we have applied route-map on vlan interface in the form:
ip access-list extended TEST
permit ip 172.16.1.128 0.0.0.127 172.16.0.0 0.0.255.255
route-map TEST permit 10
match ip address TEST
set ip next-hop 172.16.111.1
interface Vlan11
ip policy route-map TEST
The problem is in the traffic matching by the rule - there is matches not only for 172.16.0.0/16 prefixes but for the whole traffic in that VLAN.
I have a 3560G that I cannot apply a policy route-map to one of the VLAN interfaces. I am running up to date software, c3560-ipservicesk9-mz.150-2.SE2 and it accepts the command, but does not show it in the sh run of the interface. I updated to this code as I had seen previously someone said it needed to be version 15 before you could apply route-maps to VLAN interfaces.
View 4 Replies View RelatedIs it possible for me to create 2 vlan interfaces on the 6500 and have them both in the same subnet?
For a specific customer requirement I would like to have a vlan interface on the 6500 as default gateway, sat in it's own vrf, and then route all traffic inbound and outbound to this vlan through the FWSM interface, preferably in the same subnet. I don't think this will be possible so just looking for confirmation either way.
As I will be running EIGRP between a pair of central 6500's and 2 remote offices it will make things much easier for me advertise the connected FWSM interfaces in to EIGRP for access in/out of all my VRF'd subnets. If I need another subnet for each VRF FWSM next hop then I'll have to reditribute a list of statics which I don't really want to do.
The reason I am not just using the FWSM as gateway is because I need to run HSRP across 3 different devices (another 6500 in a second suite), and failover FWSM will only give me 1 level of redundancy for those gateways.
Q. Does the Supervisor 720 support all existing Cisco Catalyst 6500 series interface and services module, protecting customer investments?
View 1 Replies View RelatedCannot set route map on interface vlan. which in non default vrf on Cisco 3750.IOS c3750-ipservicesk9-mz.122-55.SE.bin sdm prefer route in enable ip vrf users rd 200:0 route-target export 200:0 route-target import 200:0 interface Vlan201 description Users 1 ip vrf forwarding users ip address 10.31.76.1 255.255.252.0 ip helper-address 10.31.4.57 route-map fromuser permit 10 match ip address fromuser set ip next-hop 10.31.128.155 When I enter "ip policy route-map fromuser" to interface Vlan 201 I heve the message:
% Remove VRF configuration from interface Vlan201 first
Vlan interface would be dropping packets on the input queue? Refer to the drops/flushes below. This is from a 6500 with a Sup720, there are a number of vlans on it. This 6500 and it's HSRP partner are exhibiting the same symptoms on all the vlans I bothered to check. This particular vlan is quite lightly used, there are only about fifteen user PC's (each with 100 Mb interfaces) on it.
There is a bit of information on input queue drops on Cisco, but this is focused on physical interfaces where I can understand some packets being dropped. I would think that Vlan interfaces would have different issues.I note the "no buffer" errors as well, that also concerns me, especially as that counter is quite close to the "flushes".
Vlan123 is up, line protocol is up Hardware is EtherSVI, address is 00d0.04fd.6000 (bia 00d0.04fd.6000) Description: Vlan123 Internet address is 10.123.123.7/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not supported ARP type: ARPA, ARP Timeout 04:00:00
[Code] .......
I have a question about SNMP OIDs for the command "show counters interface intx/y delta" on Catalyst6500. The customer wants to create graphs for the following values:Overruns, qos0Outlost, InErrors, OutErrors, InDiscards, OutDiscards etc..Is possible to get these values using SNMP?
View 3 Replies View Relatedi'd like to configure OSPF on a Catalyst 6503 IOS 12.2.17.i habe an Gi1/9 with the ip address 192.168.97.30/24 and a VLAN 19 with the IP Address 192.168.19.0/24.I configured OSPF like this
router ospf 1
network 192.168.97.0 0.0.0.255 area 10.5.0.0
network 192.168.19.0 0.0.0.255 area 10.5.0.0
on the ospf peer is see that the adjaceny is established but i don't get the routes for the 192.168.19.0 network i checked the ip ospf interface vlan 19; i got ospf is not enabled on the interface then i tried to configure
int vlan 19
ip ospf 1 area 10.5.0.0
but it does not access ip ospf 1
I have a really weired thing happening on 6509 device with one of my customers.The device has a SUP 2 (MSFC2) with version 12.2.18SXF17B.
any VLAN interface once administratively down or simply down shows on "show interface status" output as VLAN.While it supposed to show "Routed". However once the port is up it is shows "routed" like it should.
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
View 1 Replies View Relatedi need to solves this little problem on 2960S lan BASE but i dont know if it is possible.
Uplink port config for gi 1/0/28 is:
switchport mode trunk
switchport trunk alloved vlan 10,11
but on interface gi 1/0/1 i want to have data from vlan 10 tagged as VLAN 20.
At this time i have solved this issue very primitively
I have set up gi 1/0/2 as int mode acces, acces vlan 20 and i have connected gi 1/0/2 with gi 1/0/3 with eth cable. int gi 1/0/3 is switchpor mode acces, switchport acces vlan 10
I have a Netgear GSM7248R switch with 5 different Vlans including th management Vlan. Each of the vlans are connected to my layer 3 switch for routing. I want to access the management vlan form any of my Vlans so my layer two switch can be detected by my snmp manager.
View 3 Replies View RelatedI've been given the task to clean-up our network config, and have walked into a disaster zone.We have a 4510R on site with everyone using the default VLAN, VLAN 1.I have created 4 new VLANS, VLAN100, VLAN150, VLAN200, VLAN250 I have assigned interface addresses to each VLAN and configured Inter VLAN routing.I can route to and from each new vlan with no problem, i.e VLAN250>VLAN100 VlAN100>VLAN200 etc but I can't route to VLAN 1(Default VLAN) from any of them, I can ping the interface on VLAN 1 from any VLAN , but any hosts are unreachable. On the flip side , from VLAN 1 I can route to all of the VLANS.
View 3 Replies View Relatedi'm going mad on following problem. I'm trying to get 2 networks seeing each other while one of the network is a non VLAN network and the other one is a VLAN network.They should use the same interface so i added VLAN e0/0.122 to the interface e0/0.Send a ping from my asa to both gw-IP's made me happy at first. In second in figured out that i cannot reach any client in the other network. For testing purpose i created an permit acl to any/any for both networks, but the packets still get dropped by the default implicit rule. (deny any/anyMaybe i'm to stupid for this
View 10 Replies View RelatedI am very new to high end Cisco devices.(like 7600/6500 or ASR9K).
Why do we log in on RP. What actions we can perform after logging-on RP (route processor) or Why they are required ? Cant we make those by normal router mode (router#) .
I have a route-map on a 6500 thats is very definitely no longer required. 2 attempts to remove it have been a disaster.
[Code]...
The route-map and access-list ae not being used at all. Anyny tips for how I can get this removed - for info the process is mush easier on 7206 VXRs.
I'm performing tests with following desired scenario: We have several remote offices, connected to our HQ via MPLS. In these remote offices, we have several vlan's. Each vlan has it's own ip-range. The MPLS cloud is routed, so we cannot switch our HQ vlan's to the remote offices. In this case, the client pc is in a guest vlan which allows him internet access. The uplink for this internet access is hosted in our HQ datacenter.
basic scheme:
client pc --> MPLS cloud (managed by ISP) --> 6500 switch LAN --> Checkpoint Firewall --> 6500 switch DMZ --> ASA Firewall
My test scheme:
Client pc is in a subnet A (guest vlan range office).
We receive this traffic on our first LAN 6500.
[Code].....
Since the ACE supports only static routing, when pointing a default route from the ACE what is your preferred method when using multiple 6500s with an ACE in each in a failover scenario to prevent just pointing at one 6500? Static route to an HSRP address? Multiple static routes on the ACE, etc?
View 2 Replies View RelatedI have 2x6500s series catalyst core switch. i configurated vss. all them are working normal. but i have one problem. some of my servers link is down sometimes. I configurated server links as etherchannel.at etherchannel not both of links down only one link down.this modules i used to connect servers to core switch. modules 3 and 7 slot.
View 7 Replies View RelatedTwo days ago, a brilliant guy inserted a different ios in a Cisco Catalyst 6500 and erased the original ios. I have twice downloaded the original ios by xmodem (too much time!) and both of them, when I reload the 6500, it doesn't work: I have the following message:
loadprog: bad file magic number: 0x0 boot:cannot load "bootdisk:s72033-ipservicesk9_wan-mz.122-18.SXF11.bin"
Second time, when the ios uploaded, I checked the sup-bootdisk: and the flashboot: and both have the wrong ios listed, but it wasn't there: I've tried to delete it and squeeze it, but had a message saying "can't delete because the ios is not there" or something like this. I finished formatting both (flashboot: and sup-bootdisk:), tftp the ios, double-checked the bootloader, compared with other identical 6500 and reloaded again, just to find the same message I've written before.
Supervisor 720 PFC3B. Slots for disk0 and disk1 are broken or I can't read them from the rommon.
We are facing an issue with the NAM3.Version: 5.1(2-patch4)
we can not login using the GUI. when we try to login we are getting the following warning:
Initializing database. Please wait until initialization process finishes.(see attachment)
we have rebooted the NAM3 module but the issue is not solved. the NAM3 module is running on 6500 Series Switch.(Cisco Catalyst 6500 Series Network Analysis Module (NAM-3)
I have been researching a way to remove this subnetted route from my L3.There is an extra subnetted route that should not be there when I execute the command: show ip route
Below if part of my Show Run and the Show IP Route commands. You will see the 10.0.0.0/24 subnet as subnetted. I dont know why the L3 uses the 10.0.0.0/24 when I enter 10.10.10.0/24? But thats a whole different questions.
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 10.10.10.1 255.255.255.0
!
interface Vlan3
[code].....
I have Catalyst 3750. and 2 ISPs
I wanted to use, let say on port5 of Catalyst 3750 only 2nd the ISP will route to this port.
The rest is pointed to the 1st ISP.
Im thinking of using VLAN..
I have an issue with my setup of a 6500 switch (12.2(33)SXI9).We have a 6500 switch with several VRF's. For a certain VRF I would like to redistribute a static route in EIGRP. After doing so I don't see the static route on my eigrp neighbor.
This is a overview of my config. I'm basically redistributing only my static route for this vrf in eigrp.
I found a similar case in which the solution was adding a metric to the static route. (eg. redistribute static route-map static-eigrp-pp metric 10000 100 255 1 1500). But the strange thing is that we don't have this issue on a similar machine (same IOS, same config setup). [code]
i have a question regarding egress queuing on cat6500 modules. e.g. WS-X 6704 has 1p7q4t is egress-modell. my goal is to limit the priority queue to 15% of the available bandwidth. i can put weights on the wrr-queues and limit their ressources: "wrr-queue bandwidth 50 20 15 0 0 0 0." but this isn´t possible for the priority-queue. only available command is "priority-queue queue-limit 15" but this only restricts the buffer to 15%.
at the end of the day i want to prevent that the wrr-queues don´t have remaining bandwidth when the priority-queue is saturated.
is there an easy way to restrict the bandwidth of the priority queue or do i have to implement additionally some kind of policing?
Does SIP-401 module for 12000 series router supports LI IOS software, or that function can be activated only with sip-600. Can I run Lawfull Interception with sip-401 module on 12406 router ??
and can SIP-200 module for Catalyst 6500 run lawfull interception ios and be used for that purpose ???
I set up Catalyst6500 Quad-SUP VSS system.I have a problem with slow BGP convergence(80sec) on VSS switchover.Each chassis has a bgp peer and "bgp graceful-restart" is disabled.I investigated BGP behavior with "debug ip bgp events" and "debug ip bgp update".I found that BGP process waited a peer to reply until timeout and after the timeout BGP table was calculated.I guess this timer makes the convergence slow.How can I adjust this timer value ?
View 7 Replies View RelatedSide Catalyst 6509 : cata6#sho running-config interface gigabitEthernet 8/15 Building configuration...
Current configuration : 224 bytes
!
interface GigabitEthernet8/15
switchport
[Code].....
Any step-by-step configuration guide of how to enable DAI on Cisco Catalyst 6500 Series Switches.
View 1 Replies View RelatedI was asked to mount ACESMs on each of the CAT6K switches of a VSS cluster (one ACESM on each individual switch).On a non-VSS environment, the "svclc module <slot> vlan-group <group>" command is used to bind the VLAN group to the module on a certain slot. But now I am facing a VSS scenario, I will need to combine switch and slot in order to reference each of the individual modules...
How do I "index" each of the ACESMs in a VSS cluster? ¿Is there an extension of the aforementioned command to be able to combine switch and slot information?
What is used DDR memory on DFC on linecards for Cisco 7600 or Catalyst6500? I thought that DFC has copy of TCAMs from PFC. That PFC only has TCAMs, and it doesn't have DRAM on itself?
I've been said that if I have full BGP table in memory on supervisor on 6500 (that should be DRAM on RP on MSFC) that I also need 1GB additional memory on DFC on linecards? Is this true? But that should implied that DFC also has copy from MSFC not only from PFC, is this correct?
I need to configure QoS (voice and video) for Catalyst 6500 series switches with Supervisor 2T modules and DFC4 linecards.
Is this radically different from what we do int he Sup32 and 720s? I was looking at some templates online, such as
[URL]
But I don't see anything for the new Supervisor 2T?
I am trying to implement static route tracking on a Catalyst 3560G ( WS-C3560G-48PS, IOS version 12.2(35)SE5 and SW image C3560-IPBASE-M). The configuration is as follows:
track 101 rtr 1 reachability
!
rtr 1
type echo protocol ipIcmpEcho 10.199.101.2
rtr schedule 1 life forever start-time now
!
IP address 10.199.101.2 is reachable via ICMP (its the next-hop router).
The static routes configured are the following:
ip route 0.0.0.0 0.0.0.0 10.199.101.2 track 101
ip route 0.0.0.0 0.0.0.0 10.200.52.1 20
But only the secondary route(ip route 0.0.0.0 0.0.0.0 10.200.52.1 20) its being installed on the routing table by the switch.