Cisco WAN :: Means For Monitoring Storm On 3560E Or 7600
Dec 8, 2010
There is a port on 3560E, facing POP, this port is in the dedicated vlan, that is terminated on 7606 on SVI (peering point).There is configuration made on the 3560E port, that prevents storm of ucast or bcast kind. This is: switchport block multicast switchport port-security maximum 1000 switchport port-security switchport port-security violation restrict storm-control broadcast level bps 1m storm-control multicast level bps 1m storm-control action shutdown storm-control action trap no cdp enable no lldp transmit no lldp receive spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable. [code]
I want to get info not only about the fact of storm attack but also about at least source and destination of it (i.e. source and/or destination MAC). Perhaps this could be some logging messages.Are there any means for this on C3560E-UNIVERSAL-M (IOS ver 12.2(53)SE2) and 7606-S.
View 2 Replies
ADVERTISEMENT
Oct 27, 2011
To prevent virus to spread throughout the network ports or switches, can i used broadcast storm to control? sometime, network may encountered loop, or some virus spread?
interface gi0/1-24
storm-control broadcast level ?
storm-control multicast level ?
storm-control unicast level ?
storm-control action shutdown
What will be recommended level? or the threshold / pps ?I read through cisco website, and understand, however, just never apply before, what is the recommended level for ?in my network, we do have network ports connected to media server, just sharing video, song, etc for testing purpose, however not using PIM, but it work.
View 15 Replies
View Related
Dec 22, 2011
I`m connecting a client directly to a 3750, and giving them a public IP.
On the port I have set spanning-tree bodyguard enable
But I guess I should also set some storm control etc. What settings should I use for storm control?
The client has a 100Mbps internet connection running trough this port....
View 1 Replies
View Related
Apr 30, 2012
We're using ME-3600 and ME-3800 switches to create VPLS domains. Now to avoid L2 loop issues with 3rd parties connected to the multiple ME-3X00 switches and configured in the same VPLS domain, we would like to configure storm-control.
When checking the configuration manual about storm-control on ME-3X00 switches it mentiones: storm-control is configured on the physical interfaces and when it's triggered it will not only impact the physical interface buy also the EFP configured on it.
According to me this could mean two things:
When there's a storm on the physical port, the port wil be shutdown (it if this the action configured) and of course the EFP on that physical interface will be impacted too (logical consequence).When there's a storm on an EVC (EFP) configured on a physical interface, it will shutdown the entire physical port (if this is the action configure) and as a consequence all other EFP will be impacted too. Briefly: is the configured storm-control on an interface also triggered by storm-controls on an EFP? I suppose it would but like to have some confirmation.
configuration example
interface GigabitEthernet0/2
description TEST storm-control
switchport trunk allowed vlan none
[Code].....
View 0 Replies
View Related
May 29, 2012
Yesterday there was huge storm, and lightning smashed into nearby house. My computer was running and I turned it off just after that. Result of nearby lightning was that internet no longer worked afterwards.
Soon after I was able to connect on my laptop, (laptop was connected and turned on during storm too) but desktop was still unable to do so.
I noticed that in device manager there is missing network adapter in list. EVerything is connected as it should be, but ethernet port doesnt have any lights on. I believe there should be some small light on port as is on my laptop, but Im unsure.
how I could check whether my network card is ok? Or what could the problem be? I really hope its just software issue.
View 4 Replies
View Related
Jul 17, 2011
We have 3750 and 4510 switches and in both we run Q-n-Q but we observed looping/Broadcast Storm we already run TSP on 3750 end and this is corporate branch but 4510 its difference branch where we run q-n-q technology.
View 1 Replies
View Related
Sep 12, 2012
So the SG300's have STP on them and prevent network loops when other switches on the network also support STP too. However, if someone plugs in a non-managed switch that doesn't support STP with a network loop, is there anything within the SG300 switches to isolate and/or prevent that from happening?
(I currently have port mirroring turned on for one port and a network sniffer attached awaiting the incident to happen again).
View 1 Replies
View Related
Feb 26, 2011
what does VXR and S means in these series?
View 1 Replies
View Related
Sep 12, 2011
by saying "open ports" in a router or PC or other Network System what we mean basically? what is opposite terminology, "closed ports"?-used or unused-sensitive-vulnerable or non vulnerable to attacks-exploited easily and when so may attacked and have much bad/serious consequences/results
View 2 Replies
View Related
Oct 30, 2012
I have 2 ME3600Xs and utilize Broadcast and Multicast storm control on client facing interfaces. One of my ME3600s is reporting a Multicast storm and that a packet filter action has been applied. The strange thing is that it is showing up on an Admin Down interface that has nothing connected to it. [code]
View 2 Replies
View Related
Feb 9, 2012
We have around a dozen Catalyst 3560 and 2960 switches in a ring topology. We are considering adding storm control to our trunk ports. Up until now we have only used it on edge ports with default values and without error-disable.I am proposing that we also add storm control to trunk ports at a lower level and that we error-disable only the redundant links that make up our loops.
-storm-control broadcast level 25.00 20.00
-storm-control multicast level 2.00 1.00
-storm-control action shutdown [only on redundant links]
In a storm all links will restrict broadcast which should work accessing remote switches, but the redundant links should errdisable and block the redundant path. It is important that the action line is not applied to links that are not redundant as we could isolate parts of the network. Any reason not to use storm control on trunks?
View 2 Replies
View Related
Apr 3, 2013
Is it possible to have ASDM and SSH authenticate via different means on a RADIUS server? In particular, I have a single aaa-server group that's used for both ASDM and SSH, but I want to limit ASDM access to only a particular group in Active Directory (for example). I looked at various different requests (from the server's perspective) to see if there was a way that they (ASDM requests and SSH requests) were differentiated but was unable to find any. It would be ideal if there was something inherent about the RADIUS request coming from ASDM vs SSH so that I could build that decision making into the RADIUS server.I know I could do this by just using a different aaa-server group for each access method, but I want to avoid that if possible.
View 7 Replies
View Related
Nov 30, 2011
What the user specification with the asa5505 means.there is a 50 user and an unlimited license with the asa5505. with 50 user does this mean that only 50 user can work simultaneously over the asa, or what?
View 10 Replies
View Related
Feb 17, 2012
url..This says an ISR G2 3945 can achieve 502.78 Mbits when CEF fast switching. Is this per port or total for the whole box? Since the router will hold dozens of switch ports and several gig routed ports I don't understand what this half gig switching speed means.
View 5 Replies
View Related
May 29, 2013
The Cisco 3560 uses a relatively simple classification scheme, assuming you consider only what happens when the forwarding decision has been made. These switches make most internal QoS decisions based on an internal DSCP setting. The internal DSCP is determined when the frame is forwarded. What internal DSCP setting means?
View 5 Replies
View Related
May 16, 2011
We run a hub&spoke network with dual GRE tunnels from each spoke site to seperate independant adsl routers at the hub.IPsec is enabled on each tunnel with crypto maps and then QOS is enabled with pre-classify for voice traffic priority. We also have defined a class for Citrix traffic by identifying port1494 traffic out and anything bound for our citrix servers IPs.Ok so the problem is that once the encryption comes up on the tunnels, the citrix programs wont connect. Take the crypto map off the tunnel and all works fine.
Here is the relevant config
crypto isakmp policy 1 encr 3des authentication pre-share group 2crypto isakmp key **** address *.*.*.*
crypto isakmp key **** address *.*.*.*
crypto map SDM_CMAP_1 1 ipsec-isakmp description Tunnel to hub1
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 104 qos pre-classifycrypto map SDM_CMAP_1 2 ipsec-isakmp description Tunnel to hub2
set peer *.*.*.*
set transform-set ESP-3DES-SHA match address 105 qos pre-classify
[code]....
I deliberately weight EIGRP to favour Tun0 and have Tun1 as a failover. I was thinking of Route-mapping the Citrix traffic to Tun1?
View 1 Replies
View Related
Oct 23, 2012
Today i saw on the router dir-655 log file that "UDHCPD Received a SIGTERM" and "received signal 15, good-bye" and the ip address was renewd after 14 days. I want to understand if it's normal behavior of the unit or not. I'm connected to cable modem that is stable more than 15 days.
here is the log of my router:
Oct 23 17:49:48 debug UDHCPD sending ACK to 192.168.0.3
Oct 23 04:01:15 debug Debu: Joining group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 04:01:15 debug Debu: Leaving group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 03:59:09 debug Debu: Joining group 224.0.0.252 upstream on IF address 46.117.1.47
Oct 23 03:43:58 debug gpio create pidfile /var/run/gpio_wan_green.pid
[code]....
View 10 Replies
View Related
Apr 8, 2011
We are trying to isolate the fault. From Aggregator a router, we are receiving MAC address of distant end ethernet interface of a SDH box and vice versa is also possible. However ther is no packet received. My question is does ping test is must to see if the path is through or just receiving MAC adress at both ends would mean that packets have to go over the path.
View 1 Replies
View Related
Feb 19, 2012
I have a few 3560E running Ver 12.2(50)se2. Can these boxes be configured to run VRF. I see a "sho IP VRF" option, but I do not see it available when under config t. Do I need to do a IOS upgrade to be able to configure VRF?
View 7 Replies
View Related
Sep 2, 2010
I upgraded four 3560E, 12.2(44) to 12.2(55)SEThree 3560 works fine, the last one stops after 17-18 seconds with a solid green LED. I cant get into ROMmon, the switch doesn't boot up. its like "dead but still alive"
My TS:
1: Removed all SFPs.
2: Reset PSU and fan modules.
3: Replace PSU and fan modules.
4: Try to get into ROMmon.(pushing mode button and break seq.)
Startup LED:0-1 seconds: SYST: Amber RPS: Amber STAT: Green DUPLEX: Green SPEED: Green
1-17 seconds SYST: Blinking Green RPS: OFF STAT: OFF DUPLEX: OFF SPEED: OFF
18 s--> (only testet up to one hour) SYST: Solid Green RPS: OFF STAT: OFF DUPLEX: OFF SPEED: OFF
A working 3560EStartup LED information. If I compare a working switch with the faulty switch I can see about 18 seconds into bootingSYST change very fast from green to amber and continues with booting,this doesnt happened on the faulty switch (solid green 18 seconds). Pushing MODE button, doesn't get me in to ROMmon, this works for all the other switches.On a normal 3560 it takes around 40 seconds before I get in to ROMmon. With this faulty switch it stops after 18 seconds(solid green) and it doesnt respond.
View 7 Replies
View Related
Feb 27, 2013
I have configure multiple vlans on both the core swithces below is the example, my question is how will be my VTP server configuration on the 3560E since both the core switches will have identical vlans HSRP 2 configured on them. Do I have to configure both the cores with same DOMAIN NAME ?
The core has VTP 2 so I cannot use primary and secondary option.
CoreSwitch1
interface Vlan713
ip address 194.43.86.251 255.255.255.0
standby version 2
standby 86 ip 194.43.86.1(code)
View 3 Replies
View Related
Jan 27, 2012
recently a Cisco 3560E switch went down due to a power surge. the switch is getting power but i am only seeing the below message continously. it is keep on rebooting. i try to reset to factory settings/ safe boot nothing worked. is there any way i can bring the switch up or it is hardware failure.Using driver version 1 for media type 2Base ethernet MAC Address: 00:23:33:af:1b:00Xmodem file system is available.The password-recovery mechanism is enabled.Using driver version 1 for media type 2Base ethernet MAC Address: 00:23:33:af:1b:00Xmodem file system is available.The password-recovery mechanism is enabled.
View 5 Replies
View Related
Nov 2, 2011
3945 is running c3900e-universalk9-mz.SPA.151-4.M2
3560e is running c3560e-universalk9-mz.150-1.SE
I've got brand new 3945's with onboard 16-port 3560e switches. On the first power up I see that there are several new vlans added that appear to be default vlans..
vlan 2 name fst2
vlan 3 name fst3
vlan 4 name fst4
vlan 5 name fst5
vlan 6 name fst6
vlan 20 name VLAN0020
vlan 21 name VLAN0021
vlan 22 name VLAN0022
vlan 23 name VLAN0023
vlan 99 name VLAN0099
I deleted the vlan.dat and reloaded the switch but these vlans come back. What these vlans are intended for and is there a better way to get rid of them? What does "fst" stand for?
View 4 Replies
View Related
Mar 11, 2013
I have a cisco 3560E switch setup with LACP, when using LACP i receive alot of packet loss / output drops
When a ping from the server behind LACP:
--- google.com ping statistics ---
44 packets transmitted, 39 received, 11% packet loss, time 42990ms
what would cause this packet loss with lacp?
some output from the switch:
Port-channel12 is up, line protocol is up (connected)
Hardware is EtherChannel, address is d0d0.fd58.7390 (bia d0d0.fd58.7390)
Description: LACP-PORT
[Code]....
View 2 Replies
View Related
Jun 17, 2012
I implemented the 3560E switch, this one have two Giga bit ethernet/10-Gigabit Ethernet module slots. I used the Twin Gig Converter Modules and one SFP. All configuration was applied in the Ten Giga bit, however the interface giga bit ethernet is UP UP state and the Ten giga down down.
View 3 Replies
View Related
Sep 23, 2012
I'm trying to configure "IP PIM SPARSE-MODE" command on a vlan interface on a 3560E switch but it doesn't give me the option to do this. The only option available is ip pim passive. What would cause this ? On the same switch a physical interface is already configured with IP PIM SPARSE-MODE.
View 2 Replies
View Related
May 15, 2013
I recently upgraded a remote site of mine to IOS 15-2.SE ipbasek9 on 3 3560E series switches. On switch number 2 I have 5 VG224's running (vg224-i6k9s- m) 12.4(22)T3. After the switches reloaded the VG224's dropped their connection. After doing all basic troubleshooting I reloaded the 12.2 (58)SE2 ipbasek9 image back on to the 3560E's and the VG224's reconnected immediately after reload and all phones registered.
Is the problem a licensing issue with the 15.x IOS on the 3560's or do I need to upgrade the VG224's to IOS 15.x as well for them to connect and operate via the 3560e switch running 15-2?
View 1 Replies
View Related
Apr 13, 2011
I have 3560e which doesn't appear to be passing igmp traffic to the upstream router
PC1 ----------- ASA ------------ PC2--------- 3560e ----------- 3825 -------------------- WAN --------------------- Router ------------- Server
My ASA runs SMR, has an igmp forward interface outside command on the inside and has a trunk port to the 3560e (V lans 32 & 48).PC2 is a test pc on the 3560e on vlan32. 3825 is my ISPs router on vlan32.
- if i try to access the stream from PC2 it works.
- if i try to access the stream from PC1, i see the igmp join leave my ASA onto the 3560E (i've captured on the 3560e's link to the ASA).
I've also captured on the ASA and i can see the igmp packet leave the outside interface but the join doesn't reach the 3825 (i've captured on the 3560e port facing the router and there is no join being forwarded).the switch is running in layer 2, 12.2(35r)SE1.
switch#sh ip igmp snooping querierVlan IP Address IGMP Version Port---------Switch#
Global IGMP Snooping configuration:------------------------IGMP snooping : EnabledIGMPv3 snooping (minimal) : Enabled Report suppression : Enabled TCN solicit query : Disabled TCN flood query count : 2Robustness variable : 2Last member query count : 2Last member query interval : 1000
View 2 Replies
View Related
Dec 10, 2012
Does any know what " Last reset from system-reset " means? Is this becouse of a power failure or someone reloading the switch?
View 3 Replies
View Related
Apr 15, 2012
We have a Site that is connected via Wireless Bridge to the Main Site, the site is on separate VLAN with Cisco 3560 switch. The main site has 6509 swith. Configuration as per attached diagram. We are connecting a fiber between the remote and the main site and adding a 3560E switch at the remote site, however we would like to keep the wireless connection as a backup in case the fiber is severed the wireless will be availble. Attached diagram shows detailed cofiguration. I would like to know what should I change to make this working. STP is enabled on all switches.
View 3 Replies
View Related
Dec 12, 2012
We have a 24 port and 48 port 3560 E switches with identical IOS the 48 port switch supports private vlan while 24 port switch doesnt
configure private vlans on 24 ports 3560e and is it best practise to configure private vlan on this platform(3560)?
IOS version : C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
flash:/c3560e-universalk9-mz.122-55.SE3/c3560e-universalk9-mz.122-55.SE3.bin
View 3 Replies
View Related
Nov 11, 2012
is it possible, to use a Catalyst Switch (in my case a 3560E) as a source for a console session to another Catalyst? In principle to use it as a console terminal server.
View 1 Replies
View Related
Dec 1, 2011
I need to know the key functional differences between the Catalyst switches 3560E, 3560X and 3560G.
View 1 Replies
View Related
