I am installing a connection between Brocade MLX and Cisco 4503 using SE and SVI's. Below is the config for each. Am I missing anything like MTU Ignore or something along that nature?
*** Cisco 4503 (v15.01) Config ***
VLAN 35
name EOC_Gi1/2
[Code].....
I have 2 devices which need to communicate through Logical Link Control. Each device functions like this: they have a built in network switch that allows their internal components to communicate with TCP/IP which is then encapsulated inside LLC frames and sent out a special port. The LLC frames from each device all come from a single source MAC address and are broadcast out the network. The receiving deivce receives the LLC frames, unencapsulates the data and uses it directly.
Using it this way through a single 2960 (such that device 1 is connected to fa0/2 and device 2 is connected to fa0/23) with its own dedicated VLAN and no other traffic on the switch (all other ports shutdown), the two devices are unable to "connect". Using a SPAN session, I can clearly see them exchanging LLC frames, but if I connect my computer to the internal device switch and try to ping the other device through the LLC encapsulated link, I get anywhere from a 25% to 100% loss with response times between 2ms and 15ms.
When I connect the special ports of each device together directly with a straight through cat-5e cable, they can connect and I can successfully ping through the link with sub-millisecond response times. The same goes if I connect them through an old unmanaged Linksys switch. I have toggled everything on the 2960 I can think of, including STP, CDP, LLDP, storm control, keepalives, IGMP snooping, management interface VLAN1, and QoS. In general, the more of those that I turned off, the faster the ping responses became, but nothing seems to stop the data loss.
There is some way to increase the speed of changing the interface state from DOWN to UP when the cable is connected. I need to configure a port of Cisco 4503 in a way that when a cable is connected the port goes immediatly UP.
A solution can be to keep Cisco interface always UP and I remember that with "no keepalive" command to the interface configuration it was possible. But I tried and nothing happens.
I need to implement over an ethernet link L2 tunnel because I want to isolate another VLANs domain.On the first side I can use the command : sw mo dot1q-tunnel on a new C4503 on the other side I cannot configure the command : sw mo dot1q-tunnel.
the other side is an old C4503 we upgrade the flash with a compact flash to upgrade to a new IOS v15 but the command doesn't exist also.I red the cisco feature navigator feature and I am sure the dot1Q-tunnel is available on my image : cat4500-ipbasek9-mz.150-2.SG.binso I don't know why I can use it.
i'm performing configuration PBR on catalyst 4503, but it doesn't work. [code]
View 21 Replies View RelatedWe have microsoft servers and other application servers (around 12 in nos) which should have gig connections to the access switch. In turn this access switch will be connected to our distribution switch 4503. Which model of access switch best fits from the below 3 models. It should be cost effective as well.
WS-C2960 S-24PS-L
WS-C2960-24TS-L
WS-C3560G-24TS-S
I am trying to connect a 6509 switch to a 4503-E switch using single mode dark fiber over a distance of less than half a mile. Although a routine task, it does not work..We have a care 6509 switch where we concentrate all of our dark fiber connections for our remote sites. The 6509 switch already has 30 remote sites, most of them with 4503-E switches, connected in this way therefore it is a tested scenario. For the connections we use the GLC-LH-SM SFPs on both switches. Out of these 30 sites we had a similar problem with two of them, which we solved with the use of CWDM SFPs. With the CWDMs the fiber came up right away. However, I cannot keep using this solution because it is way too expensive! I had the losses of the fiber measured end-to-end and they are negligible (>0.5 dB).
In this latest case, like I said, we could not bring the connection up between the core 6509 switch and the 4503-E switch using the GLC-LH-SM SFPs. I then replaced the 4503-E switch with a 3560 and the link came up! Then I tried using a CWDM-SFP in the 4503-E, while keeping the GLC-LH-SM SFP in the 6509 and the link came alive again! Of course we already tried replacing the fiber patch cords with no luck. [code] I find it very weird for the link to work with the 3560 or with a CWDM in the 4503 but NOT with the SFP in the 4503!
I have a 4503 switch (in L2 mode) running 12.1 hooked into a C2950 running 12.1, using regular 4 pair Cat5e cables to connect between them. The 4503 has Gigabit port 2/1 trunking to the 2950's Fa port 0/13.
When I set the duplex mode to DUPLEX FULL and SPEED to SPEED 100 on both switches (for their trunk ports) the link fails, and my 4503 loses connectivity (since it gets it from the 2950).
Here is my config from the switches (per description):
The 4503:
interface GigabitEthernet2/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,100-140
[Code].....
Note, this is the only mode that works (which seems to work fine, but I get TERRIBLE throughput for anything that goes over the 2950.
Currently we have cisco 4503 switch in one of our location without redundancy which servers below,
300 user (desktop & ip phones)
5 vlans
15 access switches are connected
one L3 connectivity.
Actually i want to understand is it really necessary to have 4503 or we can go for 4900 series as we are planning to have redundancy in distribution segment.
Which is the best L3 switch in the above scenario and how to measure the overall performance of the current 4503 switch...
After deleting configuration with „write erase“ and reloading, our Cisco Catalyst 4503 with version cat4500e-universal.SPA.03.02.00.XO.150-2.XO.bin, and licence ipbase, doesn't recognize any command regarding SSH. We tried configuring SSH key with „crypto key generate“, but that command is not recognized either.
View 1 Replies View RelatedWe have Cisco 4503-E switch and software version is cat4500e-universal.SPA.03.01.01.SG.150-1.xo1.bin. Now i have uploaded cat4500e-universal.SPA.03.02.01.SG.150-2.SG1.bin IOS-XE software in the switch and want to boot the switch from this image.
View 17 Replies View RelatedI need a 10G support on 4503 chassi with SUP II plus TS.Is any of the 10G line cards i.e. 4712 or 4606 supported on SUP II plus TS on 4503?
View 4 Replies View RelatedWe had a core switch(30 vlans) in our environment and it's noticed that CPU utilization of the core switch is showing high during recent days. I have checked logs and processes, but couldn't find the root cause. The issue found only in the office hourly only(after that the cpu utilization is idle and normal). I have already referred the following link to troubleshoot the issue " [URL]
see the following outputs from the core switch
CPU utilization for five seconds: 99%/0%; one minute: 99%; five minutes: 99%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
30 6687557041432420936 466 47.52% 47.10% 45.98% 0 Cat4k Mgmt LoPri
55 30667074884269560256 0 45.36% 45.50% 45.85% 0 IP Input
29 28552856922870089254 0 3.59% 3.50% 3.57% 0 Cat4k Mgmt HiPri
[code]....
Note: Each Invalid source mac entry in each day from same port (above is the output after clearing logs before 3 days)
My queries regarding the issues are following
1) How can we find root cause regarding the high cpu utilization?
2) Is a single invalid mac address makes the cpu highly utilized for suppressing it?
I am working with a Catalyst 4503-E with a Sup7-E. I'm trying to enable Netflow, and I have read the following guides: Catalyst 4500 Series Switch SW Configuration Guide, Release IOS ...
I have also enabled Netflow in IOS 12.1/12.2 and figured the process was similar (It seems to be). CEF is enabled, and I have all the pre-reqs according to the document above, however, the flow commands don't exist, they simply say "command unrecognized". I have included my sh version below.
sh version (edited):
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSAL-M), Version 03.01.01.SG RELEASE SOFTWARE (fc1)
[Code].....
We have two core switches in our network (Cisco WS-4503). HSRP is working as Active-Standby mode. Recently it has been found that core 1 (which is in active mode) shown high CPU load (60% - 100%). Also found that the below mentioned process takes more CPU. Our network consist of around 30 Vlans. We have already checked for the solution in Cisco website [URL] but couldn't find exact reason. see the below outputs for core 1 switch.
Core1# sh processes cpu sorted
CPU utilization for five seconds: 55%/3%; one minute: 65%; five minutes: 71%PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 30 1606933521086983644 147 24.79% 29.93% 35.85% 0 Cat4k Mgmt LoPri 29
[Code]....
I have a 4503-e with WS-X4013+TS supervisor and WS-X4548-GB-RJ45 card. I purchased a WS-X4648-RJ45-E card and installed but IOS says its unsupported. Supervisor is running 12.2(46)SG software and 12.2(31r)SGA firmware. Obviously I'm hoping this cars can be supported somehow. Do I need to upgrade software or firmware, or return the linecard and get equivalent supported card? Oh, system is running Catalyst 4500 L3 Switch Software. (cat4500-IPBASEK9-M)
View 6 Replies View RelatedWe have a gateway on a 4503, say on port 2/1, and we only want the other devices that are plugged into the 4503 to be able to talk to the gateway and thats it. The other devices are Motorola TUT DSL devices and they plug into the 4503 directly.
Normally "switchport protected" would make this very easy to keep stuff on one port from talking to other ports but with 4500's you are not able to do that command. So we implemented a MAC Access-List Extended ACL. Here is what we did
mac access-list extended BLAH
permit #host 0000.XXXX.YYYY any
interface range fa 2/5 - 20
mac access-group BLAH out
The MAC address 0000.XXXX.YYYY is the MAC address of the gateway that is plugged into Fa2/1 and the DSL TUT devices are plugged into ports Fa2/5-20. We would think that this config would only allow devices on the TUT DSL to talk only to the Gateway but we don't really think this is happening. The TUT devices are learning about MAC addresses that are on other TUT devices.
Do the cisco 4503 switches support virtual clustering feature ? I have a requirement where switch ports on two different 4503 switches need to combined in the same Link aggregation group . This is needed because the firewall notes say that the aggregated interfaces need to be conected to a single switch and combined in the same LAG . So according to the diagram below , the interfaces marked RED need to be in the same LAG in the switches , same for the interfaces marked BLUE . I have done the same setup using Juniper switches where it uses VIRTUAL CLUSTERING to group the different switch ports in the same LAG.
View 2 Replies View RelatedWe had a core switch(4503) in our environment and recently we tried to enable syslog in the switch. But the syslog server doesnt receives all the configured level messages from the switch. Following is the only message getting in syslog server after the configuration change in switch.
%SYS-5-CONFIG_I: Configured from console by CWLMS onvty1
(No Traffic related messages like acl deny traffic, spanning tree events etc are getting to syslog server as well as log buffer of the switch)
Following are the logging configuration for the core switch
logging monitor informational
logging facility syslog
logging source-interface Vlan44
[Code]....
1) Is there any more configurations required for getting all traffic related messages, (i mean all possible messages - upto level 7 - debugging)?
We had a core switch (4503), distribution switches and access in our network and consists of many vlans. Almost all vlans uses DHCP Pools. But for few vlans DHCP is not yet configured. Recently one of the rogue user in vlan 1 gave the corresponding interface vlan ip of core switch (gateway) as his ip and caused a prolonged network outage for the vlan. Any way we are going to seggregate vlan 1 into different vlans, but before that we need a temporary plan to block such kinds of attack.What are the possible ways we can avoid the network outage problem even if a user gave the gateway ip to the machine?
View 3 Replies View Relatedrecommend a cisco core switch and access switches in IPTV network infrastructure?I was ask to implement a network for IPTV system but i don't have idea what will be the model i will use.
Core Switch = Cisco 4503
Access Switches = Cisco 3560X
We have two logical connection which are connected via 1 physical Ethernet interface to 2 routers in central sites. Both connections are 2 Mb/s. How can i classify the output traffic in order to shape both direction to 2-2 Mb/s.
There are not suitable "match" command!!! ??The branch routers are 2650xm and 2811.
I have at the core a CISCO 4503 and need to connect various 3COM 3300/4400/4900 access switches thru fiber. The problem is that the Cisco core 4503 switch fails to recognize only the 4900 3com switches ie the link status shows down. The fiber multitude link is tested and OK.The modules on both the switches ie 1000baseSX are also tested and ok.
The Cisco switch has a 6port gb ic with 1000baseSX moules and the 3COM 4900 has a 4-port 1000baseSX module.
Let's say I have a Brocade switch, and a Cisco switch, and I've formed a VLAN trunk between the two.On the Cisco switch, I configure the trunk to utilize VLAN 3 for its native VLAN.On the Brocade switch, I utilized the command 'default-vlan-id 2'. I have configured the port going to the Cisco switch in dual mode.From my understanding, when a port is placed in dual mode, it sends frames that are untagged as the default vlan. Does this cause a native VLAN mismatch?
View 19 Replies View RelatedAt the moment our whole company is equipped with Catalyst switches ranging from 2950, 2960 to some 3560G and 3750X (Cores). Now I'm thinking of replacing some of the old 2950s (which are only fast ethernet) with some Brocade 6430 or 6450s, since they're so much less in pricing.My concerns though are: will spanning tree work problem free, access lists still work and any other problems I could encounter with interoperability.According to Brocade most of these things should work fine, but I'm searching for some facts from people who are running a heterogenic Network with these two brands (even the same product lines).
View 4 Replies View Relatedwhether MTU sweep is possible in Brocade 7420B. This is used in Data Center and Sys Admins are refusing it . I wish to check path MTU between these two devices (including these devices) separated by transmission media (I own this). OR any other method to check path MTU in Brocade . I have allowed jumbo frames in all my DXCs.
View 1 Replies View RelatedDoes any know why the ASA will monitor physical interfaces by default, but monitoring of logical interfaces is disabled by default? Or better yet, is anybody doing a monitor-interface for a subint without issue? I'd imagine it isn't enabled by default for a reason.
View 2 Replies View RelatedI have a query on natting on 8.4 ASA. We are going to configure IPsec tunnel with our client. Our client has provided a single ip(192.168.32.11) which would be the source at his end. Is it possible to Nat my end network(10.130.20.0/24) with logical ip (192.168.32.11) which is not configured anywhere.
here are details.
my end internal network(inside) : (10.130.20.0/24)
logical ip to be natted my internal ip: (192.168.32.11)
Client end network : (10.100.10.0/24)
I have a node with one physical wireless interface and I need it to offer AP service to other nodes, connect to an existed AP, and connect to other nodes in ad hoc mode. If I create 3 logical wireless interfaces of that interface and configure each one respectively to the modes above, would this work? do they use the same MAC address or each needs to be configured a different one?
View 2 Replies View RelatedI currently terminate my L2L VPN sessions on the "OUTSIDE" interface via the actual IP address assigned to that interface. Can I assign the OUTSIDE interface a second address (VIP, Logical, Virtual etc.) and then terminate my L2L VPN sessions on that second address?
View 3 Replies View RelatedI have purchased two catalyst 3560 switches (with 24 interfaces) on Ebay to prepare for ccnp switch exam. It would be great if I have 4 switches. Is it any possibillity to create two logical switches from one? I mean, not by assigning interfaces to different vlans?
View 1 Replies View RelatedI recently bought 2 SRP527W for customer and i am trying to install them. I have updated the firmware to the latest version.
Problem: It can detect BTs business ADSL but the Logical Link is not picking up. I have checked and rechecked the setting with BT but no joy. the original BT router works.
We have to enable FIPS 140-2 on our ASA5520's for all our IPSEC VPN connections. We currently have failover on our 5520's. I found a lot of information out there but some seems to conflict one another.What are the things I need to look out for - caveats? Does the clients that connect to the VPN had to use different clients once the FIPS was enabled.Do we need to recreate logical interfaces for each physical interface we have?
View 1 Replies View Related
