When you use the command switchport trunk allowed vlan add [vlan-id]There should be no drop in service to the existing VLANs, correct? I am trunking from a 7K to a 2960S via 2G PoCh.
View 2 RepliesMy workstation(10.0.0.250) directly connected to 6509_1 switch. 6509_1 is gateway with ip 10.0.0.5/22. Sometimes routing stop working, but after 3-5 minutes all back to normal.When issue occur i can't ssh to 6509_1, but i connect to second 6509_2 (10.0.0.6) and i can ssh to 6509_1 from it.Then form 6509_1 i try to ping my workstation Wireshark on my workstation show that packet arrive. My workstation reply on it, but switch not accept it.How it possible? As I say after sometime all go back to normal without any changes. [code]
View 2 Replies View RelatedWe are currently experiencing random multicast data dropouts on ports that are connected to a 3750X in VLAN ports. A test PC was connected to a routed port and we do not have any dropouts of the multicast data.We also took a 2960G and plugged it into VLAN ports on the 3750X. Any test PC that is on the 2960G does not lose traffic. The traffic only drops on PCs that are connected to a port on the 3750X that is in a VLAN. The data drops are random and last approximatly 55-59 seconds before we start receiving multicast traffic again.
I do not see any input/output errors on the interfacessh platform port-asic stat drop also show no drops
CPU runs at about 50% on the 3750X
Below is the configuration of the 3750X
Building configuration...
Current configuration : 8454!!version 12.2no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-
[Code]......
I am running (cat4500-ENTSERVICES-M), Version 12.2(53)SG2 on the switch. I have a scenario where I have 3 end user equipments connected to a Cisco 4948 L3 switch. At the switch end port 1/46, 1/47, 1/48 are the terminating points for these 3 devices . I have added these three ports to VLAN140 (switch port access vlan140 on the gig interfaces).
The device connected to 1/46 is the one I'm testing some signalling features on. My requirement is to have intermittent packet drop on this interface so that my signalling associations would go down now and then. I'm trying to simulate a real-time network congestion/latency/packet drop in a simple manner.
I do not want to shut/no shut the 1/46 intf to cause this. Some way to achieve intermittent packet drop on this gig1/46 intf ?
We are seeing output drops on a C3560 switchport, this port does not have QoS enabled -- application does not need special qos treatment, as long as packets are not droppd, so I suppose all traffic will share the same queue? then how should I read the output of "show platform port-asic stats drop" which indicates that it is queue 3 weight 2 drop? I am wondering what is the best way to fix this? enable mls QoS and increase queue 3 bandwidth share on this interface or just increase the output queue depth?
switch#sh mls qos interface gi0/1
GigabitEthernet0/1
QoS is disabled. When QoS is enabled, following settings will be applied
trust state: not trusted
[Code]......
I started having connectivity issues between my core 4506E (Sup7E) and Cisco 2960S. There were input and CRC errors on Te int (SFP 10Gb - LRM) on 2960S, which cause the interface to reset and drop connections. While troubleshooting this issue, I have replaced patch cords and also had the tech checking the fiber. He said that there was some residue on one of the connectors, so the light levels fluctuated in 1300nm, but worked fine in 850. Well LRMs are using 1300, so he re-polished the tips, which worked to stabilize the light levels. After all that, I was still receiving the input/CRC errors, but the connection was NOT dropping. As my last resort I swapped the SFPs between the core and 2960, thinking I should start having issues on the core end. Well, here's what happened: I stopped receiving input/CRC errors on 2960 (also no errors on the core), but 2960s started generating Rx power high alarms: [code]
View 1 Replies View RelatedI have users connected to a 2960-S running 12.2(53r)SE complaining of slow network, specifically Internet performance while the upstream 2960 on the same vlan has no such issues, so I don't suspect link congestion on the face of things.I'm planning on upgrading the code, but wanted to see what could be checked first. I'm seeing some drops but could use some tips on how to proceed from here as to what might be the issue. CPU is under 10% whenever I check it.
View 7 Replies View RelatedIn my cisco 3845 router I can see output packet drop in some of the interfaces.I suspect that router is processing packet beyond its mix throughput limit. Moreover when i run show int fax/y switching command I can see packet drop by RP process.
View 11 Replies View RelatedI put a QoS in a WS-C3560CG-8TC-S version 12.2(55)EX2. in our lab file upload or download speed much reduced and drop the packets with QoS everyting is fine without QoS
Here is the config: My question is why I speed reduced a lot and packets to be dropped with QoS.everything is fine WITHOUT QoS.
class-map match-any VoIP description Voice IP Phone RTPmatch access-group 157
class-map match-any WEB description Internal Web, SSL Web, DNS query, Pinnaclematch access-group 153
!
policy-map QOSMARK
class VoIP set dscp ef
class WEB set dscp cs3
[code]....
I've got a 1760 router which uses port forwarding (25, 80 and 443) for my internal network services. If, let's say, I try to open a FTP connection on the router, of course the connection will be refused. Is there a way to make the router DROP the packets instead of rejecting them? My Linux iptables configurations drop packets who fail the firewall test, so I would like the router to perform that behavior.Commands for port forwarding:ip nat inside source static tcp 10.10.0.1 80 int f0/0 80 (these work fine)
View 4 Replies View RelatedI have a network that has a pair of 6500 switches on either end, running HSRP. In between each 6500 are two to three ruggedcom switches. They are connected to each other and the 6500's by trunk ports in a straight line. The 6500's see each other as CDP neighbors, and the 6500's can see the rugged- com as LLDP neighbors (ruggedcom only supports LLDP).
The issue is that randomly devices on the ruggedcoms will drop offline and then come back. The problem is that the devices that drop offline are all in the same VLAN, so it appears like a virus - i.e. one device drops off, then multiple. Eventually the HSRP starts flapping between the two 6500s and this causes havoc on the network.I'm almost to the point of taking a laptop and plugging it into one of the ruggedcom's to see traffic, but the issue is that the ruggedcoms are outside in cabinets that laptops shouldnt be exposed to.
I have a stack of 4 Cisco WS-C2960S-48FPS-L switches running c2960s-universalk9-mz.122-58.SE1 code. One of our network monitoring tools is indicating discards on a certain port on the switch. Upon further investigation I am seeing the Total output drops values change in a very odd manner.
The numbers seem to go from 573 to 1146 to 1719 then back down to 573 and it starts the same pattern over: [code]
The port utilization is quite low, the highest I've seen over the past 7 days is 3.5% with a polling period of every 30 seconds using Statseeker. Yet the discards are bouncing all over the place.
I've searched though the bugs for 12.2(58)SE1 and didn't see anything.
I need your input on how to appropriately introduce an N5K with Jumbo enanbled to a prexisting Core Network (Stack of Cisco 3750G Switches) without making any major alteration on the Core configs (everything is happy). The idea is to move two High I/O servers to the N5K during a transitional phase. I already have a fair understanding of what Jumbo-Frames are and what it does. Keep Jumbo-Frames within the N5K ONLY.
Conditions:
- Traffic is Data traffic, not storage/iSCSI
- The servers host our ERP applications and MySQL that is accessed heavily by users
- N5K to C3750G connectivity is a Port-Channel consisting of 4x1GB ports
- The servers are to remain on VLAN 2 (Data VLAN)
- The Core Switch is L3 and the boundaries reside here
I have configured a site to site VPN tunnel using my Cisco ISR 891 router. The tunnel connects between my network 10.88.10.0 to the remote network 10.210.65.0. When I ping the remote nnetwork my VPN tunnel comes up and all is well.
I have recently connected a second network to my 10.88.... network. The new local network is 192.168.0.0. I have now managed to get the two local networks pinging each other. I can also carry out RDP sessions between systems on both networks. Hence I am happy that both networks are communicating.
I used the Fastethernet Port 8 on my ISR 891 to physically connect to the new 192.168 network and then entered the appropraite 'Static Routes' on the 192.168 exisiting router(Netgear Router). Hence certain traffic arriving at the netgear will now be forwarded to Port FE8 on the cisco ISR 891.. See FE8 Port config at the bottom of this post. I have used tracert to ensure that the traffic does arrive at Port FE8,(192.168.0.235).
I cannot seem to ping any device on the remote 10.210.65.0 network from the 192.168 network. However, as stated above I can sucessfully ping the same remote device from the local 10.88 network. I must be missing something that allows the 192.168 traffic to use the existing VPN tunnel. I have added the following command to the IpSec rules for the VPN tunnel using the Cisco Configuration Professionla tool.
Permit 192.168.0.0/0.0.0.255 10.210.0.0/0.0.255.255 ip
I have several cabinets with top-of-rack N2K's attached to N5K's via FEX's. 9 cabinets with 2 switches each.
Recently I added 3 more cabinets to the mix, for a total of 12 cabinets with 2 switches each.
I can get into the new switches and see the FEX's and configure ports, etc. but no device I attach to the 'new' N2K's is pingable over the network. I can take the same device, same cable, and attach it to a legacy N2K talking to the same N5K's, and it immediately joins and is pingable over the network
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies View RelatedI have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
i need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
My network Infrastructure consists of 2 core switches(cisco 3950, 24 port) and 3 access switches (cisco 2960G, 48port). No distribution layer.Both Core switches are connected to the BVI of a VPN router.PVST is running in all switches. The STP results are all good. We have 3 VLAN's in the LAN an IP routing is enables in the core switch. The network diagram is attached.
The issue we are facing is that , we get intermittent packet drops while pinging towards the access switches, and there is always a higher latency towards these assess switches.These issues are present even with no other users using the LAN. But these issues are not present while pinging towards the GW.
I guess, it is because of this, we have issues the accessing file server in the LAN. How do we go ahead with the troubleshooting. Will upgrading the IOS resolve this.The present version details is..
WS-C2960G-48TC-L 12.2(44)SE6 C2960-LANBASEK9-M
I have a 3750G switch in my production network that only has VLAN 1 on it. All ports are in a default state and VLAN 1 is disabled. The switch is passing traffic but shouldn't having the default VLAN shut down cause the ports not to pass traffic? If I start to create VLANs will that cause the switch to stop passing traffic?
View 4 Replies View RelatedI am trying to setup a L2tpv3 VLAN-to-VLAN tunnel.My setup has two Cisco 890 router with Cisco IOS Software version 15.0(1) M4. These routers are connected directly on FastEthernet port 8.
One linux machine is connected on FastEthernet port 0 on each router. The two linux machines are on same vlan. I am trying to establish a vlan-to-vlan tunnel between the routers and send traffic between the linux machines.
I followed the case study 11.4 from [URL] and configured the l2tp-class and pseudowire-class. However, the vlan interface configuration is different on 890 router.
I configured a vlan interface as follows.
(config)#vlan 200
(config)# interface FastEthernet 0
#shutdown
#switchport access vlan 200
(config)# interface vlan 200
I don't see the 'xconnect' command in this context. What's wrong with my configuration?
We have a low bandwith (15-20 Mbit/s) to the ASA from our Client vlan. If i connect the Client to the same vlan as the ASA is, the bandwith (90 Mbit/s) is good.
Here are the Layer 3 Design:
Client -> vlan 2 - Switch - vlan 7 -> vlan 1 - ASA 5505 -> ISP
The Layer 2 Design:
Client -> Gig2/0/13 - Switch - Gig4/0/43 -> Eth0/1 ASA5505 -> ISP
IP Address:
Client: 172.16.2.10Vlan2: 172.16.2.1Vlan7: 172.16.7.1ASA: 172.16.7.2
I assuming the switch has a problem with routing ?It is a stacked Switch with following members:
switch 1 provision ws-c3750g-12sswitch 2 provision ws-c3750g-24tsswitch 3 provision ws-c3750g-24tsswitch 4 provision ws-c3750x-48
And we have following error message in the log from the switch:
%PLATFORM_UCAST-4-PREFIX:
One or more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded I first get the idea that the switch is overloaded with router traffic. Thats why i assuming i have to check the sdm templates, but i'm not sure if this resolves the issue.
Here are the relevant config:
ASA Interface on the Switch:
interface GigabitEthernet4/0/43description ASA-inside LANswitchport access vlan 7switchport mode accessspanning-tree portfast
Client Interface on the Switch:
interface GigabitEthernet3/0/1switchport access vlan 2switchport mode accessswitchport port-securityswitchport port-security aging time 2switchport port-security violation restrictswitchport port-security aging type inactivitymacro description cisco-desktopspanning-tree portfastspanning-tree bpduguard enable
[code]...
I've a situation where I need to add a new 3750x to a existing stack of 3750. [code] When I tried to stack them together, I get a version mismatch error. Is this because of the difference in SW Image? What are my options next ? My ultimate goal is to make the new switch stack correctly with the exisitng switches.
View 11 Replies View RelatedWe've recently inherited a platform with little handover and also minimal networking experience.We're going 100 miles an hour in learning, but I'm a bit confused with the idea of a L2 switch with no IP assignments to ports, so using VLANs, and a L3 switch with IP assignments. And the combination of both.We have 2 Cisco 3750 switches, along with a whole host of other hardware, so we're starting at this "gateway" to start breaking things down.
View 7 Replies View RelatedI need to add two additional 2960S switches to my stack. I saw a diagram that showed how a 4 switch stack can be connected, but I couldn't find much detail on adding a switch to an existing stack (besides master election). The output below shows how the existing stack is connected and its state
SW#sh switch detail
Switch/Stack Mac Address : 0011.2222.3333
H/W Current
[Code].....
I will need to break one of the stack rings between SW1 and SW2 in order to connect the new switches. Does it really matter which ring I break to connect the additional switches? Does one ring act as primary? If so, I'd rather not break that ring so this process is transparent as possible. Also, is there any benefit to disabling the stack port vs just disconnecting the cable?
I am a soon to be network admin and have never set up a network to an existing network. Steps you need to add a new location to a company's network. For example if they are using 8 Building with 7600 Routers and 6500 and you need another building and they are using MPLS or Private Network, or Internet.
View 4 Replies View RelatedI have 3 3750 staking switch with the following configuration:
H/W Current
Switch# Role Mac Address Priority Version State
----------------------------------------------------------
1 Member 442b.0350.9400 1 1 Ready
2 Member 442b.0357.8780 2 1 Ready
3 Master 442b.036f.a800 3 1 Ready
The new switch is installed to be wired to the master switch. the swtich 3 (* 3 Master Ready 442b.036f.a800)my question is: if you disconnect the wiring from the master stack to connect to the new switch, it is possible that the new switch change the current configuration of stacking.
-Can I just add the new switch with clean configuration without changing the current configuration ?
-How is assigned the stack number? i need the new switch be with the GI4 / x?. I can I manually by assigning ports?
-If I want to the new 3750 member witch lower prioridad, can I change priority before adding to stack?
On a 3750 you can do a show platform port-asic stats drop command. Is there a corresponding command for 6500 chassis?
View 7 Replies View Relatedwe have 2xNexus model 7010 (let's call them Nexus1 and Nexus2) connected via VPC to a couple of catalyst 6509 switch.Trunking has been enabled on the port-channel defined on both Nexus allowing some vlans.Below the config applied on both port-channel interfaces on both Nexus which are members of the same VPC number: [code]
supposing I'd need to remove some vlans from that trunk (e.g. vlan 100,200 and 300) using command "switchport trunk allowed vlan remove 100,200,300" and that I'll run that command on Nexus at a time (that means there'll be a condition for a short period of time where Nexus1 has removed vlan 100,200 and 300 from the trunk, while Nexus2 is still carrying those 3 vlans on its port-channel which is a VPC member) , could it cause any VPC inconsistency condition suspending VPC interfaces and therefore affecting the service for all remaining Vlans or only Vlan 100, 200 and 300 will be suspended when that condition will be detected?
We have a requirement to build a datacenter within a datacenter for a new project. The existing Core network is 2 x Cisco 6509 in VSS configuration. We would like to connect the new datacenter to the existing Core switch from the new low-end Core switch. This datacenter would have a SAN network and blader chassis.
Listing the Cisco Switches requirements and expansion module requirements ?
- What expansion module is required at existing 6509 ? Can we have one 10Gibit modules on each switches and crate a port-channel connection from new datacenter core switch ?
- Which model of Switch you recommend for the new Datacenter Core which is only going to have one SAN Enclosure and two blade chassis? Will it be a good option to use 3750E ? If yes do we need any additional modules there ?
- Which aggregation switch should we use for the blade enclosure ?
- Should we have a Cisco Embedded Switch module on the chassis to create trunk with aggregation switch ?
- How the SAN director switch is connecting to the LAN ? should we have any particular module at new Core switch ?
in our network we were using three 3750-48-s switches with stacking one of the switch due to some hardware failure power problem,
now i want to add a new switch 3750-48-s in the existing Stack two switches , the old two switches ios version is = 12.2(25r)SEC the new Catalyst 3750 io verion is = 12.2(35)SE5
how to add this switch in the existing two stack switches , with documentation
i am not able to add new 3750G switch into existing domain even after the domain name is correct and unable to authenticate with tacacs.
View 5 Replies View RelatedIs it possible to rename an existing VDC on Nexus7000 without deleting it and creating it again with the new name ?
View 2 Replies View Related