sso Operating Redundancy Mode = sso
Switch 1 Slot 5 Processor Information :----------------------------------------------- Current Software state = ACTIVE Uptime in current state = 3 hours, 38 minutes Image Version = Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI9, RELEASE SOFTWARE (fc2)Technical Support:
[code].....
View 3 Replies
View Related
Jun 5, 2011
I have a network with four 6509s in a ring with 10Gb links. Two adjacent switches are at the home office, the other two at the DR site. The switches at each location are physically similar to each other with respect to what blades are in them. We went through an upgrade from SUP-720's to VS-SUP-720's recently, only at the DR site - basically a practice, with the home office conversion hopefully taking place next weekend.
We initially just brought up the two chassis separately, in non-VSS formation (stand-alone). So far, so good - everything was connected, all traffic was passiing, all links were up, everything was reachable: EVERYTHING worked. Then we made the conversion: step-by-step from the cisco.com page; create a virtual domain, make one switch switch 1, the other switch 2, create differently numbered port-channels on each 6509, add the SUP 10Gb links to the port-channel, do the conversion.
Here's where the trouble started. First of all, the two 10Gb links back to home office created a spanning-tree loop and we had to shut down one of the links. (Is there something that needs to be configured on those links to turn spanning tree on? Does VSS conversion turn stp off?) Secondly, though it worked while in stand-alone mode, the copper blade in the standby 6509 stopped passing traffic - it would take config, the links would come up, but you could not ping across those links. Interestingly enough, there was an access switch with links to each of the copper blades, and having them both up also caused a spanning-tree loop. adding a new port-channel and putting both links in it did nothing to alleviate the loop. This leads me to believe that stp is not working properly. I reiterate, that even though the loop occurred, nothing else plugged into that blade was pingable.
View 3 Replies
View Related
Nov 9, 2011
I have been asked to research running VSS between 2 6509's between 2 sites?
I am just going through the whitepapers and need to establish the link requirements for such a setup.
Is it a valid setup?
View 2 Replies
View Related
Jan 15, 2012
Will I be OK doing a eFSU Upgrade from s72033-ipservicesk9_wan-mz.122-33.SXI2a to s72033-ipservicesk9_wan-mz.122-33.SXJ1?
I only have a single supervisor in each chassis.
Should I be ok with just following the eFSU upgrade instructions in the below?
[URL]
View 1 Replies
View Related
Nov 7, 2011
I have an interesting problem. I have a 6509 that I'm trying to swap the GBIC on. The switch is already using a GLC-SX-MM GBIC and it is up/up and passing traffic, but we are getting some errors and suspect it may be faulty.
I want to replace the GBIC with one of the identical model - a GLC-SX-MM. It was brand new, never been opened. When the new GBIC is plugged in the link light on the switch goes completely off (not amber) and the port goes into a down/down (not connect) state. There are no messages in the logs at all. It's like it doesn't even see it. If you plug the old GBIC back in then the link comes back up. I tried a different port with the same results.Thinking that the new GBIC may be faulty (even though it was brand new) I tried a second GLX-SX-MM, also new. That one does the same thing.
At that point I thought there might be a problem with that switch, so I tried the GBICs on the other 6509 in that pair. The other 6509 is running the same hardware and software. The GBICs will not work there either. If you move the old, suspected faulty GBIC from 6509-2 to 6509-1 then that it works.
The solution would seem to be that I have two faulty GBICs, but I'm having trouble persuading myself that I have two new ones, straight out of the package, that are both bad. Are there any other things to check on the switch? Here's the pertinent information:
switch#show ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI3, RELEASE SOFTWARE (fc2)
<snip>
cisco WS-C6509-E (R7000) processor (revision 1.3) with 458720K/65536K bytes of memory.
Processor board ID SMG1109N3BK
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
[code]...
View 15 Replies
View Related
