I'm trying to implement the UDLD protocol (Cisco-compatible), but face some problems. There is no enough information for implementing this protocol neither in RFC 5171 [URL] nor on [URL] How can I get a more detailed information regarding protocol state machines and timers?
View 2 RepliesCan we implement BGP without IGP Protocol ? If yes, then how can we do it ? If no, why ?
View 11 Replies View RelatedDoes g0/1 port (dual purpose port but set to use sfp) support udld? If yes, what's the command to enable it? I have it connected with a 3750v2 switch. On the switch I have udld enabled.
View 2 Replies View RelatedI have the following problem with
Situation:
- 2x 3750G-12S Distribution-Switches (DS) and several 3560/2960 Access-Switches (AS)
- redundant Fiber optic uplinks between AS and DS
- Cross-Stack Etherchannel config on all uplinks
- UDLD aggressive mode configured on all uplinks
Problem:
- when I reload the DS and the switch comes up again, I've lost the connection with several (not all) AS
- looking at the AS log I found the following error message: "%UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gi0/1, aggressive mode failure detected"
Cause:
- in the log of the AS I don't see intf Gi0/1 go down during the reload of the DS
- this means the DS didn't shuts down all its ports during the reload
- but this also means that UDLD on AS didn't know about DS reload, and therefore didn't resets counters
Workaroud/Solution
- I'm now configuring errdisable recovery on all AS
So I'm forced to configure errdisable recovery, even if I don't want.
we're running 4 c4500 Switches at 2 sites connected to each other via Layer-2 crypto boxes and VPLS in a point-to-multipoint configuration which ist completely transparent (it's more or less like connecting them via a Hub - every switch sees the other 3 ones as neighbors). Our basic configs have udld globally enabled in aggressive mode. I wanted to disable that for the interfaces (routed ports) to the crypto boxes, because I don't want them in ErrDisabled for 5 minutes if there are connectivity problems in the VPLS-cloud (every switch also had 3 UDLD neighbors because of the P2MP configuration). In if-config mode I could do this simply with "udld port disable", but I thougt it would be better to run normal mode (not aggressive) to have the chance to use the UDLD show-commands. So I configured "udld port" for the affected interfaces.
interface GigabitEthernet1/2
udld port
!
[Code].....
I have a problem between two switches with ether channel configured:
Model number : WS-C2960S-24TS-L
System image file is "flash:/c2960s-universalk9-mz.122-58.SE2/c2960s-universalk9-mz.122-58.SE2.bin"
Gi1/0/23 ETH-CH_1_SW-EDGE01 err-disabled trunk auto auto 10/100/1000BaseTX
Gi1/0/24 ETH-CH_2_SW-EDGE01 connected trunk a-full a-1000 10/100/1000BaseTX
Po1 Trunk_SW-EDGE01 connected trunk a-full a-1000
[code]...
I already change the wire without success, and already restart sw-edge02. With "u dld port disable" the link is working correctly.
I have two another switches working with SFP Cable:
Gi0/25 ETH-CH_1_SW-CORE02 connected trunk a-full a-1000 1000BaseCX SFP Cable
Gi0/27 ETH-CH_2_SW-CORE02 connected trunk a-full a-1000 1000BaseCX SFP Cable
Po1 Trunk_SW-CORE02 connected trunk a-full a-1000
Model number : WS-C3560G-24TS-S
System image file is "flash:c3560-ipbase-mz.122-50.SE1/c3560-ipbase-mz.122-50.SE1.bin"
Is there a way to implement unequal path cost load balancing without using EIGRP protocol?
View 8 Replies View RelatedI am trying to implement an etherchannel on a cisco 2901 (IOS 15.1). i have already created the port-channel but i cannot assign the gig interface to the channel group.
View 1 Replies View RelatedI have a 3560-48 switch running Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(44)SE3 and i need to implement basic QOS commands to the fast Ethernet interfaces as well as the gig interfaces and Also I need to create port channels on the switch and need what the port channel syntax are as well for that particular IOS version?
I have only read only access and i can't see what the QOS and Port channels syntax should be for that IOS version.
I have attempted to implement DHCP snooping and have been having some strange issues. I have 5 3560s taht I use for my edge and when I attempt to implement on all five, the VLAN that houses my voice data appears to no longer be able to recieve DHCP lease renewals so after the 24 expiration all of my phones lose their configs. Once I roll back the changes the voice VLAN comes back. The other VLANs seem to function correctly as theya re able to renew their DHCP addresses.
The 3560s tie into each other using GIG Ports 1 & 2 and the top and bottom switches tie into our core switch, a 4507. The config that I use is below, failry simple and straightforward.
4 of the 5 switches feed our general office vlans for voice and data however the 5th switch is there for expansion and not in use. As such I have left the config changes in place on it and have tied myself and a colleague into it and have been operating fine for over a week now. So the config that I use seems sound in theory and should work on the other 4 switches with no issue.
I'm in the process of upgrading my 4507R core to a new 4507R-E. The old switch has Sup IV engines (WS-X4515) running IOS 12.2(40)SG and the new switch has Sup 6L-E engines running 15.1(2)SG. I'm trying to "move" my configuration from the old switch to the new. Below shows the commands configured in the old switch. I'm trying to determine how to implement the same configuration on the new switch since these commands are no longer available.
View 2 Replies View RelatedOur enviornment includes 3560 switches and 2800 routers. We have a few remote offices using an application on TCP port 1677 that use far to much bandwidth. Our WAN provider can throttle and police this for us, if I can TAG this traffic, for example all Traffic from Florida using the Groupwise app on TCP uses TCP port 1677 and I want it tagged with CoS 3.
View 1 Replies View RelatedI have a 2960 that I need to limit the uplink port to 50Mbps for 3 vlans and 350Mbps for another vlan. Would the following config achieve that or is this even possible for the 2960?
class-map match-any VLAN50-51-52
match vlan 50-52
class-map match-any VLAN53
[Code].....
some recommendations for product selection and overall infrastructure setup for our datacenter: We have an old, legacy setup, and are looking to replace equipment, improve performance, enhance security, and implement hardware redundancy (if cost effective).
1) We now have (2) IP blocks from our provider, and need to support both (because we have mailers on older IPs with a good reputation rating).
2) We have (2) aged Sonicwalls, one for each IP block, each connects to multiple internal subnets (some internal subnets need connectivity to eachother, some don't).
3) We have (mostly) public facing web servers (Linux/Apache), as well as database servers (with no external access).
Questions-
1) Should we implement a Cisco ASA 5520 w/ or w/o SSM modules for the new IP block (for webservers)?
1a) Should we implement a Cisco ASA 5510 or 5505 for the existing IP block (for mailers)?
1b) Or, can we have multiple public IP blocks connected to a single ASA 5520 (or 2 ASA's w/ failover)?
2) Can we connect both firewalls (5520 and 5510/5505) to a single Catalyst 3550 (or similar) using VLANs, and have 6 - 10 VLANs for webserver subnets, with ACLs controlling which subnets/servers can connect to eachother?
2a) Should we implement a second Catalyst 3550 (or similar) for redundancy (webservers have multiple network cards).
3) From our provider, we only have (1) dmark which both IP blocks connect through. Currently we have a switch connected to the dmark in order to 'splice' the connection, and have both existing firewalls connected. Is there a better approach to this?
4) We would like to implement SSL-VPN, and possibly site to site IPSec VPN, but only if there will not be significant performance degredation.
5) Other thoughts/recommendations for new features, enhanced security, or redundancy?
I have a vlan that is used for ip cameras. This vlan is routed with other vlans on our Cat 4506-E. how can i implement multicast feature to improve performance?
View 1 Replies View RelatedI have a collapsed core design with routed ports between all components. Access layer switches, data center switches, core/aggregation. All routed (no spanning-tree at all).Now...I have to add an IBM BladeCenter with a BNT layer 3 switch to my topology. However, those nasties don't seem to support routed ports.How can I have a routed port on my cisco switch and a standard access port on the BNT and still establish an adjacency with an SVI? I am running OSPF, but I am labbing this in my home lab with 2 x 3550s and EIGRP.
On SW2:
*Mar 1 00:57:00.711: EIGRP: Received HELLO on Vlan100 nbr 10.1.1.1
*Mar 1 00:57:00.711: AS 999, Flags 0x0, Seq 0/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
*Mar 1 00:57:02.303: EIGRP: Sending UPDATE on Vlan100 nbr 10.1.1.1, retry 9, RTO 5000 tid 0
*Mar 1 00:57:02.303: AS 999, Flags 0x1, Seq 17/0 interfaceQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1
[code].....
I need to implement the shaping VLAN only on the trunk link between the 6500 and 3560. [code]
View 8 Replies View RelatedI have an environment where i have two nexus 7010 switches, along with 2 nexus 5510's. I need to run OSPF as a layer 3 routing protocol between the vpc peer links. I have 1 link being used as a keep alive link, and 3 other links being used as a VpC link.
1) Is it best to configure a separate Vpc VLAN i.e 1010
2) Is it best to configure a vrf context keep-alive
3) just have the management address as the peer ip's.
I have bought Cisco ISR 881 C880DATA-UNIVERSALK9-M with c880data-universalk9-mz.150-1.M7.bin ios.
command "show ver" tell me:
License Information for 'c880-data'
License Level: advsecurity Type: Permanent
Next reboot license Level: advsecurity
So I have advsecurity. On cisco site there was a thing URL
"Table 5. Cisco IOS Software Features on Cisco 880 Series: Advanced Security Feature Set (Default)"
that tell me I have RIP protocol to use. But when I type "router rip" command and sub router sommands like: network, passive-interface, redistribution. There are no in runnning-config such things after all I've done. It have not been saved.
then the command "show licence":
#show license
Index 1 Feature: advipservices
Period left: Not Activated
Period Used: 0 minute 0 second
License Type: EvalRightToUse
License State: Not in Use, EULA not accepted
License Count: Non-Counted
License Priority: None
I need even RIPv2 to have simple routing information to exchange.
And I don't know. Cisco 880 series is G2 or G1. Cisco ISR beginning from 890 series is G2. About 880 I don't know. There no informanion about it or at least I have not found it yet. On one 891 is the same problem. When I type "router eigrp 1" everything is great. But when "router rip" - do no work.
I have encounterd a broplem on my Cisco 805 model.
When i use the command "show ip interface brief" the status shows "up" but the protocol is "down" on my serial interface.
The link between my to sites is down after this happend.
When I config BGP on my 3750X Switch, it show error as below:
protocol not in this image
should I need to upgrade the IOS or Where I can found a supported image (support BGP)
I am trying to enter this command in Cisco 2960 but the device is not accepting it. Is this because of IOS or this command is not available for 2960?
View 1 Replies View RelatedI am trying to review the port-channel configuration on a 6500 series. I am issuing the "show etherchannel summary" command and the out put shows the Group, Port-Channel, and Ports. It does not show me the protocol that is in use such as PAgP or LACP. Does this have to do with the Etherchannel in the "On" mode rather than "active", or "Auto"?
View 2 Replies View RelatedI have configured SPAN in cisco 3750 switch as below mentioned. but the destination port protocol is down.switch(config)#monitor session 1 source interface gigabitethernet1/0/1switch(config)#monitor session 1 destination interface gigabitethernet1/0/11 ingress vlan 1
View 8 Replies View RelatedOn our backbone (Cisco 6509) we have the following config.
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-200 priority 24576
1. is rapid-pvst the best spanning tree protocol to use? on some switches we have pvst (not rapid)
2. do all switches in the LAN need to use the same protocol?
3. does line 3 :priority 24576 mean that someone set tis switch as root manually? how can one further enforce the backbone as root (so noone adds a old switch with lower root id)
We are using CISCO LMS 4.2.3 in our network in India, we are facing a issue regarding alarm generation for a protocol flap/down, especially when BGP / OSPF neighbourship got flapped.These flapping will result in the data service degradation , by which we came to know that some protocol flap may occurred at router end & then we go for the manual check by login into the router.after escalating the same to cisco we came to know that it is a bug of Cisco LMS. using any other method/technique to view the protocol down alarms automatically for cisco routers.
View 1 Replies View RelatedI want to configurate Vpdn protocol PPOE but i can not write protocol ppoe under vpdn group name on cisco 2811. cisco 2811 iso is 12.4 T adventurer and i upgrade it 15.1 advansecure but problem is still.
View 5 Replies View RelatedWill Resilient Ethernet Protocol (REP) run on all Cisco switches (2960S and 3010) or is it only available on Service Provider switches like the ME3400E?
View 2 Replies View RelatedI work for a Wireless ISP and the device impacted is the back haul radio into the site. I have swapped from a 2950T to a 3550. Replaced the radio, PoE, patch lead. We have re ran the cable up the tower using shielded outdoor cable with a drain wire which has been earthed to an earthing block in the cabinet. We have other devices on the tower not experiencing the issue. We suspect cable interference however am now at a loss to diagnose further.
[Code]....
Currently our Cisco 3750 have one interface (port 1) that connected to our provider (Internap) with the IP 66.150.7.68 assigned. Now we want to upgrade to dual handoff L3 protocol. Below is the network configuration from Internap.
>>>> We have assigned the below /30s for each of the interfaces and will statically route the 66.150.7.0/25 down both interfaces.
>>>>
>>>>
>>>> 63.251.162.20/30
>>>> 63.251.162.21 - border1.sef003 - Internap side
>>>> 63.251.162.22 - your side
>>>>
>>>> 63.251.162.184/30
>>>> 63.251.162.185 - border2.sef003 - Internap side
>>>> 63.251.162.186 - your side
tell what command lines do I need to input on my Cisco switch for port 1 and 2 in order for the dual handoff to work correctly?
I'm trying to upgrade NBAR protocol pack on my Cisco 1941 router, so i downloaded new NABR protocol pack (version 4.0.0) and transferred it into router flash via tftp. When i try to apply new protocol pack with command : ip nbar protocol-pack flash:[protocol-pack-name]
i got this error :
% NBAR Error : Advanced Protocol Pack can not be loaded on top of Standard Protocol Pack
The router is running IPBASE IOS with Security License, IOS image is c1900-universalk9-mz.SPA.153-1.T.bin. Does NBAR2 packages works on IO BASE images?
I have been having following situation on my WAN facing interface on Cisco2911 where the same number of broadcast, multicast and unknown protocol drops is happening. Not sure but some applications are struggling to run over on the WAN.
[code]....
My Company use Core Sw 4507R-Sup 7L-E with Enterprise Services License. I has upgraded to use iOS cat4500e-universal.SPA.03.03.01.SG.151-1.SG1.bin
When I use match protocol in class-map, there are only about 10 protocols, and not have those ones I need. I intend to expand the list of protocols to do some Policy-map by loading PDLM. But 4507 is no longer support NBAR. So do we have another way to set Catalyst 4507R with Sup 7L-E recongnize more protocols in match protocol command?