After deleting configuration with „write erase“ and reloading, our Cisco Catalyst 4503 with version cat4500e-universal.SPA.03.02.00.XO.150-2.XO.bin, and licence ipbase, doesn't recognize any command regarding SSH. We tried configuring SSH key with „crypto key generate“, but that command is not recognized either.
View 1 Repliesi'm performing configuration PBR on catalyst 4503, but it doesn't work. [code]
View 21 Replies View RelatedCurrently we have cisco 4503 switch in one of our location without redundancy which servers below,
300 user (desktop & ip phones)
5 vlans
15 access switches are connected
one L3 connectivity.
Actually i want to understand is it really necessary to have 4503 or we can go for 4900 series as we are planning to have redundancy in distribution segment.
Which is the best L3 switch in the above scenario and how to measure the overall performance of the current 4503 switch...
I have a 4503-e with WS-X4013+TS supervisor and WS-X4548-GB-RJ45 card. I purchased a WS-X4648-RJ45-E card and installed but IOS says its unsupported. Supervisor is running 12.2(46)SG software and 12.2(31r)SGA firmware. Obviously I'm hoping this cars can be supported somehow. Do I need to upgrade software or firmware, or return the linecard and get equivalent supported card? Oh, system is running Catalyst 4500 L3 Switch Software. (cat4500-IPBASEK9-M)
View 6 Replies View RelatedMy Cisco Catalyst 2960G-24TC-L is broken.Yes,I think it's broken.
1.Always dispaly : “ !!! WARNING: The switch is not usable !!! ” “Unable to create l2trace server process, socket_open() failed”.
2.All GigabitEthernet is missing .
Switch(config)#interface ?
Async Async interface
Auto-Template Auto-Template interface
[Code].....
Upgrading two 6509-E routers containing sup32's to two new 6509-E routers containing sup2T's. We run a large OSPF network but our core mainly is a switched network and only has about 5 Vlans. Now this could change in the future and there maybe more Vlans on it.
Just after realising our new sup32's shiped with ipbase instead of ipservices. Version is s2t54-IPBASEK9_NPE-M. My question is is this version ok for routing?
Our old current 6509's are version s32p3-ipbasek9-mz.122-18.ZYA3.bin and they do some routing about the same amount these new routers will do. Here is a summary of the routing table:
IP routing table name is Default-IP-Routing-Table(0)
Route Source Networks Subnets Overhead Memory (bytes)
connected 1 3 424 640
static 0 0 0 0
ospf 1 26 348 27520 59840
Intra-area: 366 Inter-area: 0 External-1: 0 External-2: 8
NSSA External-1: 0 NSSA External-2: 0
internal 12 14160
Total 39 351 27944 74640
Removing Queue Size 0
Will I need to upgrade the new sup2T's to ipservices or will this version work ok?
My current version IOS is cat4500e-ipbase-mz.122-53.SG5.bin. I just got a new version cat4500e-entservicesk9-mz.122-53.SG5.bin.I put the new version in bootflash: directory and tried various methods of starting the IOS up to run the new version but it always started in the original ipbase version. My start-config shows:
boot-start-marker
boot system flash bootflash:cat4500e-entservices9l-mz.122-53.SG5.bin
boot-end-marker
and I even deleted the ipbase version in the bootflash: directoy so then my switch would not even boot up at all and hung in rommon. In rommon I tried
boot bootflash:cat4500e-entservicesk9-mz.122-53.SG5.bin
and the result I got back was
File has bad file magic number: 0x0
So I had to point the switch to my tftp server and boot back into a back up copy of ipbase. how I can get my new IOS version to work? I understand I might have to download it again but I just got it so I am skeptical it is a bad file. [URL] as a procedure guide and I do notice some of those commands/steps do not work on my 4900m switch.
I imagine this question has been posted a million times before but here goes. I am trying to image a number of machines via Ghost Cast server across a 3750X stack running multiple V LAN's. I am running the IP BASE image so am aware that multicast functionality is limited.
I am running 12.2(55)SE3. I have tried adding both V LAN's into an IGMP group using the "ip igmp join-group" command which shows both V LANs as part of the group but to no real effect. To be honest though I am clutching at straws! I'm just starting to read through the documentation so hopefully that will work.
we have just purchased a few 3750x's that we intend to add to our 3750g stacks. We've purchased the 10gb uplink modules, C3kx-nm-10gt, but when they are installed they are not appearing in the switches web gui nor can you configure them correctly. If we upgrade a 3750x to 15.0.1 they seem to work fine. All of our current 3750g's are running 12.2(58)SE2 IPBASE so we don't really want to have to upgrade them all to 15.0.1
Are we missing something or do the 10gb modules only work properly with ios 15.0.1?
Cisco let us try a CISCO C3750X- 24T-S Stack (2 switches) ->> IpBase Sofware licence We've 2 Hyper-v 2008 R2 and one SAN Netapp FAS2040 connected via Iscsi.All was working well with this stacks.Hyper-V see Nas Iscsi interface without problem. Even with basic stack config (no Vlan, ect...).Then, after this test period, we bought a C3750X-24T-L stack (2 switches) to replace the stack lent by Cisco.This one is LanBase Software.
With this stack, hyper-v work very bad ! We've got a lot of Iscsi error in the eventvwr.I can't access luns.So, is there a difference between LanBase and IpBase for a iscsi use ?I put the 24T-S config on the 24T-L switch without pb. So config is the same on both stacks...Also i've got a "TestPortAsicLoopback" = "Failed" on the new stack...I've tried with other stack cables. Not better.
just got a new supervisor 4 engine for this catalyst 4503 switch that has ios 12.2 (53) SG installed on it. That's quite a bit above the 7.6 i was working with. I'm having a couple issues now. first, I read that it is supposed to be sending out broadcasts automatically to get it's IP address but it doesn't seem to be. the module i'm plugging into there is ws-x4448-gb-rj45, a 48 port 10/100/1000 module in case it matters. it works other than that. I can plug two computers in and see them and i can plug the network in and they'll both get addresses and internet, but i need an IP on the switch. is there a way to send a manual request for broadcast out or somehow set the IP manually? (I know I can do it in the rommon, but that doesn't seem to do anything)
also, the last module in the switch is a 24 port poe ws-x4224-rj45v. the module is recognized, the status light green, the "show interface status" lists it, but it doesn't recognize anything plugged into it. the supervisor is not configured at all yet, so maybe that has something to do with it, but the other module, like i said, works.
There is some way to increase the speed of changing the interface state from DOWN to UP when the cable is connected. I need to configure a port of Cisco 4503 in a way that when a cable is connected the port goes immediatly UP.
A solution can be to keep Cisco interface always UP and I remember that with "no keepalive" command to the interface configuration it was possible. But I tried and nothing happens.
I need to implement over an ethernet link L2 tunnel because I want to isolate another VLANs domain.On the first side I can use the command : sw mo dot1q-tunnel on a new C4503 on the other side I cannot configure the command : sw mo dot1q-tunnel.
the other side is an old C4503 we upgrade the flash with a compact flash to upgrade to a new IOS v15 but the command doesn't exist also.I red the cisco feature navigator feature and I am sure the dot1Q-tunnel is available on my image : cat4500-ipbasek9-mz.150-2.SG.binso I don't know why I can use it.
We have microsoft servers and other application servers (around 12 in nos) which should have gig connections to the access switch. In turn this access switch will be connected to our distribution switch 4503. Which model of access switch best fits from the below 3 models. It should be cost effective as well.
WS-C2960 S-24PS-L
WS-C2960-24TS-L
WS-C3560G-24TS-S
I am installing a connection between Brocade MLX and Cisco 4503 using SE and SVI's. Below is the config for each. Am I missing anything like MTU Ignore or something along that nature?
*** Cisco 4503 (v15.01) Config ***
VLAN 35
name EOC_Gi1/2
[Code].....
I am trying to connect a 6509 switch to a 4503-E switch using single mode dark fiber over a distance of less than half a mile. Although a routine task, it does not work..We have a care 6509 switch where we concentrate all of our dark fiber connections for our remote sites. The 6509 switch already has 30 remote sites, most of them with 4503-E switches, connected in this way therefore it is a tested scenario. For the connections we use the GLC-LH-SM SFPs on both switches. Out of these 30 sites we had a similar problem with two of them, which we solved with the use of CWDM SFPs. With the CWDMs the fiber came up right away. However, I cannot keep using this solution because it is way too expensive! I had the losses of the fiber measured end-to-end and they are negligible (>0.5 dB).
In this latest case, like I said, we could not bring the connection up between the core 6509 switch and the 4503-E switch using the GLC-LH-SM SFPs. I then replaced the 4503-E switch with a 3560 and the link came up! Then I tried using a CWDM-SFP in the 4503-E, while keeping the GLC-LH-SM SFP in the 6509 and the link came alive again! Of course we already tried replacing the fiber patch cords with no luck. [code] I find it very weird for the link to work with the 3560 or with a CWDM in the 4503 but NOT with the SFP in the 4503!
I have a 4503 switch (in L2 mode) running 12.1 hooked into a C2950 running 12.1, using regular 4 pair Cat5e cables to connect between them. The 4503 has Gigabit port 2/1 trunking to the 2950's Fa port 0/13.
When I set the duplex mode to DUPLEX FULL and SPEED to SPEED 100 on both switches (for their trunk ports) the link fails, and my 4503 loses connectivity (since it gets it from the 2950).
Here is my config from the switches (per description):
The 4503:
interface GigabitEthernet2/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,100-140
[Code].....
Note, this is the only mode that works (which seems to work fine, but I get TERRIBLE throughput for anything that goes over the 2950.
We have Cisco 4503-E switch and software version is cat4500e-universal.SPA.03.01.01.SG.150-1.xo1.bin. Now i have uploaded cat4500e-universal.SPA.03.02.01.SG.150-2.SG1.bin IOS-XE software in the switch and want to boot the switch from this image.
View 17 Replies View RelatedI need a 10G support on 4503 chassi with SUP II plus TS.Is any of the 10G line cards i.e. 4712 or 4606 supported on SUP II plus TS on 4503?
View 4 Replies View RelatedWe had a core switch(30 vlans) in our environment and it's noticed that CPU utilization of the core switch is showing high during recent days. I have checked logs and processes, but couldn't find the root cause. The issue found only in the office hourly only(after that the cpu utilization is idle and normal). I have already referred the following link to troubleshoot the issue " [URL]
see the following outputs from the core switch
CPU utilization for five seconds: 99%/0%; one minute: 99%; five minutes: 99%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
30 6687557041432420936 466 47.52% 47.10% 45.98% 0 Cat4k Mgmt LoPri
55 30667074884269560256 0 45.36% 45.50% 45.85% 0 IP Input
29 28552856922870089254 0 3.59% 3.50% 3.57% 0 Cat4k Mgmt HiPri
[code]....
Note: Each Invalid source mac entry in each day from same port (above is the output after clearing logs before 3 days)
My queries regarding the issues are following
1) How can we find root cause regarding the high cpu utilization?
2) Is a single invalid mac address makes the cpu highly utilized for suppressing it?
I am working with a Catalyst 4503-E with a Sup7-E. I'm trying to enable Netflow, and I have read the following guides: Catalyst 4500 Series Switch SW Configuration Guide, Release IOS ...
I have also enabled Netflow in IOS 12.1/12.2 and figured the process was similar (It seems to be). CEF is enabled, and I have all the pre-reqs according to the document above, however, the flow commands don't exist, they simply say "command unrecognized". I have included my sh version below.
sh version (edited):
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.01.01.SG RELEASE SOFTWARE (fc1)
[Code].....
We have two core switches in our network (Cisco WS-4503). HSRP is working as Active-Standby mode. Recently it has been found that core 1 (which is in active mode) shown high CPU load (60% - 100%). Also found that the below mentioned process takes more CPU. Our network consist of around 30 Vlans. We have already checked for the solution in Cisco website [URL] but couldn't find exact reason. see the below outputs for core 1 switch.
Core1# sh processes cpu sorted
CPU utilization for five seconds: 55%/3%; one minute: 65%; five minutes: 71%PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 30 1606933521086983644 147 24.79% 29.93% 35.85% 0 Cat4k Mgmt LoPri 29
[Code]....
We have a gateway on a 4503, say on port 2/1, and we only want the other devices that are plugged into the 4503 to be able to talk to the gateway and thats it. The other devices are Motorola TUT DSL devices and they plug into the 4503 directly.
Normally "switchport protected" would make this very easy to keep stuff on one port from talking to other ports but with 4500's you are not able to do that command. So we implemented a MAC Access-List Extended ACL. Here is what we did
mac access-list extended BLAH
permit #host 0000.XXXX.YYYY any
interface range fa 2/5 - 20
mac access-group BLAH out
The MAC address 0000.XXXX.YYYY is the MAC address of the gateway that is plugged into Fa2/1 and the DSL TUT devices are plugged into ports Fa2/5-20. We would think that this config would only allow devices on the TUT DSL to talk only to the Gateway but we don't really think this is happening. The TUT devices are learning about MAC addresses that are on other TUT devices.
Do the cisco 4503 switches support virtual clustering feature ? I have a requirement where switch ports on two different 4503 switches need to combined in the same Link aggregation group . This is needed because the firewall notes say that the aggregated interfaces need to be conected to a single switch and combined in the same LAG . So according to the diagram below , the interfaces marked RED need to be in the same LAG in the switches , same for the interfaces marked BLUE . I have done the same setup using Juniper switches where it uses VIRTUAL CLUSTERING to group the different switch ports in the same LAG.
View 2 Replies View RelatedWe had a core switch(4503) in our environment and recently we tried to enable syslog in the switch. But the syslog server doesnt receives all the configured level messages from the switch. Following is the only message getting in syslog server after the configuration change in switch.
%SYS-5-CONFIG_I: Configured from console by CWLMS onvty1
(No Traffic related messages like acl deny traffic, spanning tree events etc are getting to syslog server as well as log buffer of the switch)
Following are the logging configuration for the core switch
logging monitor informational
logging facility syslog
logging source-interface Vlan44
[Code]....
1) Is there any more configurations required for getting all traffic related messages, (i mean all possible messages - upto level 7 - debugging)?
We had a core switch (4503), distribution switches and access in our network and consists of many vlans. Almost all vlans uses DHCP Pools. But for few vlans DHCP is not yet configured. Recently one of the rogue user in vlan 1 gave the corresponding interface vlan ip of core switch (gateway) as his ip and caused a prolonged network outage for the vlan. Any way we are going to seggregate vlan 1 into different vlans, but before that we need a temporary plan to block such kinds of attack.What are the possible ways we can avoid the network outage problem even if a user gave the gateway ip to the machine?
View 3 Replies View Relatedrecommend a cisco core switch and access switches in IPTV network infrastructure?I was ask to implement a network for IPTV system but i don't have idea what will be the model i will use.
Core Switch = Cisco 4503
Access Switches = Cisco 3560X
I am currently doing an audit at a customer site, i.e. am checking if any IOS upgrades are needed. I have found that alot of IOS versions that the customer is running are not available in the Cisco Software Download area anymore. Taking IOS 12.2(44)SE2 for the 3560 for example: some earlier and later versions are available as downloads, but this exact version is not. It also is not listed as a deferred version.What is Cisco telling us with this exactly? Are these "missing" versions not supported anymore i.e. is an upgrade to a supported version adviseable?
View 2 Replies View RelatedI have a 867VAE-K9. On feature navigator it is listed as supporting OSPF. However when I go into config mode and type "router ?" BGP is there, but OSPF is not. Also, under my tunnel interfaces there is no support for any OSPF commands such as "ip ospf cost" etc. I'm in the process of raising a TAC. I have tried five or six different versions of IOS code that is available for this device, in each, we never see OSPF listed but sometimes see "router odr" or "router lisp"...
View 5 Replies View RelatedI've got two routers, Cisco 2911's with 15.1(4)M1 on one and 15.0(1)M5 on another.
I'm trying to set up ip sla for vrrp tracking but the commands seem gimped? I don't even have an option for ip sla <operation number>. All I've got is ip sla responder/server/key-chain.
We have a working PBR route map on a 6509 switch and a 3750 switch, each in different locations.On both devices, the route-map is configured to match on one of multiple ACLs, then set the next hop to a directly-connected IP address, like so: [code]
When copying in the ACL contents for "ACL20", they were accidentally copied in to the ACL1 list, and ACL20 was never created. Shortly after this was done, the next hop router went unreachable in both locations. Pings failed and the 6509 and 3750 each lost the EIGRP adjacency to the 1.1.1.5 router. After troubleshooting, I removed "match ip address ACL20" and connectivity returned.
My question is...if a PBR route-map tries to match on a non-existent ACL, what happens? Does it mark the next hop unreachable (even though it's directly connected) or does it match for ALL traffic and send *everything* there (thus, making it appear unreachable, as if a broadcast storm was happening)?
I just loaded the web interface IOS on a C3750X. The first thing I noticed was there was basically no web interface. I can look at things, and do default configurations on ports, but it doesn't appear I can configure VLANs or QoS or anything like that.
Am I missing something, or is this just how the web interface functions?
After a abrupt power cylce of 6509 switch, vlan configuration got missing. Switch has not crashed.
View 4 Replies View Related