Cisco Switching/Routing :: Catalyst 6513 - FWSM Module Configuration
Dec 20, 2007
My company has acquired a Catalyst 6513 with a FWSM module installed on it. I have been reading lot of documentation on [URL], but still have some problems configuring the FWSM:
The 6513 has 10 SVIs configured, each of them with an IP address. These 10 SVIs are binded to 10 VLANs which I need to secure. These SVIs are used for routing all the Inter-VLAN traffic inside the switch. The documentation says it is recommended to use just one SVIs for connecting the switch to the FWSM, although you can use more than one using the command "firewall multiple-vlan-interfaces". I don't want to use this command because it seems a pretty more difficult configuration, since you have to use policy routing after using this command (or that is, at least, what documentation says).
When I try to "send" to the FWSM more than one VLAN that are configured as SVIs on the switch I get this error message:
"No more than one svi is allowed, command rejected."
If I delete the IP address of those SVIs, then I can to "send" those SVIs to the switch with no problem at all. But I need the SVIs to have IP address configured, since they are needed for routing Inter-V LAN traffic.
So, the question is: how can I route all the inter-VLAN traffic using just one SVI on the switch? Should I use the FWSM for inter-VLAN traffic routing?
View 15 Replies
ADVERTISEMENT
Aug 24, 2012
i have a cisco Netowtk Analysis module installed on a 6513 core switch which is NAM-1, the version on the NAM is 5.1 and we need to upgrade to the latest version which is 5.1(2)
View 1 Replies
View Related
Dec 8, 2012
I have a Cisco catalyst 6513 with sup720-3bxl and WS-X6724-SFP modules , the switch was working fine until yesterday ,but after a maintenance the modue WS-X6724-SFP failed to bring online , the error code is (Module Failed SCP dnld) does it mean the module has hardware problem or i need to replace it ?
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ios version
s72033-adventerprisek9_wan-vz.122-33.SXH7.bin
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
show module
Mod Ports Card Type
Model
[code]....
View 3 Replies
View Related
Jun 4, 2012
switch catalyst 4500 with ios cat4500e-universal.SPA.03.02.00.XO.150-2.XO.bin. I need to configure modules 3 and 4 of supervision, the problem is that I need the 4-port module 3 are active but only the first turn on both the module 3 and the first port on the module 4. [code]
View 1 Replies
View Related
Apr 28, 2012
We have Communication Media Module (WS-SVC-CMM) mounted on 6513 switch. It went down twice and we brought it up by applying "power enable module".
View 4 Replies
View Related
Mar 20, 2012
I have a Cisco 6513 switches connected to HP VC Flex 10 Module. The (2) 10Gb ports on a Cisco Switch connected to VC Flex-10 in LACP mode.
I need to move those (2) 10Gb ports on Cisco Switch 10Gb Module to a different 10Gb module on a same Switch without bringing the ports down since it is a live environment.
What I would do is to configure a same port channel ID on a new 10Gb module and then move port one by one. unplug one port and connect to the new port on a module. While I will be unplugging the first port the other active port will keep sending traffic and as soon as I plug in on another port, both ports will be active.
View 1 Replies
View Related
Jun 6, 2013
I'm migrating from a failover pair of FWSM modules across to a failover pair of ASA Service Modules. In order to avoid a "big bang" switchover I intend to migrate subnets from one to the other over a protracted period.With that in mind, whether there is any restriction on having FWSM and ASASM modules in the same chassis? A trawl of the relevant documentation hasn't revealed anything.In this specific case it is Catalyst 6509E VSS chassis pairs with Sup-2T.
View 1 Replies
View Related
Apr 7, 2012
After a power problem at our data centre we find Module 11 of our Cisco 6513 Core Switch in PWR Down state.Show Module 11 returns: Status: PWRDownShow Power Status Module 11 returns: OperStatus Off (Module Reset due to an exception or user request).The command:
Power enable Module 11 was issued and returned the following: %PM_SCP-SP-1-LCP_FW_ERR: System resetting module 11 to recover from error: Linecard received system exception. Errcode = 2509000001.%OIR-SP-3-PWRCYCLE: Card in module 11 is being powercycled Öff (Module reset due to exception or user request%C6KPWR-SP-4-DISABLED: Power to module in slot 11 set off (Module Reset due to exception or user request),We have restarted the switch twice. The module is currently not passing traffic causing downtime to services.
View 6 Replies
View Related
Jun 18, 2012
I have a supervisor blade, (VS-S720-10G-3C), in a 6513 that is faulty and needs replaced. Do I need to replace the IOS on the new supervisor blade to make sure it is the same as the IOS image that is on the Active supervisor module, or will it synchronize automatically?
In the synchronization process, the active supervisor engine checks the standby supervisor engine run-time image to make sure that it matches its own run-time image. The active supervisor engine checks three conditions:
#
•If it needs to copy its boot image to the standby supervisor engine
#
•If the standby supervisor engine bootstring needs to be changed
#
•If the standby supervisor engine needs to be reset
I was reading the above documentation that mentioned the active supervisor should copy the image if it detects a newly installed standby supervisor blade with a different image, is this correct or was it referring to synchronizing the configuration file?
View 3 Replies
View Related
Aug 1, 2007
I am running a network comprising of Catalyst 6513's with SUP7203B's. at present we have 800 VLAN's as we make use of a VLAN per access layer switch model.
I know have a problem that as soon as I enable multicast routing my SUP720's CPU runs at 100% and the system goes into a slowdown.where I can find information on the scalability of Multicast?
View 15 Replies
View Related
Mar 23, 2013
I can not enable to rapid- protocol in catalyst 6513, does not support for it, only support pvst.
Someone how can i enable to rpvst? You know if is necessary to upgrade IOS, it has
s72033_rp-ENTSERVICESK9_WAN-M - 12.2(18)SXF9 IOS. The cisco software Advisor could not localized the features fot this IOS.
View 1 Replies
View Related
Aug 23, 2012
The SuperVisor engine in slot 1 of a Catalyst 6513 needed to be replaced because a hardware defect. The SuperVisor engine in slot 2 is active and running CatOS 8.5. The new SuperVisor engine for slot 1 came with CatOS 6.3 and was not syncronized auromatically after insertion. When the customer enter the command "Show boot" he get the output:
AG-A6513-51> (enable) sh boot
BOOT variable = bootflash:cat6000-sup2k8.8-5-5.bin,1;bootflash:cat6000-sup2k8.7-6-2.bin,1;
[Code].....
View 1 Replies
View Related
Mar 10, 2013
My question is regarding VSS configuration on Cisco 6513 switches. My understanding is that the hardware and software configuration on the devices must be exactly the same for the VSS to function correctly. Do the Bootstrap versions also have to be identical?
The production switch is running Bootstrap Version 12.2(17r)SX5, while the new switch is running Bootstrap Version 12.2(17r)SX7.
View 3 Replies
View Related
Oct 14, 2012
I have a new 6513 with 2 sup32's with IOS. This chassis will replace a working 6513 with 2 sup2's with CatOS.I would like to convert my CatOS running configs to IOS, and I know there used to be a tool for this.
I have searched around and found many broken links to an old Cisco tool to convert my former configs, is there any way to get this tool today? I have tried over 20 links and not been able to find a working one yet.
View 2 Replies
View Related
Apr 12, 2012
I need to transfer a config from a TFTP Server to a 4507 and a 6513. When I transfer the config to both those switches, does it require a reboot?
View 5 Replies
View Related
Sep 2, 2012
i want to know if 1port of the 16 10Gbase-t Module (WS-X6716-10T-3C) for the Catalyst 6500E Series, can be connected to a 1Gbase Port of a 2900 ISR Routers, are they gonig to work at 1Gbps or, simply, they are not compatible?
If it is true, can i create a 4ports etherchannel between them? of course using the 16 1Gbase-T switch module on the Router.
View 7 Replies
View Related
Apr 9, 2013
Is it possible to mix 1 and 10 Gigabit links on a 1/10Giga Network Module of the Cat3750X? I mean porte GE1/1/1 and GE1/1/2 used with SFP and port TE1/1/2 used with SFP+; that makes TE1/1/1 not available as GE1/1/3 and 1/1/4
View 7 Replies
View Related
Sep 4, 2012
We have a core switch with the following ios and supervisor engine. Can we add a16 port LR (x2)or LRM(X2) ON the core switch?if not what modifications has to be done?if an ios upgrade is necessary is it a costly affair?At present we have two 1gb up link modules in single and multimode fiber .
#sh moduleMod Ports Card Type Model Serial No.--- ----- -------------------------------------- ------------------ ----------- 1 16 SFM-capable 16 port 1000mb GBIC WS-X6516A-GBIC SAL0803T308 2 48 SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX SAD07500600 5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL1439UMZK
#sh versionCisco IOS Software, s72033_rp Software (s72033_rp-IPBASE-M), Version 12.2(33)SXI4a, RELEASE SOFTWARE (fc2)Technical Support: [URL] Copyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 16-Jul-10 19:51 by prod_rel_team
ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1) uptime is 1 year, 27 weeks, 4 days, 23 hours, 30 minutesUptime for this control processor is 1 year, 27 weeks, 4 days, 22 hours, 58 minutes(code)
View 6 Replies
View Related
Oct 29, 2012
we have a chassis 6513-E and a module WS-X6748-GE-TX, I'd like to know if could I put this module in any slot, since the documentation from Cisco says that any slot from a chassis 6500-E Series can support this module. And then in the documentation of WS-X6748-GE-TX says that this module is not compatible in the slots 1-8 of the 6513 chassis, only from 9th to 13th slots, in those slots from the 6513-E we already have 4x WS-X6748-GE-TX, and we'd like to know if could we put the module in the rest of the slots. The 6513, and 6513-E is kind of confusing.
View 4 Replies
View Related
May 12, 2013
I have a laptop with a single physical NIC which I have used the advanced management tools to create two virtual NICs (say vlan 10 and vlan 20) and both are on the same subnet (say 192.168.4.x). One NIC is for normal TCP/IP traffic and one is for broadcast/multicast traffic (I have some custom software that requires this to be the case and works fine on an older laptops with built-in physical NIC and PCMCIA XIRCOM NIC). The dual NIC laptop communicates with a dual NIC server via a Cisco 2811 router (which has a 16 port switch module at the back) and has vlans set up so.
What I want is for the single NIC laptop (with two virtual NICs) to be able to also communicate with the server. Basically, one NIC is for normal traffic and one is for multicast/broadcast traffic. All three machines need to be able to talk to each other using the NIC for normal traffic and both laptops must be able to receive broadcasts from the server. What is the best way to configure the router to handle the trunking/tagging? Most configuration documentation I read has two complete subnets for the two virtual NICs. Note that all three machines use static IPs and are part of a workgroup so no DNS and domain servers etc.
View 9 Replies
View Related
Aug 20, 2012
I have a 6500 switch and i recently removed a module (line card) from the switch. The problem is that the port configurations of the removed module still exhists in running configuration. I was not aware of the right procedure,[URL] however, i would like to know whether it resolves if i reboot the switch.
View 1 Replies
View Related
Apr 26, 2012
Any step-by-step configuration guide of how to enable DAI on Cisco Catalyst 6500 Series Switches.
View 1 Replies
View Related
Mar 4, 2012
i'm performing configuration PBR on catalyst 4503, but it doesn't work. [code]
View 21 Replies
View Related
Oct 24, 2011
I have got a catalyst cisco 2960G series switch and via this switch I want to creat serveral vlans. I am getting a dhcp IP from a router and I want to setup my own vlan networks.
I plugged in the Ethernet cable that came from the dhcp router to port 16 of the cisco switch and configured the ports 1,2 and 3 for vlan 1, 2 and 3
the dhcp router has given me this IP 192.168.10.158 defautl gateway is : 192.168.10.1
when I plug in a PC to port 1 or 2 of the cisco switch I still receiving the IP from range 192.168.10.* but not from the range that I configured for the vlan 1 or 2.
Below is my startup configuration:
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
[code].....
View 28 Replies
View Related
Dec 31, 2011
I have CISCO catalyst with VLANs (VLAN ID 33, 36, 40-53) configured. I need to configure port mirroring in Switch 3750 for NAC (Network Access Control). I need to Monitor all the VLANs. Here is the SPAN configuration of switch: [code] Monitor session 1 source vlan 33 , 36 , 40 – 53.Monitor Session 1 destination interface fa 1/0/8 (here I am not able to set encapsulation dot1q ) because the error occurred saying %one or more dest port do not support the encapsulation%.
View 5 Replies
View Related
Dec 20, 2011
I got problem with wake on LAN software.. The software unable to ON all pc's remotely if sitting under different vlan. Everything is ok if using the same vlan. Below are the network diagram & switch configuration.
Layer 3 switch Intervlan routing configuration
ip forward-protocol udp 7
!
interface Vlan4
description vlan Client-WOL
ip address 172.22.51.253 255.255.254.0
ip access-group Deny_HTTP_Vlan1 in
ip helper-address 172.20.1.246
[code].....
After configured all the switches with the above setting, the software still cannot wake all the pc's using LAN. Base on sniffing, i can't find UDP port usage by the software. Attached here with print screen from wireshark.
View 7 Replies
View Related
Jul 11, 2012
I am struggling with a CE520 and its smartports stuff.I have configured the following vlans :
1- data
100 - phones
I need to bring those vlans (both of them) to a Cisco 800 router. The port of the 800 router is already configured as trunk and accepts vlan 1 and 100.The cisco 800 has both vlan 1 and 100 configured with 2 ips on different subnets, and ip routing is enable (to route between two vlans). Also, no access lists are configured.I have configured one port in the switch as role "router" and connected to the router. The other ports are all configured as phone-desktop (phone vlan 100 desktop vlan 1).If I connect a phone and manually configure an ip (the phone gets automatically vlan 100), and try to ping the phone from the router, it doesnt respond. Alse vlan 100 is protocol down.I am guessing what s the right configuration as the link between the switch and the router should be a trunk link for 1 and 100 vlans, but it looks like is transporting only vlan 1.Also changing the port role to "other" when you can specify the native vlan and another vlan, the switch doesnt accept vlan 100 as additional vlan on that link.
View 2 Replies
View Related
Apr 22, 2013
I am migrating services from SUP720-3B to VS-SUP2T-10G= and moving to a VSS configuration between a pair of Cat6506 distribution layer switches. I need to enable QoS on these switches, primarily to trust dscp and also to prioritise voice traffic. The autoqos feature works for some ports but does not work on port-channel interfaces and port-channel member interfaces. How can I apply the qos settings for these interfaces in line with what auto qos would normally provide. My line cards are as follows:
Civic_6506VSS#sho mod
Mod Ports Card Type Model Serial No.
--- ----- -------------------------------------- ------------------ -----------
1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE
[Code].....
View 1 Replies
View Related
Jun 12, 2013
I am connecting two catalyst 3500 XL switches via fiber fx ports for layer 2 connectivity. Do I need to configure anything in the IOS or do I just plug in the fiber?
What needs to be configured?
View 2 Replies
View Related
Jul 16, 2012
Our servers are hosted at the Main site, site office A access to the Main site for Internet and servers. We are thinking NextG to take over when the link between sites goes down.
To start with, what is the configuration for 3750 at Site A and the Main site:
1) Trunking for both switches
2) Routing
3) the automatic failover configuration for the switch at Site A.
View 1 Replies
View Related
Jul 5, 2010
I have a WCCP Configuration on a Catalyst 3750G and a IronPort Webappliance. I have configured this situation many times before with cisco asa and ironport wsa, but with a switch, this is my first time.
VLAN 147 is a transportation vlan between the cisco switch and a hp coreswitch with the clients and servers behind the hp coreswitch.
VLAN 147 IP Address of the Catalyst is 172.30.47.1
IP of the IronPort Appliance is 172.30.47.10
IP of the HP Coreswitch is 172.30.47.2
Plan is to redirect the webtraffic coming from clients and servers from the 10.0.0.0/8 net behind the hp switch to the ironport wsa. In have configured these settings.
ip wccp web-cache group-list 15 password 7 091D1C5Aip wccp 80 redirect-list 16 group-list 15 password 7 14464058
interface GigabitEthernet1/0/22 description IRONPORT P1 BUWOG switchport access vlan 147 switchport mode access
interface Vlan115 ip address 172.30.15.2 255.255.255.0 standby 10 ip 172.30.15.1 standby 10 priority 90 standby 10 preempt standby 10 track Vlan115!interface Vlan147 ip address 172.30.47.1 255.255.255.0 ip wccp web-cache redirect in ip wccp 80 redirect in
[code]....
View 6 Replies
View Related
Dec 25, 2012
I was trying to configure my Catalyst Express 500 switch (PID VID: WS-CE500-24LC V01) and i followed the step i found in a document on Cisco website but still it showed an error "Page not found" and address displayed on bar was"169.254.0.1/catalyst-express.htm).
View 1 Replies
View Related
Feb 12, 2012
I was unable to configure vlan-based qos on Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1) Seems to me my configuration is not working. Here is the output of the interface:
sh int G1/6 | i rate
Queueing strategy: fifo
30 second input rate 25231000 bits/sec, 4282 packets/sec
30 second output rate 46940000 bits/sec, 9257 packets/sec
And here is my configuration:
interface Vlan3
ip address 192.168.1.1 255.255.252.0
service-policy input TEST_IN_PMAP
service-policy output TEST_OUT_PMAP
[code]....
Why I can't see matches in ACLs? I've double checked the direction and seems to me it is correct. I can't see matches even I configure something like this:
10 permit ip host 192.168.1.168 any
20 permit ip any host 192.168.1.168
Why my output rate is higher than 30M? Is it bacause there is no matching traffic here in ACLs? I'm absolutely shure that this host with such ip connected to this interface:
#sh arp | i 192.168.1.168
Internet 192.168.1.168 0 feed.beef.f00d ARPA Vlan3
#sh mac address-table | i feed.beef.f00d
* 3 feed.beef.f00d dynamic Yes 0 Gi1/6
View 9 Replies
View Related
