Cisco Switching/Routing :: Port Spanning With 3548 Switch
Oct 19, 2012
I have a small lab setup and I am trying to implement an IDS/IPS on the network. I have 3 VLANs setup (10, 20, and 30) with the switch and a router allowing for inter-vlan communication. Port FA 0/1 on the switch is setup as a trunk using 802.1Q connected to a single interface on the router.
I want to be able to monitor traffic on the trunk link on the switch and replicate that to the IDS/IPS host. Is there a way I can mirror traffic from FA 0/1 (the trunk link) to a regular access port on the switch which would connect to the IDS/IPS?
I have seen several articles on Cisco.com saying that you can have a source port as a multi-vlan link, but others say it is not possible. I did not have a chance to get into the lab to test this yet or else I would have.
View 2 Replies
ADVERTISEMENT
Feb 23, 2012
2960 switch stack (flex) Spanning tree re-calculate from stack port one?I need to identify with port in the stack is causing the re-calc I have four 48 port switches and show spanning detail only indicates stack port 1.
View 1 Replies
View Related
Jun 19, 2012
changing the Spanning-tree mode on a live 6500 running in a VSS mode?If so what are the things to watch out?
View 1 Replies
View Related
Nov 3, 2011
I am about rip and replace my current 3750G stack with a 3750X stack. I have trunked over vlan and vtp info and implemented a config so it should be ready to go other then moving cables onto it. However one thing I want to correct with our current setup is that the root bridge on our vlans including vlan 1 is on a separate set of switches that we control, however I would like this new stack to be the root bridge for all of our vlans. It will be the central set of switches that all other switches trunk into. I have pre-set higher spanning-tree priorities for each vlan on the new stack so I expect as I move lines into it that the tree will be re-calculated with it as the root bridge. I've ensured that there are no root guards on any of the other switches trunks and priorities are all at default levels for each vlan. Should I enforce root guard on the trunk interfaces of the new master stack? Most of the trunks are port-channels to the other switches - do I need to set root guard on the Port channel interface or on the individual ports that make up the Port channel? On both? Any other recommendations in regards to implementing spanning-tree with the new stack? I know using port channels eliminates a lot of potential for loops but not every trunk is and I'd still like to have spanning-tree on.
View 1 Replies
View Related
Aug 15, 2012
We will be connecting Cisco 4507 with Extreme Switches. We ran into spanning-tree issues last time. Extreme does not understand spanning-tree. So what i am thinking it to prevent bpdu advertisement from 4507 to extreme switches and also prevent incoming bddu from extreme switch to 4507. I am thinking of using
spanning-tree bpdu filter
spanning-tree bpdu guard
spanning-tree root guard
View 13 Replies
View Related
Sep 19, 2012
Why is it when I set the port priority for example to 8192 and I then do a show spanning-tree vlan 1 it shows as 8193, does it add the vlan number? so if it was vlan 10 it would be 8202?
View 7 Replies
View Related
Oct 30, 2012
I am trying to configure a SNORT IDS system running on a physical machine using Linux as the base OS. I have a small lab network setup with 3 VLANs, a 3548 switch and a 2611 router acting as the router on a stick/inter-vlan router. My goal is to setup SNORT as a host-based IDS system. To do that I know I need to use the "port monitor" command on the switch and I have tested this and it works fine only when the snort system and the traffic I want to monitor reside on the same VLAN.My problem is I want to be able to monitor a trunk link betwee the switch and router to see traffic coming from my 3 VLANs which contain servers. My goal is to run attacks on the servers to test SNORT's effectiveness.
Relevant information from my configuration: interface fa 0/1 on switch is the trunk like carry 3 vlans to the router On the switch:
int fa 0/1
switchport mode trunk
int fa 0/5
port monitor fa 0/1
switchport mode access
The switch will not allow me to configure fa 0/5 as a trunk, only can be an access port.So right now, SNORT does not see any traffic other than traffic from my router to the switch. I assume because this is going over the native VLAN (1 in this case) and that is the same VLAN that SNORT box resides on on interface fa 0/5. So I know the span is working to an extent, but traffic from my other VLANs (server to server traffic) does not show on SNORT at all.I have done some research on Cisco.com and see the following seemingly contradicting information:
VLAN Filtering When you monitor a trunk port as a source port, all VLANs active on the trunk are monitored by default. You can use VLAN filtering in order to limit SPAN traffic monitoring on trunk source ports to specific VLANs Then I see, under the section for the 3500 series: A monitor port cannot be a dynamic-access port or a trunk port. However, a static-access port can monitor a VLAN on a trunk, a multi-VLAN, or a dynamic-access port. The VLAN that is monitored is the one that is associated with the static-access port.
My question is, does that mean the 3548 cannot support spanning a trunk link and having all VLANs on that trunk be monitored correctly to the monitoring port? I know the 3548 is old, but it is the only thing right now I have to work with. I could put the SNORT box inline on the network, but that is another mess in itself.
View 6 Replies
View Related
Nov 25, 2011
I am looking to cluster the aforementioned switches using the CLI. All the documentation that I have found all speak to performing the cluster configuration using CMS. I can only get to these switches via remote console so a GUI is out of the question for me. My ultimate goal is to configure these (2) switches for HSRP. Howver, everything that I found leads me to believe that I have to cluster in order to confiure the HSRP on these switches.
View 1 Replies
View Related
Jan 27, 2013
We have purchased two new Nexus 3548 switches. According to documenation the Nexus 3K does support vPC. When trying to enable the feature I get this:
nexus(config)# feature vpc
Error: vPC feature is not supported
nexus(config)#
We are running software version version 5.0(3)A1(1) and it looks like the latest version is 5.0(3)A1(2) so that's not much of a difference.Am I missing something here?
View 4 Replies
View Related
May 13, 2012
Where I can find the visio icons for the cisco 3508, 3524 and 3548. They are NOT on the cisco visio icon download site.
View 3 Replies
View Related
May 8, 2012
On the supervisor card of a cisco 6500 series, according to the following link, [URL] it only has 2 uplink ports on the card. Would I be correct in assuming that I only have those to ports that I can configure IP addresses on?
The cisco that is being devlivere is coming with a 48 port switch and 24 port fibre switch. Could I change any of those ports into a router port and configure IP addresses on those?
The supervisor card is a ws-sup-720-3b the 48 port switch is a ws-x6748-ge-tx the 24 port fibre switch is ws-x6724-sfp
View 3 Replies
View Related
Jun 5, 2013
I'm fairly new to Cisco products am in the process of developing my network knowledge on a deeper level. I have a 3825 with a HWIC-4ESW and I'm struggling to fully understand how the two "see" each other. I've setup a V LAN with a layer 3 address on the HWIC and added the switch ports to it. This seemed to allow devices connected to the switch ports to talk to the built-in router ports. I thought this was all making sense until i applied an access-list to the router port. It's a simple ACL i'm just using for testing and the only thing it does is blocks telnet from anywhere. I know the ACL is setup properly because if I connect a device directly to the router port i cannot telnet to the port. However, if i connect a device to one of the switch ports, i am able to telnet to the router port successfully.
It seems that I'm missing something with how traffic flows from the switch port to the router ports and how the two "see" each other.
View 2 Replies
View Related
Dec 28, 2008
what is the use of no switch port command in L3 switch?
View 7 Replies
View Related
Feb 26, 2012
I was looking for a way to connect an AUX port from a 1700 router to a 6500 switch module console port, to see the output of the Switch's on the 1700 router, in case there is a network downtime, I could see what's going on in the switch, what cable should I use ? Also, is there is any kind of documentation for this type of config what have I seen is very few info.
View 2 Replies
View Related
Apr 24, 2013
I read that maximum spanning tree instance number is 128, is there any switches that can go more than128 instances ? or can we do this from IOS updates ?
View 3 Replies
View Related
Feb 29, 2012
I have a 3750 switch which has the command 'spanning-tree vlan **'. I am struggling to remove this command, as this particular VLAN is one I want to distribute across our network.I have so far, set the switch to VTP Transparent mode and removed the VLAN from the database, this removes the command. If I then put the switch back to VTP client mode (or manually add the VLAN, while in in VTP transparent mode) then the command comes back. Submitting the command 'spanning-tree vlan **' command has no affect.
View 1 Replies
View Related
May 8, 2012
I want to have an opinion that which switch shall I replace the Cisco 2960s with so as to elimintae the need for spanning tree in there but then what would be the design look like between Netscreen and those new switches. Also would it be vendor independant to work Between Cisco and Netscreens/Cuberguard.
View 1 Replies
View Related
Mar 21, 2012
..I am connecting a Nexus 5K to a 6509 without VSS. Is the recommended configuration just straight etherchannel? Since the 6509 cannot do vpc, is an etherchannel the best way to configure this uplink? How does spanning-tree operate.
View 3 Replies
View Related
Oct 20, 2011
i can't configure "logging event spanning-tree" on a specific port under IOS 12.2.(58) SE2 (all other "logging events" are possible), under 12.2 (55) it is possible. Is it now a known bug or a default value?
View 4 Replies
View Related
May 2, 2012
Recently we will add 2 new core Switch 3750X, these 2 equipments will manage the spanning tree ( root)my idea is to change the priority in order to make 1 or the 2 of them the root, my question is if i setup the same priority for both when one go down the other will assume the role of root in the spanning tree topology ?
View 15 Replies
View Related
Jul 16, 2012
Is it possible to use the inbuilt 4 port switch on a Cisco 887VA ADSL router for inter Vlan routing? My plan is to configure port FA0 - 2 as Vlan 1 (default) 192.168.0.254/24 and port FA3 as Vlan 2 192.168.4.254/30. My SIP server will sit on Vlan 2 192.168.4.253/30 however remote Wan users coming through other Cisco 888 routers connected to the 887 will need to access Vlan 2 from Vlan 1, is this possible?
View 12 Replies
View Related
Apr 15, 2012
There 's a Cisco IP phone that sits between a PC and the switch port. On the switch port, no MAC address is learned. However, the switch is able to detect the IP phone and deliver power to it: [code] Switch is Catalyst 3750 with IOS version 12.2(58)SE1.
View 1 Replies
View Related
Nov 25, 2012
I have a C6509 with WS-X6548-GE-TX port module. The first port group, 1-8, is showing oversubscription (packets dropping) in the shared buffer. What interface commands can I use to find the specific port causing the buffer overflow?None of the ports is continuously overutilized and none of them in a SPAN destination group.I don't want to move connections without knowing which one is causing the problem. Also I fear that moving the connections may shift the bleeding to another shared port group.
View 2 Replies
View Related
Mar 2, 2012
If I knew the IP address of a host, can we know on which port on the switch its connected. The switch model is 2960
View 6 Replies
View Related
Sep 8, 2010
configure port security Cisco 500 Swich ? There is no CLI mode in this switch?
View 2 Replies
View Related
Feb 7, 2011
I have a stack with a lot of stack-port changes, but on all the ports, how can I determine the faulty switch in the stack, cables are already verified. We did also a restart of the whole stack power off/on
running version
WS-C3750-48P 12.2(55)SE C3750-IPBASEK9-M
This is the output after 6weeks
Switch#/ Stack Neighbor Cable Link Link Sync # In Port# Port Length OK Active OK Changes Loopback Status To LinkOK -------- ------ -------- -------- ---- ------ ---- --------- -------- 1/1 OK 4 1
[Code].....
View 7 Replies
View Related
Jun 17, 2012
I implemented the 3560E switch, this one have two Giga bit ethernet/10-Gigabit Ethernet module slots. I used the Twin Gig Converter Modules and one SFP. All configuration was applied in the Ten Giga bit, however the interface giga bit ethernet is UP UP state and the Ten giga down down.
View 3 Replies
View Related
Dec 19, 2012
We have an old 3508XL switch. We are trying to connect a new 2960 to it but we purchased the incorrect SFP insert and that speed can only do 100mb. We are getting link flaps and we suspect that it's a speed issue between the two. However, I cannot find how to set the speed on the old OS of the 3508 switch.
Below is a show version of the 3508 switch.
LR0007>show ver
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC17, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Tue 13-Feb-07 15:04 by antonino
[code]....
View 1 Replies
View Related
May 12, 2013
I have two switches claiming to be the root bridge for the same vlans. The 3750-X stack was configured to be the root for vlans present and the 2960S was brought online over the weekend to replace another one. This is the command I used to attempt and make the 3750-X stack the root
spanning-tree vlan 1-2,10,50,101,200,900,999 root primary diameter 4
The IOS converted that to this
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
[code]......
View 2 Replies
View Related
Feb 8, 2011
A question concerning the use of REP for IE-3000-4TC switches:
In figure 14 of REP pdf URL can you explain why this creates a loop in the system? From the document, I thought REP and RSTP could talk to each other so why does this create a loop if they are exchanging information between each other? Also, if, in figure 14, the two switches in the STP domain that connect to the REP ring, were also connected to each other, would there still be a loop in the system?
Also, what is the recommended max diameter a REP ring should be. I thought I read some place 130 nodes is ok, but I'm looking to confirm this.
View 3 Replies
View Related
Sep 25, 2012
I am looking for some troubleshooting for some Cisco blade switches that are running high CPU. I have two 3020 blade switches in an HP chassis that each have two 1G links port channeled a pair of Nexus 5548s. Spanning tree has been constantly running about 35% of CPU for the last couple of weeks causing management SVI latency and CLI lag. The Port channel is the root port and the switches have no other connections.
Here are the things I have tried in troubleshooting the issue.
-Remove links from port channel so that one is forwarding and one is blocking -Removed the blocking link so that the switch only has one uplink. -Converted from pvst to rstp -Entered no spanning tree vlan <all vlans> so when you do show spanning tree there are no instances of spanning tree-Connected the single uplink to a different switch
Nothing has changed the continuous high spanning tree utilization of about 35%.
The 3020 switches server interfaces are configured as trunks for ESX running on the blades. It seems the only possible loop that could be causing this issue is on the ESX virtual switches, but I am not sure how that is possible. I say this because I have another pair of 3120s that have the exact same problem! However they were working fine (CPU normal) until the enclosure was populated and began switching traffic. After they began carrying a medium/heavy network switching load, the 3120s are running at a constant 56% spanning tree CPU utilization!
View 2 Replies
View Related
Nov 9, 2012
I'm testing debug spanning-tree functions in a lab, hardware is Cisco 6509 with SUP-720-3B and WS-X6748-SFP, IOS is 12.2.33.SXJ. It's a root in some vlan's, stp mode is rapid-pvst.I wanted to see how spanning-tree is working (STP packets dump, etc.), and entered following commands on 6509: [code]
Then, I turned the "debug spanning-tree all" mode on. Now, I expect to see BPDU packets from Cisco, and other spanning tree events in logs on syslog server, or in log buffer, but I don't get anyting there. Except, there're some lines in log (they repeat very rare): [code]
View 3 Replies
View Related
Jan 10, 2013
I have problems too when I connect 3com and Cisco.
I have 2 5500g 3com switches connected with 2 links. If LACP is disable, this causes serious problems and STP not works.
Logically , the link, is a port trunk with all the vlans permitted. One switch has STP enable and the other RSTP. Why this not works fine? I need to configure MSTP maybe? PVSTP is not allowed on this switches.
View 2 Replies
View Related
