I have a 4 port etherchannel configured to talk to a 4 port etherchannel on NETAPP server. The NETAPP server seems to be distributing traffic across all the links. The 4507 does not. It appears that traffic is going across only 2 of the for links. [code]
View 6 RepliesWE got our ESXi servers recently moved from a 6513 to nexus 2000 FEXs uplinked to a nexus 5000s basically we have enhanced vPC and nics goin to 2 different FEXs and they uplink to 2 nexus 5000.
the Vswitch for VMs is setup in a VPC. Question is do the traffic from each vm going in/out of these nics in a vpc actually use both physical links? How can i tell from the switch?
What are the benefits of using a Layer 3 switch as opposed to a router for distributing traffic? Basically the building I work in has a fiber line coming in which then gets connected to a Level 3 switch (NetVanta 1534) which is then connected to all the ethernet ports and what not. Why would they choose to use this device as opposed to a router? Or just a regular Layer 2 switch?
View 12 Replies View RelatedActually i have a design from my customer who have ( Cisco core switch 3750 (allports fiber ports) which is connected to L2 switches , these switches carry servers and end users .the only routing protocol on the access switches is static route ,
My question how can i route the traffic from the server to the end user , as the the server is not direct connect to the core switch.
I have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
Checking the logs we have seen the following messages:
%SPANTREE-3-PRESTD_NEIGH: pre-standard MST interaction not configured (Port-channel3). Please, configure: 'spanning-tree mst pre-standard' on ports connected to MST pre-standard switches.
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel3, changed state to down
%LINK-3-UPDOWN: Interface Port-channel3, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to down
%LINK-3-UPDOWN: Interface GigabitEthernet2/0/1, changed state to down
When this happened, the interface that was actually blocked by STP didn't come to forwarding state, and as a result this switch became isolated.This switch is connected to a switch that runs standard MST, and to some switches that run PVST but have bpdufilter enabled as we don't want them to participate on the STP. It is a 3750 switch with software version 12.2(55)SE5.
As far as I knew, when a MST pre-standard BPDU was received, the interface was able to receive more pre-standard BPDUs, but I didn't know it would turn the link down. Why the links went down, and if there is any way we can configure those links to accept only MST standard BPDUs.
I would also like to know if there is any chance a switch running PVST can send a MST pre-standard BPDU if it has a software version 12.2(25)SEE3.
I have the following setup, eBGP to the same ISP, iBGP inside the AS between the routers and 6509s
I would like to do the following, lets say I have 1.1.1.0.... 1.1.6.0
These are advertised by my 6509s through BGP. I would like to balance the traffic across both of the links, so inbound/outbound traffic would be
[code]...
Any issues with SXJ and source specific multicast? We upgraded our core from SXI6 to SXJ2 and multicast stopped working for all but our L3 links.Our L2/L3 links stopped working and the only thing that has changed is the IOS version. All the configurations are still valid etc. Currently have a call open with TAC.
View 7 Replies View RelatedI am working in a environment that is classed as collapssed Layer 3 environment. We have a core 6500 with routed links to 3560's which are access switches.
We have layer 3 vlans on the access switches, one for data one for voice.On the layer 3 vlans we have ip helper addresses that are used for DHCP. The DHCP servers are located on the 6500.
I recently had a incident where someone plugged a netgear router into a desk point because they thought they could use it for a switch. This router then started to dish out IP addresses to people in the morning for those who came in and docked their laptops. 99% of people weren't affected because they have desktop PC's are their leases hadn't expired.
Now we have bpduguard, bpdufilter to prevent people from plugging in switches that send out BPDU's. However this doesn't prevent the above senario where someone plugs a router or a 'dumb' switch that doesn't send BPDU's.Because of the above senario I started looking at DHCP Snooping, but I am unsure on a couple of things.
With the topology of our network I understand that I don't need to configure IP DHCP Snooping Trust on the L3 uplinks to our core switch. From what I understand I just need to enable IP DHCP Snooping globaly and then on the VLAN's on the access switch (because of the L3 topology VLAN's are local to the access switches). Only if I had L2 uplinks to the core would I need to configure IP DHCP Snooping Trust on the trunk links.
is it possible to connect one Cisco Nexus 2000 fabric extender to two Cisco Nexus 5000 and use one link on the first side and two links on the other side?
View 3 Replies View RelatedWe have Cisco 4948 switches running in production. We want to moniter the trunk link through SNMP.If trunk link fails SNMP need to send notification to server.
View 1 Replies View RelatedI am still working on the design of my big project and always that you think that every thing is solve, appears a details.We need to deploy a fiber links to some buildings that will have access switches connected to the Core. I have been reading about ethernet ring topologies and quite differents to the hierarchical model because of the using of Ressilent Ethernet Protocol instead of STP or RSTP.My question is which of the next to scheme will be the best?
1.- Deployment an ethernet fiber ring topology with REP? Consider that the edge Switch of this ring will be my Core and this one is connected to my distribution switches in a hierarchical topology. In this situation, Acces Switch 1-A is connected to Acces switch 1-B, Access Switch 1-B to 1-C and Switch 1-C to the Core. Feel fre to recomend me wich switches and considerations are the best. We conssider 1 Catalyst 6506 Chasis for the Core and catalyst c2960s-48-TDL for acces, maybe the 3750x series. Each Acces node in the ring topology will have a maximun of 50 end devices.
2.- Deployment a Fiber ring but not connecting each switch with the next. In this case we want to ensure redundancy to the core wih equal costs path, but because of the ring each switch won´t have equal length link to the core. In this situation, Acces Switch 1-A is not connected to Acces Switch 1-B is connected directly to the core but the fiber cable will take the route to Access Switch 1-B, to Acces Switch 1-C and finnally to The Core Switch. This apply to the other to Switches. Note now that Acces Switch 1-A will have a 281 Ft link to the core and a second 1612Ft. link to the core. Here comes the question this differents lenght will negative affect RPVSTP ? or It doesn´t matter? Can i setup an etherchannel/load balance in this situation?
I have 2 links to 2 different departments switch with an up link of 10mb. I want to guarantee that both departments get at least 5mb, but can use part of the other 5mb that not in use. Is this possible?
View 3 Replies View RelatedI've been having a debate with a colleague about QOS COS values. My colleague says I need to use COS values across layer 2 trunk links between access layer switches and core switches. My argument is if phones are marking packets with DSCP values I don't need to be concerned with Cos.The reason I ask is we're implementing a new phone system, the ip phones will mark RTP traffic wih dscp value EF and Call signaling with DSCP value of CS3. If my understanding is correct I can trust the dscp values of the phones. We are using Cisco 4507 switches which I believe automatically trust dscp values so I would just need a class-map to match the dscp values and apply the output policy map on the egress interfaces as follows? [code]
View 3 Replies View RelatedIn a site we currently have 1 BT provided ADSL link which is currently terminated using their device which I believe is some kind of 2wire device, which is extremely slow due to distance from the Exchange (4Mbps)...We have a growing number of users here and want to install a second ADSL line from BT to give them increased performance.
We have a Cisco 2800 sat not doing much so I was wondering if I could use this to load balance the link? I know BT do not support MPPP so therefore the maximum any user can get will be the speed of a single link (4Mbps)...But basically how can this be done..
Can I leave the two BT routers in place and place the Cisco 2800 behind them, or do I need to purchase two ADSL modules for the 2800 and terminate the connection there?Also once done, what do I need to do regarding actually setting up the load balancing? I have seen this:
[URL]
But am unsure as to how relevant it is? I am not sure I understand what the ACL's are being used for? I just want all users on the LAN to load balance out...
Also I am unsure of this statement:You potentially need to add policy-based routing for specific traffic to ensure that it always uses one ISP connection. Examples of traffic that require this behavior include IPSec VPN clients, VoIP handsets, and any other traffic that use only one of the ISP-connection options to prefer the same IP address, higher speed, or lower latency on the connection.I do not understand why a established session such as a VPN client, would ever traverse the second ISP connection anyway?
I currently have Nexus 5596 pair with VPC peer link Po1 between them. My goal is to connect our new Nexus 7Ks to the 5K's using Fabric Path. My question is during this inital setup with the 7K's. Can I use the same port channel number on the 7K's as I did the 5K's? Is the port channel locally significat?
View 2 Replies View RelatedI have two Core 6509E SUP2T configued as VSS and has two 48 ports fiber blades. I have two 3750s, I have two gig on each 3750 port-channle to po1 and connected to both the core, one link to each core.Now, I was asked ot add two more links on each 3750 switch to make it a total of 4 gigs on each 3750s (all 4 gig ports/uplinks will be in used an dtwo links to core one an dtwo links to core 2).when i added two additional links on 3750s and bundled them to po1, I created another port channel on core and bundeled the additional two gigs on each core to accomodate for the two additional links (ports on core switches are not consequtives).
adding these two additional ports makes the 3750 switches flap between managemnet vlan and po1.now, i am not sure if I must have added the two additional links on the core to teh current port-channel or core!? I have created another port-channel on core to accomodate for this currently!?
We were going to create a 2 port, layer 3 etherchannel between a 1002 router and a 3750X layer 3 core switch. We wanted to create bunled link between them but, now we are going to be putting a Riverbed device between the router and core switch. Because of this, would it be best to abandon the idea of creating a layer 3 etherchannel and just have 2 links from the router and core switch and have traffic load balance between the 2 links?The Riverbed will have 2 connections into it from the Core switch and 2 connections into it from the 1002 router. I was hoping to keep the layer 3 etherchannel but, do you think it would be best to create 2, /29 nets and have the router/Riverbed and Core Switch/Riverbed load balance.
View 5 Replies View RelatedCurrent Situation:We are able to reach server IP -10.203.206.40 from our 4948 switch vlan 10.30.1.0/24 through the Layer 3 interface between 4506 and 4948.
Requirements
==========
1) Now we would like to add one more L3 interface between 4506 & 4948 for redundancy purpose.
2) Make available Vlan 540 in 4948 from 4506... need to create two trunk links between 4506 & 4948 and allow vlan 540.
Trying to get the peer links to work and have them in interfaces E1/1-4 . When i do a show int status it looks like this and says sfp invalid. I see this on both sides. These same model gbics work fine attached to a FEX on these boxes.
Eth1/1 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Eth1/2 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Eth1/3 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Eth1/4 vpc peer link to T sfpInvali trunk full 10G Fabric Exte
Gbic in ports are this.
Ethernet1/1-4
transceiver is present
type is Fabric Extender Transceiver
name is CISCO-FINISAR
part number is FTLX8570D3BCL-C1
[code]....
i am having a problem of load balance traffic over two WAN links connecting our 2 cisco 7600 routers, as i just knew that 7600 is not supporting per packet load sharing only per destination and as per our monitoring tools that one link is underutulized the other is overutilized.
View 10 Replies View Relatedwe have multiple Video production networks, with Video servers (AVID Unity ISIS) connected by 10GE fiber links to 4948-10GE switches. On almost every of these switches, I see more or less "Sequence-Err" interface errors. We do not currently have a known problem because this, and no other errors are seen. But I would like to understand the error, and therefore I would like to find out, what a sequence error means, what the cause is, and what the impact (to a frame) is?
By the way, it is well-known that the ISIS Video server does generate very excessive UDP data bursts. Maybe this matters? On Cisco doc I did not find an answer. The document "Troubleshooting Switch Port and Interface Problems" does unfortunately not refer to "sequence-err".
Here is an example output:
WS-C4948-10GE#sh int t1/49
TenGigabitEthernet1/49 is up, line protocol is up (connected)
[code].....
I have two stacks 3750X on two different sites with two links L_2_L, and I want to configure the port channel to aggregate the two links.
Site A Site B
3750X -A1 --------------------------------------( )--------------------------------------- 3750X -B1
( L-2-L )
3750X -A2 --------------------------------------( )--------------------------------------- 3750X -B2
Below the configuration that I have put the two stacks.
site A
interface Port-channel5
description Etherchannel group entre le stack 3750X-A et Switch Lan_2_Lan
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 11,12,999
switchport mode trunk
switchport nonegotiate
speed 100
But the problem is only one link is Bundeled in channel group, see below
Group Port-channel Protocol Ports
------+-------------+-----------+-----------------------------------------------
5 Po5(SU) LACP Gi1/0/15(I) Gi2/0/15(P)
So i have a server with an internet nic and lan nic. The internet nic gets its IP from the router 192.168.1.7 the lan nic uses DHCP for the network and has 172.16.1.1. I just turned on the ftp service and it works fine in the lan side but cant reach it from the ISP side. I use a dynamic dns host which is monitoring my internet ip and is correct.
View 6 Replies View RelatedI have setup an ASA 5505 w/ Security Plus with three subnets. The subnets are as follows:
VLANSubnetWAN 10.0.0.80/29LAN192.168.1.0/24DMZ172.30.200.0/24 ]
The ASA is the gateway router at .1 for the LAN and DMZ networks. On the WAN network, the ASA occupies .85 and uses .86 as it's gateway to the Internet. Clients on the LAN are able to access the Internet without any troubles. I have a static NAT setup to map the DMZ server's 172.30.200.81 address to 10.0.0.81. I also have a general NAT that should allow other servers on that network to access the internet, but no machine at all on that network can route outside of 172.30.200.0/24. I used the packet tracer and had it trace traffic coming from the DMZ network to the Internet, and it did not show me any conflicts with any of the access lists or anything else. However, no matter what I do, I cannot initiate traffic from the DMZ and have it go out to the Internet successfully.I attempted to follow the directions in the article PIX/ASA 7.x and above: Mail (SMTP) Server Access on the DMZ Configuration Example; but I have obviously missed something, done something wrong, or perhaps the example assumes something about my configuration that I have not done. See the attached config file that I have scrubbed. I have removed VPN configuration information and other unnecessary parts of the config file to make it easier to read. I have setup an ASA 5505 w/ Security Plus with three subnets. The subnets are as follows: VLANSubnetWAN 10.0.0.80/29LAN192.168.1.0/24DMZ172.30.200.0/24 ]
I work for a company that recently upgraded to a Cisco RVS4000 router in place of a failing D-Link router. I configured the RVS4000 to utilize the same address space as the D-Link previously did (192.168.0.0 Network Address, 255.255.255.0 Subnet Mask, RVS4000 in Gateway Mode with IP Address 192.168.0.1, DHCP Scope from 192.168.0.101 - 200 managed by the RVS4000) before installing it on the network. I powered down the D-Link as well as the cable modem, then all of the workstations in the office. Then, I installed the RVS4000, powered up the cable modem, and once it was ready, powered on the RVS4000.
When devices connect, the RVS4000 is assigning them an IP address in the 192.168.1.0/24 subnet, instead of the 192.168.0.0/24 subnet. I have verified that the RVS4000's GUI is showing the correct settings, but connected devices are not picking up addresses from the correct address pool. In troubleshooting, I went to each workstation, released and renewed their IP addresses, and they picked up addresses in the correct subnet. I thought everything was solved, but the next day, the same problem resurfaced.
I left the DHCP lease time at the defaul value "0", which according to the unit's documentation should correspond to a 24-hour lease period. I suspect this is why I had to renew the clients' IP addresses the next day (today), but I still don't get why the RVS4000 wants to give out addresses in the 192.168.1.0/24 scope. Could this be a holdover from the factory settings?
Additional Information: I did not set up any VLANs on the network and the office only requires one subnet as there are not a lot of devices connected, nor do we need the traffic segragated. The VPN functions of the RVS4000 work fine. Using the QuickVPN utility, I can access the network and resources on the network remotely without issue.
I am wondering if this is possible. We have multiple internet connections with fixed IP's coming into the office. We'd like to use one for FTP backup and another to service our websites. From what i have read a 5510 doesn't do policy based routing, but we'd like to configure our ftp server to use one of the internet pipes and our webserver to use another internet pipe. Is that possible?
We'd have two outside fixed IP interfaces and two internal interfaces. I could then use one of the internal interfaces for the web server and the other for the FTP server. consequently if the internal web server and FTP server use the fixed IP"s corresponding DNS server wouldn't that effectively route all FTP traffic out one interface and all web traffic out the other?
Then the FTP traffic would be NAT'ed to an internal interface and the HTTP & HTTPS traffic would be NAT'ed to a separate internal interface.
Then if each of the internal servers used the corresponding internal NIC on the ASA as it's gateway and the fixed IP's that correspond to the external DNS server, then it would affectively only use that gatway out for traffic? Would that work? Does it should route traffic out those pipes correct? Will the asa support two different next hop routers for the two different interfaces?
I have a setup like this.
Foreach computer I need to go and configure the browser proxy settings and some people are getting smart and turn it to automatic configuration again.
So what i want to achieve is to have my DIR-655 to route all the HTTP/port 80 traffic to the proxy server.
That way it is transparent and then it is not needed to configure each computers browser settings.
I am pretty new to this and the router configurations.
The proxy server works fine if i configure the browser manually.
I have a cisco Swtich SGH 300-20 Gigabit switch i configure 2 vlan one is default and one is vlan 10
Vlan 1 ip range 172.16.0.0/23
Vlan 10 ip range 172.16.2.0/24
Client on Vlan getting Proper IP from DHCP Server all i need is to distribute internet bandwidth we have 6/3 mb and i want to give 4/2 mb to vlan 1 and 2/1 mb to Vlan 10
Int Gi16 on switch is configured as trunk port and is connected to cisco 2811 router
what are the command used to distribute bandwidth between these 2 vlans
I have an ASA 5510, with Ethernet0 connected to Internet via a T1 line, Ethernet1 connected to LAN1, and Ethernet2 connected to LAN2. LAN1 & LAN2 are independant, but share the Internet connection, via the T1 line. On LAN2, I have another router that connects to the Internet, via a Comcast line. I wish to route some of the traffic on LAN2 (10.38.77.0) to the other Router, on LAN2 (10.38.77.12) (connected to the Comcast line). I have entered the following lines:
route inside2 10.11.0.0 255.255.0.0 10.38.77.12 1
route inside2 10.252.0.0 255.255.0.0 10.38.77.12 1
route inside2 172.22.6.0 255.255.255.0 10.38.77.12 1
I can trace the routes from the ASA 5510 (1st hop is to 10.38.77.12), but not from anything else on LAN2.
We're in the process of swapping in a new pair of ASA5520s and Catalyst 3750s to support two separate business units. We want Firewall A and Switch A to handle traffic for Org A (VLAN 100). Similarly, firewall B and Switch B should handle traffic for Org B (VLAN200). But we want to be able to fail traffic over in case of firewall or switch failure. Traffic between the two Orgs is being routed at the switch level. [code]
The uplink interface on each switch is currently a routed port with a static address on the uplink subnet. This works fine in a normal state. However, when we fail over one of the firewall contexts to the other chassis, this results in the inability to route internal traffic because the internal interface is now physically connected to a different switch with a different IP port address (obvious in hindsight). The question is, rather than a routed port, what would be the proper way to handle traffic between the switches and firewalls in a failover scenario? If I make the uplink ports into trunks, won't this cause all packets destined for either firewall to hit both both? Seems like that's not the way to go either? [code]
We've got a cisco 2821 router which periodically stops routing all traffic. It seems to happen about once every 2 weeks, and I can't find anything that could be causing it. There are no entries in the log and the router stays up and running but requires a restart to begin processing traffic again. We're running 12.4(13r)T11.Any thoughts, or troubleshooting steps to track this down?
View 7 Replies View RelatedWe have a Catalyst 6509 switch, and we hope to use policy based routing to redirect http traffic to my proxy server, where I can find the configuration example?
View 11 Replies View Related