In testlab we use pim-sm with bootstrap router on sup7 with IOS-XE 03.04.00.SG. Any possibility to prevent non authorized rp from connecting to the candidate bootstrap routers? We found several security recommendations concerning limiting registering of sources at the rp, rate-limits etc, but no possibility to control rp connecting to the bsr.
View 4 RepliesI see there are two different part numbers for Sup7-E. One has /2 at the end. So what's the difference between them?
View 2 Replies View RelatedWhat is a boostrap and what does it do for a router?
View 2 Replies View RelatedAny one know when object-group ACLs will be supported in cat4500 IOS-XE ?? Doesnt seem to be supported now.
View 1 Replies View RelatedWe have 3 Cat 4500 switches on three floors teh 3rd floor switch connects to the 2nd and 4th floor switches ,but we are receiving an alert from monitoring tool that " Interface(314) Backup-1Gb-Ring is Down at least 2 min on Switch: SOM500-4510-3FL the following output from "sh int status module 1 " shows the int 1/3 and 1/4 are 'inactive'local IT guy said If the status is inactive,the ports cannot be used and might lost the capability when he added 48-port blade into the 10th slot.
2nd Floor
Port Name Status Vlan Duplex Speed TypeTe1/1 SOM500-Core1 connected trunk full 10G 10GBase-LRMTe1/2 SOM500-Core1 connected trunk full 10G 10GBase-LRMGi1/3 Backup-1Gb-Ring notconnect 1 full 1000 1000BaseSXGi1/4 Backup-1Gb-Ring connected trunk full 1000 1000BaseSX
3rd FloorPort Name Status Vlan Duplex Speed TypeTe1/1 SOM500-Core1 connected trunk full 10G 10GBase-LRMTe1/2 SOM500-Core1 connected trunk full 10G 10GBase-LRMGi1/3 Backup-1Gb-Ring inactive 1 full 1000 1000BaseSXGi1/4 Backup-1Gb-Ring inactive 1 full 1000
[code]....
OK so I am following the steps that i got from off the CISCO site on upgrading the IOS, when i get the the part where if says to:
redundancy reload peer
so after i do that i go to the standby supervisor and i see that it is in a continuous reboot loop. I stop the loop and i reload the sup to the original IOS cat4000-i9s.........
SO i look at the logs and this is what i see:
Aug 12 22:21:01.251: %C4K_REDUNDANCY-6-INIT: STANDBY:Initializing as STANDBY Supervisor
*Aug 12 22:21:03.259: %CHKPT-3-IPCSESSION: STANDBY:Unable to open an IPC
[Code].....
I have a 4503-e with WS-X4013+TS supervisor and WS-X4548-GB-RJ45 card. I purchased a WS-X4648-RJ45-E card and installed but IOS says its unsupported. Supervisor is running 12.2(46)SG software and 12.2(31r)SGA firmware. Obviously I'm hoping this cars can be supported somehow. Do I need to upgrade software or firmware, or return the linecard and get equivalent supported card? Oh, system is running Catalyst 4500 L3 Switch Software. (cat4500-IPBASEK9-M)
View 6 Replies View RelatedI was contacted by a customer today who is trying to configure QoS on a 4500E with Sup7-E. They are running:
cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin
And the 4500 is licensed for enterprise Services. I don't have access to the switch and am looking for configuration documentation and I am not finding the necessary configuration guides.
How to know 4500 SUP7-E's MIB ?Our customer use MS SCOM 2012 SP1 get the OID are 1.3.6.1.4.1.9.1.1286, but we use IOS MIB locator, we can not find this MIB id.
below are the IOS sh version information :
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.02.00.SG RELEASE SOFTWARE (fc4)
Technical Support: [URL]
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 26-Apr-11 18:09 by prod_rel_team
[code]....
I´m looking for the VISIO icon for WS-X45-SUP7-E and 4507R+E.
View 13 Replies View RelatedHow do I enable ports 3 and 4 on this supervisor module? I can only get ports 1 and 2 to work by default. I have a standby Supervisor in SSO mode. I'm running IOS 15.0.2SG
View 2 Replies View RelatedI will go to buy a core 4506 but I'm comfusing about the Sup engines and the Fiber module. What is the different between the Sup7 and Sup7L?in the fiber module that I will go to buy is it contain the SFP inside or I have to buy the SFP ( WS-X4612-SFP-E ). also what is the different between the SFP and GBIC?
View 4 Replies View RelatedWe recently had a contractor deploy a 4500 catalyst switch with a WS-x45-SUP7-E. After installation and configurations, HP openview is detecting a "downed" interface on the 4500 chassis that is not in the configuration. I have attached an image with the interface circled. We assumed that it may be a configuration issue with openview, however after running diagnostics with a network analyzer, the same ip address for the down interface is still detected. Is this some sort of internal virtual interface on the SUP7?
View 4 Replies View RelatedI am working with a Catalyst 4503-E with a Sup7-E. I'm trying to enable Netflow, and I have read the following guides: Catalyst 4500 Series Switch SW Configuration Guide, Release IOS ...
I have also enabled Netflow in IOS 12.1/12.2 and figured the process was similar (It seems to be). CEF is enabled, and I have all the pre-reqs according to the document above, however, the flow commands don't exist, they simply say "command unrecognized". I have included my sh version below.
sh version (edited):
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.01.01.SG RELEASE SOFTWARE (fc1)
[Code].....
I want to know if is it possible to configure QoS on a 4500 Sup7 on a Layer 3 routed port like the following example (Similar to CBWFQ on IOS Router)?
View 3 Replies View RelatedWe are planning for the first installation of 4500 switches containing these supervisor modules. I'm trying to determine the interface numbering convention for ports on the supervisors. Our existing 4500E all have SUP6 modules with twin-gig converters - so I am familiar with the numbering conventions used on those supervisors. How does this change with the software based selection command "hw-module uplink select" used in SUP7?
View 2 Replies View RelatedI'm trying to configure LLDP-MED between a Cat45010+E Sup7 (IOS 15.1) and Polycom CX600 Lync phones. I have created and applied the correct network policy for the interfaces.
From these sites, I need to send all the correct TLVs or the phones won't respond: {URL}.
When a scour the config of the switch, I can't find any related configuration commands relating to the specific LLDP-MED TLV components which are enabled/disabled. Where are they hiding? I would like to confirm which TLVs are being sent by my switch and if they are matched to the phone. I can always use the DHCP method, put this is not preferred.
Scenario: Two buildings connected with a private leased fiber line, so it does operate as a LAN. There are several subnets and everyone at both buildings needs to be able to access all subnets. However the physical machines on those subnets are building specific:
-Building 1: 10.2.0.0/24 (vlan20), 10.4.0.0/24 (vlan40), Internet connection
-Building 2: 10.1.0.0/24 (vlan10), 10.3.0.0/24 (vlan30)
The majority of the traffic between the subnets is specific to the buildings as well (i.e. most of the traffic is between 10.1 and 10.3 or 10.2 and 10.4).
Currently I have a Catalyst 3560 at Building 1 operating as the single "core" L3 router (and then a variety of switches connected to that). I have another 3560 at Building 2 that I'd like to turn in to the "master" L3 router for the two subnets primarily used by Building 2. In other words, make it so traffic from 10.1 to 10.3 doesn't have to run to building 1 just to get back to building 2.
I've got a basic knowledge of adding VLANs, VLAN interfaces and a static routes. The part that I'm getting confused on is that the Building 1 core router needs to make its default route to the firewall (and on to the internet) but "know" that traffic on vlans 10 and 30 gets sent across the fiber line to the other router. So I'm assuming this gets done with some combination of vlan definitions, vlan interfaces and static ip routes on each router.
I am have a little trouble setting up my home lab. I have a 3620 with two ethernet ports and a 3640 with four ethernet ports. I also have a 3500XL switch that I am using to connect the two together, but I can't seem to get each one to ping.
Here are my configs:
3500XL
3500XL-BottomSwitch#show run
Building configuration...
Current configuration:
!
version 12.0
[Code]......
While I managed to connect to each router individually, I decided it was time to connect the routers together via serial; as I don't have any serial cables and need to buy some, what serial cables I need, as well as to ask whether I have the right cards in my router(s) that will allow me to do so.
I bought 3 1841 routers, and all have a 1 port serial WAN Interface Card (WIC 1-T); one router has 2 of these, and one router has a WIC-1B-S/T .. My question is, can I connect the routers with a serial cable via WIC 1-T, or do I need a 2-T
what I can do to accomplish my end goal of safe public wifi and configuration.I have 2 domain controllers (for redundancy) with a split scope for DHCP and they both serve DNS. I have VLAN 2 (management), VLAN 3 (Servers), VLAN 4 (Wired Access), VLAN 6 (Wireless Access) and VLAN 480 (Outside Wireless). I have setup INT VLANs for all of these on my main router (Cisco 3550) with the ip-helper address to the DC for all but the VLAN 480. All of this works great, and the scopes are setup just like the VLANs. (ie 192.168.2.0 (management) .3 (servers) etc.)I was wondering if there is a way to have VLAN 480 get DHCP from the cisco 3550 as a random address say, 172.16.0.0 255.255.248.0?
On a side note, I have seperate Wireless Access Points for the outside. (From a guy before me) I understand you can have a guest wireless setup on the newer Access Points, and trunk (cisco term) the 2 VLANs and seperate them out with Access Control Lists so they don't talk to each other, but I would rather just give the VLAN 480 it's own DHCP from the router.
We currently have around 150 2975 switches and have had problems with it them not handing out PoE power to the cisco phones and access points at random times. There is plenty of power left for the switch to use. We have at least 15 that will be running fine for about a week and then all of the devices that use PoE power will shut off and will not come back on until we reload the switch. If you console in there aren't any messages that pop up and if you look at the port it just shows on connected or will show IeeePD in the power inline. We have contacted Cisco TAC and they just RMA them.
View 6 Replies View RelatedI just recently upgraded my 3845 to 15.0.1M9 and everything was going fine until I turned it back on later today. It is now stuck in a loop and wont even allow me to access ROMMON. I took out all additional hardware and it is still stuck at this screen. [code]
View 2 Replies View RelatedAny example to limit the bandwidth using the MAC address on 2960 ? I want to limit the bandwidth (IN / OUT) of a server only for Internet flows.
View 2 Replies View RelatedI have 10 2950 switches on my network that support only 64 vlans on each one. I actualy have requrement to cleate around 100 vlans acros them, can I switch off vtp and create required vlans manualy? I will have more or less following set up:
router
|
2950 - vlan 1,2,3,4,5,6,7,8,9,10
[Code].....
I have the attached setup. now i would like to limit my ftp transfer to 10 mb from a specific vlan to ftp server on the STM-4 (622) link. what would be the best way to limit ftp traffic to 10 mb .
following is my switch deatils
Video_Main#sh verCisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.02.00.SG RELEASE SOFTWARE (fc4)Technical Support:
[URL]
Cisco IOS-XE software, Copyright (c) 2005-2010 by cisco Systems, Inc.All rights reserved. Certain components of Cisco IOS-XE software arelicensed under the GNU General Public License ("GPL") Version 2.0. Thesoftware code licensed under GPL Version 2.0 is free software that comeswith ABSOLUTELY NO WARRANTY. You can redistribute and/or modify suchGPL code under the terms of GPL Version 2.0. For more details, see thedocumentation or "License Notice" file accompanying the IOS-XE software,or the applicable URL provided on the flyer accompanying the IOS-XEsoftware.
[code]....
I configured rate limit on cisco 2960 switch sexuss fully, but i could not configure in cisco 2950 (verson 12.1 (22).To confiure the same on 2950
View 4 Replies View RelatedHow to rate limit a 3560 inbound and outbound using different QoS methods. I've read about vlan class maps/policy maps, using the rate limit command on the physical interface, using the srr-queue bandwidth command(it's a gig switch so not sure that would work) and marking all packets and then applying QoS. I'm just learning QoS so trying to figure all of this out and find the best way to do things.
Also, I was told to do this because it's not advisable to have a connection to your ISP that is not 10mb or 100mb on a switch, since they are not divisible by 10 and it can cause issues?
I have ciscl catlyst 2960 8port switch, (flash:c2960-lanbasek9-mz.122-50.SE4/c2960-lanbasek9-mz.122-50.SE4.bin).
and in need to configure bandwidth limit for one of the port as a 1Mbps.
I have a Cisco 7606 running 12.2. I want to limit the interface that is used by one of our customers to 30M.
View 3 Replies View RelatedI have a 2921, and I have 4 network segments. In segment 172.16.0.0./27 I wand to "pair" somehow connections. I mean IP 172.16.0.x has to have MAC aaaa.bbbb.cccc and so on, and not accept connections otherwise.How can I do that?
View 7 Replies View RelatedI have a need to capture some traffic but my core 6513's are already using the limit of 2 span sessions. I can't edit any of the sessions either because I want to source traffic from vlans and you can only do one or the other. Is using a VACL with 'switchport capture' on the destination interface an option ? E.g. I want to source traffic from vlan 10,20,30,40 and send the all to interface Gi10/10 ? Is there any caveats ? I dont need to be too granular with the ACL's but just capture all traffic in those vlans.
View 2 Replies View RelatedI am using Cisco 3560 as distrubution switch and want to limit port 445 traffic on 1 MB and applied rate limit statment on Gi0/1 port but switch unable to limit said traffic.rate-limit output access-group 120 1024000 128000 128000 conform-action transmit exceed-action drop.
View 25 Replies View Related