I have a problem with the time synchronization via NTP between a Catalyst 2960 and Catalyst 6509. When I configure the 6509 switch as a NTP reference on the 2960, it does not synchronize with the 6509's NTP server. There is no reachability or ACL-related issue between both switches.
As soon as I configure a second Catalyst 6509 (which is completely identical to the other 6509 and in the same subnet) as a NTP server for the 2960, the time sync with the second 6509 happens immediality.
The first 6509 switch works as a NTP reference for at least 50 other switches and routers in the network - so why not for this one more switch? I checked some "debug ntp packet" and "debug ntp events" outputs and can clearly watch the NTP requests going out of the 2960, but on the 6509 just nothing happens - no debug outputs for this specific 2960, while requests from other devices come in all the time.
Maybe you have already experienced this strange behaviour in the past or got some deeper knowledge in the Cisco NTP server implementation. I could think of some sort of "maximum client limit" in the IOS NTP server, but could not find any mechanism like this in the standard NTP specification. Eventually, you can approve that this is a IOS-specific issue.
I need to configure on a cisco catalyst 6509 two VACL. On cisco 6509 there are already two SPAN ports configured, there are problems configuring other two VACL?
These VACLs send traffic to a Traffic Analyzer (SIEM), there are particular configurations to facilitate the operation?
I am getting alarms on Solarwind indicating interface down on "GigabitEthernet 4/7 - Gi4/d1" and "GigabitEthernet 4/8 - Gi4/d2" from our core switch 6509.Remote login to the switch does not show the interfaces when I do the "sh run" command. Now I am at site trying to identify and diagnose this fault.Looking at the numbering on the switch, it indicates to me the card where these alarms come from is from the 'intrusion dectection module'
how I may login and identify this interfaces and rectify these alarms.
I trying configure ASN traffic load balance, but doesn't works.I have one Cisco Catalyst 6509 and onde Cisco Ace10 module, in my context "PanWEB" i have the interfaces above: [code] If i try to establish a telnet session(telnet 10.96.202.10 80) i see the SYN packet passing through the ACE and going to the real server, but, the server do not response the SYN packet. I done a capture in the server using wireshark and could see that the IP address of the destination is the VIP and not the rserver ip address , this is a problem? Why can not I have the SYN + ACK from the server?
I'm receiving multicast traffic (400Mbps) on port 9/38 and sending it out on port gi9/48. I'm trying to achieve that traffic will stay within the card without using the switchfabric,
I have been having some issues trying to stand up an older WiSM that has been incorrectly configured by my predecesssor and has a bad Mgt IP so I am unable to telnet or SSH into it, nor can I console or session into it.
What I would like to do is to change the Mgt address for the WiSM controllers (1 and 2) by way of the Sup (not sure that is possible) because as it stands they are set to 169.254.1.1 and are unreachable even when directly consoled into them.
Core-A#sh wism status
Service Vlan : 52, Service IP Subnet : 10.104.52.2/255.255.255.0 WLAN Slot Controller Service IP Management IP SW Version Status ------------------------------------------------------------------------------------------------------- 3 1 10.104.52.3 169.254.1.1 4.0.217.0 Oper-Up 3 2 10.104.52.4 169.254.1.1 4.0.217.0 Oper-Up
Core-B#sh wism status
Service Vlan : 52, Service IP Subnet : 10.104.52.1/255.255.255.0 WLAN Slot Controller Service IP Management IP SW Version Status ------------------------------------------------------------------------------------------------------- 3 1 10.104.52.50 10.104.30.254 7.0.116.0 Oper-Up 3 2 10.104.52.51 10.104.30.250 7.0.116.0 Oper-Up
I hope to get this WiSM setup on Core A and get it configured like I have my Core B and then run them in a dual failover design with load balancing between the two.
I came across a Catalyst 6509 switch configuration and have noticed some strange thing on the ether channel configuration side, it appears that it have interface port-channel 2 and port-channel 2A, what was that mean? its the ether channel not forming and joined together?
What wrong with the below configuration that cause it to automatic created another port-channel (2A) interface in this case?
I'm currently in the process of evaluating potential equipment options for a Core Router/Switch that will be running BGP with several Tier 1 ISP's, the table download from each ISP will be full (300,000+ Routes). I was looking at a 6509-E with dual SUP720-3BXL supervisors but after reading the below link I'm a little concerned by the maximum routes table: [URL]
Do I have to go to the VS based 720 supervisor as a minimum to support full BGP on a 6509-E? Does any experience of the above switch + supervisor combination under a full BGP table, how well does it work? I'm looking at long term using this as a consolidated core (i.e. a VRF for the Global Internet routing table + a VRF for internal data center traffic, plus maybe some more shared VRF's).
Would I be better keeping a Core switch by itself and just buying edge routers to run BGP?
we have Supervisor Engine 720 10GE (VS-S720-10G) in slot 5 on Catalyst 6509-E. Slot 6 is free. We need to replace VS-S720-10G. Is it possible the following scenario
1. we will insert new VS-S720-10G into the slot 6 2. then we will remove the faulty VS-S720-10G from the slot 5
Will everything work without interuptions. Is any document where I can find step-by-step procedure how to replace VS-S720-10G ?
Our customer is willing to have a Cisco Nexus 5020 to provide server connectivity and this Nexus would go connected to their core switch 6509. They are concern about Spanning tree compatibility between the Nexus and the 6509. Are they fully compatible for Spanning tree?
I have seen links out there for a conversion tool to convert commands on a Catalyst type switch (6509) to newer IOS type switches(4500-e) switches but they all error out on me on a 404. Any link where I can get this conversion tool?
I am doing image upgrade on Catalyst 6509-E. During TFTP image transfer to sup-bootflash I always see !!!!!!!!!!!!!!!!!o!!!!!!!!!! "o" out of sequence packet. Although the image size seems to be correct at the end but there is always some "o" packets.
I am assuming not, but I haven't tried loading with the image after seeing this.
My collegue and I have been trying to figure out why we are unable to get this ASA to NAT Overload correctly. I'm sure it is something stupid, and the config may have gotten a little dirty as we tried to change options and make it work. FYI, we can ssh from the WAN into the device to configure it. It is communicating externally, but it isn't natting.
There is a new office which is going to be on a separate internal subnet (192.168.254.x), and need this to be port address translated to one public address (212.23.51.108). Ive given it a go on the ASA5510, but not sure if Im doing this right.
3 of the internal addresses need port redirection:
192.168.254.10 - public port 33510 - private port 3389 192.168.254.11 - public port 9940 - private port 443 192.168.254.173 - public port 3390 - private port 3389 port 80 and 443 opened for 192.168.254.10
I have a test pc setup and connected to the internal 192.168.254.0 network (gave it static of 192.168.254.10), it is reaching the internet, and its public IP is seen as 212.23.51.108, however how do I test to see if port 80 or 443 is open for this ip?
Tried using the cli but gave up and looked at doing int in ASDM, however cant see the option in ASDM for NAT overload, so ive tried configuring this with Dynamic NAT which looks about right.....
This is the relevant config so far as far as I can see.
We just deployed some Catalyst 3750X-48PF-L switches. I noticed that the user tracking report doesn't work normally.The switches have C3KX-10Gb NM modules, and all access port are 1 Gbit. But in the User Tracking report, I see devices found on Fa0/43 for example (this is because the previous switch was a Catalyst 2960. I deleted the old switch and add the new 3750X, so this could not be the cause of the problem).I installed all the patches that are available for LMS 4.0.1.
Just I have upgraded some 2960S to IOS 15.0(2)SE from a IOS 15.0(1)SE3 and the catalyst don't switch any IPv6 traffic. Don't work any RA and also don't work any unicast IPv6 traffic from any interface. I can see some references to IPv6 changes in the FHS (First Hop Security) in the Release Notes, but no any reference to changes in the configuration.
The switches don't have any IPv6 specific configuration and the sdm is the default templata. Returning to 15.0(1)SE3 everything work ok.
On Catalyst 2960, and 3560E this IOS version seem to work fine with IPv6.
Does the port adaptor PA-MC-2E1/120 work with the Catalyst Switch 6506E (Sup Engine: 720-3B)? We have bought a Enhanced FlexWAN card for this port adaptor.I read through the cisco website and seem to get confusing answers whether they are compatible.
I am attempting to configure a Cisco 2901 router using IOS 15 to properly perform NAT/PAT translation between LAN and the internet connection. I've configured DHCP pool for the local interface (GigabitEthernet0/1), which works properly. The WAN interface (GigabitEthernet0/0) is configured to obtain its own IP by DHCP from the ISP. I can work on the LAN computers and I can access the internet directly from the router (using, for example, telnet and router's ping commands). The problem is, NAT does not work properly and connection from the LAN interface does not reach the WAN interface.
We have an ASA 5505 and we keep getting short bursts of ICMP packets (5000 in one second) They will do this and it just simply overloads the ASA and it crashes.Is this since it is 1000 past the 4000 connections per second capacity of the ASA 5505 or do we have a setting wrong some place that could prevent this type of overload from happening? We are looking to prevent DoS and other attacks that prevent even a short loss of connection since the servers are getting attacked daily and we have voice streaming on through the ASA. [code]
I have a cisco 2821 router. I currently have it setup to accept vpn connections from a cisco client which uses the 172.16.4.0 subjet for vpn connections. I also have nat overload setup for my local lan of the router so my internal servers on the 172.16.3.0 subnet can reach the internet. Every thing works great for that setup.However I have tried several methods I found for split tunneling and they have weird problems with the nat overload in place. If I take away nat overload the split tunneling works. If I take away split tunneling the nat overload works. I can't seem to get them to work at the same time.Config is below. This is the vpn/nat overload config with no split tunnel.
Current configuration : 2236 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption
I use a C892 router with the IOS c890-universalk9-mz.152-1.T.bin. I just ran the command "debug ip packet 151 detail" and then the router stopped to work because it was overloaded. The ACL151 I used is as follow:
Extended IP access list 151 10 permit ip host 10.1.1.1 host 91.1.1.1 In the syslog then I got hundred of messages from IPSec: Jan 11 09:43:35.677: IP: s=10.80.10.254, d=10.64.19.99, pak 8A7453CC consumed in output feature , packet consumed, IPSec: to crypto engine(70), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
[code]....
For me it seems just like that this ACL is not applied and that I have a debug then for the whole traffic.
I have 2 Cisco Catalyst 6509 switches connected directly using direct point to point link.The OSPF is configured for point - point link.The currently the interface is down administratively.I will unshut the port . After that i would like to know how much time will it take for the ospf to establish the neighbour relation.
We have a Cisco Catalyst 4506 running: "Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA14, RELEASE SOFTWARE (fc1)" I have configured the default gateway as: ip default-gateway X.Y.116.65, However, when I do, "show ip route", it only shows the 3 connected networks and states "Gateway of last resort is not set". The Command "ip classless" is not set. I read on some blogs that this might explain the issue. However, when I go into config mode (config t), I get the following output.
I will be start with the disclaimer that I am very technical, but a huge novice to the enterprise-grade Cisco swtiches.
How IOS software versions are licensed on a Catalyst 4507 switch? I am very confused at this point.
For example, if I buy IOS Enterprise Services for a new Catalyst 4507 switch, what form does the software license take? Is the license embedded on the switch? Does it come as an e-mail or certificate with a PAK? Does it come on a CD?
We sold a 4507 with Enterprise Services to a client, and they are saying they don't have the right IOS version installed. I assumed there must be some license key they needed, but the Cisco licensing help desk does not seem to indicate there are any licenesable items on our sales order number (even though IOS Enterprise Services is a line item on the sales order).
I know there was a disk that came with the switch with an Enterprise Services .BIN file on it, but I had assumed that was just a software version image, similar to the images I can download off the Cisco website. But is this actually the license key?
Since I can download image files off the Cisco website, I assumed there must be some other key needed to activate the license.
Switch is Catalyst WS-C4507R+E Redundant Supervisors are WS-X45-SUP6-E (Supervisor 6-E)
A customer contacted us that he can't connect his devices via web since he changed the IP address. Ok, big laugh "type the correct IP" but no. Even if you use the correct IP, no user can't connect anymore to the device. Also via CLI!The only thing that worked was the password recovery procedure. After that everything worked fine.The customer and me tried it again with another 2960, maybe there went something wrong when he did it last time and it was an accident. Nice thought but no: another device same error, no login possible.
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports x1 NAM x2 Sup720 Running 12.2(18)SXF3
I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis?Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
I currently have a couple of 6509 chassis (router/switches) with the following hardware blades:
x3 48 ports x1 NAM x2 Sup720
Running 12.2(18)SXF3.I am keeping the four Sup720 modules and have purchased new versions of the others blades including two new 6509-E chassis. Can I take my stand-by Sup720 out of the production machine and insert it into the new chassis?
Are there any best practices for preventative maintenance on Catalyst Chassis switches. Looking to build a PMI schedule for a customer. Or is there evidence not to perform it at all. Things like re-seating line cards, cleaning fan exhausts, etc.
Is there any chance the Wireless Repeater mode work with WPA2-AES ?If not, which model of AP should I buy to connect it with my wap54g as Wireless Repeater?