Cisco Switching/Routing :: Filter IP Traffic By MAC Address On Catalyst 4500?
Dec 19, 2012
We want to filter IP traffic by MAC address on Catalyst 4500. Since we are using bonding (active-backup mode) we need those mac addresses appear on different ports. Below are solutions that we have tried: ACL but it does not work since mac acls only match non ip traffic (We CAN NOT use ip acl). Use a static mac address-table entry to ALLOW specific mac addresses. It does not work either since the same MAC address needs to be seen on a different port. Catalyst 4500 does not support auto-learn option (as e.g. Nexus 5000).
I am trying to setup the WOL for our enterprise. We have a C4500 setup with mutliple Vlans. We are using Microsoft SCCM server to wake up workstations for security update. The workstations are on vlan190 and the Microsoft server is on vlan 441
Here's my config
the config below
interface Vlan190ip directed-broadcast 100 (Enables the translation of a directed broadcast to physical broadcasts) access-list 100 remark ====== Wake-On-LAN ======no access-list 100 permit udp host 10.4.40.98 any eq 9 logaccess-list 100 remark ====== End of ACL 100 ======
I am trying to understand the implicit limit to the priority queue. I know you can define an explicit policer but if you don't I can't find out what the rate limit really is.
We have a lot of IPX traffic flowing through a switched network and we are being asked to filter it from a network standpoint. At one point they were using IPX in their network, but no longer need to, so they still have a lot of machines spewing out IPX traffic. We have removed the IPX routing commands from our distribution switches, (Cisco 6500), but after running a short 10 minute Wireshark capture I'm still getting a good bit of IPX traffic from a lot of different devices.
I've two Cisco 4500 running as core switches for huge and complex network. The two 4500 are going to act as dhcp server for several subnets. The easiest solution would be to split each DHCP pool in two, and assign the first half of the pool to one of the core switch and the second half of the pool to the second core switch. This would be a partial solution since if one of the two fails, the second core switch would not have enough dhcp leases available for all the devices connected for each subnet.For such a reason, I'm wondering if it the 4500 switches support a stateful redundant DHCP servers, so that the two switches can synchronize their DHCP lease tables. If this feature is available, I could define the same pools for both the switches without the risk of having duplicate ip addresses within the network.
We have a Switch Catalyst 4500, model WS-C4510R+E, with 2 Supervisors, models V-10GE, which is showing high CPU values all times.When this occures, the switch shows 95-100% for total cpu for a few hours at a time.show proccesses cpu shows process Cat4k Mgmt LoPri with an unusual cpu value of 56% The show platform heath command gave me a high reading for K2L2 Address Table R which is curently 9,45% but the last hour is around a 20% average CPU ?[URL] what the process K2L2 Address Table R means and what could be the cause of this peak?
I have a Catalyst 4500 WS-C4506 and S-X4516-10GE Supervisor running under IOS 12.2(52)SG IP BASE SSH. After having installed IOS 12,2(53)SG i wanted to schedule a reload. After entering the reload at command I get the message %Reload in Progress and nothing happens.
is it possible to run a Catalyst 4500 as pure Layer 2 Switch, i.e. disabling "ip routing", but still managing the switch via Fa1, i.e. the defautl mgmtVrf vrf ?I tried the following:
! no ip routing ! interface FastEthernet1 ip vrf forwarding mgmtVrf ip address 192.168.1.1 255.255.255.0 ! ip route vrf mgmtVrf 0.0.0.0 0.0.0.0 192.168.1.254 ip default-gateway 192.168.1.254
I was not able to reach the Switch even from the same subnet. Only after enabling ip routing I could manage the Switch. I haven't found any command to set ip default-gateway for a vrf. Any workaround to keep routing disabled, but still manageable via VRF?
I was reading the documentation of the Catalyst 4500-X for creating VSS and MEC (multichassis etherchannel).In the VSS specific part, it's written"Cisco Release IOS XE 3.4.0SG does not support Layer 3 MEC".
Can I still use VlanX interfaces ad route through them?In my setup I only have IP addresses assigned to vlanX interfaces (with some VRF-lite magic)[code] Does that sentence only mean that I can't have IP assigned directly to the MEC?
I have a ASA 5585 and a Nexus 5596, and i need a sugestion to configure this cenário:
My users in the Vlan 10 need access on the network in the Vlan 20, but this traffic must be filtered for firewall. In the firewall a received a trunk port for Nexus 5596, and i created subinterfaces to receive the Vlans for this trunk.
The gateway for my users is the address for the ASA subinterfaces.
What i do to filter the traffic between the Vlans?
How can I find out the firmware versions for IOS, modules and components of Cisco catalyst 4500 series switch. I can see the firmware version of IOS in show version command but how can I find it out for the modules or components of the switch.
On 45XX catalyst , bandwidth is allocated across six 8-port groups, providing 1 Gbps per port group. Example for the following line card : WS-X4448-GB-SFP
I want to know if there is the same mecanism on 3750X switches. I mean is bandwidth allocated across a group of ports like on 4500 catalyst ?
I have 2 x WS-X4548-GB-RJ45 Catalyst 4500 Enhanced 48-Port 10/100/1000 Base-T (RJ-45) line cards in a 4500 chassis with 2 x WS-C4507R-E E-Series Super visor engines. We would like to create a layer 3 ether channel from a access layer switch terminating on our 4500 chassis. Can we configure the ether channel from the access layer switch such that one port on the ether channel is on one line card and the other one is on the other line card?
If I'm upgrading dual redundant power supplies in a Catalyst 4507 from 1000W (data) to 1400W (data), can it be done without taking the switch through a power cycle? I'm guessing no as I read that the switch will not recognize a 1400W PSU in bay 2 if there is still an original 1000W PSU in bay 1.
I just received a new 4510R+E switch with CAT4500e SUP7e Universal Image cat4500e-universal.spa03.01.01.sg.150-1.x01.bin software imag with License Level ipbase. We specified in the order to receive CAT4500e Universal Crypto Image with License Level ipbase. I have since requested and received the latest CAT4500e Univeral Crypto Image cat4500e-universalk9-spa.03.04.00.sg.151-2.sg.bin. Is there anything other that just installing the new image that must be done to allow me to use the Crypto Image? Would this upgrade do anything to change my License Level ipbase?
Does a new Cisco Catalyst 4500 series supervisor 7L-E model WS-X45-SUP7L-E is backward compatible with a Cisco Catalyst 4500 series chassis model 4507R? I've checked on Cisco website for that Supervisor and it shows only new chassis models WS-C4507R+E and R-E, but what about old type of chassis? We need to upgrade that Supervisor as it's out of line, but we don't really want to buy a new chassis as well as it's going to be very pricy.
I found a bug in Embedded Event Manager, on Catalyst 4500-E platform with supervisor V-10GE, on various IOS releases (in particular 12.2-50-SG IP BASE w/o crypto, 12.2-54-SG1 IP BASE w/o crypto, but also other releases included latest 15.0-2-SG1 ENTERPRISE SERVICES SSH).The problem is that when you set up a EEM applet that monitors syslog pattern matching, and you also configure remote host logging *with* the option "sequence-num-session", when the match occurs, the switch reboots with message:
Sw (sometimes prints a number instead) VECTOR D00
and in some cases performs a second reboot with message:
VECTOR 0 DOUBLE FAULT
The reload reason message is:
System returned to ROM by abort at PC 0x0
The problem does *not* occur if remote logging has not the option "sequence-num-session". I verified this behavior on various configurations (included our production 130K long *and* factory defaults after erase startup-config).The configuration statements that cause reload are, for expample:
switch catalyst 4500 with ios cat4500e-universal.SPA.03.02.00.XO.150-2.XO.bin. I need to configure modules 3 and 4 of supervision, the problem is that I need the 4-port module 3 are active but only the first turn on both the module 3 and the first port on the module 4. [code]
I have the attached setup. now i would like to limit my ftp transfer to 10 mb from a specific vlan to ftp server on the STM-4 (622) link. what would be the best way to limit ftp traffic to 10 mb .Video_Main#sh verCisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.02.00.SG RELEASE SOFTWARE (fc4)Technical Support:
[URL] Copyright (c) 1986-2011 by Cisco Systems, Inc.Compiled Tue 26-Apr-11 18:09 by prod_rel_team Image text-base: 0x100A0994, data-base: 0x13CAB728 ROM: 15.0(1r)SG1Jawa Revision 7, Snowtrooper Revision 0x0.0x116 Video_Main uptime is 15 weeks, 3 days, 23 hours, 53 minutesSystem returned to ROM by power-onSystem restarted at 16:38:21 UTC Wed Nov 23 2011Running default software License Information for 'WS-X45-SUP7-E' License Level: entservices Type: Permanent Next reboot license Level: entservices cisco WS-C4506-E (MPC8572) processor (revision 8) with 2097152K/20480K bytes of memory.Processor board ID FOX1502GZHFMPC8572 CPU at 1.5GHz, Supervisor 7Last reset from PowerUp9 Virtual Ethernet interfaces204 Gigabit Ethernet interfaces10 Ten Gigabit Ethernet interfaces511K bytes of non-volatile configuration memory. Configuration register is 0x2101 Video_Main#
I am relocating UPS units and will need to buy longer power cables to extend from our 4506 and 4510 to the new location.I think I am looking at 15 to 20 feet but I am going to confirm. Is it okay to use longer cables?
When the 4500-E series switch boots and if you issue a 'show run' there's several Star Wars themed references and their revisions. What these actually are and why they are using Star Wars terminology?
Here's the output:
Cisco IOS Software, Catalyst 4500 L3 Switch Software (cat4500e-ENTSERVICESK9-M), Version 12.2(53)SG2, RELEASE SOFTWARE (fc1) Technical Support: [URL] Copyright (c) 1986-2010 by Cisco Systems, Inc. Compiled Tue 16-Mar-10 04:50 by prod_rel_team Image text-base: 0x10000000, data-base: 0x12794974
1AR1R2-NC1 uptime is 2 years, 2 weeks, 3 days, 15 hours, 44 minutes System returned to ROM by power-on System restarted at 19:29:14 UTC Fri Jun 4 2010 System image file is "bootflash:cat4500e-entservicesk9-mz.122-53.SG2.bin"
I have seen links out there for a conversion tool to convert commands on a Catalyst type switch (6509) to newer IOS type switches(4500-e) switches but they all error out on me on a 404. Any link where I can get this conversion tool?
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
I'm decommissioning my SonicWall PRO 3060 and upgrading to an ASA5550 (we're increasing our WAN link speed to 1Gig and need the 5550). In any case, I want to copy over the configuration from the PRO to the ASA. I have everything documented and I've started doing the changeover, but in looking at some other network diagrams on the net I'm seeing router symbols between the LAN switches and the ASA and I'm beginning to worry that I might need routers to do this which, of course, would increase cost quite a bit.
So my question is this: If I have a core switch carved into multiple VLANs and I connect each VLAN to a port on the ASA, will I be able to route and filter traffic from VLAN to VLAN through the ASA? If so how, in general, is this accomplished (I'm betting ACLs). I think that the ASA will be able to do this easily, but I just want to be sure before I get too far into the configuration of this unit,.
I have the attached setup. now i would like to limit my ftp transfer to 10 mb from a specific vlan to ftp server on the STM-4 (622) link. what would be the best way to limit ftp traffic to 10 mb .
Cisco IOS-XE software, Copyright (c) 2005-2010 by cisco Systems, Inc.All rights reserved. Certain components of Cisco IOS-XE software arelicensed under the GNU General Public License ("GPL") Version 2.0. Thesoftware code licensed under GPL Version 2.0 is free software that comeswith ABSOLUTELY NO WARRANTY. You can redistribute and/or modify suchGPL code under the terms of GPL Version 2.0. For more details, see thedocumentation or "License Notice" file accompanying the IOS-XE software,or the applicable URL provided on the flyer accompanying the IOS-XEsoftware.
What's the difference between a Catalyst 4500 and a Catalyst 4500E series chassis? I believe it has to to do with supporting PoE+? Are the blades in both series interchangeable?
