Planing to implement ARP out in all interface vlan at switche(6500,3500).It's useful to avoid unicast floating in the Switch.What are precaution to be take care during the implementation?
View 5 Repliesi have this message "DHCP Timeout"on few cisco IP Phones . try to assign IP manually and it's working fine.. seems DHCP not giving IP's to those.. 6500 have configured as DHCP pool.
View 3 Replies View RelatedI have two networks at two sites with a dot1q trunk between the two L3 switches at both sites (no routers involved)
SITE A - Cisco 3750 L3 - VLAN ID 50
10.10.50.0/24
SITE B - Cisco 3750 L3 - VLAN ID 50
10.20.50.0/24
I would like to extend the SITE A VLAN to SITE B so that I can move hosts from SITE A to SITE B without needing to change their IP address but the vlan ID is already in use. Obviously the easy solution is to change the VLAN ID for one or other of the sites but both sites contain hosts that run 24/7. Is there a way to join two VLANs with different IDs together.So for example I create a new VLAN 60 at SITE B and associate it with VLAN 50 at SITE A.
ASA 8.2(5), uauth absolute timeout is disabled and inactivity timeout is set to 48 hours:
timeout xlate 48:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:00:00 absolute uauth 48:00:00 inactivity
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
Users still get kicked out every 8 hours and they have to reauth. This is a logging message:
%ASA-5-109012: Authen Session End: user 'john', sid 839, elapsed 28801 seconds
My customer has various Cisco switches but only cisco 2950 switches has the problem of ping timeout or reply time is too long(average more than 2 sec). It will cause I Network Mangement software alarm always.
View 4 Replies View RelatedWe have a L3 gig link between 2 locations (6513 <-->4507). Each location got its own addressing scheme and vlan interfaces on the edge switches.For our new exchange servers, I received a requirement on having the possibility of single vlan at both locatons. so that the all the replicaton traffic between both location servers (Prod/DR). Ex: Create a new vlan at 6500 site with an addressing scheme 192.168.100.x and having the same addressing scheme vlan stretched over the L3 link to 4500. The link is not MPLS. I read few posts in the forum and seems it is possible if we have MPLS. OSPF is the routing protocol.
View 3 Replies View RelatedThe customer has 4 6500 switches. 2 Physical locations, and 2 switches at each locations. The locations are connected via 1 200mpbs metro ethernet(layer 2). We ran into an issue during a DR exercise. We had created a VLAN for DR testing purposes, that did not have any SVI configured, but the VLAN did exist on one of the 6500s. When the customer restored a VM to the DR VLAN, we lost connectivity to the production server. After some troubleshooting, we found the cause to be the same mac address showing up, but in a different vlan. Once we removed the DR vlan from the 6500 all was well. It seems like switches are ignoring the VLAN in the mac address table, and forwarding to the incorrect ports. The switch is not reporting any mac flapping in the logs. No spanning tree topology changes are occurring. Code version is 12.2(33)SXJ2 on all switches.
View 1 Replies View RelatedCore: DC : 2- 6500 (PO Trunked) Configured L3 vlan interfaces with HSRP.
Vlans:
Servers - 192.168.5.0/24
PCs: 192.168.10.0/24
Phones : 192.168.20.0/24
Replica-exchange: 192.168.30.0/24
DR- One Core SW:
Vlans:
Servers vlan - 10.10.5.0/24
PCs: 10.10.10.0/24
Phones : 10.10.20.0/24
Replica-exchange: 10.10.30.0/24
OSPF is the routing protocol. Everything works fine.New requirement (exchange 2010 MAPI & DAG subnets)
192.168.5.0 <--> 192.168.30.0 & 10.10.30.0 : Communication should fail
10.10.5.0/24<--> 192.168.30.0 & 10.10.30.0 : Fail
Replica@DC <--> Replica@DC: work
Replicas --> Rest of the nw- not that of an issue.
Iam thinking of adding a Extended ACLs on Replica-Exchange (DC & DR) and servers Vlan interfaces to block bidirectional communication.
CORE1 &2:
access-list 101 deny ip 192.168.5.0 0.0.0.255 192.168.30.0 0.0.0.255access-list 101 deny ip 10.10.5.0 0.0.0.255 192.168.30.0 0.0.0.255access-list 101 permit ip any any
!access-list 102 deny ip 192.168.30.0 0.0.0.255 192.168.5.0 0.0.0.255
[code]....
Similar to the same on DR as well. I wanted to see if ACL is the way to go or any other suggested methods with OSPF being the routing protocol.
Is it possible for me to create 2 vlan interfaces on the 6500 and have them both in the same subnet?
For a specific customer requirement I would like to have a vlan interface on the 6500 as default gateway, sat in it's own vrf, and then route all traffic inbound and outbound to this vlan through the FWSM interface, preferably in the same subnet. I don't think this will be possible so just looking for confirmation either way.
As I will be running EIGRP between a pair of central 6500's and 2 remote offices it will make things much easier for me advertise the connected FWSM interfaces in to EIGRP for access in/out of all my VRF'd subnets. If I need another subnet for each VRF FWSM next hop then I'll have to reditribute a list of statics which I don't really want to do.
The reason I am not just using the FWSM as gateway is because I need to run HSRP across 3 different devices (another 6500 in a second suite), and failover FWSM will only give me 1 level of redundancy for those gateways.
Catalyst 6509E Switch running IOS version 12.2. Created a new VLAN layer 2, created it layer 3 with an IP address. Issued the state active command and the no shutdown command. when doing a show vlan, shows in the list and active. When doing show int vlan xx, shows as down. Need to get it to be up, have attempted to assign a port to that VLAN in hopes it will come up, but still no go.
View 5 Replies View Relatedwe have applied route-map on vlan interface in the form:
ip access-list extended TEST
permit ip 172.16.1.128 0.0.0.127 172.16.0.0 0.0.255.255
route-map TEST permit 10
match ip address TEST
set ip next-hop 172.16.111.1
interface Vlan11
ip policy route-map TEST
The problem is in the traffic matching by the rule - there is matches not only for 172.16.0.0/16 prefixes but for the whole traffic in that VLAN.
Vlan interface would be dropping packets on the input queue? Refer to the drops/flushes below. This is from a 6500 with a Sup720, there are a number of vlans on it. This 6500 and it's HSRP partner are exhibiting the same symptoms on all the vlans I bothered to check. This particular vlan is quite lightly used, there are only about fifteen user PC's (each with 100 Mb interfaces) on it.
There is a bit of information on input queue drops on Cisco, but this is focused on physical interfaces where I can understand some packets being dropped. I would think that Vlan interfaces would have different issues.I note the "no buffer" errors as well, that also concerns me, especially as that counter is quite close to the "flushes".
Vlan123 is up, line protocol is up Hardware is EtherSVI, address is 00d0.04fd.6000 (bia 00d0.04fd.6000) Description: Vlan123 Internet address is 10.123.123.7/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported ARP type: ARPA, ARP Timeout 04:00:00
[Code] .......
We have a need to access an VLAN at the main office( ie Core Switch 6500,switch 3750) from a remote site(Cisco3845 router, Switch3750) connecting by a SP through fibre link.
what is the easiest and quick way to do it and the user from the remote site just want to have access to that VLAN for a couple of days only.
can i have 4 links from an ESX server to 6500 , each link represents a trunk link carries each the same 2 VLAN , 100 and 101 , keep port-channel out of the picture , does it work well?
View 12 Replies View RelatedWe have Nexus 7k running as my core with a 6500 manageing my server farm and IP services servers (call manager, IPTV ...)My edge switch are 4500s. We currently have RIP2 running between and the switchs and each 4500 is managing its own VLANs.The IPTV uses IGMP snooping and multicasting to broadcast the video feed. The problem that came up is that the we cannot configure a gatewar for the setup boxs for the IPTV system. They will only work on a single VLAN and they are spread all over the network.Can we configure only this VLAN to be propagated over our RIP network???
View 2 Replies View Related1 week ago, I got a call from a client that reported a network outage, the client told me that, 3 switch has crashed he try to console but it just hang. I ask him, did you change something? he said he didn't change anything, he just pluged a nortelswitch to the cisco switch number 9, but that switch doesn't crash like the others (3,4,8). I check the uptime, and yes the switch never been powered off..
the topology look like this
____ 6500 ____
/ / |
1 2 3 4 5 ...... 9
the vlan is end to end vlan, so vlan span between all those switches. transparant. this is collapsed topology, core and distribution is the 6500 itself all of the 1-9 access switch are in the same rack, with no loopguard, and bpdu guard configured. and connected to the core using etherchannel. the problem is there is no log available to start the troubleshooting/investigation.
I can see drops on one of our busy L3 vlan in the input queue and are going up very frequently.System image file is "sup-bootflash:s72033-psv-mz.122-18.SXD3.binHardware = 6509
View 1 Replies View RelatedI have ASA-SM failover pair in two Catalyst 6500 switches. I send from switch to ASA-SM management VLAN 1234 to admin context for management purposes. I have another 3 contexts on ASA-SM. Can I have same managemenet VLAN1234 on each ASA-SM context? Can it work?
View 1 Replies View RelatedI need adding a vlan to the trunks bundled in port channel. I know how to add v lans to a port channel with Cisco IOS but with CAT OS.
I have 2 ports bundled to form ether channel in switch which is running CAT OS. There are already few v lans allowed in the trunk of each interface. now I need to add one more v lan.
For Example:-
v lan 135 needs to be added in addition to the existing v lans.
clear trunk1/2 1-112,115,117-134,136-4094
set trunk 1/2 on dot1q 113-114,116,135
and similarly on the 2nd interface
so if I add vlan135 to the trunk one after another will it cause any service disruption?
We have a pair of 6500 switches, each having a trunk going to each access switch. We set the spanning tree priority on Core1 so it is the root bridge for all VLANs. We have two different types of access switches:
-3550 setup as VTP client and ISL
-2960 setup as VTP transparent and dot1q.
Pruning is disabled but we use "switchport trunk allowed vlan" to restrict which VLANs go through each trunk. When we need to permit a VLAN through a trunk, we simply run "switchport trunk allowed vlan add <VLANID>" on the access switch and both core switches. If it is a 2960 in VTP transparent mode, we must set the VLAN to active. Once this is done, a "show int trunk" will reflect the new VLAN in "Vlans in spanning tree forwarding state and not pruned" for Core1.
I recently went through this process to add VLAN 250 on a 3550 access switch, but the VLAN is not listed in STP forwarding state and not pruned. I tried removing the VLAN from the trunks and redoing it, but there is was no change. I tried adding VLAN 257, but the same behavior happened. I then tried trunking the same VLANs to a few other access switches. Three other 3550s experienced the same behavior, but I was able to trunk the VLAN to a few 2960 switches. At this point, I figured it might be related to some kind of limitation of VTP or the 3550 switches. I provisioned a new 3550 with the same IOS and settings (VTP client, ISL). To my surprise, all VLANs configured were in STP forwarding state and not pruned.
Running show spanning-tree on the core and access switch shows VLAN 250 as designated FWD. I confirmed we are not hitting the limits in "show spanning tree summary totals" on the Core or Access switches. I also confirmed we are not hitting the virtual port limit by running "show vlan virtual-port slot x."My next action might be to shut/no shut the uplink to Core1 from the access switch, but I'm not sure if that will fix it and even if it does, I have no clue what caused the issue.
I have a really weired thing happening on 6509 device with one of my customers.The device has a SUP 2 (MSFC2) with version 12.2.18SXF17B.
any VLAN interface once administratively down or simply down shows on "show interface status" output as VLAN.While it supposed to show "Routed". However once the port is up it is shows "routed" like it should.
I need to implement the shaping VLAN only on the trunk link between the 6500 and 3560. [code]
View 8 Replies View RelatedWe need to get the MIB /OID information for 6500 series switches. Especially we need to monitor the Gig interface “input & output” traffic rate for every second.Switch model: WS-C6509-E / SUP 720 We tried the below value but not getting proper output. MIB:- 1.3.6.1.2.1.2.2.1.10.2 Also we would like to know whether there would be any impact on running the below global command “snmp-server hc poll <in msec>” in 6500 series switch.
View 4 Replies View RelatedI want to learn that,on cisco switch (2950,3600,6500 series) IpV6 default open? İf It comes open on default,how to disable?
View 19 Replies View RelatedI am getting high cpu on 6500 swich running with SUP2 . Below is process cpu output .
****************** show proc cpu ******************
CPU utilization for five seconds: 97.03% one minute: 97.08% five minutes: 97.02%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process--- ----------- ---------- -------- ------- ------- ------- --- ---------------1 335581512 0 0 2.97% 2.92% 2.98% -2 Kernel and Idle2 6 128 1000 0.00% 0.00% 0.00% -2 Flash MIB Updat3 10468247 8763359 192000 0.98% 0.00% 0.00% -2 SynConfig 4 1694917 1210299 3000 0.57% 0.00% 0.00% -2 Statuspoll 5 341501 2798181 2000 0.19% 0.00% 0.00% -2
[Code]....
I am trying to guarantee 100mbps for a vlan across a gig link. I have done some research and found this command for switches
mls qos srr-queue input priority-queue 2 bandwidth 20
However it doesn't seem to work for my 6500. I know the 6500 uses PFC for QOS but I have no idea how it works. how I can guarantee a vlan 100mbps across a 1gig link?
When we do self diagnostic test for WAE connected to the 6500 switch i get warning as below. Due to this alert there is no major acceleration benfits by the WAAS
Test WARN [tfo] WARN ASYMMETRIC Asymmetric routing is seen in the device Action: Check router's network configuration and WCCP redirection on the router.usevwa1#
6509 switches has only L2 capability and does not do WCCP redirection. The WCCP re-direction is done by 2821 routers.Is there any command which needs to be given in 6500 switch to solve the issue
I have 2 Chassis 6506-E with sup 720. one of them work properly(Switch1) but another(Switc2) not boot form bootdisk and go to ROMMON mode. I Captured IOS from Switch1 with tftp but I cant Copy this image to switch 2 with tftp.
View 4 Replies View RelatedI have a routed interface on a Cisco 6500 Series switch. I am trying to find a way to adjust the tcp mss.To date I have not yet been able to find a way to accomplish this. Is this just not supported?
View 3 Replies View RelatedON switch 6500 i have configured an interface vlan x and applied policies on inboud and outbound directions as per below: [code] But the problem i am facing is that the policy outbound works ok , but the policy inbound doesnt work at all. specifically it doesnt match anything. [code]
View 1 Replies View Relatedwe need to relocate our core switch 6500 with sup 720 to another bldg
what is the command to gracefully shut it down I mean power off
I was told one can just switch off the power
what is location of flash file in 6500 Series switch and how can we take back of IOS image for 6500 series.
View 4 Replies View Relatedi have configure new ACE 30 module on top of 6500 core switch , the issues am facing whenver i want to access to https://ACE_IP and after i enter the user name and the password , it's forwared me to the follwoing page: is there anything should i configure to avoid this page ?
View 1 Replies View Related