Cisco Switching/Routing :: Catalyst 4500-E / Found BUG Between EEM And Remote Host Logging In Various IOS?
Sep 29, 2011
I found a bug in Embedded Event Manager, on Catalyst 4500-E platform with supervisor V-10GE, on various IOS releases (in particular 12.2-50-SG IP BASE w/o crypto, 12.2-54-SG1 IP BASE w/o crypto, but also other releases included latest 15.0-2-SG1 ENTERPRISE SERVICES SSH).The problem is that when you set up a EEM applet that monitors syslog pattern matching, and you also configure remote host logging *with* the option "sequence-num-session", when the match occurs, the switch reboots with message:
Sw (sometimes prints a number instead)
VECTOR D00
and in some cases performs a second reboot with message:
VECTOR 0
DOUBLE FAULT
The reload reason message is:
System returned to ROM by abort at PC 0x0
The problem does *not* occur if remote logging has not the option "sequence-num-session". I verified this behavior on various configurations (included our production 130K long *and* factory defaults after erase startup-config).The configuration statements that cause reload are, for expample:
event manager applet prova
event syslog pattern %SYS-5-CONFIG_I
action 1.0 puts "configurazione modificata"
!
logging host 172.30.10.1 sequence-num-session
View 1 Replies
ADVERTISEMENT
Feb 21, 2012
Why the IOS on 4500 doesn't support globally, although am running the IOS 12.2,need for logging event link-status global.
View 3 Replies
View Related
Mar 29, 2012
know Cisco IOS command, how to show when Catalyst 2960 was shut down (power off)?
View 2 Replies
View Related
Jan 8, 2012
I am trying to setup the WOL for our enterprise. We have a C4500 setup with mutliple Vlans. We are using Microsoft SCCM server to wake up workstations for security update. The workstations are on vlan190 and the Microsoft server is on vlan 441
Here's my config
the config below
interface Vlan190ip directed-broadcast 100 (Enables the translation of a directed broadcast to physical broadcasts)
access-list 100 remark ====== Wake-On-LAN ======no access-list 100 permit udp host 10.4.40.98 any eq 9 logaccess-list 100 remark ====== End of ACL 100 ======
[Code].....
View 2 Replies
View Related
Mar 13, 2013
Whether Cisco Catalyst 4500-E with SUP 6E Supported vss?
View 1 Replies
View Related
Apr 15, 2012
I am trying to understand the implicit limit to the priority queue. I know you can define an explicit policer but if you don't I can't find out what the rate limit really is.
View 5 Replies
View Related
May 20, 2012
I have two Cisco Catalyst 4507R-E I configure HA. Tips?I plug them in gigabits ethernet?
View 15 Replies
View Related
Nov 12, 2009
If a Supervisor 6-E will support NetFlow on a Catalyst 4507R-E?If not, what are my options for NetFlow on a 4507R-E?
View 7 Replies
View Related
Apr 18, 2012
I've two Cisco 4500 running as core switches for huge and complex network. The two 4500 are going to act as dhcp server for several subnets. The easiest solution would be to split each DHCP pool in two, and assign the first half of the pool to one of the core switch and the second half of the pool to the second core switch. This would be a partial solution since if one of the two fails, the second core switch would not have enough dhcp leases available for all the devices connected for each subnet.For such a reason, I'm wondering if it the 4500 switches support a stateful redundant DHCP servers, so that the two switches can synchronize their DHCP lease tables. If this feature is available, I could define the same pools for both the switches without the risk of having duplicate ip addresses within the network.
View 3 Replies
View Related
Feb 6, 2013
We have a Switch Catalyst 4500, model WS-C4510R+E, with 2 Supervisors, models V-10GE, which is showing high CPU values all times.When this occures, the switch shows 95-100% for total cpu for a few hours at a time.show proccesses cpu shows process Cat4k Mgmt LoPri with an unusual cpu value of 56% The show platform heath command gave me a high reading for K2L2 Address Table R which is curently 9,45% but the last hour is around a 20% average CPU ?[URL] what the process K2L2 Address Table R means and what could be the cause of this peak?
View 3 Replies
View Related
Oct 13, 2009
I have a Catalyst 4500 WS-C4506 and S-X4516-10GE Supervisor running under IOS 12.2(52)SG IP BASE SSH. After having installed IOS 12,2(53)SG i wanted to schedule a reload. After entering the reload at command I get the message %Reload in Progress and nothing happens.
View 4 Replies
View Related
Dec 10, 2012
Catalyst 4500 or 6500 VSS Capabilities?
View 6 Replies
View Related
Oct 16, 2012
is it possible to run a Catalyst 4500 as pure Layer 2 Switch, i.e. disabling "ip routing", but still managing the switch via Fa1, i.e. the defautl mgmtVrf vrf ?I tried the following:
!
no ip routing
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
ip address 192.168.1.1 255.255.255.0
!
ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 192.168.1.254
ip default-gateway 192.168.1.254
I was not able to reach the Switch even from the same subnet. Only after enabling ip routing I could manage the Switch. I haven't found any command to set ip default-gateway for a vrf. Any workaround to keep routing disabled, but still manageable via VRF?
View 3 Replies
View Related
Mar 14, 2013
I was reading the documentation of the Catalyst 4500-X for creating VSS and MEC (multichassis etherchannel).In the VSS specific part, it's written"Cisco Release IOS XE 3.4.0SG does not support Layer 3 MEC".
Can I still use VlanX interfaces ad route through them?In my setup I only have IP addresses assigned to vlanX interfaces (with some VRF-lite magic)[code] Does that sentence only mean that I can't have IP assigned directly to the MEC?
View 4 Replies
View Related
Sep 19, 2012
How can I find out the firmware versions for IOS, modules and components of Cisco catalyst 4500 series switch. I can see the firmware version of IOS in show version command but how can I find it out for the modules or components of the switch.
View 4 Replies
View Related
Mar 27, 2013
On 45XX catalyst , bandwidth is allocated across six 8-port groups, providing 1 Gbps per port group. Example for the following line card : WS-X4448-GB-SFP
I want to know if there is the same mecanism on 3750X switches. I mean is bandwidth allocated across a group of ports like on 4500 catalyst ?
View 5 Replies
View Related
Apr 22, 2012
I have 2 x WS-X4548-GB-RJ45 Catalyst 4500 Enhanced 48-Port 10/100/1000 Base-T (RJ-45) line cards in a 4500 chassis with 2 x WS-C4507R-E E-Series Super visor engines. We would like to create a layer 3 ether channel from a access layer switch terminating on our 4500 chassis. Can we configure the ether channel from the access layer switch such that one port on the ether channel is on one line card and the other one is on the other line card?
View 2 Replies
View Related
Sep 19, 2012
If I'm upgrading dual redundant power supplies in a Catalyst 4507 from 1000W (data) to 1400W (data), can it be done without taking the switch through a power cycle? I'm guessing no as I read that the switch will not recognize a 1400W PSU in bay 2 if there is still an original 1000W PSU in bay 1.
View 2 Replies
View Related
Dec 31, 2012
I just received a new 4510R+E switch with CAT4500e SUP7e Universal Image cat4500e-universal.spa03.01.01.sg.150-1.x01.bin software imag with License Level ipbase. We specified in the order to receive CAT4500e Universal Crypto Image with License Level ipbase. I have since requested and received the latest CAT4500e Univeral Crypto Image cat4500e-universalk9-spa.03.04.00.sg.151-2.sg.bin. Is there anything other that just installing the new image that must be done to allow me to use the Crypto Image? Would this upgrade do anything to change my License Level ipbase?
View 1 Replies
View Related
Jan 8, 2012
Does a new Cisco Catalyst 4500 series supervisor 7L-E model WS-X45-SUP7L-E is backward compatible with a Cisco Catalyst 4500 series chassis model 4507R? I've checked on Cisco website for that Supervisor and it shows only new chassis models WS-C4507R+E and R-E, but what about old type of chassis? We need to upgrade that Supervisor as it's out of line, but we don't really want to buy a new chassis as well as it's going to be very pricy.
View 6 Replies
View Related
Dec 19, 2012
We want to filter IP traffic by MAC address on Catalyst 4500. Since we are using bonding (active-backup mode) we need those mac addresses appear on different ports. Below are solutions that we have tried: ACL but it does not work since mac acls only match non ip traffic (We CAN NOT use ip acl). Use a static mac address-table entry to ALLOW specific mac addresses. It does not work either since the same MAC address needs to be seen on a different port. Catalyst 4500 does not support auto-learn option (as e.g. Nexus 5000).
View 3 Replies
View Related
May 8, 2011
My Catalayst 4507 is reaching up to 82% CPU utilization and I noticed that K2L2 Address Table R is causing the high CPU.
C4507#sh processes cpu | in HiPri|LoPri|CPU utilizationCPU utilization for five seconds: 82%/1%; one minute: 86%; five minutes: 87% 54 350533923 329104616 1065 13.27% 13.84% 13.86% 0 Cat4k Mgmt HiPri 55 1771768520 274992685 6442 59.91% 64.55% 66.04% 0 Cat4k Mgmt LoPri
C4507#sh platform health | in K2L2|%CPuK2L2 Address Table R 2.00 66.35 12 5 100 500 91 82 58 27272:55K2L2 New Static Addr 2.00 0.00 10 0 100 500 0 0 0 0:00K2L2 New Multicast A 2.00 0.00 10 5 100 500 0 0 0 0:18K2L2 Dynamic Address 2.00 0.00 10 5 100 500 0 0 0 0:16K2L2 Vlan Table Revi 2.00 0.00 12 8 100 500 0 0 0 1:22
View 2 Replies
View Related
Jun 4, 2012
switch catalyst 4500 with ios cat4500e-universal.SPA.03.02.00.XO.150-2.XO.bin. I need to configure modules 3 and 4 of supervision, the problem is that I need the 4-port module 3 are active but only the first turn on both the module 3 and the first port on the module 4. [code]
View 1 Replies
View Related
Oct 31, 2012
I have the attached setup. now i would like to limit my ftp transfer to 10 mb from a specific vlan to ftp server on the STM-4 (622) link. what would be the best way to limit ftp traffic to 10 mb .Video_Main#sh verCisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.02.00.SG RELEASE SOFTWARE (fc4)Technical Support:
[URL] Copyright (c) 1986-2011 by Cisco Systems, Inc.Compiled Tue 26-Apr-11 18:09 by prod_rel_team
Image text-base: 0x100A0994, data-base: 0x13CAB728
ROM: 15.0(1r)SG1Jawa Revision 7, Snowtrooper Revision 0x0.0x116
Video_Main uptime is 15 weeks, 3 days, 23 hours, 53 minutesSystem returned to ROM by power-onSystem restarted at 16:38:21 UTC Wed Nov 23 2011Running default software
License Information for 'WS-X45-SUP7-E' License Level: entservices Type: Permanent Next reboot license Level: entservices
cisco WS-C4506-E (MPC8572) processor (revision 8) with 2097152K/20480K bytes of memory.Processor board ID FOX1502GZHFMPC8572 CPU at 1.5GHz, Supervisor 7Last reset from PowerUp9 Virtual Ethernet interfaces204 Gigabit Ethernet interfaces10 Ten Gigabit Ethernet interfaces511K bytes of non-volatile configuration memory.
Configuration register is 0x2101
Video_Main#
View 6 Replies
View Related
Feb 11, 2013
I am relocating UPS units and will need to buy longer power cables to extend from our 4506 and 4510 to the new location.I think I am looking at 15 to 20 feet but I am going to confirm. Is it okay to use longer cables?
View 9 Replies
View Related
Jun 21, 2012
When the 4500-E series switch boots and if you issue a 'show run' there's several Star Wars themed references and their revisions. What these actually are and why they are using Star Wars terminology?
Here's the output:
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 12.2(53)SG2, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 16-Mar-10 04:50 by prod_rel_team
Image text-base: 0x10000000, data-base: 0x12794974
ROM: 12.2(44r)SG5
Darkside Revision 4, Jawa Revision 18, Tatooine Revision 140, Forerunner Revision 1.78
1AR1R2-NC1 uptime is 2 years, 2 weeks, 3 days, 15 hours, 44 minutes
System returned to ROM by power-on
System restarted at 19:29:14 UTC Fri Jun 4 2010
System image file is "bootflash:cat4500e-entservicesk9-mz.122-53.SG2.bin"
View 2 Replies
View Related
Aug 15, 2012
I have seen links out there for a conversion tool to convert commands on a Catalyst type switch (6509) to newer IOS type switches(4500-e) switches but they all error out on me on a 404. Any link where I can get this conversion tool?
View 1 Replies
View Related
Jun 4, 2013
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
View 1 Replies
View Related
Feb 6, 2013
What's the difference between a Catalyst 4500 and a Catalyst 4500E series chassis? I believe it has to to do with supporting PoE+? Are the blades in both series interchangeable?
View 1 Replies
View Related
Apr 9, 2013
I want to enable jumbo frame con a Catalyst 4500, specifically in the WS-X4648-RJ45-E card. (running this IOS version Version 12.2(53)SG1).
For what I checked, this are the only needed commands:
vlan xxx
mtu 9000
interface port 4
mtu 9000
exit
I want to be sure that these are the only needed comands and that they won t generate any disruption.
View 1 Replies
View Related
Jun 27, 2011
I have a host that can successfully connect to a PIX 515E (7.x OS) via VPN Client; however, I have no IP routing to the LAN from the remote host.The VPN IP pool works finem,The LAN default gateway is the inside interface on the PIX; the network is flat L2 behind it.The default route on the PIX points out; no other routes are defined,The VPN remote host can be pinged from LAN hosts, but the VPN remote host cannot ping any LAN host, not even the PIX inside interface.
View 2 Replies
View Related
Jul 5, 2012
We have a firewall service environment where logging is handled with UDP at the moment. Recently we have noticed that some messages get lost on the way to the server (Since the server doesn't seem to be under huge stress from syslog traffic). We decided to try sending the syslog via TCP. You can imagine my surprise when I enabled the "logging host <interface name> <server ip> tcp/1470" on an ASA Security context and find out that all the connections through that firewall are now being blocked. Granted, I could have checked the command reference for this specific command but I never even thought of the possibility of a logging command being able to stop all traffic on a firewall.
The TCP syslog connection failing was caused by a mismatched TCP port on the server which got corrected quickly. Even though I could now view log messages from the firewall in question in real time, the only message logged was the blocking of new connections with the following syslog message: "%ASA-3-201008: Disallowing new connections."
Here start my questions:
- New connections are supposed to be blocked when the the TCP Syslog server are not reachable. How is it possible that I am seeing the TCP syslog sent to the server and the ASA Security Context is still blocking the traffic?
- I configured the "logging permit-host down" after I found the command and it supposedly should prevent the above problem/situation from happening. Yet after issuing this command on the Security Context in question, connections were still being blocked with the same syslog message. Why is this?
- Eventually I changed the logging back to UDP. This yet again caused no change to the situation. All the customer connections were still being blocked. Why is this?
- After all the above I removed all possible logging configurations from the Security Context. This had absolutely no effect on the situation either.
- As a last measure I changed to the system context of the ASA and totally removed the syslog interface from the Security Context. This also had absolutely no effect on the situation.
At the end I was forced to save the configuration on the ASAs Flash -memory, remove the Security Context, create the SC again, attach the interfaces again and load the configuration from the flash into the Security Context. This in the end corrected the problem. Seems to me this is some sort of bug since the syslog server was receiving the syslog messages from the SC but the ASA was still blocking all new connections. Even the command "logging permit-host down" command didn't wor or changing back to UDP.
It seems the Security Context in question just simply got stuck and continued blocking all connections even though in the end it didn't have ANY logging configurations on. Seems to me that this is quite a risky configuration if you are possibly facing cutting all traffic for hundreds of customers when the syslog connection is lost or the above situation happens and isn't corrected by any of the above measures we took (like the command "logging permit-host down" which is supposed to avoid this situation altogether).
View 4 Replies
View Related
Apr 30, 2011
recently I had some malware on my Windows XP Professional (version 2002), so I followed a guide at Bleeping Computer [URL] to get rid of it. Problem is, for some reason, after I finished, I could no longer access the internet!When I try, FIrefox gives me their "could not connect" message: "Server not found. Firefox can't find the server at [site]." Check the address for typing errors such as ww.example.com instead of [URL]"When I try to log into MSN, the troubleshoot says I have a problem with my DNS and Key Ports.I'm not good with computers so I Google'd and found some ping-ing instructions. When I tried to ping [site], I get: "Ping request could not find host [site]. check the name and try again." This happens regardless of the site I use.Lastly, I tried "ping 127.0.0.1" from a troubleshooting site. It gives me: "Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
[code]..
View 8 Replies
View Related
