Yesterday Cisco released IOS 15 code into the wild for the 2960 and 3560/3750 families but the link to the release notes is not working. Because I already have a whole bunch of 4500/Sup7's running IOS 15 I am thinking about taking the plunge with 30 3750-X's I have on order but want to review the release notes first. where they might be hiding?
View 4 RepliesI'm looking at implementing a new DMZ and wanted Netflow capability for security monitoring.The architectural principles I have to adhere to dictate that the switches within the DMZ are layer 2 however to get Netflow I need a minimum of a 3560/3750X, Network Services module, IP Base IOS with ip routing and CEF enabled.To do this and still keep the switch functioning as a layer 2 device the intention was not to configure SVI's or any static/dynamic routing protocols.Will Netflow still work in that scenario?
View 4 Replies View RelatedFrom the multiplexer 9 ethernet connections are terminating in Cisco 2960G 24 port swith and it is connected through fiber uplink to one Cisco 3560G 48 port switch in first floor, which is connected to server.
How I will configure the 3560G to make communicate with 2960G and bring all these 9 ethernet connections to server. All the 9 connections are from different IP. and server also have different IP.
It seems my 2960s and 3560s switches have enough flash space and memory to support the 15.0 IOS should I be OK to jump to this from 12.2(35)?
View 10 Replies View RelatedI'm having issue with one stubborn process that is consuming nearly all the CPU on all of my switches. I tried googling it, but had no luck. The process is "hulc nrgyz PD di"
View 4 Replies View RelatedI have CISCO RPS 600 (PWR-AC-RPS) is it support Catalyst 2960 and 3560 ? and which type of cable require since i have cable 22-18 pin and on my switch require 22-14 pin.
View 2 Replies View RelatedWhen did this wonderful feature get introduced? Is it going to moved down to the 3560s/2960s type switches?
View 0 Replies View RelatedI would like to test the possibility to reload devices via SNMP for new switches like 2960, 3560 and so on.I know that the command "snmp-server system-shutdown" has to be configured, then I need to send the set query to the device via SNMP.
I have found on the net the OID 1.3.6.1.4.1.9.2.9.9.0 but it belongs to an old MIB and doesn't seem to work with new switch models.
I know only one method to restart Cisco switch through Telent using command " RELOAD". How can we restart Cisco 2960/3560 switch phyically....can i use mode button to restart cisco switch ?
View 11 Replies View RelatedI want to implement port-based and MAC-based in these two switches: 2960 & 3560 (both of them have this IOS version: 12.2(55)SE1). And I haven't found a way to implement both of them at the same time. This is what I got:
ip dhcp use subscriber-id client-id
ip dhcp subscriber-id interface-name
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.251 192.168.0.255
[code]....
With this configuration I can use port-based, but not MAC based. If I remove the first two lines and change the last line for this one:
address 192.168.0.7 client-id 0112.ae1d.af58.60
Then, the computer with that MAC address got the correct IP, but then the port-based doesn't work. Also, I got this line in the interface what I want to use MAC-based:
ip dhcp server use subscriber-id client-id
Is it possible to daisy chain from a 3560 to 2960-S switch using a SFP interconnect cable (daisy chain cable)
View 1 Replies View RelatedWe have quite a few 3560 & 2960 on our edge network - what I have been looking at was to access switches via web-interface i.e. web-browser. Only problem with this is it always gives you access on privilige level 15 which is not ideal as not all who we decide to give access to these switches will be admin and allowed to configure these swicthes - In the 3560/2960 data-sheet states:
"Alternatively, a local username and password database can be configured on the switch itself. Fifteen levels of authorization on the switch console and two levels on the Web-based management interface provide the ability to give different levels of configuration capabilities to different administrators"
Where as there is no mention of how to configure these two levels of Web-based management in the configuration guide.
As per the attached diagram: How do I configure the 2 ports on the 3560 (Ports 6 & 7) and the connected ports on each of the 2960 switches (Port 25) to provide redundancy.
If the up link from Switch A dies then I need the traffic to flow through the trunk and utilize the up link on Switch B with minimal delay (milliseconds).
I have a Cisco 3560 running as a Level3 device in my network running 10 V LANs and routing between most of them (nothing complex with ACLs) and running spanning-tree mode pvst. The main network is run on a net gear GS748TPS stack of three switches running MSTP.
I have just bought an additional 3560 and a 2960 to plug in. I have set them up with IP addresses and then plugged them into the net gear. This brought the whole network down until I unplugged the new switches.
I have confirmed the IP addresses aren't duplicated and that DHCP is not running on the switches so I can only assume it's something to do with DHCP. I cannot afford for the network to go offline again, so is there anything I should check? Am I running incompatible spanning tree methods between the net gear and Cisco devices?
I am using Packet Tracer to simulate Cisco networking.As the existing IOS of the 3560 and 2960 switch are in older version which has no new feature in new IOS, how to upgarde the IOS of Cisco switch at Packet Tracer?
View 5 Replies View Relateddoes cisco switch 3560 or 3750 supports MC-LAg ? if yes, then on what IOS? if no, then what are the devices which supports MC-lag?
View 1 Replies View RelatedI am working in an enterprise LAN environment. We have about 100 switches, mostly 3560 and 3750's. This is a typical Cisco network, yet it's flat. No routing on the access layers. The core switch does do the routing. We use an third party vendor network monitoring tool, and we use Secure CRT to remote into devices.
Here's the problem. There was a device we stumbled into that had not been put into our monitoring software. It has the same IOS as our other devices. All I can say is that it's the same version and type. Each device has a management v LAN. And each device has it's own management IP. An ACL exists to prevent unauthorized SSH access into the devices, yet allows the management v LAN scope to get in.
So, here's the problem...we can't SSH into our problem mystery device, let's call it Switch X. Switch X has an IP of 10.10.100.150. Now, I can be logged into it's up link device, let's call it switch B. Switch B has an IP of 10.10.100.130. The ACL allows all devices from 10.10.100.0/24 to SSH. Our PC's at our desk are also in the same management V LAN. SSH version 2 is on the configs, and the domain names are the same on these two devices.
So, let's be clear. From my desktop, I can connect to any device on my network EXCEPT switch X. When I try to connect using SSH, port 22...it just sits there until it times out. I can do the same thing to any other switch, and connect just fine. We are using TACACS+ and RADIUS as well, and they are up and running just fine. The configs on Switch X like I said are the same for switch B, except it's IP address of course. While logged into switch B, I can do a CDP neighbor and see switch X connected via trunk link. Both sides are running dot1q encapsulation, and both are in trunk mode. I can ping switch X from switch B. When I try to SSH from B to X..I get timeout with no connection.
So, I hiked over to the building where switch X is located. I consoled into the switch. I confirmed that the ACL is the same as the ACL for switch B. It is set up to allow the management v lan inbound on the VTY 0 - 15. Yes, it's access-class (name) in on both vty 0 4 and 5 15. It also is set up for transport ssh in and transport ssh out.
I rechecked the domain name on Switch X; it was correct. I also did a crypto key and regenerated the crypto key. SSH v2 came up. Again, while in Switch X, I can do a CDP neighbor and see switch B. But I cannot SSH from switch X to Switch B, or any other devices that I tried. Now, we did find a config error with VTP; the VTP domain name was different. But VTP has nothing to do with SSH. Just to placate my co-workers, I went ahead and renamed the VTP domain name (it's running transparent mode). After I regenerated the crypto key, I saved everything of course. I then reloaded the switch. When all came back up, I still could not SSH
This is a 3560 switch, and it is trunk to a 3750.
I have more than 20 Cisco switches in my office which is basically a soap manufacturing factory. The switches include Cisco 2950, 2960, 3560, 3750 etc. We have routers also which include 2821, 2951 etc. We also have Cisco WLC 2125 and LAP 1262 series. Sometimes all these devices management comes very tough to us.
We need to log on to different devices for troubleshooting/network management which sometimes becomes very tough to us. So I wonder if there any Cisco applications or tools by which we can centrally manage all these devices.
We are going to upgrade our IOS on our WS-C2960G-48TC-L. But before we do that i want to ask whats the best IOS release to choose. Why we want to upgrade is because our switch software now don't support ssh just telnet access
Switch details:
Model: WS-C2960G-48TC-L
SW Version: 12.2(25)SEE2
Image: C2960-LANBASE-M
I was thinking about upgrading the IOS to 12.2(44)SE6 are maybe i should upgrade it to a newer release?
One more thing we have a bunch of stacked 3750 switches, that also need to be upgraded.
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
View 5 Replies View RelatedWe have a couple of Cisco switches and connected a (Windows 7) laptop to one of them and it gets its IP address from a DHCP server.I can now ping the IP from all of the switches, no problem, also not when I log on to the core switch in the same VLAN as both notebooks. But from my (Windows 7) laptop, which is in the same VLAN as the target laptop, I cannot ping it.
I checked, default gateway is good on both sides, as are DNS servers.
Target notebook ---- Catalyst 3560 V2 switch === Core Catalyst 3750 switch (stack) === Catalyst 3560G switch --- My notebook
We have ip arp inspection and dhcp snooping enable in couple of 3750 and 3560 switches. Everything works fine, excepted few case that DAI packet rate trigger and errdisable the port. Later on we found out that most of computer that trigger DAI is Windows 7 and especially when they are in sleep mode. Not sure if anyone experiencing it with Windows 7. Also we have it rate limit at 64.
View 2 Replies View RelatedI have switch 2960 and router that connect with one interface to that switch. the link is trunk and Router function is inter vlan routing between 4 vlan. This netwrok has only one ip address space that is 10.10.2.0/24 and work without problem. We connect cisco switch 2960 with optic link to another switch that in stack 3750 which configured as trunk link and allowed only 3 vlan between them. In the other side netwrok which consist the switch 3750 we have different subnet ip address that switch working in layer 3 too. the problem is that when I permit vlan 210 in the switch 2960 only layer 2 between this switch and the 3750 in network that consist th ip address 10.10.2.0/24 devices, if I disconnect and then connect pc to network he says that he has ip conflict and in the log he show mac address of router that has vlan 210 subinterface configured with 10.10.2./24 subnet. But how I gibe back vlan 210 from permited vlan in trunk devices start normaly working. If I again put vlan 210 to permit vlan in that trunk devices again said that there are conflict ip address and show mac address vlan 210 router subinterface.
View 10 Replies View RelatedI'm fairly new at trying to create isolated network segments on Cisco switches. What I'm trying to do is have multiple isolated paths that originate from my v Sphere infrastructure travel through a layer 2 link, v LAN, up to a MLS, and ultimately out to to the internet through a firewall. Each sub net might ultimately have a number of hosts on it, but I don't think the make up of those hosts will matter here.
My initial thought was creating v LAN tagged port groups on v Switches on my v Sphere infrastructure. Physical connections will go from my ESXi hosts to the 2900 series Cisco switch connected to trunk ports. Both v LANs would be configured on the switch but not assigned to physical ports. The physical connection to the 3750 would also be a trunk port connection from the 2960. The 3750 would have SVI's created that are attached to VRFs that would control route traffic. This might be totally wrong but from what i've read it seems to be going down the correct path I think.
Two part question, is this the best way to go about designing this network? If so I seem to be really struggling with the SVI/VRF part. Every time I create an SVI all of my hosts on the 10.10.10.x network can ping them, regardless of which v LAN they're on.
I just cannot seem to isolate the 172 network.
how to stack 2 switches catalyst 2960 also haw to stack 2 cisco 3750 switches
View 3 Replies View RelatedI understand on older IOS codes If the same hsrp group number is assigned to multiple standby groups, it creates a non-unique MAC address. Is this true on newer codes like 12.2(52)SE for 3750 & 3560?
View 4 Replies View RelatedI feel that 3560 and 3750 perform differently with the following two commands:
srr-queue bandwidth shape 5 0 0 0
srr-queue bandwidth limit 50
On 3750, the bandwidth for queue 1 is limited to 100mbps x 50% / 5 = 10mbps
On 3560, the bandwidth for queue 1 is limited to the smaller value of BW / shape weight and BW x limit%.
Does it sound about right? is there a way to check for mls qos input queue drops? The show mls qos interface xxx stat only shows the output queue drops. Maybe for some reason the input queue never drops?
I believe the answer is yes, but incorperating more layer 3 features of our 3750's, I want to know if they fully support EIGRP or OSPF?
Also for a small business of 4 locations, each with a 10mbps fiber and a 1.5mbps mpls... wouldn't you say EIGRP would be easier? Want to look at making the failover automatic if the 10mbps fiber goes down between a site, then the network fails over to 1.5mbps mpls. When the fiber returns in service then the network automatically preferr the fiber again.
Currently we use static routes and if there is a provider outage we have to manually edit the config to flip flop the routes.
I heard that the WS-C3560E-24PD-S and the WS-C3750-48PS-S have a limitation on the number of 7945s supported (ie i can only run 10 or 15 on each switch before the power runs out). Any knowledge with these pieces of equipment verify the maximum supported? I'm having trouble finding documentation showing any maximums.
View 3 Replies View RelatedWe have a pair of WS-C3750X-24T-S in a stack and four WS-C2960S-48TS-L in a stack of their own. There is not really anything too fancy configured (no special VLAN configuration/trunks or etc.) but the 3750 do have two ports configured as L3 for routing. We are not trying to use those ports for EtherChannel. These devices are running IOS 12.2(55)SE3 Essentially we are attempting to make an EtherChannel group using port 48 on all four of the 2960's in their stack (four ports). On the 3750 we will configure an EtherChannel group using port 23 and 24 on both switches (four ports). We then connect them up to form a four member EtherChannel.The ports on both ends are configured as mode ON and they are all 1Gb ports. I elected mode on because I understand at least one of the EtherChannel protocols will not work cross stack. What I would like to ask is whether the above configuration is possible or are we hitting some sort of limitation of EtherChannel cross stack, etc..? I cannot find anything to suggest this configration is invalid, but thought I would ask to see if I missed something in the EtherChannel articles.
View 3 Replies View RelatedI have 2 switches. 2960 and 3750. I have trunk on both ports of the switch. there are couple of vlans and ports are assigned to those vlans. examples are management, voice and data. int vlan 1 has ip there is default gateway the hosts are able to connect to the internet when connected to the switch.
View 5 Replies View RelatedI am experiencing the same problem described in this post {URL}. I have seen this happen on different networks, with different equipment attached. It happens on both 2960 and 3750 switches. Basically the connection drops, and we see in the web interface "Port is Disabled". This appears to happen every 10 minutes.
On the CLI, the status shows as connected.
Port Name Status V lan Duplex Speed Type
Fa0/38 connected 1 a-full a-100 10/100BaseTX
I have ran cable diagnostics while the drop out is occurring.
Interface Speed Local pair Pair length Remote pair Pair status
--------- ----- ---------- ----------------- ----------- -------------------
Fa0/38 100M Pair A 28 +/- 15 meters Pair B Normal
[code]...
During the outage, I see the duplex fluctuate between full and half. The outage occurs for approx 90 seconds. If I fix the duplex and speed at both ends, the outage reduces to around 30 seconds. If I apply spanning-tree port fast the outage reduces further to around 10 seconds. Before I change any configuration on the port, the logs show the interface going down
Aug 16 13:06:51.875: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/38, changed state to down
Aug 16 13:06:52.874: %LINK-3-UPDOWN: Interface FastEthernet0/38, changed state to down
[code]...
However, once I apply the configuration nothing is logged. However we can still see the connection is disappearing for around 10 seconds. I suspect the issue wasn't resolved for the person reporting the problem in the link above, but because the outage is minimized, and not being logged it is going unnoticed.
I have a problem, here are the situation
- 1 Catalyst 3750
- 1 Catalyst 2960
- 4 Finger Print
- 1 HUB
Configuration
- Catalyst 3750
Interface VLAN182
IP Address 10.62.182.254 255.255.255.0
Interface G0/2
Description Finger Print Server
Switchport mode access
[code]....
Here are the problem,If i connect Finger Print Device to port catalyst 2960, some device not sending data to server, but if i connect all Finger Print to HUB and from HUB connect to Catalyst 2960 at port F0/5, All Device(Finger Print) can send data to server...Is there any special configuration in catalyst so all device can direct connect to port catalyst 2960 without HUB?