I just bought a Catalyst 2960S to test out the feature "Port-Based Address Allocation" which is required for our factory. I followed the instruction from Cisco IOS and did all the steps but I could not get it to work, my network client did not received the expected IP address that I configured.
View 8 RepliesDoes the 2960 switches with LAN-Lite support DHCP Server Port-Based Address Allocation?
View 1 Replies View Relatedusing ACS 4.2 and I can't find a way to bind an incoming NAS port to a specifc IP Pool:
When a user connects the request to auth comes from 2 possible NAS ports randomly (this cannot change). Depending on which NAS makes the requests determines the IP range required, so I need 2 IP Pools. There is no way to say 'if request comes from NAS1 give IP from Pool1 and if request comes from NAS2 give IP from Pool2'
I have gone around and around with NAFs and NARs, but cannot do this.I can create 2 ACS groups with the specific NAS and specific IP pool within, but then I cannot have a single username bound to both groups.
I moved the auth to an AD group in the hope that I could bind that single AD group to the 2 ACS groups; and so have a single username, but no joy.
We are using catalyst 2960S Lan Base IOS on Radio towers. We just bought 50 Accest points, thas are GPS synchronized. Problem is the APs need to be connected on L2-mac betwen each other. But at this time we are using port isolation on each switch (tower) by protected port function to isolate clients from each other.
My question is, is possible to specifi a Mac addresses in specific vlan thats can comunicate betwen protected ports? On tower is one Master unit and others are slave. I thing there is only 1 dirrection comunication - from master to slave.
I am administering a Catalyst 2960S switch and I would like to connect several computers to it. Some of those each have a static IP address. For a few of them, I would like the switch to dynamically assign an IP address to them via DHCP. Is the switch capable of doing this? If so, how can I do it? I tried looking through Cisco Network Assistant and I couldn't find it. Some web pages have suggested I telnet into the switch and issue commands like "ip dhcp ?" to see what commands are possible. I can telnet in and if I type but I get an "Unrecognized command" for both "ip ?" and "ip dhcp ?". This makes me think I'm reading the wrong web pages. I did come across the term "DHCP snooping". It seems relevant, but very difficult for me to grasp.
View 9 Replies View RelatedI have one cisco Nexus 7000 with version 6.1(2).I created 3 VDC
ADMINCOREsecurity
I have configured 1 - 45 ports for Core and 46 - 48 ports for Security.Now I am not using the VDC Security and I tried to move the assigned ports 46 - 48 from Security to ADMIN.Switch accepted the command .But the ports are not visible on ADMIN VDC.Now it is not showing on Security VDC also. I need this ports in ADMIN VDC
Just I have upgraded some 2960S to IOS 15.0(2)SE from a IOS 15.0(1)SE3 and the catalyst don't switch any IPv6 traffic. Don't work any RA and also don't work any unicast IPv6 traffic from any interface. I can see some references to IPv6 changes in the FHS (First Hop Security) in the Release Notes, but no any reference to changes in the configuration.
The switches don't have any IPv6 specific configuration and the sdm is the default templata. Returning to 15.0(1)SE3 everything work ok.
On Catalyst 2960, and 3560E this IOS version seem to work fine with IPv6.
i want upgrade my catalyst 2960S and 3560x at midnight, but i am worried about config loss. If i upgrade my switch throught web interface, will need I reconfigure the switch?
View 2 Replies View RelatedI have a new problem with Catalyst 2960S. We have four switch in a stack and now I get the message:
“%PLATFORM_RPC-3-MSG_THROTTLED: RPC Msg Dropped by throttle mechanism: type 37, class 14, max_msg 32, total throttled 73968 (hostname1-2)”
Traceback= 13A686C 160862C 160E0B4 15E2088 184FD48 18467B8
sh switch de
Switch/Stack Mac Address : 68bd.abc9.0000
H/W Current
[Code]....
we have Catalysts 2960S for switching in our Wireless high capacity backbone network. As agregation switch we are using 3560x.
I just need to know, if are these 2960S good solution for igmp snooping for whole IPTV stream. It put only a range from backbone and put out on another port. But just specified multicast addresses.
Imput will be 239.128.0.10 to 239.128.0.20 on Gi 0/1,Output wil be 239.128.0.10 - 15 on Gi 0/24
IPTV will be separated on different VLAN for eg VLAN 20,Is needed any priorization configured od switches?,The capacity for IPTV is around 500 mbps
I recently tried to manually format the flash on a model WS-2960S-48TS-L switch running IOS version 15.0(2)SE. While executing the operation I got the following error - mifs[8]: Failed to create superblock %Error formatting flash (I/O error).As a result the flash is no longer accessible by the switch. I spoke with Cisco and they indicated that a switch reload would remount the flash and make it accessable again but the .bin file would need to be reloaded using the xModem recovery procedure (what a pain).The next IOS version 15.0(2)SE1 will supposedly fix this bug but it has not been released yet. In the meantime if you are running 15.0(2)SE you may want to hold off performing a "format flash:" function on a 2960S.
View 3 Replies View Relatedspecifying Cisco devices and I've made an error.I have 2 Catalyst 2960S switches (C2960S-24PS-L).Based on this snippet of web copy from the Cisco website:What's new for the Cisco Catalyst 2960-S Series Switches with LAN Base Software: # 10 and 1 Gigabit Ethernet uplink flexibility with Small Form-Factor Pluggable Plus (SFP+), providing business continuity and fast transition to 10 Gigabit Ethernet I bought a cable assembly "SFP-H10GB-CU3M" (3 meter copper twinax cable with 10GB SFPs on each end). Unfortunately, it appears after more careful reasearch that my specific model 2960S's are not directly compatible. , can I force these 10GB SFPs down to 1GB and get them to work with my switches or do I need to return and repurchase?
View 1 Replies View RelatedMulticast is not working between our two datacenter, we have catalyst 2960S (two stacked) as the internal lan switch, and catalyst 3560E as the external switch, same configuration for both datacenters.The two sites are connected using metro, the external switch (3560) is doing qinq and encapsulate the data from the internal switch with the metro vlan (611).
IGMP snooping is disabled for all switches, although we prefer to enable it for the internal switches.For each datacenter there is a different firewall which also act as the router, we are using fortigate as the firewall.Following is the important configuration section:
Port 43 in the internal switch is connected to the external switch (both sites):
interface GigabitEthernet1/0/43
switchport mode trunk
load-interval 30
Port 3 in the external switch connected to the internal switch (both sites):
interface GigabitEthernet0/3
switchport access vlan 611
switchport mode dot1q-tunnel
no cdp enable
no cdp tlv server-location
no cdp tlv app
Port 8 on the external switch connected to the metro link (both sites) vlan 350 is the internet and 611 is the metro:
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 350,611
switchport mode trunk
vlan 611 on external switch:
interface Vlan611
ip address 192.168.168.2 255.255.255.0
no ip route-cache
no ip mroute-cache
after upgrading about 35 Catalyst 2960 and Catalyst 2960S to IOS 15.0(2)SE2, we experience a memory leak on several switches. After some days / weeks the switches are not accessible via Console/Telnet/SSH/Web any more. Only SNMP seems to work properly.Attached users do not experience any decrease in service.
Trying to connect to the console, we get following error message:
"% Low on memory; try again later"
The only (temporary) solution is to reboot the switch. The behavior is similar to Bug CSCts52797.With regards to the Bug notes this bug should only affect Catalyst 2960 with 64MB of RAM and should already be solved with IOS 15.0(2)SE2.
We experience the erroneous behavior with
-WS-C2960-48TC-S running IOS 15.0(2)SE2
-WS-C2960S-48LPS-L running IOS 15.0(2)SE2
I was unable to configure vlan-based qos on Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1) Seems to me my configuration is not working. Here is the output of the interface:
sh int G1/6 | i rate
Queueing strategy: fifo
30 second input rate 25231000 bits/sec, 4282 packets/sec
30 second output rate 46940000 bits/sec, 9257 packets/sec
And here is my configuration:
interface Vlan3
ip address 192.168.1.1 255.255.252.0
service-policy input TEST_IN_PMAP
service-policy output TEST_OUT_PMAP
[code]....
Why I can't see matches in ACLs? I've double checked the direction and seems to me it is correct. I can't see matches even I configure something like this:
10 permit ip host 192.168.1.168 any
20 permit ip any host 192.168.1.168
Why my output rate is higher than 30M? Is it bacause there is no matching traffic here in ACLs? I'm absolutely shure that this host with such ip connected to this interface:
#sh arp | i 192.168.1.168
Internet 192.168.1.168 0 feed.beef.f00d ARPA Vlan3
#sh mac address-table | i feed.beef.f00d
* 3 feed.beef.f00d dynamic Yes 0 Gi1/6
I would like to enable port security to hardcode the MAC address on the ethernet switch. There are 5 ethernet ports in the same ethernet switch to be assigned for one person (one note book), e.g. port 5, 6, 15, 16 and 23. The model of ethernet switch is cisco 2960S and one MAC address is configured on 2960S.
1. Does 2960S support this requirement to allow input the same MAC address to 5 different port?
2. If yes, can ethernet switch "smart" enough to forward the packages to "active" ethernet port which is connected to notebook and the rest of four ports are inactive.
3. if no, any solution or any work around to achieve this requirement
Connecting Avaya 9611G IEEE class 1 devices to a Cat2960s. How ever some of the phone are registering as class 3 devices no matter what interface the phone is connected to. Typical port config is as follows:
interface GigabitEthernet1/0/2
switchport access vlan 25
switchport mode access
switchport nonegotiate
switchport voice vlan 22
srr-queue bandwidth share 1 30 35 5
[code]....
I have a single 2960s without stack module. The stack port has a status of down, however I'd like to disable it so that it does not generate a false alarm in my NMS. The documentation states that there should be a command "switch 1 stack port 1 disable" but the switch (running 15.0(2)SE2) doesn't seem to be available. Is this a dcumentation bug or is the command not there at all?
View 2 Replies View RelatedThe 2960s-48lpd-l comes with 2 SFP+ ports and is capable of supporting either SFP or SFP+ modules.
My question is:- if I have a SFP+ module in port 1, can I have a SFP in port 2? or do they both have to be either SFP+ or SFP?
I would like to use flexstack to stack two Cisco 2960S 48 Port switches (2960S-48TD-L) for redundancy. Each switch will have a single 10G uplink into our Nexus 7K. One switch in the stack will terminate to linecard 6 (N7K-F248XP-25) and the other switch will terminate to linecard 7 (N7K-F248XP-25). My question is how many flexstack cables are needed? Do I need only one cable or do I need two to connect the two 2960s ?
View 2 Replies View RelatedI have Cisco 2851 router & need to allocate bandwith based on IP's. eg. 192.168.1.1 should use 7 Mbps & 192.168.1.2 should use 2 Mbps & 192.168.1.3 should use 1 Mbps. Let me know the configuration on how to execute it on a router.
View 4 Replies View RelatedThis is a continuation of my last post in which I need to apply ACLs to the physical ports within Etherchannels. The switch is a Catalyst 2970 running IOS 12.2. These Etherchannels are configured as trunks with 2 VLANS allowed on each trunk.I have applied an inbound ACL on the physical ports that filters based on layer 3 and layer 4 traffic. The issue that I am seeing is that the counters for the ACL are not increasing even though the ACL is clearly doing its job. At the end of the ACL I have an entry of "permit ip any any". Removing this from the list causes connectivity problems to the server on this port. Adding it back and everything is back to normal. However the counters don't increase. At first I thought maybe this wasn't supported on this switch but then I noticed the counter had increased to "2 matches" later in the day. What is the normal behavior is for this switch and does it support logging on an ACL entry as well.
View 2 Replies View RelatedI want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
ip dhcp server use subscriber-id client-id
I am upgrading from 3750-E IOS 12.2 to 3750-X IOS 15.0
I have a dhcp pool set up to give out an ip address based on the Physical port of the switch. I also have it configured to give out "reserved only" addresses.
The configuration works when i plug a dhcp device in the 3750E. (IOS12.2) The configuration does not work when i use the same config on 3750X (IOS15)
When i debug dhcp, i see the DHCP discover message come in, but no offers or anykind of response from the 3750X.
If i remove the "reserved only" line the switch gives out IPs, but of ocurse not the ones i want. I did that to prove both the client and the switch can give out an IP.
So i have a feeling the subscriber-id client-id interface name mapping is not right, or not created.
Here is a snippet of config.
!
no ip dhcp use vrf connected
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
[Code]......
I have two 2960's in this new environment that I am administering. I am receiving a message on one unit (Designate it 2960-2) of %IP-4-DUPADDR: Duplicate address 192.168.168.8 on Vlan1, sourced by 3037.a63e.540. The "sourced by" address is the 2960-1. I do not know how these units were originally set up. How can I determine where the duplicate address is originating from.When I perform an ARP -a the address that corresponds to the 192.168.168.8 is the mac address of the ethersvi interface on the 2960-1. I
View 3 Replies View RelatedWe want to filter IP traffic by MAC address on Catalyst 4500. Since we are using bonding (active-backup mode) we need those mac addresses appear on different ports. Below are solutions that we have tried: ACL but it does not work since mac acls only match non ip traffic (We CAN NOT use ip acl). Use a static mac address-table entry to ALLOW specific mac addresses. It does not work either since the same MAC address needs to be seen on a different port. Catalyst 4500 does not support auto-learn option (as e.g. Nexus 5000).
View 3 Replies View RelatedI have Catalyst 2960 S (WS-C2960S-48FPS-L) Switch. I have plugged in SFP module but still interface is down and line protocol down. Is there any configuration to enable SFP module and make the interface up?
This port is connected to nexus 5 k.
My Catalayst 4507 is reaching up to 82% CPU utilization and I noticed that K2L2 Address Table R is causing the high CPU.
C4507#sh processes cpu | in HiPri|LoPri|CPU utilizationCPU utilization for five seconds: 82%/1%; one minute: 86%; five minutes: 87% 54 350533923 329104616 1065 13.27% 13.84% 13.86% 0 Cat4k Mgmt HiPri 55 1771768520 274992685 6442 59.91% 64.55% 66.04% 0 Cat4k Mgmt LoPri
C4507#sh platform health | in K2L2|%CPuK2L2 Address Table R 2.00 66.35 12 5 100 500 91 82 58 27272:55K2L2 New Static Addr 2.00 0.00 10 0 100 500 0 0 0 0:00K2L2 New Multicast A 2.00 0.00 10 5 100 500 0 0 0 0:18K2L2 Dynamic Address 2.00 0.00 10 5 100 500 0 0 0 0:16K2L2 Vlan Table Revi 2.00 0.00 12 8 100 500 0 0 0 1:22
I have some Ethernet-connected cameras that all have the same Ethernet MAC address FF:FF:FF:0A:0A:0A. They were originally designed to directly connect to a Windows PC, but they can also connect through a simple unmanaged switch.A Catalyst 3560 switch won't forward packets to or from anything with that MAC address, at least not by default. Is there a way to convince the switch to do so?
It was my hope to replace the dedicated connections we have for these cameras with a separate VLAN for each camera, and switch them through our existing switch network. Given that all of the cameras use the same MAC address, putting them on the same network is out of the question, but different VLANs, where the only two devices on each VLAN were the camera and the PC that uses it, would be fine.
The switches run IOS 12.2(55) SE through SE3. I learned the camera MAC address from the PC's ARP table while the camera software runs; it turns out the cameras don't have a full IP stack either and don't even do ICMP.
I have a 892 router configured on fa0 with vlan1 and a catalist 3560. On catalist all ports are in access mode and vlan1. When I'm connecting port fa0 from router to catalist, the catalist port is shuted down What should I do on router on catalist to make the connection working ?
View 4 Replies View RelatedWe have two catalyst 3560X 24T-S switches connected on two separate LANs (both the networks are redundant to each other). The last port of the switches are connected together?
View 15 Replies View RelatedI've just installed 2 of these in my workplace on a PLC network.I'm now looking to set one of the ports up as my diagnostic port and would like to be able to mirror any of the other ports to this port.I believe it is called SPAN on Cisco switches.The only reference I can find to it is configuring via Telnet which I haven't got a clue about.On my old Wiedmuller switches it was just a few clicks away.
View 3 Replies View RelatedI am connecting two catalyst 3500 XL switches via fiber fx ports for layer 2 connectivity. Do I need to configure anything in the IOS or do I just plug in the fiber?
What needs to be configured?