i have this message "DHCP Timeout"on few cisco IP Phones . try to assign IP manually and it's working fine.. seems DHCP not giving IP's to those.. 6500 have configured as DHCP pool.
View 3 RepliesThere is a cisco ws-c6509,recently it appear error log “%FABRIC-SP-6-TIMEOUT_ERR: Fabric in slot 5 reported timeout error for channel 11 (Module 3, fabric connection 1)”. When I reload the device,the error log disappear.But a few days later,it appears again.I try to replace the slot 3 (WS-X6704-10GE),the error log continues.The IOS version is 's72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(18)SXF8"
View 1 Replies View RelatedI have this message "DHCP Timeout"on few cisco IP Phones .try to assign IP manually and it's working fine.. seems DHCP not giving IP's to those.. 6500 have configured as DHCP pool.
View 1 Replies View RelatedI am working in a environment that is classed as collapssed Layer 3 environment. We have a core 6500 with routed links to 3560's which are access switches.
We have layer 3 vlans on the access switches, one for data one for voice.On the layer 3 vlans we have ip helper addresses that are used for DHCP. The DHCP servers are located on the 6500.
I recently had a incident where someone plugged a netgear router into a desk point because they thought they could use it for a switch. This router then started to dish out IP addresses to people in the morning for those who came in and docked their laptops. 99% of people weren't affected because they have desktop PC's are their leases hadn't expired.
Now we have bpduguard, bpdufilter to prevent people from plugging in switches that send out BPDU's. However this doesn't prevent the above senario where someone plugs a router or a 'dumb' switch that doesn't send BPDU's.Because of the above senario I started looking at DHCP Snooping, but I am unsure on a couple of things.
With the topology of our network I understand that I don't need to configure IP DHCP Snooping Trust on the L3 uplinks to our core switch. From what I understand I just need to enable IP DHCP Snooping globaly and then on the VLAN's on the access switch (because of the L3 topology VLAN's are local to the access switches). Only if I had L2 uplinks to the core would I need to configure IP DHCP Snooping Trust on the trunk links.
my MSFC2 sent this strange log message. %DATACORRUPTION-SP-1-DATAINCONSISTENCY: copy error, The error message decoder tool says: "NOT FOUND". The level is "alert".
View 8 Replies View RelatedCisco IP phones attached to a Moduke in one of my Cat6500 access Switches suddenly went down. Upon closer inspection of the Switch Sys log, I observed the following Sys log error messages: [Module 9 is experiencing the following error: Inline Power Module - PS Voltage bad. ]A sh Mod output indicates the PoE daughter card and Main Module are "ok" - see attached output. It appears issue is related to the the actual Power Supply module and not the blade module and installed PoE Daughter card. I am inclined to open a TAC case for a PS replacement, but wanted to see if this can be resolved without a hardware replacement. At this time all 48 IP phones attached to this module are out of Service.
View 2 Replies View RelatedSince yesterday, i see
Nov 16 13:23:21.355: %SYSTEM_CONTROLLER-3-MORE_COR_ERR: 255 correctable DRAM memory errors in previous hour
Nov 16 13:23:21.355: %SYSTEM_CONTROLLER-3-COR_MEM_ERR: Correctable DRAM memory error. Count 623, log 8053C830
Nov 16 14:23:21.340: %SYSTEM_CONTROLLER-3-MORE_COR_ERR: 255 correctable DRAM memory errors in previous hour
Nov 16 14:23:21.340: %SYSTEM_CONTROLLER-3-COR_MEM_ERR: Correctable DRAM memory error. Count 879, log 8053C810
error on switch console every hour.
ios version : Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXJ1, RELEASE SOFTWARE (fc2)
Version 12.2(33)SXI
int vlan 1
description client vlan
ip vrf forwarding A
ip address 10.1.1.1 255.255.255.0
standby 129 ip 10.1.1.2
standby 129 timers 1 4
standby 129 priority 105
standby 129 preempt
ip helper-address 10.1.2.20
[code]....
dhcp requests are not making it to the dhcp server SAME VRF (ip helper-addres is not doing anything.....)extended vrf traceroutes on udp 67 sourced from vlan2 are fine
I am expecting udp unicast packets on port 67 "giaddr" relay packets on the DHCP server generated and sourced by the relay on Vlan1
eg. Mar 1 01:59:06.731: DHCPD: setting giaddr to 10.1.1.1
This exact setup works in our preprod environment with the same code.Only difference is we run Distributed etherchannel on the 6500's where this doesnt work.
Wireshark on the client I can see the requests being sent Going to check it with debug ip dhcp server to check the relay logs out of production hours.
I have seen so many people say it IS and ISN'T supported on this version of the code.e.g. [URL]
I am aware the helper-adddress should inherit the vrf of the interface ip helper-address vrf command is not supported.The fact it works in the PP environment.... could this be due to the Distributed EtherChanel difference? or just some bug....
how can we upgrade 6500 non modular ios to normal 6500 ios?
View 5 Replies View RelatedPlaning to implement ARP out in all interface vlan at switche(6500,3500).It's useful to avoid unicast floating in the Switch.What are precaution to be take care during the implementation?
View 5 Replies View RelatedWhen I try to access Gizmo's Freeware | Find the best freeware fast, I'm getting timeout errors. I tried using different browsers but got the same result. All other websites loads fine in my browsers.I checked Down For Everyone Or Just Me -> Check if your website is down or up? and found that it's just me who's facing this problem.I also did a "tracert" from command prompt and got request timed out in the 19th hop at 209.59.157.128[CODE]
View 2 Replies View RelatedI used the below syntax to check the snmpwalk to an interface of a cisco 7606-s router from an LMS 4.0 version cli.
NMSROOT/Objects/jt/bin>snmpwalk -v 2c -c <snmp-string> <ip-addr> 1.3.6.1.2.1.31.1.1.1.6
Timeout no response from <ip_address>
This is the error im getting in cli prompt. But i could see that reports are generating.If i try with the loopback ip address, i get proper snmpwalk outputs.. I have increased the timeout and retry options..
I have 3750E swiches with IOS v. 12.2(55)SE3. Couple servers connect to ths switch, after ping of IP this servers I can see mac addresses in mac address table.
For instance:
sw1#show mac address-table vlan 20
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports(code)
---- ----------- -------- -----
When ip generate traffic to this server this mac address appear in table again on shot time (less than 10 seconds).
The router 1841 is connected directly to the layer switch. the network diagram is below:
Office A --> Switch (L3) --> Router 1841 --> Internet --> Office B
However, when I transfer the file from Office A to office B, the speed very slow ( only around 40 kb/second), and there are an input error and CRC error:
Cisco-R1841#sh interfaces FA0/1
FastEthernet0/1 is up, line protocol is up
Hardware is Gt96k FE, address is 0019.e02f.03dd (bia 0019.e02f.03dd)
[Code]......
I have some DHCP trouble since I subnetted my network with a 2921. My clinets are in 172.16.2.0/23 and DHCP servers are in 172.16.5.0/24.Sometimes, randomly I guess, I get NACK from my DHCP server, and if I look into DHCP logs I got something like this:
15,11/09/12,09:52:27,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:28,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
15,11/09/12,09:52:29,NACK,172.16.3.172,switchE51D12.host.com,A0CF5BE51D12,,0,6,,,,,,,,
[code]....
Have a client wanting to hand out public ip addresses to all clients from a PFSense Firewall terminating the internet connection.
How do I allow the Cisco Switches currently in place, configured with private ip addresses in the 10.10.x.x ranges and Vlans, where the main 3550 layer 3 has defined dhcp scopes for each vlan, to relay dhcp requests from all vlans to the PFSense firewall?
I assume I would take off the currently defined dhcp scopes for the vlans and configure each vlan/switch with the ip helper address and specify the PFSense firewall and that Nat would have to be disabled onthe firewall?
I'm setting up a Cisco Aironet 1141 (standalone mode, AP) to handle wireless traffic in the office. It gives out 2 mbssids, one of which authenticates domain users through a RADIUS server and places them in an appropriate VLAN (RADIUS options 64, 65, and 81). The other is a guest ssid that uses WPA-PSK and places users in the restricted guest VLAN. Physically, the AP is connected to a 3750 PoE Catalyst, to which RADIUS and DHCP servers are also connected. AP, SSIDs, RADIUS and EAP authentication all work. The configuration given below is a working configuration. People do get authenticated and do get placed in the appropriate vlan. The problem is that, once authenticated, the "Obtaining IP Address" phase on the client hangs and most clients timeout without getting an IP address. Given that the DHCP server is on the same switch and a test simple ASUS Wi-Fi IP gives out the same scenario (except the multiple VLAN) at the speed of light, I don't think that it's a problem with the network connections between clients and the DHCP server. After reading some topics here, I realized that probably other communication will be extremely slow, as well, but haven't tested that for sure. Clients are all non-Cisco - smartphones, notebooks, etc. Most of them are 802.11G, not N.
View 4 Replies View RelatedI got this error this operation returned because the timeout period expired error code 0x000005b4
View 1 Replies View RelatedAs per my understanding 6509 all slots are dual channel, so 9 slot * 40 per slot (20 g in and 20 g out) = 360 GB How cisco claim the 720 ?? What about the 6513 chassic switch fabric connection?
View 5 Replies View RelatedI am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?and on 3750 switches, do we need to enable the "ip routing" command manually for intervlan routing?
View 1 Replies View RelatedI'm looking to restrict Inter-VLAN routing through L3 switch (cisco 6500) and wanted to know best possible way to do it. I used VACL and achieved success to some extent, but my config is making clients take up to 5-6 mins to authenticate IP address from the DNS (bootps).My VACL config was as follows:
Subnet to restrict is 10.100.15.0 (VLAN 15)
STEP 1: Created extended ACL to allow bootpc/bootps through DNS
ip access-list extended EACL_DNS
permit udp any eq bootps any
permit udp any eq bootpc any
STEP 2: Created standard ACLs to allow only relevant subnet, server VLANs & some IPs from other subnets for printers/scanners etc.
ip access-list standard SACL_VLAN_15
permit 10.100.15.0 0.0.0.255 (the subnet I'm restricting)
permit 10.100.50.0 0.0.0.255 (server VLANs)
permit 10.100.25.45 0.0.0.0 (printer in another VLAN which has to have access in VLAN 15)
STEP 3: Created VLAN access list
vlan access-map VACL_15 10
match ip address EACL_DNS
action forward
vlan access-map VACL_15 20
match ip address SACL_15
action forward
STEP 4: Applying VLAN Access list on VLAN 15 vlan filter VACL_15 vlan-list 15 Though the above works, below is noted:
1. I'm still able to PING 10.100.15.2 (the switch virtual interface) from outside the subnet, which I don't intend to do so. Howeve all cients in the subnet have no connectivity from outside the VLAN 15.
2. As mentioned its taking quiet some time to negotiate with the DNS server at system boot time.
I used to "ip routing" command in order to enable inter-vlan routing, for example with 3750 cisco. I have a 6503 cisco with SUP720 MSFC3. I was able to create some vlans but I can not configure inter-vlan routing.
sw#conf t
Enter configuration commands, one per line. End with CNTL/Z.
swsur(config)#ip routing
[Code]....
For intervlan routing, Is 'IP routing' command enabled by default on a 6500 series switches based on the IOS?hes, do we need to enable the "ip routing" command manually for intervlan routing?
View 2 Replies View RelatedWhere is the "ip routing" command in Cisco switch 6500 series?
is the ip routing enable by default accoridng to the: [URL]
ASA 8.2(5), uauth absolute timeout is disabled and inactivity timeout is set to 48 hours:
timeout xlate 48:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute uauth 48:00:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
Users still get kicked out every 8 hours and they have to reauth. This is a logging message:
%ASA-5-109012: Authen Session End: user 'john', sid 839, elapsed 28801 seconds
i would like to check out what's the difference between the naming convnetion for the 6500 IOS.
I read the data sheet to support my POC deployment to support NCS v.1 the 6500 IOS need to upgrade to 12.2 (33) SXI
Is it able to work if i using SXJ instead of SXI, with the same IOS version 12.2 (33)?
I have tried to test copy tftp: numerous time with no success. I believe the reason it is failing is my laptop to Ethernet port is in vlan 62 and the tftp process operates in a different IP space.I am using gig 7/1 and configuring my laptop nic for x.x.x.254 mask 255.255.255.0. I can ping from laptop to gateway) and I can ping from the switch to my laptop using ping vrf production x.x.x.254. Can you tell me what vlan I need to set my laptop connection in or if there is something else I need to change to make tftp work on vlan62?Does TFTP only work in vlan1 or can it be changed?
View 2 Replies View Relatedhow to upgrade IOS in switch 6500 connect in VSS from 12.2(33)SXI IOS to 12.2(33)SXJ?
View 3 Replies View RelatedWe are setup like a hotel style workers camp. We have wings full of rooms and residents with 3750 stacks in them. Those switches connect back to our core 6500's. The network is mostly all Layer 3, interfaces are routed with IPs.
When it was built before my time they included an ACL for each wing so that residents couldn't access internal devices (IE SSH to 6500) but I've come to notice it's not working.
I see hits on the ACL for accepts but nothing is hitting the deny rule at the top.Here is the configuration below:
mls qos aggregate-policer INTERNET1 24000000 80000 80000 conform-action transmit exceed-action drop
mls qos aggregate-policer INTERNET2 24000000 80000 80000 conform-action transmit exceed-action drop
mls qos aggregate-policer INTERNET 24000000 80000 80000 conform-action transmit exceed-action drop
[Code] ....
On googling I came across documents that say OTV (Overlay Transport Virtualization) is supported on Cat 6500. Any authentic information whether OTV is supported on Cat 6500, especially with Sup-720B? FYI, Cisco Feature Navigator does not mention it.
View 1 Replies View RelatedSUP2T-D#sh proce cpu hist
11111111111 1111 1111 1111 1111
0000000000099999000099999000099999999990000999900009999999
0000000000099999000099999000099999999990000999900009999999
100 **********************************************************
90 **********************************************************
80 **********************************************************
70 **********************************************************
60 **********************************************************
50 **********************************************************
40 **********************************************************
30 **********************************************************
20 **********************************************************
10 **********************************************************
0....5....1....1....2....2....3....3....4....4....5....5....
0 5 0 5 0 5 0 5 0 5
CPU% per second (last 60 seconds)
SUP2T-D#sh proce cpu sorted
CPU utilization for five seconds: 100%/83%; one minute: 99%; five minutes: 99%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
416 3324188 879928 3777 13.05% 14.42% 14.45% 0 Spanning Tree
633 104408 5091 20508 1.50% 0.53% 0.45% 0 Env Poll
75 22000 298 73825 1.10% 0.13% 0.07% 0 Per-minute Jobs
168 69696 163563 426 0.39% 0.23% 0.22% 0 slcp process
2 532 1010 526 0.07% 0.00% 0.00% 0 Load Meter (code )
I am trying to guarantee 100mbps for a vlan across a gig link. I have done some research and found this command for switches
mls qos srr-queue input priority-queue 2 bandwidth 20
However it doesn't seem to work for my 6500. I know the 6500 uses PFC for QOS but I have no idea how it works. how I can guarantee a vlan 100mbps across a 1gig link?