We had an power shutdown activity last week, due to which one of the core switch was turned off and ON .After the core switch was turned ON, we had found some of the ACLs missing which were bounded in VLANs. We had given write command before this power shutdown activity.We need to find the root cause for the same.
Switch Model-WS-CISCO-6509-E.
Suffered a big outage on the network, the fix was to reload the module 3 on the 6509 switch, we had these errors on the log %CONST_DIAG-SW1_SP-3-HM_PORT_TEST_FAIL: Switch 1 Module 3 TestUnusedPortLoopback Port(s)[24,46] failed. System operation continues.in the end, we reloaded the card and it was all ok. is there anything I can do to check the card / or any deeper logs? would that error cause the card to crash?
View 1 Replies View RelatedI'm using a CISCO1921/K9 with IOS 15.1(3)T1 and licensed fetaures ipbasek9, securityk9, datak9, SSL_VPN. After a working setup of webvpn I'm running in troubles after a reload - of course, the running-config is copied before reload ; )
This config line: webvpn install svc usbflash0:/webvpn/anyconnect-win-2.5.3055-k9.pkg sequence 1
is missing after a reload. Consequence: the "Anyconnect Client" refuses to connect. What can be the reason? Is it the sequence "1" - I only have one sequence and not more of them? I use this CLI input
webvpn install svc flash:/anyconnect-win-2.5.3055-k9.pkg sequence 1
to install - the line above appears in the running-config output - is this the right way?
We have a backup sup 720 which has a 2 gigabit ethernet though port channel, to another chassis. Suddenly UDLD detected an error and got into err disable, then this err disable didn't let the interface set to DOWN, and created a switch loop, then our Supervisor reloaded. I'd like to know what could have caused this reload. In my opinion could have a been the switch loop, but also I've been checking from the output interpreter the show tech and might have been a bug, the only one that could match in IOS version 12.2(33)SXH, is this one: url...
We're going to disable err-disable next time I guess and recover the link manually, apart from that what could have made the sup for crash and reload?
We have a setup of FWSMs configured in single mode in 6509 chassis. Both 6509 are configured in VSS. Recently I have upgraded the firmwre from 4.0(3) to 4.1(3).....before upgradation config sync was not having any problem.
After upgradation...If any one of the FWSM reload..while coming up it gets stuck in config sync and no command we can run on any of the unit and get the error as..
Configuration update in progress by another process. Also on stannby fwsm no running-config displays.
If we used # failover suspend-config on primary and then reloads the standby fwsm...standby boots up with startup config and when # no failover suspend-config command runs on active fwsm..the sync started and completing succssfully within 15 sec..
Also failover works well..with #no failover active..
Is it possible to implement ACLs in layer3 switch??
View 4 Replies View RelatedI am testing a ACS 5.2 in our lab environment, I am testing port security for policy based VLAN and ACL assignment. The problem I am having is with the 2960S switches; in my current setup it is working but it doesn't seem to me like it is the way that it should be working. I have a downloadable ACL in the ACS defined and associated to an Access policy and it is working correctly. The problem is, from what I understand, I have to assign a default ACL on the switchport? So what I have assigned on the switchport is ip access-group 10 in. The downloadable ACL from the ACS is also called 10. Do I really need to match the ACL on the switchport with the ACL name I have created in ACS? That doesn't seem like it's dynamic if that is the case? What is the ACL that I should apply to the switch port (if any) in order for the downloadable acls that I configure in the ACS to work no matter what port the user is patched into?
View 2 Replies View RelatedA CISCO 3750-X stack with several VLANs and many ACLs applied to the virtual interfaces. Intervlan routing is on. Connected to this stack are VMware hosts and with about 500 VMs.We started using the ACLs to allow connectivity between VLANs to specific hosts and it has grown to thousands of lines. I personally do not think this is good for the switch and believe the switch was not intended to be used for that security feature.
- Does it make it sense to add an "internal firewall" between the CORE ROUTER AND THE 3750-X SWITCH STACK ?
- Do you recommend any other way?
- Any recommended CISCO resource/white paper to read about best practice
We have a working PBR route map on a 6509 switch and a 3750 switch, each in different locations.On both devices, the route-map is configured to match on one of multiple ACLs, then set the next hop to a directly-connected IP address, like so: [code]
When copying in the ACL contents for "ACL20", they were accidentally copied in to the ACL1 list, and ACL20 was never created. Shortly after this was done, the next hop router went unreachable in both locations. Pings failed and the 6509 and 3750 each lost the EIGRP adjacency to the 1.1.1.5 router. After troubleshooting, I removed "match ip address ACL20" and connectivity returned.
My question is...if a PBR route-map tries to match on a non-existent ACL, what happens? Does it mark the next hop unreachable (even though it's directly connected) or does it match for ALL traffic and send *everything* there (thus, making it appear unreachable, as if a broadcast storm was happening)?
After a abrupt power cylce of 6509 switch, vlan configuration got missing. Switch has not crashed.
View 4 Replies View Relatedwhile i am configuring a port on switch .The switch reloads.After reload the show version says
System returned to ROM by bus error at PC 0x458F6C, address 0x0
show version from the effected switch is
Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 12.2(58)SE2, RELEASE SOFTWARE (fc1)
Technical Support: [URL]
[cODE].....
I have the following problem with
Situation:
- 2x 3750G-12S Distribution-Switches (DS) and several 3560/2960 Access-Switches (AS)
- redundant Fiber optic uplinks between AS and DS
- Cross-Stack Etherchannel config on all uplinks
- UDLD aggressive mode configured on all uplinks
Problem:
- when I reload the DS and the switch comes up again, I've lost the connection with several (not all) AS
- looking at the AS log I found the following error message: "%UDLD-4-UDLD_PORT_DISABLED: UDLD disabled interface Gi0/1, aggressive mode failure detected"
Cause:
- in the log of the AS I don't see intf Gi0/1 go down during the reload of the DS
- this means the DS didn't shuts down all its ports during the reload
- but this also means that UDLD on AS didn't know about DS reload, and therefore didn't resets counters
Workaroud/Solution
- I'm now configuring errdisable recovery on all AS
So I'm forced to configure errdisable recovery, even if I don't want.
I am not able to find the exact bug for Cisco 3750E stack - Debug Exception (Could be NULL pointer dereference) Exception (0x2000) error. Closest i can find is CSCsa72400 which only affects ver 12.2(20)SE4.All the stacks (3 switches) are running 12.2(50)SE3, It appears that the switch 1 crashed and reloaded. My hunch is its software but i cant find any related bugs. It could be hardware issue as well ?
View 4 Replies View RelatedI have just upgraded 2 3750 switches in a stack via the master and reloaded the master switch remotely, how can I reload the 2nd (member) switch?
View 16 Replies View RelatedI uploaded a new config file via TFTP to a 3560 switch. What are the order of commands to get it to boot from this new config file instead of the file listed in 'sh boot': [code]
View 7 Replies View RelatedI have one 4506E switch working in Lan setup as a core switch with WS-X45-SUP6L-E running ipbase IOS 12.2(54)SG1. Each time after reload the switch we found that the clock is getting reset ( time is getting changed ) where as day, date & year is unchanged.
View 2 Replies View RelatedI had a strange issue with one of my customer..Cisco WS-C3750X-48P Access switch was not reachable and after reload it started working.I would like to know the root cause of the issue. There were no logs and no errors in interfaces.Even Cpu utilization was not high. We have enabled arp inspection and dhcp snooping in the switch..Hope this will not make any issue..Also we have dot1x enabled on port..
View 5 Replies View RelatedI'm reading the SWITCH OCG for the second time now, and I noticed page 210 is completely missing: it's a duplicate of page 212. I'm still wondering why I didn't see it the first time I read it.
View 8 Replies View RelatedI have a strange problem with one switch in my LMS 3.2.1 installation.It is a WS-C3560-48TS with IOS 12.2(50)SE3 running. I have nine switches with the same type and IOS running without problems.
I notice the problem because there were no UT data for that switch. In RME and CS it was managed.Checking SNMP and config of the switch, but can't find any issues.Because at this time LMS ran in version 3.2 I installed at first CM 5.2.1 and after that the patches for CSCtd49439 and CSCtg20882.Next step was RME 4.3.1 with a lot of patches for different issues. Then I installed the patch for the internal error of CS (CSCtd07131).And finally I installed LMS 3.2.1 and patch for CSCto46927.Last step was installing the latest device packages. I did this directly from the application because it is much better handling than do a manual download. No the system seems to be fully updated.
I had the hope that CM will now find and manage this one switch. But it is still not available.I can't find the device in the data collection. But I can find it in the "Include Devices From DCR", although I configured to fetch all devices from DCR automatically to CM. To manually include the device is not working, too.
P.S. I used that step-by-step update path because it worked on two other servers very well for me.
How to config SVI on Cisco 6509 switches??
View 1 Replies View RelatedWe are unable to login at Cisco 6509 switch, due to username and password not working. We have tried to recover the password as per Cisco document, but that is also not working. This switch is our Primary Switch in our network.
View 8 Replies View RelatedWe have Cisco 6509 switch, in which DHCP is enabled and now we have WDS(Windows Deployment server) that needs option 60 to be enabled on DHCP scope for deplyoing OS remotley to PC's. Where to get sample configuration to enable the option 60.
View 1 Replies View RelatedI am getting following error in Cisco 6509 switch.BUt there is no impact in the switch.
: %MAC_MOVE-SP-4-NOTIF: Host 0000.0c07.ac01 in vlan 694 is flapping between port Te8/1 and port Te7/1
29:33.959: %MAC_MOVE-SP-4-NOTIF: Host 0000.0c07.ac01 in vlan 269 is flapping between port Te7/1 and port Te8/1
[Code].....
What is the VPC configuration template with two core 6509 switch.Pls find the attachment for Network topology.
View 3 Replies View RelatedI am trying to use a Tekradius Windows2008 server to aaa authenticate switch admin logins. The Radius server and 6509 loop0 are in a management VRF "netman". I can happily ping to and from the Server and loopback0 interface without issue. I have also tested the radius server account using RadiusNT on a workstation. I get an accept reply with the following variables..
shell:priv-lvl=15
NAS-Prompt
Here are the relevant parts of my config as far as I can see..
aaa new-model
aaa group server radius SRADIUS
server-private 192.168.1.101 auth-port 1812 acct-port 1813 key cisco
ip vrf forwarding netman
ip radius source-interface Loopback0
!
aaa authentication login default group SRADIUS local
[code]...
Im having a strange problem on a 6509 switch. I am trying to use a Tekradius Windows2008 server to aaa authenticate switch admin logins. The Radius server and 6509 loop0 are in a management VRF "netman". I can happily ping to and from the Server and loopback0 interface without issue. I have also tested the radius server account using RadiusNT on a workstation. [code]
View 8 Replies View RelatedAre there any solution to connect VLAN 1002 configured in non-cisco switch to connect to Catalyst 6509?
View 2 Replies View RelatedI have a 6509 running catOS that i had to do some routing changes on this weekend. I guess i forgot to set the default route so now I can't login or ping from outside the local subnet and because of acl restrictions on the vty lines can't login from a device within the local subnet. I can login to the sup module so i'm trying to figure out if there is way to get to the switch from the sup like you would access the sup from the switch by inputting the command session 15 or session 16, is there a way to do the reverse to get to the switch from the sup?
View 1 Replies View RelatedI have number of 6500 switches and we are in the process of getting support contract renewed now when i buy support for my 6500 series switches i have to inform main module serial numbers (Only this one). or do i also have to inform about sub module serial numbers to my support vendor?
View 1 Replies View RelatedWe have two 100 MBPS P2P link from two different ISP and we have terminated both the link on our 6509 switch. Now we want to configure the load balancing between these two disfferent ISP 100 MBPS P2P link.
So, how to go and what all options we can try ? We are thinking for Ether Channel configuration. Need your expert opinions on the same and if etherchannel configuration is the option then what would be the configuration for the same ?
I was logged in to this device in monday normally and in tuesday when i trying to
Cisco SW#telnet 172.17.1.1
Trying 172.17.1.1 ...
% Connection refused by remote hos
And i compare the current configuration with last configuration in monday i found no change, this device in live network also cpu is normally and memory.
I have a 6509-E chassis that was prevoius in a VSS configuration. Due to some VSL failures I had to cobvert it to a standalone chassis but would like to bring it back to a virtual system.
Whenever I try to convert it by using the command "switch convert mode virtual" I get the msg %Please configure local switch number first". After doing so by entering the CLI cmd "switch set switch_num 1 local" I still get the same message.
in my 6509 switch while i checked is showing some thing like this RDCCI65F0#sh environment
environmental alarms:
no alarms
backplane:
operating clock count: 2
[Code].....