Cisco Switching/Routing :: Setup Management VRF On 4948-10GE
Aug 3, 2011
I am trying to setup the management vrf on the 4948 10GE so that my TACACS requests will use that vrf for out-of-band purposes. The vrf is working properly because I can ping the TACACS server using the vrf but the logins do not work. I see this error in the tacacs debug:
TPLUS(00000016)/0: Connect Error No route to host
Looking at the release notes, it states that my version (12.2.54 SG1) does support vrf aware tacacs but the documentation seems to be a bit off because i do not get a server private command option as stated in the configuration doc after configuring a tacacs server group:
[URL]
Here is my config:
ip vrf mgmtVrf
rd X:X
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
ip address x.x.x.x
We had to transport one of our 4948 10 GE to another Data Centre and when we got it there and tried to power up its System Status LED was red and we cannot even get console to the device.
We can try to see if the switch is completely dead and needs replacing or is there something we can do to get it back up and running again?
ive updated my catalyst 4948-10GE to version 15.0(2)SG1.Now it is not possible to login by ssh or telnet on this switch. the access is established over the mgmt-Interface and vrf.i get a ping reply but login is no more possible now.is there an new feature in this version for vrf or remotelogin that has to be configured? if neccessary i can paste the running-config here.
I want to choose a pair of switches for our data center.What I need: 48 x 1GE access ports, 2 x 10GE uplink ports.Nice feature of 3750-X is stacking. So what features has 4948-10GE? Why I should prefer that switch?
we have multiple Video production networks, with Video servers (AVID Unity ISIS) connected by 10GE fiber links to 4948-10GE switches. On almost every of these switches, I see more or less "Sequence-Err" interface errors. We do not currently have a known problem because this, and no other errors are seen. But I would like to understand the error, and therefore I would like to find out, what a sequence error means, what the cause is, and what the impact (to a frame) is?
By the way, it is well-known that the ISIS Video server does generate very excessive UDP data bursts. Maybe this matters? On Cisco doc I did not find an answer. The document "Troubleshooting Switch Port and Interface Problems" does unfortunately not refer to "sequence-err".
Here is an example output: WS-C4948-10GE#sh int t1/49 TenGigabitEthernet1/49 is up, line protocol is up (connected) [code].....
I' ve three 4900M switches equipped with the WS-X4920-GB-RJ45 module and the WS-X4908-10GE module. Now I'm started to setup these switches in our lab environment for the first time. They behave a little bit strange in comparison with the C3750 series which I used before and which I will replace by these powerful machines.
I tried to setup these switches to be managed through the management port. I configured IP address, default route in the management vrf, set the source-interface for tftp,ssh,ftp and tacacs to use the management port. Ping using the manangement port was successful. After finishing theses steps I configured the TACACS and AAA settings accordingly the informations I found on CCO. I tested the settings with "test aaa group authentication" command- without success. On my Cisco ACS no request was received and the switch told me he could't reach the tacacs server. Other switches in the same IP subnet are working without failure, so firewall or server should not be the problem.
I am in front of a choice what to select to deploy 10Ge in my datacenter to get four 6504e and two 3750x units connected to each other.All devices are located in 3-7 meters away from each other.The choice is whether to go for a multimode fiber and 10GBASE-SR X2 Modules OR cat7 UTP and 10GBASE-T X2 pluggable transceiver.Money wise it doesn't matter.Fiber looks less attractive since it's fragile and a bit harder to put in underfloor area.Cat7 is more attractive but there are 2 points:
1) I couldn't find ANY single photo of a 10GBASE-T (a module with a single RJ45 port). How does it look? Does it come with a cable or...??
I have a two Cisco 4510R each with two sup V-10GE redundant. The code on these sup modules are 12.2(31r)SG3. I need some assistance in getting this setup worked out. I have all four of the 10GE populated with appropriate optics. I setup a link from one 4510R to the other using these interfaces. From the documentation I found I had to use Tengi1/1 and Tengi2/2 as the redundant pair. I plugged the up link into these ports. The Tengi1/1 (active supervisor) links up and works fine. But when I look at the ports port Tengi2/2 it isn't showing link or active. Now port 2/1 (nothing plugged into it) is showing as active.
Now is the redundancy supposed to be 1/1 and 2/1? If so, the switch is in production, when I move the connection over from 2/2 to 2/1 will it cause a outage? The reason for this is I now have a system with a 10G port and would like to utilize one of the other 10G ports. Is that possible? Or does it have to be a lag/redundant up link to work (say to another switch)?
We have a scenario with 2 chassis, both with 2 supervisor Engine 2T, we try to make a configuration of VSS with the chassis and would link to know if is possible have 2 supervisor on chassis one and 2 supervisors on chassis 2 with VSS?
Router#sho switch virtual redundancy My Switch Id = 1 Peer Switch Id = 2 Last switchover reason = active unit removed Configured Redundancy Mode = sso Operating Redundancy Mode = sso
[code]....
would like to use the second supervisors for obteind the local redundancy en chassis 1 and 2, this is possible?
the actually version on four supervisors is: s2t54-ipservicesk9-mz.SPA.150-1.SY3.bin
What does RP drops entail? We are experiencing 0.23 % drops on an vlan int on one of our 6500. This interface is an L3 to a server-subnet. Doing a sh int vlan 238 switching shows 30935411 RP (Route Processing) drops.It was a bit unclear to me in the thread "Input queue drops on 6500 vlan interface" if RP drops was through the router, or to the router(mgmnt)?I can do a netdr to see what traffic goes to it. It should not generate CPU load, but I think I will wait until after hours before I try that command.
- do NETDR: -- debug netdr cap rx vlan 238 -- show netdr cap
I am trying to configure a 6509 as the passive receiver from a Dell Force10 10Ge switch with 2 sfp to 2 gig ports on our 6509 switch, I see LACP is up on both sides but cannot pass traffic, I have only 2 vlans that will carry across the aggregate link from our vmware boxes, this is just a temp until I get a 10ge in our 6509 chassis.
I am getting conflicting info about this, and need to get confirmations.Is the older 6513 (non E) model compatible with WS-X6407-10GE blade?The switch we're getting this for have WS-SUP720-3B, 6000W power supply, and WS-C6K-13SLT-FAN2.From what I read they are compatible if entered in slot 9-13, but I also heard that 10GE modules are not compatible with the non E chassis.
I am looking for 10 GE copper 24 ports switch. After any time I come N2K-C2232TM-10GE. However, this switch is fabric extender and it is used with Nexus 5K series switches.
My question is Can I use this Nexus 2K standalone as other L2 switches?
I will be adding two WS-X6716-10GE cards in a CAT6509 soon, and will create 4 port channels with 3 ports each in the new cards, but I do have a few questions:
1 - I will be adding cards in slots 3 and 8, can I mix and bundle ports from both modules into a single etherchannel, I mean, like two ports in slot 3 and 1 port in slot 8 to create a PortChannel ?! Or can I only bundle ports in the same card/port-group in a Etherchannel using this WS-X6716-10GE card?
2 - Do I need to issue the hw-module slot x oversubscription port-group y command in order to be able to bundle ports in the Etherchannel I need to create ?! I will be using 4 Etherchannels (LACP) with 3 ports each, running in trunk mode. So I guess, I will be using something like:
Is it possible that catalyst 4500 Supervisor Engine V-10GE WS-X4516-10GE works with WS-X4612-SFP-E?I know suprtvisor engine V-10GE is not support E-serious linecard, but when I use the configuration tool, I can choose these two products together. Is it a bug?I need novell IPX in this case, I find supervisor 6E & 7E are already not support, so I have no choice to choose V-10GE.
I have been trying to reset my Cisco 4507 R-E with sup 10GE engines, and I am not having any luck. I have followed the following document:
[URL]
I have tried "wr erase" and "erase startup-config." I cannot delete the vlan.dat file either. I am using the command "erase cat4000_flash:vlan.dat" and its not working either. I have done these commands several times with no success. When asked if I want to save the config changes, I am answering with a "no" I have not tried to depress the small "reset" button on the front of the sup engines as I read that this just restarts the switch.
When i swapped a Sup v 10 ge for a Sup6 E Tonight in order to take advantage of the netflow capabilites of the Sup V - It came up with module unsupported for the following cards - WS-X4648-RJ45V-E Will these only work with the Sup6 E or what
I cannot boot IOS, when i reload this switch it go to ROMMON. I try to uploand IOS but it still has problem. i think i may wrong some point during i did uploand.
My cisco 4948 switch is generating the below error,how do i troubleshoot this error.
*Mar 13 00:09:33.451: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 14 times)Packet received with invalid source MAC addre ss (00:00:00:00:00:00) on port Gi1/37 in vlan 1Gi1/37- to this port another 2950 switch is connected by trunk link.and to this switch end host is connected i.e.thin client
I am updating the iOS for a 4948 the bootflash is empty so all i can get into is the rommon. There is no option for x-modem. How can I put the iOS onto this device? [code]
We purchased two new 4948 with two 10GE uplink ports and upgraded the devices to run IOS 15. My 6506 is running Sup 720 with s77233-adventerprisek0_wan-mz.122-33.SXI9. Currently we have 4948's connected to the same 6506's with no problems. Today I tried to add the new switches with new IOS and it caused of of my 6506 core switches to failover. I can't explain why because it was close to start of business and couldn't do much troubleshooting. Currently we have four 4948 (running IOS 12.2(14) switches running Layer2 connecting dually to each of the two 6506 cores via 10GE fiber uplinks. I tried to add two more to the scenario, again running layer2 and dual-honing them to each of te 6506 switches. there are two 6506 core switches and they run HSRP and spanning tree is manually set to give priority to even vlans on one 6506 and odds on the other 6506. Also the new switches I tried to add did had rootguard applied as well as the uplinks.
We have to get this working and have no test environment to work with. We need to do this late this evening after close of business.
On another note, I have had problems upgrading some of my older 4948's to IOS 15. I followed Cisco's suggestion and upgraded the EPROM first and then the IOS upgrade took on three of the switches that were ordered rather recently. The four that were ordered in one batch will not take the upgrade even following Cisco's instruction and lots of other tricks. Nothing works. Having problems with IOS 15, in general?
I am planning to upgrade Cisco 4948 IOS upgrade. We have few with older code( 12.2(25)EWA7), when issue sh version shows as Catalyst 4000 L3 Switch Software. while newer version of the switch show as Catalyst 4500 L3 switch.
1 Is this/(sh ver output) just because of the Older code ? My 2 question is according to release note : [URL]
You need to upgrade your ROMMON before the IOS . 2 What is the approximate time it take to do this ROMMON upgrade ?
I have 4948E module switch at customer site and below is the show version output. Image on the switch is not supporting 'AUTO QoS' as i need to enable Auto Qos on it to prioritize Voice traffic. Which image supports Auto QoS feature . Image should have L3 functionality also i mean it should support Routing protocols. I tried to enable auto QoS using by configuring "QoS' globally but no luck...with existing image.
{ URL} ROM: 12.2(44r)SG9 Hobgoblin Revision 20, Fortooine Revision 1.22 Switch up time is 12 hours, 1 minute System returned to ROM by reload [ code]...
Configuration register is 0x2012 Switch#sh boot flash: -#- --length-- -----date/time------ path 1 25793234 May 31 2011 15:20:20 cat4500e-entservicesk9-mz.122-54.SG.bin 2 25005209 Mar 08 2013 09:53:18 cat4500e-entservices-mz.122-54.SG1.bin
we have Supervisor Engine 720 10GE (VS-S720-10G) in slot 5 on Catalyst 6509-E. Slot 6 is free. We need to replace VS-S720-10G. Is it possible the following scenario
1. we will insert new VS-S720-10G into the slot 6 2. then we will remove the faulty VS-S720-10G from the slot 5
Will everything work without interuptions. Is any document where I can find step-by-step procedure how to replace VS-S720-10G ?
Is it possible to use a 10GE interface on a sup720 and an interface from a 671610GE line card and create a port channel. I haven't found specific documentation on CCO stating you can. I have found the QOS queuing is differnet between the sup and line card.
We recently installed a WS-X6716-10GE module in slot 6 within a Cisco 6506. We are using two ports on the module (6/13 and 6/14), which are port channeled together to a Nexus 5548. Everything has been running fine for about a month and the card had a green light but the ports stopped communicating. The module was screwed into the chassis/slot. For problem determination reasons, we reconfigured ports 6/13 & 6/14 to 6/15 & 6/16 and moved the cables but the module was still not responding. We eventually pulled the module out of the slot and reinserted the module back into the slot, which reset the module and fixed the problem. Is there any way to determine if this was hardware problem with the module and it should be replaced, or is it a software bug/problem? We opened up a ticket with the TAC but we haven't heard back from them yet.
Cisco WS-C6506-E Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9-M), Version 12.2(33)SXI8, RELEASE SOFTWARE (fc2) Mod Ports Card Type Model --- ----- -------------------------------------- ------------------ 5 2 Supervisor Engine 720 (Active) WS-SUP720-3B 6 16 CEF720 16 port 10GE WS-X6716-10GE
We have two 6509 switches with one WS-X6704-10GE module in each of them. There is an optical cable between the two switches plugged in WS-X6704-10GE module on both sides. When you shut down the port on one side the other port still stays as up and you need phisycally to unplug the cable to have it down. The same behaviour is seen no matter on which of the two switches you shut down the port, the opposite one always stays as up and only removal of the cable makes it go down.
The ports are configured quite simply:
interface TenGigabitEthernet1/1 switchport switchport trunk encapsulation dot1q switchport trunk allowed vlan 1-10 no ip address udld port