I have 2x v10000 Websense Security Gateways that are connected to 2x 6500 SUP720. When I turn on cluster management function between Websense appliance, they speak to each other only if they are connected in the same 6500. When they are connected one in every 6500 cluster management does not work. They are connected on the same physical vlan. Do I need multicast to be configured in the 6500 switches?
I have problem with the standby supervisor in 6500 vss and need to replace the supervisor. I have follow how-to on the cisco web site url...
But when i boot the new standby sup720 it comes active and both supervisors is rebooting. I wonder if i can do the replacement without rebooting both active and standy supervisor.
if it is possible to recover a Cat 6500 that has no code on bootflash from ROMMON, and is it mandatory to have a compact flash card to do the recovery ? or can one use xmodem or TFTP ?
We recently purchased 2 Cisco 6500 series switches (with Sup 2T). These switches will be replacing our old 2 6500 series switches (with Sup 720).
We have 70 vlans and 90+ closet switches (2900) connecting the core switches We have 2 WLC connected to the core switch. We also have a 1 x 1 connection to a VSS switch which in turn connects to our Server Co-Location data center utilizing IPSec & GRE tunnel to connect to our Server Co-Location data center.
Our routing protocol is EIGRP. Our VTP domain at Server Co-Location is separate from our location “A” campus. I was wondering what is the best way to migrate our Core switches at location “A” campus.
The requirement is we would like to replace these switches with minimum downtime.
I have been net searching this question and I find answers relative to other Cisco products but not for the 6500 series. We are running entservicesk9_wan-mz.122-18.SXF17a.bin and would like to know how to change the default SSH listening port..
I have a switch layer 6500 series connected to a firewall, the port configuration between them is layer 2, in another words I do not configure an IP address in the Cisco switch port to conected it in the firewall, but when a apply a policy on firewall it lose communication with others vlans, just the vlan that is connected between the switch and firewall works, attachment the design. I think that is necessary to configure the connection between the firewall and switch as layer 3 ( a port with IP address in the switch), but I would like to know why? The switch is configured with about 10 vlan and it is a inter vlan routing, a default route is configured in the switch where the gateway is the firewall.
I have an Cisco 6500 CS and there is a Cisco Unified Communication Manger Server connected directly to the Core Switch.I tried to change duplex and speed ( fix and auto ) for both sides, but the same problem.
We have two Cisco 5505 firewalls connecting to two ISP's . The two internal LAN's on the firewalls are 192.168.184.0/24 & 192.168.186.0/24. We also have a Cisco C3560x layer3 switch with vlan interfaces 184.3 & 186.3. We have two DGS-3100 Dlink layer 2 switches connecting our users to the Layer 3. Ip routing is enabled for intervlan communication & I can reach the Switch interfaces & firewall gateways from machines on both on the vlans.We have pbr enabled on the 3560 & users only on the .186 network can get to the internet. The switch is running the ipservices license & the sdm template is "desktop routing" .
Users on the .184 cannot access the internet but we can ping the layer3 interface & the firewall gateway. [code]
I have mobile users using air cards that connect to the network with a VPN product called Net Motion. Our firewall is a ASA 5510. Once connected to the Net Motion VPN server the user will get a DHCP address from our network. In the past we could not get the VPN tunnel to complete since our layer 3 switch (3750G IP services) has 3 egress points and the egress point that we needed the VPN traffic to go out of is not the default gateway. To solve this we had the air card carrier set switch our air cards to static IP addresses and using route statements for the public IP addresses and access lists we got it to work.
The problem with this is that every new air card we provision needs a static IP address. My question is would policy based routing work in this scenario? The problem has been that the VPN tunnel was not able to complete the negotitaion phase as the traffic came into the switch and was trying to go out the default gateway. The VPN client wont get an internal IP address until the VPN tunnel is created.
I would like to get away from using static IP addresses.
Cisco 6500 Sup720-3B SPA IOS SXI - GRE tunnel will not come up.It worked fine on SXF code, but the crypto map can not be applied on tunnel interface.The iskmp is up with the OM_IDLE The crypto give it a Cryto UP, the the Tunnel does not come up. It is UP down.Does some one have a working config with a 6500 IOS SXI Train with GRE IPSEC Tunnel?
I have a small network that i want to setup, i have 1 2900 router and i'd like to create subinterfaces for the internal. but more importantly i'd like to have the dsl modems connected to the router with traffic from one subinterface going through one modem and traffic from the other going through the other.
remote location on MPLS circuit terminated on a Cisco router that has Internet connectivity through Central Site router. We are installing a cable modem at the remote location that is to be used as the Primary Internet Connection but still be able to use Internet through MPLS if the cable Internet goes down. We want the failover/fallback to be handled automatically.
We have an ASA5505 for the cable Internet which then feeds into the ISPs modem.
At first I was thinking about getting a module for the remote router so the cable Internet could be terminated on the remote router as well but that introduces a single point of failure. I would also like to firewall both the MPLS and the cable Internet but if I do so on the ASA there is another single point of failure.
I will be installing a secondary SUP720 in a 6509-E and will be upgrading the IOS on the existing SUP which is on 122-18.SXF6. I've read that this release has passed End of Critical Maintenance earlier this you. I thinking of upgrading the IOS to 12.2.33-SXJ1(ED) or 12.2.33-SXI8(ED) (possible more stable), but i'm not sure if i need any step upgrades from the current version. The SUP meets the required hardware specs and I will also be upgrading the ROMMON to 12.2(17r)SX7 first.
I have alot of experience upgrading IOS on routers and switches, but i just need to now if there are any gotchas that i need to know for the upgrade on the SUP.
The other issue is i don't believe the current IOS has been installed, are there any issue running on an IOS not installed. Patching is not available since the system is not running from an installed image. To install please use the "install file" command.
I have a situation where a customer doesn't have the required power units installed in their 6500 for me to provision a WiSM2.They use a VSS pair with a single Sup720 in each. They have no intention of adding a second Sup to each chassis.
I need to justify why they can't use slot 6 (which has power reserved) if I am to get them to upgrade the PSU's. The documentation I've found says it is supported but not recommended.
Cisco Catalyst 6509 with Sup720-10GE IOS 12.2(33)SHX7. There are around 30 L3 vlans configured on the switch. I'm only interested for the traffic on one L3 vlan which is the connection to wan cloud.
I wanna see only the traffic that goes to and come from the wan. On other Catalyst where I have routed interfaces i successfully configured netflow. I read a lot in the forums and documentations but i didn't find the right one.
I have received a sup720-3B from Cisco with an internal 512MB flash(sup-bootdisk). I want to verify what IOS image is on the disk and do not have an spare 6509 chasis. Can I remove the 512 MB flash disk and insert it to my disk0: on my production 6509 with the sup32 that the 720 will repplace and view what is on the disk without corrupting?
I got a new VS-S720-10G it had 122-33.SXH8b on there. I had to downgrade it to 12.2.33.SXI1 to match our other switches. I installed the file I use in all the other switches, s72033-adventerprisek9_wan-mz.122-33.SXI1.bin but the Sup is now is only booting up only to ROMMON mode.
Initializing ATA monitor library...
Self extracting the image... [OK] Self decompressing the image : ################################################# ################################################################################ ################################################################ [OK]
%SYSTEM-1-INITFAIL: Network boot is not supported.
System Bootstrap, Version 8.5(4) Copyright (c) 1994-2009 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory
Trying to find documentation on the proper procedure for installing a second sup720 into our 6509-E chassis for sup redundancy. I have found documents that tout how 'cool' and 'awesome' NSF/SSO, and all that is, but haven't found any docs on installing a second sup720 into a chassis that is currently in production and is only running one sup720. In all the years that this chassis has been out, there must me a documented procedure out here to explain this.I have been through the following pages, and have found nothing to this effect.
problem to configure MWAM. I have installed MWAM module in 6506-E slot 2 with sup720-3B. After installing MWAM the Status is PwrDown. I tried to turn on the power but its not happening. MWAM is installed in slot 2 and here is the result of show module 2 My Sup720-eB IOS image is s72033-advipservicesk9_wan-mz.122-33.SXJ1.bin
6506-E#show module 2 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 2 3 MWAM Module WS-SVC-MWAM-1 SAD081203GK Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 2 0003.feae.bb8c to 0003.feae.bb93 3.0 Unknown Unknown PwrDown Mod Online Diag Status ---- ------------------- 2 Not Applicable
We are close to receiving our new 6513E chassis which I will be running Sup720 cards in. This will be replacing our existing 6509 Sup2 setup in production. What current IOS version should I run on the Sup720 ? I would like to support SSH. The chassis will be populated with a couple of 6724 SFP cards, 2 6704 10 gig cards and a few 6748 line cards.Is there a good intitial config guide ?
Customer is using SUP720 with SP rommon image version 8.1(3), he is trying to boot the new ios image from disk0, but he gets invalid magic error. he fomat the disk0 but still he gets error when he boots from disk0. He suspect that it can't be flash problem but can be software of hardware as he has two flash with same issue on 2 switches.
Customer wanted to recreate, I tried in the lab, i was able to load from disk0, but sup in lab had 8.5(4).
Customer wanted me try with 8.1(3) version. But i was unable to downgrade the SP Rommon image. SP rommon is running in Gold region and I loaded the 8.1(3) from both disk0 and sup-bootdisk, even preferrence was given to region1 but still sup came up with gold region itself.
* Will i be able to downgrade from 8.5(4) to 8.1(3), if so, what are the steps.
* is there any limitation or bug where 8.1(3) will be unable to read disk0.
I'm trying to boot this IOS on a 6506-E, s72033-adventerprisek9_wan-mz.122-33.SXI8.bin.
This is what I see in bootvar.
sh bootvar BOOT variable = disk0:s72033-adventerprisek9_wan-mz.122-33.SXI8.bin,1;disk0:s72033-ipservicesk9-mz.122-18.SXF8.bin,1; CONFIG_FILE variable = BOOTLDR variable = Configuration register is 0x2102
Standby not ready to show bootvar, I want to remove SXF8 and leave SXI8 alone. I removed both IOS file names in boot system and added the SXI8 again and saved. So this would be the output after.
But after a switch restart, this would be the output of show bootvar again.
sh bootvar BOOT variable = disk0:s72033-adventerprisek9_wan-mz.122-33.SXI8.bin,1;disk0:s72033-ipservicesk9-mz.122-18.SXF8.bin,1; CONFIG_FILE variable = BOOTLDR variable = Configuration register is 0x2102
Is there anything I need to check? This is an old engine and I'm not sure if the variables of the RP modified .
I am having problems with IGMP and QoS on CAT6500 platform with SUP720 engine.The problem is, it seems that all IGMP packets are getting marked with DSCP 48 when sent out of the switch regardless of any input service policy. I found several articles saying that PFC QoS does not apply to IGMP packets. However in IOS 15 that should be possible, but I didn't get it to work there either. [code]
Supervisor Engine 720 options support centralized forwarding rates up to 30Mbps and distributed forwarding rates up to 400Mpps. I never understood the claim of forwarding rate logic in mbps. How i can load the 6509 box to check this forwarding rate?How can the performance increase from 30mbps to 400mbps? is this just because of DFC on all the line cards if yes does it mean i have to add the DFC on SUP as well .
I have a heck of a time finding this kind of information on the cisco site...Is the WS-SUP720-BASE line card a fully supported module in the 6509-E chassis?
