I have the above config in a 6509-E chassis with X2 Cac-3000 psu's
The problem i'm having is when everything is powered up it runs fine for about 10minutes then reloads the switch,The 6748 has a 6700-CFC installed the only way i have managed to get it run without crashes is to remove the 3BXL card from the sup and replace it with a PFC-3B, whilst this has solved the problem the client wants the 3BXL card to be installed, am I right in thinking that the CFC installed on the 6748 is incompatible with the 3BXL or maybe the 3BXL is faulty
We have Router CISCO7613,SSO redundancy configured with two Sup 720-3BXL running 12.2(33)SRC1 image. Even thought I've configured SSO, my standby sup remains in COLD state with the following logs generated.
Mar 20 22:07:32.514 IST: %ISSU-SP-3-PEER_IMAGE_INCOMPATIBLE: Peer image (c7600s72033_sp-ADVENTERPRISEK9-M), version (12.2(33)SRC1) on peer uid (8) is incompatible Mar 20 22:07:32.514 IST: %ISSU-SP-3-PEER_IMAGE_INCOMPATIBLE: Peer image (c7600s72033_sp-ADVENTERPRISEK9-M), version (12.2(33)SRC1) on peer uid (8) is incompatible Mar 20 22:08:48.263 IST: %PFREDUN-SP-4-INCOMPATIBLE: Defaulting to RPR mode (Runtime incompatible) [code]...
These logs says that due to some reasons, the configuration is not being synchronized with active and standby sups and hence the redundancy mode remains in RPR mode and SSO not achieved, and hence COLD state. However, I couldn't find a reason why the configuration is not being synchronized, I've issued the command, redundancy config-sync ignore mismatched-commands, and everything worked fine, SSO achieved and standby sup came to HOT state.Now my query is,
1. Why the configuration was not synchronized and standby SUP got in COLD state?? 2. Since I issued the suggested command, at least, some of the mismatched lines in configuration will be ignored, Will that create a problem when my Active sup fails and standby become active?
I've replaced real networkID to the one mentined below.
Topology: classical IPSec VPN tunnel between two Cisco 892s, with pre-shared key and no GRE. One 892 (branch_892) has access to the Internet via PPPoE and has three networks/vlans behind it. One VLAN is NATed to access internet via the PPPoE. Access to two other VLANs - VL92 (100.100.200.0/24) and VL93 (100.100.100.0/24) need is done thrue the VPN tunnel.
Second 892 (892_DC) has just one interface - WAN on Gigabit enabled/connected and has a static route to the default GW. It does not have any interal network defined. So the router is strictly used to send traffic for VL92/VL93 to the branch 892 via IPSec tunnel.
Here is the problem: access to/from VL93 (100.100.100.0/24) works, however for VL92 (100.100.100.0/24) - does not.
From devices in VL92 I can ping the 892_DC IP address across the VPN tunnel. From the 892_DC router I can also ping devices in VL92. However I can no ping from VL92 any device beyond the 892_DC and at the same time packet arriving on 892_DC for VL92 are not sent out via the VPN tunnel.
I took the packet trace on 892_DC using capture point/buffer to capute packets for VL92 and could see that traffic does arrive at the 892_DC. I run the same capute on Branch_892 and there was not a single packet.More interesting I modified the access list such a way that left on VL92 and still - no packets are sent out thru the tunnel. [code]
We have 7 interfaces with rj45 connections.. all around 100Mbit per connection .. most likely in the future we will need a couple more interfaces.. i was thinking it would be better to take a WS-X6516-GE-TX card then a FE card as for example a WS-X6148-RJ-45 .Now we want to implement a 7606 with a SUP720-3BXL with 1GB dram for the RP(MSFC3)... so enough memory to support the 2x a FULL BGP table to two peers.
Q : Does the SUP720-3BXL work well with two peers sending the FULL BGP table ?
Q : And does that also work with a WS-X6516-GE-TX connected to the two peers sending the FULL BGP table ? .. or is it better to take a 6724 linecard with a DFC3-BXL so that the 6724 will lookup routes locally instead a 6516 will have the S720- perform the routing ? I know that adding the DFC's increases the bandwidth of the chassis significantly (40gbps per slot most 6700 linecards ,and 20gbps for the 6724 which is 1:2 oversubscribed )
Q: Or is it better to connect the two peers to the two SFP interfaces on the SUP720 , and connect the small routers and customer networks to the 6516 linecard?
I have a strange QoS problem with one Cisco7600 (sup7203BXL, IOS 12.2(33)SRE6).
This is layer 2 traffic,and all ports are L2 dot1q trunks:
1) Packet comes with DSCP 46 on Gigabit port (WS6728-SFP) with "mls qos trust dscp" configured. It goes out the port of the same card/slot with DSCP 0.
2) packet comes with DSCP 46 on different Gigabit port on the same card/slot with "mls qos trust dscp" and also "mls qos vlan-based" configured. It qoes out out the port with DSCP 46.
Why the switch behave differently if "mls qos vlan-based" is configured on port (or to say it works correct since it doesn't override DSCP)?
I have global command "mls qos rewrite ip dscp" since this 7600 is also MPLS PE router and I found in documentation that "mls qos rewite ip dscp" is mandatory for QoS on MPLS (EXP bits). So I can't turn off "rewrite ip dscp". Again the problem that I presents is L2 problem not MPLS (MPLS is used for different traffic).
Also mls qos mappings are ok COS to DSCp are 5 to 46 and vice versa.
Furthermore, as far as I know if I have configured "mls qos trust dscp" on Gigabit ethernet port, switch (7600) should work in this order:
- make internal DSCP from packet DSCP
- since I don't have configured DSCP mutation DSCP should stay the same (46)
- using map DSCP - COS ( 46 -5 ) switch will choose queue on outgoing interface in regards to mapped COS
Cisco 6500 Sup720-3B SPA IOS SXI - GRE tunnel will not come up.It worked fine on SXF code, but the crypto map can not be applied on tunnel interface.The iskmp is up with the OM_IDLE The crypto give it a Cryto UP, the the Tunnel does not come up. It is UP down.Does some one have a working config with a 6500 IOS SXI Train with GRE IPSEC Tunnel?
we have some problem with GRE traffic which is processed by CPU and not by CEF.In sniffed packets I can see a lot of "TCP window update" packets. I found that some kind of GRE traffic are forwarded to CPU, like packets with IP options or TTL=0 but non of those are seen in the sniffed packets.
migration of an existing Sup720 configuration to a new Sup2T. At present we have a Sup2T chassis in the lab running 15.0(1)SY1 and a production Sup720 chassis running 12.2(33)SXI5.I've taken a copy of the production startup-config, renamed it to 'startup-config-BGFL_6509_MBAS-020712' and copied it to the bootdisk (and slave bootdisk) of the new Sup2Ts.I've then added the command 'boot config bootdisk:startup-config-BGFL_6509_MBAS-020712' in an attempt to boot from that config and have the Sup2T migrate it to the new config standards (particularly from a QoS perspective as mentioned here :[URL]
I have received a sup720-3B from Cisco with an internal 512MB flash(sup-bootdisk). I want to verify what IOS image is on the disk and do not have an spare 6509 chasis. Can I remove the 512 MB flash disk and insert it to my disk0: on my production 6509 with the sup32 that the 720 will repplace and view what is on the disk without corrupting?
We have a Cisco 7600 Router with SUP720/MFSC3 that was running version 12.3(33)-SRC3 for more than 2 years now. We recently had to upgrade to a newer release to solve a bug issue after recommendations, so we chose to go to SRD8 release. Since then we are facing a rather strange problem with one of my peer ebpg. we have 2-3 peering on the same router. only one of them is affected. The ebp keeps flapping every 3 minutes due to hold down timers.
12:14:33: %BGP-5-ADJCHANGE: neighbor 18.104.22.168 Down BGP Notification sent 12:14:33: %BGP-3-NOTIFICATION: sent to neighbor 22.214.171.124 4/0 (hold time expired) 0 bytes 12:14:33: %BGP_SESSION-5-ADJCHANGE: neighbor 126.96.36.199 IPv4 Unicast topology base removed from session BGP Notification sent 12:14:47: %BGP-5-ADJCHANGE: neighbor 188.8.131.52 Up
We asked our peer if they have similar problems but it seems they do not. Our peer is using Cisco 12810 running 12.0(32)SY11 After downgrading back to version 12.2(33)SRC3 again, the probem was fixed...
to the above question. I see the specs for the WS-SUP720-3B and 3BXL but not the WS-SUP720-BASE with the MSFC3 and PFC3A daughter cards.The 3B can handle 256,000 routes using IPv4 and the 3BXL can do 1,000,000.
Currently we do not have multicat routing enabled on either of our 2x Sup720-10G 6509 Switches. We have no intention of doing so either. I am looking for clarification on how mutlicasting operates within a Vlan.
Our Vlan has IGMP snooping enabled. Here is the output.
6509Switch#sh ip igmp inter vlan 25 Vlan25 is up, line protocol is up Internet address is 10.1.1.254/24 IGMP is disabled on interface
we do not want to disable IGMP due to this one concern that I can't find documented. If we disable IGMP snooping on the vlan, what happens to multicast packets with a TTL > 1. Do they get flooded to the entire switch and all Vlans? Or does it stay within the Vlan?
I got a new VS-S720-10G it had 122-33.SXH8b on there. I had to downgrade it to 12.2.33.SXI1 to match our other switches. I installed the file I use in all the other switches, s72033-adventerprisek9_wan-mz.122-33.SXI1.bin but the Sup is now is only booting up only to ROMMON mode.
Initializing ATA monitor library...
Self extracting the image... [OK] Self decompressing the image : ################################################# ################################################################################ ################################################################ [OK]
%SYSTEM-1-INITFAIL: Network boot is not supported.
System Bootstrap, Version 8.5(4) Copyright (c) 1994-2009 by cisco Systems, Inc. Cat6k-Sup720/SP processor with 1048576 Kbytes of main memory
Last month I was reviewing following Cisco document, in which Cisco mentioned that ""To avoid possible memory fragmentation in the forwarding information base (FIB), Cisco recommends that the switch processor (SP) DRAM to a minimum of 1 GB ""
Since this document has been revised in Oct 2011 and, I can't no more find the above memory recommendations.
I want know if any one using WS-SUP720-3B with IOS SXI6 and Cisco ACE30 has gone for upgrading the SP DRAM from 512MB(default) to 1GB ?
The table referenced in the new 1.1 ISE guide show 12.2(33)SXI6 is the minimum version for support. Does this mean this version or above? Does ISE is tested in newer SXJ streams? We have a massive rollout of SUP720s to do and need to know the most stable version to load in preparation for ISE.
I have been net searching this question and I find answers relative to other Cisco products but not for the 6500 series. We are running entservicesk9_wan-mz.122-18.SXF17a.bin and would like to know how to change the default SSH listening port..
Trying to find documentation on the proper procedure for installing a second sup720 into our 6509-E chassis for sup redundancy. I have found documents that tout how 'cool' and 'awesome' NSF/SSO, and all that is, but haven't found any docs on installing a second sup720 into a chassis that is currently in production and is only running one sup720. In all the years that this chassis has been out, there must me a documented procedure out here to explain this.I have been through the following pages, and have found nothing to this effect.
problem to configure MWAM. I have installed MWAM module in 6506-E slot 2 with sup720-3B. After installing MWAM the Status is PwrDown. I tried to turn on the power but its not happening. MWAM is installed in slot 2 and here is the result of show module 2 My Sup720-eB IOS image is s72033-advipservicesk9_wan-mz.122-33.SXJ1.bin
6506-E#show module 2 Mod Ports Card Type Model Serial No. --- ----- -------------------------------------- ------------------ ----------- 2 3 MWAM Module WS-SVC-MWAM-1 SAD081203GK Mod MAC addresses Hw Fw Sw Status --- ---------------------------------- ------ ------------ ------------ ------- 2 0003.feae.bb8c to 0003.feae.bb93 3.0 Unknown Unknown PwrDown Mod Online Diag Status ---- ------------------- 2 Not Applicable
I will be installing a secondary SUP720 in a 6509-E and will be upgrading the IOS on the existing SUP which is on 122-18.SXF6. I've read that this release has passed End of Critical Maintenance earlier this you. I thinking of upgrading the IOS to 12.2.33-SXJ1(ED) or 12.2.33-SXI8(ED) (possible more stable), but i'm not sure if i need any step upgrades from the current version. The SUP meets the required hardware specs and I will also be upgrading the ROMMON to 12.2(17r)SX7 first.
I have alot of experience upgrading IOS on routers and switches, but i just need to now if there are any gotchas that i need to know for the upgrade on the SUP.
The other issue is i don't believe the current IOS has been installed, are there any issue running on an IOS not installed. Patching is not available since the system is not running from an installed image. To install please use the "install file" command.
We are close to receiving our new 6513E chassis which I will be running Sup720 cards in. This will be replacing our existing 6509 Sup2 setup in production. What current IOS version should I run on the Sup720 ? I would like to support SSH. The chassis will be populated with a couple of 6724 SFP cards, 2 6704 10 gig cards and a few 6748 line cards.Is there a good intitial config guide ?
Customer is using SUP720 with SP rommon image version 8.1(3), he is trying to boot the new ios image from disk0, but he gets invalid magic error. he fomat the disk0 but still he gets error when he boots from disk0. He suspect that it can't be flash problem but can be software of hardware as he has two flash with same issue on 2 switches.
Customer wanted to recreate, I tried in the lab, i was able to load from disk0, but sup in lab had 8.5(4).
Customer wanted me try with 8.1(3) version. But i was unable to downgrade the SP Rommon image. SP rommon is running in Gold region and I loaded the 8.1(3) from both disk0 and sup-bootdisk, even preferrence was given to region1 but still sup came up with gold region itself.
* Will i be able to downgrade from 8.5(4) to 8.1(3), if so, what are the steps.
* is there any limitation or bug where 8.1(3) will be unable to read disk0.