getXML('LAN, Switching and Routing26227 cscott@swmail.sw.orgNov 17, 2009, 8:38am PSTI have a 6500 with dual sup32 which the call-home service is making the statement that we are running a Hybrid software. Is this referring to the bootstrap/ROMMON code? If so which "IOS Native" code should I upgrade to? Thanks 30 habadrNov 17, 2009, 9:05am PSTHybrid means CatOS/IOS combination. CATOS for L2 switch with IOS (Hybrid) for MSFC. <br /><br />Can you tell me what is your IOS version. <br /><br />Thanks <br /><br />Hatim Badr cscott@swmail.sw.orgNov 17, 2009, 9:08am PSTWe are currently running version IOS 12.2(33)SXH4. No CatOS.<br /><br />Chris jmfrancoNov 16, 2009, 6:08am PSTWe are deploying qos configurations for access servers c3560-E switches. We want to know differences between these kind of configs:<br /><br />Interface GigabitEthernet 0/1<br /> mls qos trust dscp<br /><br />or<br /><br />policy-map trustDSCP<br /> class class-default<br /> trust dscp<br /><br />interface GigabitEthernet 0/1<br /> service-policy input trustDSCP<br /><br /><br />We have the same doubts about:<br /><br />Interface GigabitEthernet 0/1<br /> no mls qos trust dscp<br /><br />or<br /><br />policy-map DSCPdef<br /> class class-default<br /> set dscp default<br /><br />interface GigabitEthernet 0/1<br /> service-policy input DSCPdef<br /><br />If you try to configure service-policy, and you try with "show policy-map interface gi0/1", you can´t see matches in both cases.<br /><br />We have read both commands (mls qos trust dscp and service-input) are mutually exclusive, but you can config both commands in the same interface.<br /><br />Somebody could clarify us these issues?<br /><br />Thanks. 30 paluchpeterNov 16, 2009, 7:10am PSTHello Juan,<br /><br />The <b>trust</b> command in a policy map allows you to set the trust state only for the traffic covered by that particular class, whereas the <b>mls qos trust</b> command applies to all traffic entering the interface. The <b>trust</b> command is therefore more selective.<br /><br />Do you have the <b>mls qos</b> configuration command entered in your global configuration mode? I suspect that it is necessary to activate the QoS support on the switch.<br /><br />Best regards,<br />Peter<br /> jmfrancoNov 16, 2009, 1:07pm PSTHi Peter. Thanks for your answer.<br /><br />Yes, we have configured mls qos command in switches. I think diference between them could be policy-map is implemented in software, while mls qos trust is implemented in hardware, but policy-map offers more flexibility. <br /><br />But..., it means main choice is mls qos trust command over policy map (if this last one has only default class)?<br /><br />I don´t know.<br /><br /><br /><br /><br /><br /> habadrNov 16, 2009, 7:26am PSTAs I understand from your questions that you would like to trust DSCP from endpoints. <br /><br />mls qos trust dscp will have the same results as the <br />policy-map trustDSCP<br />class class-default<br />trust dscp <br /><br />If you want to trust DSCP that I'll use the mls qos trust dscp command for simplicity and efficiency. <br /><br />The trust statement in a policy map requires multiple hardware entries and, as such, might be too large to fit into the available QoS hardware memory, triggering an error when the policy map is applied to a port. <br /><br />Both commands are supported in the same interface because the trust DSCP can be used with the conditional trust and using the policy map for policing for example.<br /><br />I recommend that you review the latest QoS SRND version 4.0 for campus infrastructure at <br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1098549')">http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND_40/QoSCampus_40.html#wp1098549</A><br /><br />It explains QoS configuration in details <br /><br />Regrading the "no mls qos trust dscp" this is the default which will take effect when QoS is enabled and will remark DSCP in every packet to DSCP 0 (Default) which is the same as the policy map will do. So no need to create the policy map since is it configuration and processing overhead. <br /><br />It all depends on your requirement but if you are using Cisco Phones then I think you should look at conditional trusting as well<br /><br />Regrading the show policy-map output, the 3560, Though visible in the command-line help string, the control-plane and interface keywords are not supported, and the statistics shown in the display should be ignored. <br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/command/reference/cli2.html#wp1948343')">http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_46_se/command/reference/cli2.html#wp1948343</A><br /><br />I hope this helps. <br /><br />Thanks<br /><br />Hatim Badr jmfrancoNov 16, 2009, 1:32pm PSTHi Hatim, nice response, thanks very much.<br /><br />It´s clear to me I must ignore statistics from "show policy-map interface ..." command. I have been testing and there aren´t relationship between packet matches in "sh policy-map interface" and input packets/sec. in "sh interface" commands. It´s clear there is something wrong.<br /><br />But I want to know what is the best option if you want (or not, with set dscp default in policy-map) to trust in DSCP marks for all input traffic, if you don´t need to police it. I think if mls qos trust is implemented in hardware, could be the best option. But if you want to configure a policy-map to rewrite DSCP marks, is needed to configure mls qos trust dscp previously in the same interface? Take in mind, if default config for qos is "no mls qos trust" command, all inbound traffic is remarked with default DSCP previously to policy-map. Am I in the right way or perhaps i´m wrong?<br /><br />Thanks. habadrNov 17, 2009, 8:55am PSTIf you just want to trust DSCP from endppoints then your best option is mls qos trust command. <br /><br />It is simpler and moreover the problem with policy-map trust dscp command that it consumes multiple QOS TCAM hardware entries which you may need later on for other policies. <br /><br />The best from Hardware optimization and also management point of view for trusting dscp values is to use the "mls qos trust dscp" command. <br /><br />Thanks <br /><br />Hatim Badr Seifeddine-TliliNov 17, 2009, 8:30am PSTgreeting all,<br /><br />i have a trunk connection between 3750 and 4506 and the trunk link is up however data traffic is not going through, i can see that when i ping from 4506 to the 3750 the icmp reach the 3750 but however it is not returning back , is it a BUG?<br /> 30 hobbeNov 17, 2009, 8:46am PSTHi<br />It could be one of many things.<br /><br />First it could be a routing issue, ie the packet hits the 3750 but the answer is sent somewhere else if there is a routing problem, or not at all if there is no route to the net and there is no default gateway.<br /><br />ACL<br />there could be an ACL that does not allow the icmp incomming, or icmp outgoing.<br /><br />The port could be in span-tree blocking mode<br /><br />My guess is that it is most likely not a bug but a misconfiguration.<br /><br />HTH<br /> acalligherNov 17, 2009, 8:39am PSTHello<br />I'm trying to configure a Cisco 2821 (Version 12.4(24)T IPBASE) with Multi-VRF and Policy Based Routing.<br /><br />It seems that the PBR with Multiple Tracking Option is not supported into this release.<br />So it's not possible to configure ip sla monitor feature<br /><br />I have used the Cisco Feature Navigator but I have not found a IOS release with<br />Multi-VRF Selection Using Policy Based Routing (PBR) AND PBR Support for Multiple Tracking Options<br /><br />The PBR Multiple Tracking option will be supported in the future on C2821?<br /><br />bye<br />Andrea enkliNov 17, 2009, 7:21am PSTHello.<br />I have to connect two sites(I have connected them and everything works OK).<br />The problem is that I do not want that broadcasts come from one site to another.<br />So I have created another vlan on HQ and Remote SWITCH. I have set the port to witch the server is connected to trunk mode allowing the two VLANS. <br />So when I connet a computer on the remote site I cannot ping that. Any Idea 30 giuslarNov 17, 2009, 7:24am PSThello Enkli,<br /><br />only a L3 routed link is a firewall for broadcasts<br /><br />a L2 trunk when working does not block broadcasts.<br /><br />if 802.1Q trunk verify if native mismatch at the two sides of the link.<br />this can be a problem.<br /><br /><br />verify using<br /><br />sh interface type x/y switchport<br /><br />check for native vlan line<br /><br /><br />Hope to help<br />Giuseppe<br /> lordflasheartNov 17, 2009, 7:46am PSTFurther to Giuseppe's answer you can remove VLANs from trunks by issuing the "switchport trunk allowed vlan remove" command.<br /><br />HTH hobbeNov 17, 2009, 8:38am PSTIf you do not want broadcasts to come from site A to site B then you could do one of two things.<br /><br />Routing, that would set the systems on the different sites in different broadcast domains.<br /><br />ACL<br />Acces-control Lists on the outside interface of the switch where you block the inbound broadcast address.<br /><br />I would go with routing.<br />The acls will most likely cause problems for you somewhere down the line.<br /><br />Why do you not want broadcasts to go from A to B ?<br />Broadcasts are a quite essential part of IP if you are in the same subnet and broadcast zone.<br /> arumugasamyNov 17, 2009, 8:35am PSTDear all,<br />In the cat6509 switch with dual sup1A and MSFC2,the standby supervisor engine is in ROMmon mode. Following is my finding<br />rom> dir bootflash:<br />here no file found.<br />then I did the ymodem download the boot image thro hyper terminal.<br />Within 2 minutes, terminal closed with no response error. I tried with new laptop also with same error.<br />How can i load the bootldr image to the RP bootflash and set the bootvar command in the RP rommon to boot the switch notrmally.<br />The primary sup running with the image in slot0: not in SP bootflash:<br />How can I load the bootldr image to the RP rommon?<br />Also if we use the MSFC2 then we do not need to use the botloader image as per cisco document says but here I can not load the image without the botloader image with the command in RP ROMmon.<br />boot sup-slot0:xxxxx.bin<br />Here the error comes up that says like bootloader image need to load the image.<br /><br />How can we solve the issue.<br />swami<br /> sudermaniakNov 17, 2009, 8:16am PSTHello,<br /><br />Today I had a major incident in our LAN.<br /><br />One of our wi-fi Vlans that is routed on Cisco L3 3750 switch has been paralysed. Devices were able to connect but when You try to ping them 75-90 % of the packets were lost. <br /><br />After few hours it turned out that two linksys wifi-eth. converters were accidentally linked together with it's eth. interfaces. The effect was that entire Vlan within entire Cisco switched network was almost cutted off. <br /><br />On our L3 Cisco switch logs I saw plenty of entries like this:<br /><br />14w0d: %IP-4-DUPADDR: Duplicate address xxx.xxx.xxx.xxx on Vlan6, sourced by 0004.23aa.9eb5<br /><br />How two little devices linked together could paralyse entire Vlan ?<br /><br />Do You know how to protect from such situations in the future ?<br /><br /><br />Thanks. 30 paluchpeterNov 17, 2009, 8:25am PSTHello Tomasz,<br /><br />My first guess is that your network does not seem to properly utilize the Spanning Tree Protocol. By interconnecting the two Linksys devices, you have probably created a Layer2 loop in your VLAN, resulting in frames looping in it. The STP would have at least partially blocked it.<br /><br />Regarding the duplicate address warning, that is something different. The switch is telling you that some other device has the same IP address as the switch itself in the VLAN 6. According to the MAC address, the other device with the duplicate IP address uses an Intel network card according to the OUI index at the IEEE webpages (the 00-04-23 OUI has been assigned to Intel).<br /><br />I suggest strongly verifying the STP configuration on all your devices and making sure that all of them support it and actually have it activated. Regarding the IP address, well, that is up to you as an administrator to prevent such duplicates from occuring.<br /><br />Best regards,<br />Peter<br /> arumugasamyNov 10, 2009, 1:36am PSTHi all,<br /><br />I like to find the standby supervisor engine serial number on 6500 with sup 720 chassis.<br />I tried <br />sh module <br />sh idprom <br />I can not find standby sup but all other modules and primary sup 720 details.<br /><br />How can i find the serial number of standby one.<br /><br />Pls it is bit urgent<br />swami 30Siemens_SWPNov 10, 2009, 1:57am PSTHi<br /><br />Try show inventory<br /><br />Regards glen.grantNov 10, 2009, 4:36am PSTThats surprising to me it doesn't show up with sh mod or sh idprom . It shows up on a 4500 with dual sup's with either command. francisco_1Nov 10, 2009, 4:56am PST"sh module" and "show inventry" does provide output for both active/standby sup engines serial info... <br /> giuslarNov 10, 2009, 5:21am PSTHello Glen,<br />I wonder if the standby supervisor is operational or it is in rommon.<br /><br />if in sh module the status is not OK but Other then probably it cannot report data about it.<br /><br />We had a trouble in two C4500 and if I remember correctly after the standby sup has gone in rommon from sh module it was not possible to see its serial number and IOS version just state Other.<br /><br />Hope to help<br />Giuseppe<br /> arumugasamyNov 17, 2009, 8:23am PSTDear,<br />Even the command "show inventory raw"<br />does not give the standby sup serial number.<br />Total there are 10 switches each contains dual supervisor 720.<br /><br />Also those switches are As VSS.<br /><br />Please how can we get the serial number of standby supervisor.<br />swamirene.van.dalen@nl.ibm.comNov 17, 2009, 8:08am PSTHi all,<br /><br />I wonder if it is possible to have an IOS router running transparent bridging doing Policy Based Routing based on the source IP address in the packet.<br /><br />Situation is that we are adding a second Internet link to which we want to route the traffic from specific source addresses. Problem however is that our firewall doesn't support Policy Based Routing. <br /><br />In order not to have to change the existing interface definitions and IP's on the firewalls it would be nice to be able to forward everything from source IP x.x.x.x to next hop x.x.x.1 and all from y.y.y.y to next hop y.y.y.1 but without needing to have additional L3 routing enabled between the current firewall and router.<br /><br />rgds,<br /><br />Rene grodoniNov 17, 2009, 6:56am PSTdoes all switching products (Cisco and Linksys) support IEEE 802.1D-2004 (which incorporates and enhances RSTP and obsoletes STP). This is not always clear from the documentation and data sheets 30 paluchpeterNov 17, 2009, 7:41am PSTHello,<br /><br />Regarding Cisco products, all currently supported standalone Catalyst switches (not switching modules) with recent IOS software support legacy 802.1D STP, current 802.1D RSTP and 802.1Q MSTP protocols. Switching modules like HWIC-4ESW have so far implemented only the legacy STP. You will need to consult the respective data sheet. Also, I suspect that the STP support is essentially software-based on these modules, therefore a look at the complete feature list of the IOS that will be running on the router containing that switching module may be helpful. I suggest using the Cisco Feature Navigator at <A HREF="javascript:newWin('http://cisco.com/go/fn')">http://cisco.com/go/fn</A> to get the complete listing of features in a particular IOS image.<br /><br />Regarding the Linksys SOHO switches, I am sorry but I do not have first-hand information. I have worked with a couple of Linksys switches that have indeed supported the RSTP but I cannot generalize this.<br /><br />Best regards,<br />Peter<br /> paluchpeterNov 17, 2009, 7:54am PSTHello once again,<br /><br />Using the Feature Navigator tool mentioned in my earlier post, you can verify whether a particular switch supports the STP, RSTP or MSTP. After you click on the "Search by Platform", you may select the platform and the IOS version you are interested in. In the provided list, you will be able to see which particular STP versions are supported on that device.<br /><br />Unfortunately, the Feature Navigator does not explicitely describe feature of switching modules but as these are determined by the router's IOS, you can proceed by selecting the proper router platform and IOS version.<br /><br />Best regards,<br />Peter juan-ruizNov 16, 2009, 7:20am PSTI have a gig interface connected to a metro E circuit that I need to rate limit to 100 Mbps. <br />I'm running a Cisco 6509-E <br />Can someone provide me an example and a link to the Cisco documentation on rate limiting traffic to a specific speed without the use of speed command?<br /><br />If I adjust the speed and duplex then I will take the metro E down circuit because the provider side is hard coded to 1000/Full<br /><br />Thanks,<br />Juan <br /> 30 adamclarkukNov 16, 2009, 7:40am PSTHi Juan<br /><br />use policing instead, here is a sample config:-<br /><br />class-map match-all matchany<br /> match any<br /><br />policy-map police:100mbps<br /> class match-all<br /> police cir 100000000<br /><br />interface <type>x/x<br />service-policy output police:100mbps<br /> josephdohertyNov 16, 2009, 4:50pm PSTBTW, a rate limiter or policer, in their default configurations, are often very severe methods to cap bandwidth. From the little you describe, unless your MetroE provider charges you for exceeding contracted bandwidth, imposing a rate limiter or policer that drops packets often doesn't provide much benefit more than stats showing you exceeding your contracted rate while it can adversly impact traffic performance (not uncommon to see effective rate lower than nominal configured rate). Depending on what exactly you're trying to accomplish, you might not want to use the defaults for Bc (and perhaps Be) and/or implement a shaper solution. For instance, if what you're trying to do is emulate a 100 Mbps Ethernet interface using a rate limiter or policer, will probably require some analysis for proper parameter settings beyond just configuration for a 100 Mbps rate. juan-ruizNov 17, 2009, 7:18am PSTHi Josephdoherty,<br />You are right and what I'm trying to do is decide if we should scale down to 100 Mbps metro E from 1000 Mbps metro E. <br />I have PRTG on these ports and I'm getting bw utilization stats but I wanted to go an extra mile and limit the bandwidth to only 100 Mbps without getting the provider involved and review the reports at that time again. <br /><br />Thanks,<br />Juan <br /> octronciscoNov 17, 2009, 6:55am PSTHello,<br /><br />A client of us is having problems with a Cat 6500 switch (a Cat 6500 Supervisor 720 Fabric MSFC3 PFC3A with a s72033-ipservicesk9-mz.122-18.SXF14 IOS). This switch fails to load the IOS image. I’ve read this document:<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/partner/products/hw/switches/ps700/products_tech_note09186a008015bfa1.shtml#catos_ios')">http://www.cisco.com/en/US/partner/products/hw/switches/ps700/products_tech_note09186a008015bfa1.shtml#catos_ios</A><br /><br />And I have some questions about it:<br /><br />- The document talks about RP ROMmon and SP ROMmon, ¿is this only for an older model with MSCF1 or the MSCF3 has two ROMmon too? <br />- In the fourth point of the “Supervisor 720 Recovery Procedure”, it talks about RP Mode. ¿What is this mode?<br />- Will I be able to boot the IOS image from the external compact flash (disk0:)? In another doc I’ve read:<br /><br />“SP bootflash/bootdisk is the location from where the system can load and boot a Cisco IOS Software image.(…). The RP bootflash can also be used as a storage location for Cisco IOS Software images, although the system cannot directly load an image from that location.”<br /><br />Best regards and thanks in advance,<br /> networker99Nov 17, 2009, 6:36am PSTI have 2x VLANS on our ACE appliance, one is in a public DMZ and the other host the private web servers. (public address = 1.1.1.1/24) (private 2.2.2.2/24). How can I allow the two subnets to talk to one another for the purpose of administering the servers in the private part? aqusingh7Nov 15, 2009, 6:16pm PST(this is for administration purposes)Should I connect the ethernet port of the 2950 switch to the console port of the other switches/routers or will this not work? Or is it that I can only connect ethernet ports to other ethernet ports....Because I want to able to manage them without a need for a manual or automatic kvm serial port switch. <br /><br />What is the best physical /logical configuration way to administer them; all at once using telnet ip/hostnames from a central switch?<br /><br />I am not very experienced in this administrative design( its a cisco ccna lab for study purposes)...i access the main switch by hyperterminal directly from console. MOST OF MY WORK IS DONE REMOTELY over the internet through a REMOTE DESKTOP CONNECTION pc ... so I dont have physical access to the devices(routers/switches).<br /><br />thanks 30sharifimrNov 15, 2009, 6:42pm PSTYou would need to connect one of the Ethernet ports on each one of your switches and routers to the 2950 and create an out of band management system. You would then put all the devices in the same subnet including the 2950 and manage them. This way, you can also open one session per device which makes configuration and troubleshooting very easy.<br />HTH<br />Reza aqusingh7Nov 15, 2009, 7:09pm PSThi. thanks for that piece of advice. but how would I create an out of band management system? I have never heard of this term. Do I need special software/equipment or is just how its configured?ganeshh.iyerNov 15, 2009, 8:32pm PSTNo need for special software and all for out of band management system,It's just system through which you can manage network devices without production LAN.The suggestion which was posted itself is called a out of band management system.ganeshh.iyerNov 15, 2009, 8:28pm PSTAgreed with Reza comments,Connect on cable from 2950 switch to other device ethernet port and assign an ip address with common subnet to all device so that you can manage 2950 and other devices which are all connected.<br /><br />Regards<br />Ganesh.H wandering_997Nov 16, 2009, 6:46pm PSTAt first, console port can not be connected with ethernet port, it won't work.<br /><br />If you have to manage your devices through console port, you can use terminal server or console server. <br /><br />And here is a document that introduces cisco terminal server router bundle.<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/prod/collateral/routers/ps259/product_data_sheet0900aecd800f414c.html')">http://www.cisco.com/en/US/prod/collateral/routers/ps259/product_data_sheet0900aecd800f414c.html</A><br /><br /><br />HTH<br />Wandering<br /> lordflasheartNov 17, 2009, 4:41am PSTOut-of-band management is a separate link into your network for management traffic only. Typically, this would be a dedicated management channel (e.g. DSL) to a terminal server which has connections to each network device via console connections. <br /><br />Conversely, in-band management uses the same link as your data, hence if there is any problem on the data link you have lost management as well. <br /><br />HTHu346874Nov 17, 2009, 4:29am PSTI want to create new vlan id but i get message "% Failed to create VLANs xxxx<br />Spanning-tree extend system-id need to be enabled." If i enable that is there going to be any changes or break in spannintree topology.<br /><br />thanks<br />Juha 30 giuslarNov 17, 2009, 4:40am PSTHello Juha,<br /><br />the command <br />spanning-tree extend system-id<br /><br />has an effect on the way the bridge-id for each vlan/instance is created.<br /><br />old way:<br />a different mac address for each vlan taken from internal block<br /><br />same priority value for all vlans<br /><br />new way:= extend systemid<br />use only one MAC but priority is built as<br /><br />base_value + vlan#<br /><br />base_value is a multiple of 4096.<br /><br />bridge-id = priority+ MAC address<br /><br />it changes the bridge-id for each vlan this may change the root bridge in some vlan.<br /><br />But the impact should be limited<br /><br />the reason for this is to avoid to waste MAC addresses.<br /><br />your switch has probably used all internal MAC addresses.<br /><br />Hope to help<br />Giuseppe<br /> ciscokalpeshNov 17, 2009, 1:12am PSTHi,<br /><br />We have 1841 router used as our Data Link router. It has 2 interfaces, one with connection from ISP and other for our local network.<br /><br />We have 2 nos 3750G stackable switches in our stock. <br />Is it possible that we can replace the router with these switches ?<br /><br />Please guide. Thanks in advance.<br />K 30msobier123Nov 17, 2009, 1:18am PST<br />Hi,<br /><br />what is the primary usage for 1841? what do you require? <br /><br />Does the 2 3750 Stackable Switches required by you?<br /><br />Mohamed ciscokalpeshNov 17, 2009, 1:24am PSTHi,<br />Thanks for reply.<br /><br />The primary usage of 1841 router is that - it is our Data Link router. All our sites are connected with Data Links (through ISP).<br /><br />The 2 switches can provide us redundancy if we can replace it. Also we need to configure VLANs in our network for which we need to configure the switches. So if we can replace these switches also as the Data Link router, then we can eliminate the 1841 router from the network.<br /><br />Thanks again,<br />Kmsobier123Nov 17, 2009, 2:12am PSTHi,<br /><br />depending on the type of Interfaces installed on the 1814. for your WAN, and keep in mind that some QoS and Nat features are not supported on the switch. Other than that you can replace and get the benefit of the stacking switches for multiple connections.<br /><br /><br />HTH<br />Mohamed ciscokalpeshNov 17, 2009, 2:27am PSTHi,<br />Thanks for reply.<br /><br />We do not have any Qos and NAT features enabled on this router. I would like to know about the interface configuration.<br />The router has 2 interface configured - FA 0/0 and FA 0/1. I will need to configure 2 interface on this switch as such. How do i do that ? When i go to the interface config mode, i do not get any option to assign IP address to that interface.<br /><br />Please guide. Thanks,<br />K lordflasheartNov 17, 2009, 3:11am PSTHi,<br /><br />Your 3750 should support Layer 3 addresses on the switchports but you must issue the "no switchport" command in order to turn the port into a Layer 3 port. Only then can you add an IP address to that port.<br /><br />Please rate if helpful.<br /><br />Hope it all works well :-) ciscokalpeshNov 17, 2009, 3:36am PSTHi,<br /><br />Thanks for reply.<br /><br />Yes it works ! Thanks.<br /><br />I would configure these switches as stacks. <br />1)<br />One of the gig interface (int-1) as L3 for ISP and other gig interface (int-2) as L3 for internal gateway.<br />In stacks, i will have to configure same 2 ports (int-1 & int-2) on the other switch too ? So that if one switch goes down the traffic will be moving through other switch ports (int-1 & int-2) physically connected on it.<br /><br />2)<br />Can i configure the internal default gateway as vlan1 ip, and then route the traffic from that vlan1 gw to the ISP port configured as L3 port ?<br /><br />3)<br />Is there a need to configure HSRP with stackable switches ?<br /><br />Please guide. Thanks,<br /><br />K<br /> josephdohertyNov 17, 2009, 3:41am PSTAs the other posters have described, you can configure a port to be a routed port (as they also described). As an alternative, you can assign the port to a VLAN and assign it an IP address. Assuming there's only one WAN (Ethernet) connection, one advantage of using a VLAN in a stack configuration, you can configure two different stack member ports for the same WAN VLAN. If the connected stack member fails, just reconnect the patch cable to the other stack member port. (I.e. saves time in getting your WAN back on-line.)<br /><br />BTW, don't forget to route on the 3750 you'll need to enable routing (off by default, I believe).<br /><br />[edit]<br />Just noticed one of your follow up replies.<br /><br />#1 Yes you can config a internal L3 routed port too, but unless you're connecting to another internal router (or L3 switch), internal subnets usually managed by VLANs.<br /><br />The 2nd part of your question is addressed by my original response (above).<br /><br />#2 Yes, although often recommended to avoid using VLAN1 for a user VLAN.<br /><br />#3 Strictly speaking, no because if the active stack master fails the new master will reset or take over the gateway address. However, by default when the new master assumes the IP address the MAC changes. This can confuse hosts that don't repond to the gratious ARP done at the same time. Using a HSRP virtual IP gateway avoids this issue. It also allows you to easily add a backup gateway on another L3 device in the future. ciscokalpeshNov 17, 2009, 4:15am PSTHi,<br /><br />Thanks for the brief reply.<br /><br />You wrote - "If the connected stack member fails, just reconnect the patch cable to the other stack member port." Why not i configure 2 different stack member ports in the same VLAN and connect both to the network such that if one goes off the other is active ? Is that possible ?<br /><br />Thanks,<br />K. josephdohertyNov 17, 2009, 4:36am PSTIt is if you have two such cables (usually not for WAN Ethernet) and you run spanning tree correctly to block the L2 loop.<br /><br />PS:<br />Within a LAN, say to another switch, instead of using STP to block one link, with a 3750 stack you can Etherchannel across stack members.msobier123Nov 17, 2009, 3:29am PST<br />Hi,<br /><br />Login to the Master Switch of the Stack, turn on the switchport to layer-3 port by issuing: (no switchport) Interface level command, and then assign it an IP address. <br /><br />HTH<br />Mohamedkashi_loginNov 15, 2009, 11:47pm PSTHow to monitor Cisco 6500 Native IOS Sw 12.2(18)SXF7 backplane that has all virtual etherchannels for almost each module like CSM, FWSM, WiSM,IDSM etc. 30 rducomblNov 16, 2009, 5:34am PSTyou can use : <br /><br />sh platform hardware capacity fabric<br />or <br />sh catalyst traffic<br /><br />Rolandkashi_loginNov 16, 2009, 6:26am PSTThis would be like manual monitoring. Is there is no automonitoring mechanism ? glen.grantNov 17, 2009, 4:22am PST That would be done with monitoring tools like ciscoworks or solarwinds . Cire71992Nov 16, 2009, 8:03am PSTI have already tried rebooting it and updating to the latest ios (12.2(52)SE - IP-BASE) but I still have access to only the first 8 ports. I have 16 servers connected to these dead ports (all running at 1000 in Auto mode). At least 24 of these dead ports have functioning equipment attached.<br /><br />Thanks<br />Eric 30 iydeNov 16, 2009, 11:00am PSTHi Eric,<br />The only thing that I can think of is that the hardware has been damaged in some way. It sounds like some ASICs have become defective, as often 8 ports are controlled by one ASIC.<br />But I do not have any definitive answer.<br />Did anything special happen when these ports became unresponsive?<br />HTH, Ingolf Cire71992Nov 16, 2009, 11:19am PSTThese are my DR servers. The data center did some "testing and splicing unused fibers" and during that timeframe I lost 40 ports, however, the firewall and vpn are still up along with my APC Remote Controlled power outlets so I was able to telnet into the switch and reset power with the APC but to no avail. I have not done a reset to factory defaults yet ...<br /><br />Eric glen.grantNov 16, 2009, 11:03am PST Usually it will tell you in the log if you have rebooted if there is a hardware error . You can try a "show diag result" and see if the ports show as faulty . If so it's RMA time. What do they look like when you do a show int status " ? Cire71992Nov 16, 2009, 11:49am PST<br />Switch301a>show diagnostic result switch 1<br /><br />Switch 1: SerialNo : Fxxxxxxxxxxxx<br /><br /> Overall diagnostic result: PASS<br /><br /> Test results: (. = Pass, F = Fail, U = Untested)<br /><br /> 1) TestPortAsicStackPortLoopback ---> .<br /> 2) TestPortAsicLoopback ------------> .<br /> 3) TestPortAsicCam -----------------> .<br /> 4) TestPortAsicRingLoopback --------> .<br /> 5) TestMicRingLoopback -------------> .<br /> 6) TestPortAsicMem -----------------> .<br /><br />Switch301a>show int status<br /><br />Port Name Status Vlan Duplex Speed Type<br />Gi1/0/1 connected 1 a-full a-100 10/100/1000BaseTX<br />Gi1/0/2 connected 1 a-full a-100 10/100/1000BaseTX<br />Gi1/0/3 connected 1 a-full a-100 10/100/1000BaseTX<br />Gi1/0/4 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/5 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/6 connected 1 a-half a-100 10/100/1000BaseTX<br />Gi1/0/7 connected 1 a-full a-100 10/100/1000BaseTX<br />Gi1/0/8 connected 1 a-full a-100 10/100/1000BaseTX<br />Gi1/0/9 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/10 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/11 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/12 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/13 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/14 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/15 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/16 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/17 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/18 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/19 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/20 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/21 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/22 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/23 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/24 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/25 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/26 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/27 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/28 <br />....<br />... truncated ....<br /><br />Gi1/0/45 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/46 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/47 notconnect 1 auto auto 10/100/1000BaseTX<br />Gi1/0/48 notconnect 1 auto 1000 10/100/1000BaseTX<br /><br />Port Name Status Vlan Duplex Speed Type<br />Gi1/0/49 notconnect 1 auto auto Not Present<br />Gi1/0/50 notconnect 1 auto auto Not Present<br />Gi1/0/51 notconnect 1 auto auto Not Present<br />Gi1/0/52 notconnect 1 auto auto Not Present<br />Switch301a><br /><br />Thanks, Eric leolaohooNov 16, 2009, 1:57pm PSTHi Eric, <br />When dealing with fibre, I get nervous when someone decides to do some splicing near the live connection. Can you check if the fibres were not terminated incorrectly or left spliced? Cire71992Nov 16, 2009, 2:34pm PSTAll cable work was done outside of our locked rack cabinet. This data center has hundreds of racks. There is only one feed into our cabinet which goes to a switch> firewall> cisco3750. The switch and firewall are both functioning fine. Only the Cisco lost 40 ports.<br /><br />Eric glen.grantNov 17, 2009, 4:21am PST It is certainly suspect when it does not detect any hardware issue and all the ports look normal just in a notconnect state . Take a live good known device and move it to one of the suspect ports and see if it comes up. jmecklenburgNov 16, 2009, 6:12am PSTHi NetPro<br /><br />What's the difference between Cisco IOS<br /><br />12.4<br />12.4T<br />12.4YB<br />12.4XY<br />12.4XE<br />12.4ASDF<br /><br />Regards. 30jgrossNov 16, 2009, 6:49am PSTHi,<br />check out the release notes. This URL is a good starting point.<br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/products/ps6706/prod_release_notes_list.html')">http://www.cisco.com/en/US/products/ps6706/prod_release_notes_list.html</A><br />Bye<br />Jo jmecklenburgNov 16, 2009, 6:56am PSTHi Jo..<br /><br />Thanks for your answer, but this link talk about specific Release, i'am ask for the difference between Major Release. wandering_997Nov 16, 2009, 11:13pm PSThi Javier,<br /><br /><br />I found some information from below link, and you can find more detailed info as you clicking into the sub-links.<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html')">http://www.cisco.com/en/US/products/sw/iosswrel/products_ios_cisco_ios_software_category_home.html</A><br /><br /><br /><br />* Cisco IOS: Cisco IOS Software is the world's premiere network infrastructure software, delivering seamless integration of technology innovation, business-critical services, and hardware support<br />* Cisco IOS XE Software: Software for optimal services enablement used at the Enterprise and Service Provider Edge<br />* Cisco IOS XR Software: The foundation for network and service convergence<br />* Cisco NX-OS: The data center-class operating system for the virtualized data center<br /><br /><br />HTH<br /><br />Wandering<br /><br /><br /> josephdohertyNov 17, 2009, 4:01am PSTIn general, 12.4 is the "mainline" (no suffix) release. 12.4T is the "test" release (which will become the next mainline version - now out and version 15.0 I believe). All the others are special purpose releases which often provide some new feature for software or hardware not found in "mainline" but without all the new features found in "test". To determine actual differences between releases (or even within a version's releases, e.g. 12.4.5T vs. 12.4.20T) you need to consult the feature navigator tool and/or release notes.reymon_012Nov 13, 2009, 11:40am PSTHi All,<br /><br /> Can i know what will be the best design for data center? I will be using 3750G and 3560G. Planning to have 6500 in the future. Btw, what is the best solution in campus enterprise, is it L3 access mode or traditional (Core-Dist)L3 and (Dist-Access)L2? Hope to hear from all of you guys!<br /><br />cheers,<br />reymon 30jon.marshallNov 13, 2009, 12:29pm PSTReymon<br /><br />There really isn't a "best" way to do it because it entirely depends on your requirements and each companies requirements will be different.<br /><br />Similarly with the Campus design. I have designed both ie. L2 access-layer and L3 access-layer and each has it's advantages/disadvantages. <br /><br />It's up to the designer to match the set of requirements to a design that will meet those requirements.<br /><br />Cisco have a lot of design guides at <A HREF="javascript:newWin('http://www.cisco.com/go/srnd')">http://www.cisco.com/go/srnd</A> - it's worth having a look.<br /><br />Jonpaul.matthewsNov 13, 2009, 12:43pm PSTBest design depends very much on what you are trying to do - is your data centre going to be "real" servers, or lots of VMware? If Virtual will you be looking to move the servers around via Vmotion? Will you be adding in features like WAAS or load balancing?<br /><br />Will it be a multi tennant data centre, or just for your own use?<br /><br />If it is a real data centre, you need to be looking at 6500s as a minimum.<br /><br />You need to look at simplifying the L2 topology as much as you possibly can - give spanning tree as simple a job as possible. stacking is good - stackwise on 3750s, VSS on 6500. vPC on Nexus.<br /><br />If doing lots of virtualisation, remember that you may want decent mobility of a VM. That could mean a VM popping up anywhere. That would rule out the use of L3. It also means you need to look at trying to keep uplinks as simple as possible.<br /><br />Using VSS for core switches, and etherchannel can effectively give you a star topology at L2 - even when dual homed. That means nothing for SPT to handle for you.<br /><br />reymon_012Nov 13, 2009, 9:31pm PSTHi Paul,<br /><br /> Thanks for your reply. Here are my answers/inquiries.<br /><br />is your data centre going to be "real" servers, or lots of VMware?<br /><br />- Yes,my data center will have a lots of Vmware. Can I know how Vmotion works? <br /><br />Will you be adding in features like WAAS or load balancing? <br /><br />-We have WAAS right now but I haven't used it. Maybe you can suggest on how to put it on network correctly.<br /><br />If it is a real data centre, you need to be looking at 6500s as a minimum. <br /><br />-So, your meaning to say that 6500 will be minimum instead of using 3560 and 3750?<br /><br />stacking is good - stackwise on 3750s, VSS on 6500. vPC on Nexus. <br /><br />- How is the performance different from stackwise 3750,VSS 6500 and vPC on Nexus?<br /><br />If doing lots of virtualisation, remember that you may want decent mobility of a VM. That could mean a VM popping up anywhere. That would rule out the use of L3.<br /><br />- Can i know what is the meaning of VM popping up anywhere and how L3 will benefit with this?<br /><br />Many Thanks,<br />reymon<br /> iydeNov 14, 2009, 7:59am PSTReymon,<br /><br />No offense, but this sounds to be quite a job for which you'd need a consultant on hand. The amount of your questions and the breath of the inquiry suggests to me that you will end up in big troubles if you do not have a professional consultant on hand. <br />This forum of volunteers can do a lot of helping but in the end we cannot be online full-time and assist in the inevitable problems you will encounter in such a big project.<br /><br />HTH, Ingolfjon.marshallNov 14, 2009, 8:06am PSTReymon<br /><br />I agree with Ingolf on this. Designing a data centre is not a trivial thing at all and just answering your questions in the last post could take about 10 pages !!<br /><br />I posted a link in my original thread to Cisco's design docs for data centres and they include VMWare in these docs. <br /><br />Again, no offense intended, but from the type of questions you are asking it's clear you should either <br /><br />1) do a lot of reading up - ie. see design link<br /><br />OR<br /><br />2) as Ingolf suggests, hire a network consultant that you can work alongside and learn from.<br /><br />Jonpaul.matthewsNov 16, 2009, 1:14am PSTI am now in agreement with the others - GET HELP!<br /><br />I will briefly summarise a few bits though.<br /><br />VMotion basically allows you to move a virtual machine from one physical server to another. That means any physical system that may need to support a particular VM needs to have the VLAN(s) for that VM trunked to it. It reduces the chances of being able to use L3 to the access layer. This is linked to the comment about a VM popping up anywhere.<br /><br />There are lots of options for WAAS - you can insert it inline, you can use WCCP, you can use PBR you can use an ACE to intercept traffic and aim it to the WAE. All of these are design decisions they you need to make based on what services you are offering.<br /><br />If it is a real data centre, then I would not look below a 6500, but the other option - the Nexus 7000 is significantly more. For a small, single tennant data centre the 6500 is probably a better choice.<br /><br />Of course we are all thinking major datacentre - you may be using the term to describe something that is basically a step up from what we used to all a server room.<br /><br />I will repeat the most impoprtant point - get help.<br /> josephdohertyNov 14, 2009, 1:38pm PST"<i>Can i know what will be the best design for data center?</i>"<br /><br />As the other posters have noted, best design depends much on what your data center needs to support.<br /><br />Although I like the 3560/3750 series, the G (gig) copper port varients could be somewhat "lightweight" for a gig bandwidth data center, especially in the core, unless we're dealing with a very small data center. The 3750G-12S model variant, might be best pick within the 3560/3750 series for a core and/or distribution role both for its wire speed performance and its special SDM templates (and additional TCAM resources). BTW, the "big brother" 3560-E/3750-E series offer (about) wire speed performance, and the 3750-E provides StackWise Plus with 2x the bandwidth of the 3750 StackWise along with being more intelligent in how the stack ring is utilized. (NB: 4900 series also offer wire speed and/or high performance.)<br /><br />"<i>Planning to have 6500 in the future.</i>"<br /><br />Such can be a very suitable platform for core and/or distribution; however that's assuming hardware is properly selected (i.e. the best match of supervisor[s] and line cards for your requirements).<br /><br />"<i>Btw, what is the best solution in campus enterprise, is it L3 access mode or traditional (Core-Dist)L3 and (Dist-Access)L2?</i>"<br /><br />Current design vogue is L3 to the edge, but I don't think its advantages always outweighs the additional cost, but here too, much depends on requirements.<br /><br />BTW, I believe a "traditional" design, e.g. 3 tier, somewhat overlooks the capacity of current gen L3 and L2 switches. So once again, depending on your requirments, there might be interesting design possibilities. I.e. don't lock yourself into a traditional design approach just because it's traditional but consider a design, whether tradtional or not, that serves your data center requirements.<br /><br />PS:<br />Also as the other posters have noted, these forums are not really the place to assist someone in designing a data center, if you need additional guidance, you would likely be better served by contracting for it.msobier123Nov 16, 2009, 1:40am PSTReymon,<br /><br />There is difference between Data Center Design & Campus Enterprise design.<br /><br />For Campus Enterprise Design, there are different approaches to achieve what you are looking for. what Hardware is in use? what is the total throughput you are looking for? what is the number of users in the Access layer? Do you require full redundant Dcenario? Do you require Rapid convergence? DO you have QoS requirement?<br /><br />As for L3 and L2 scenarios , Cisco has differnet Approaches and each have some objectives. You could have L3 from the Access layer up to the Core Layer for one option, and the second option is to have L2 Access layer leaving Layer-3 between the distribution and core. Each of those implementation has its own advantages.<br /><br />I highly recommend looking at Cisco Campus Design Guide for more details.<br /><br />HTH<br />Mohamedreymon_012Nov 17, 2009, 3:00am PSThi all,<br /><br /> thanks for your all inputs. appreciate them all.<br /><br />cheers!<br />reymon wandering_997Nov 16, 2009, 10:38pm PSTDear all,<br /><br /><br />I'm encompassed with doubt.<br /><br />There are 2 switches, 3550 is a layer 2 switch, 3560 is a layer 3 switch, PC-1 and PC-2 are connected with 3550.<br /><br />When I applied a MAC ACL on f0/28 of 3550, which is connected with PC-1. I found it didn't work.<br /><br />mac access-list extended test<br /> deny host abcd.abcd.abcd host 1234.1234.1234<br /> permit any any<br /><br />PC-1: abcd.abcd.abcd<br />PC-2: 1234.1234.1234<br /><br />I pinged PC-2 from PC-1, and PC-2 replied.<br /><br />But, when I cleared the ARP entry of PC-2 at 3560, then the ping process was interrupted. It seemed MAC ACL got to work.<br /><br />Why this happened? Please help me. <br /><br />Thanks.<br /><br />Wandering<br /><br /> 30 paluchpeterNov 17, 2009, 12:40am PSTHello Wandering,<br /><br />The reason is that on Catalyst 3550 series switches, the MAC ACL applies only to non-IP traffic. While I cannot fully explain what happened to your network as you are stating that you have cleared the ARP entry on the 3560 switch which appears somewhat strange to me, my first hint is that the MAC ACL did not prevent the IP packets from flowing through the port fa0/28 on your 3550. However, it did prevent non-IP traffic, such as ARP communication, from passing through that port. I suspect that in the meantime, while you were doing other experiments, the MAC address of PC1 has simply expired on PC2 from its ARP cache. After the PC2 sent the ARP Request, the PC1 tried to answer by sending the ARP Response but the MAC ACL blocked it. That is why the PCs could not communicate - not because all frames were dropped from PC1 but rather because the PC2 was unable to resolve the PC1's MAC address.<br /><br />Note that on different Catalyst platforms, the MAC ACLs behave differently. On 2950, for example, they apply to any traffic. The 3550 uses MAC ACLs to filter only non-IP traffic. On 2960 and 3560, the manual also says that they apply only to non-IP traffic but they also allow you to specify the EtherType. I do not know right now what would happen if you had a MAC ACL in place that would match on the Ethertype 0x0800 (the IP).<br /><br />Perhaps this helps a bit. In doubt, refer to the Command Reference for your particular IOS version.<br /><br />Best regards,<br />Peter<br /> wandering_997Nov 17, 2009, 12:54am PSTHi Peter,<br /><br /><br />Thank you very much, I totally agree with you.<br /><br />Yes, the MAC ACL only prevents the ARP traffic, that's enough, although we can configure static arp pair on PCs to skip this setting.<br /><br />There's still some doubts, such as why clearing ARP on core can affect layer 2 communication, and so on... <br /><br />Thanks a lot.<br /><br /><br /><br />Wandering<br /><br /> paluchpeterNov 17, 2009, 2:01am PSTHello Wandering,<br /><br />You are welcome. In my opinion, clearing the ARP cache on the core switch did not affect anything in your case. It probably just coincided with the flushing of ARP cache on PC2 - they just happened to occur simultaneously. Give it another try :)<br /><br />Best regards,<br />Peter<br /> RichardsmaNov 17, 2009, 1:07am PSTHi,<br /><br />I'm seeing the following error on a 4500 running 12.2(46)SG<br /><br />C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Module 5 inline power exceeds threshold: status changed to 'Pwr Over'<br /><br />All the ports on module 5 have "power inline never" applied, in fact the whole switch has POE disabled.<br /><br />I've attached a txt file with the show power detail output.<br /><br />Do I have a problem with the module, backplane ??<br /><br />Thanks in advance.<br /><br /><b>Attachment Keywords : </b> <br />1) power.txt<br /> power.txt123668text/plaintext257911/17/2014no blackswansNov 16, 2009, 11:00pm PSTHi,<br />This sla is failing too much and my route fails very often. How can I tune it? I want it even it misses some ping it can miss some more pings to change the route. Say 15 ping is lost change the route. How can I do that ? <br /><br />ip sla 1<br /> icmp-echo 10.10.10.10<br /> timeout 2000<br /> frequency 3<br />ip sla schedule 1 life forever start-time now<br /><br /> 30 t-yamashitaNov 17, 2009, 12:34am PSTHello,<br /><br />I think that you can't specify a concrete number of times for the ping.<br /><br />I suggest you specify a following configuration.<br />-----------------------------<br />ip sla 1<br /> icmp-echo 10.10.10.10 source-ip x.x.x.x<br /> timeout 2000<br /> frequency 3<br />ip sla schedule 1 life forever start-time now<br /><br />track 1 rtr 1<br /> delay down 10<br />-----------------------------<br />It means it waits another 10sec when ping can't reach to the object.<br />And I recomend that you specify the "sorce-ip" because keep back a flap owing to ping reachs the object going through backup.<br /><br />HTH,<br /><br />TomoyukisysadminicmNov 10, 2009, 9:38am PSTHello,<br /><br />I have two physical network (10.100.0.0/16) and (11.0.0.0/8). A Cisco router route the traffic between these networks.<br /><br />I have a problem on one switch (catalyst 2950) located on the 11.0.0.0/8 network<br /><br />From this switch, I can ping the machine 10.100.1.50 and 10.100.1.52. Arp table shows :<br /><br />Internet 10.100.1.52 0 1111.fde7.ac01 ARPA Vlan1<br />Internet 10.100.1.50 2 1111.fde7.ac01 ARPA Vlan1<br /><br />1111.fde7.ac01 is the mac address of the router interface.<br /><br />If I unplug the router and plug it back, arp tables shows :<br /><br />Internet 10.100.1.52 4 1111.fde7.ac01 ARPA Vlan1<br />Internet 10.100.1.50 3 2222.0fff.939b ARPA Vlan1<br /><br />2222.0fff.939b is the mac address of the 10.100.1.50 machine.<br /><br />Then I cannot ping 10.100.1.50. I have to clear the arp cache to be able to ping the machine again. <br />What can I conclude ?<br /><br />I don't have this problem with all the other switch located on the 11.0.0.0/8 network.<br /><br />Thanks for your help<br /><br />Chris. 30 giuslarNov 10, 2009, 10:38am PSTHello Chris,<br />it looks like the switch is relying on proxy-ARP provided from router.<br /><br />verify if it has an interface in net 10.100.0.0/16<br /><br />if only ip address is in 11.0.0.0 it shouldn't have ARP entries for two IP hosts like 10.100.1.50.<br /><br />when you remove the router and the switch performs new ARP requests for these IP addresses somebody else answers.<br /><br />check if it has a L2 interface on 10.100.1.0 subnet.<br /><br />the root cause is that it shouldn't perform these ARP requests if its management IP address is in net 11.0.0.0/8.<br /><br />verify if its network mask is 254.0.0.0 instead of 255.0.0.0 that would make it think those IP hosts are in the same network and would lead it to perform ARP requests for them<br /><br />Hope to help<br />Giuseppe<br />sysadminicmNov 13, 2009, 7:53am PSTThank you Giuseppe,<br /><br />Management IP and netmask are OK. <br />As soon as I remove the router the switch performs a new arp request for all the IP in the arp cache ? <br />Is this a default behavior for any cisco switch ?<br /><br />Chris giuslarNov 13, 2009, 9:24am PSTHello Chris,<br />there is a line like <br />ip default-gateway x.x.x.x?<br /><br />I mean is the switch configured with ip routing off+ ip default-gateway or is ip routing enabled?<br /><br />this happens if you see a line like<br />ip routing<br /><br />By comparing configurations of two different devices you can see if there are differences.<br /><br />As I've noted in my first post the device shouldn't make ARP requests for IP addresses that are not in its major network.<br /><br />But if ip routing is off and no default-gateway is configured it should not be able to reach other subnets.<br /><br />if ip routing is enabled and the netmask is correct it shouldn't make those ARP requests.<br /><br />Hope to help<br />Giuseppe<br /><br />sysadminicmNov 16, 2009, 7:58am PSTNo there isn't a default-gateway.<br /><br />On the other switchs, at the beginning of the configuration files, there are three command.<br /><br />spanning-tree mode pvst<br />no spanning-tree optimize bpdu transmission<br />spanning-tree extend system-id<br /><br />I don't have these three lines on the switch with problems. Can it be related ?<br /><br />I try to enter these lines on the switch but I can't. If I do "a spanning tree ?" I only receive :<br /><br />backbonefast Enable BackboneFast Feature<br />portfast Spanning tree portfast options<br />uplinkfast Enable UplinkFast Feature<br />vlan VLAN Switch Spanning Tree<br /><br />No mode choice.<br /><br />Strange.<br /><br />Chris giuslarNov 16, 2009, 9:18am PSTHello Chris,<br /><br />post a sh ip route of the switch<br /><br />if there is no default gateway and ip routing is turned off this can be an explanation of the different behaviour of this switch.<br /><br />the other commands are related to spanning-tree protocol and cannot influence TCP/IP stack behaviour.<br /><br />clearly this switch should support only pvst and so doesn't support the mode option.<br /><br />Hope to help<br />Giuseppe<br /> Cire71992Nov 16, 2009, 9:24am PST10.x is private ip<br />11.x is internet<br /><br />are these just examples?sysadminicmNov 17, 2009, 12:24am PSTYes they are.sysadminicmNov 16, 2009, 11:51pm PSTHi Guiseppe,<br /><br />There is no sh ip route command.<br /><br />I have another 2950 switch that support the mode option, why ? Here are the result of show version for both switches.<br /><br />The one that doesn't support the mode option :<br /><br />Cisco Internetwork Operating System Software<br />IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(6)EA2a, RELEASE SOFTWARE (fc1)<br />Copyright (c) 1986-2001 by cisco Systems, Inc.<br />Compiled Thu 27-Dec-01 15:01 by antonino<br />Image text-base: 0x80010000, data-base: 0x8042A000<br /><br />ROM: Bootstrap program is CALHOUN boot loader<br /><br />SW01.M.ICM46.ORG uptime is 3 weeks, 6 days, 18 hours, 25 minutes<br />System returned to ROM by power-on<br />System restarted at 14:07:24 CET Tue Oct 20 2009<br />System image file is "flash:c2950-i6q4l2-mz.121-6.EA2a.bin"<br /><br />cisco WS-C2950G-24-EI (RC32300) processor (revision B0) with 21299K bytes of memory.<br />Processor board ID FOC0623W0WE<br />Last reset from system-reset<br />24 FastEthernet/IEEE 802.3 interface(s)<br />2 Gigabit Ethernet/IEEE 802.3 interface(s)<br /><br />32K bytes of flash-simulated non-volatile configuration memory.<br />Base ethernet MAC Address: 00:09:E8:6D:DB:C0<br />Motherboard assembly number: 73-7280-04<br />Power supply part number: 34-0965-01<br />Motherboard serial number: FOC062305DV<br />Power supply serial number: DAB062145EZ<br />Model revision number: B0<br />Motherboard revision number: B0<br />Model number: WS-C2950G-24-EI<br />System serial number: FOC0623W0WE<br />Configuration register is 0xF<br /><br />The one that supports the mode option<br /><br />Cisco Internetwork Operating System Software<br />IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(22)EA2, RELEASE SOFTWARE (fc1)<br />Copyright (c) 1986-2004 by cisco Systems, Inc.<br />Compiled Sun 07-Nov-04 23:14 by antonino<br />Image text-base: 0x80010000, data-base: 0x8055E000<br /><br />ROM: Bootstrap program is C2950 boot loader<br /><br />SW01.A.ICM46.ORG uptime is 2 weeks, 3 days, 18 hours, 4 minutes<br />System returned to ROM by power-on<br />System restarted at 14:31:02 CET Fri Oct 30 2009<br />System image file is "flash:/c2950-i6q4l2-mz.121-22.EA2.bin"<br /><br />cisco WS-C2950T-24 (RC32300) processor (revision R0) with 21055K bytes of memory.<br />Processor board ID FCZ0909Y0JD<br />Last reset from system-reset<br />Running Enhanced Image<br />24 FastEthernet/IEEE 802.3 interface(s)<br />2 Gigabit Ethernet/IEEE 802.3 interface(s)<br /><br />32K bytes of flash-simulated non-volatile configuration memory.<br />Base ethernet MAC Address: 00:13:1A:FD:40:C0<br />Motherboard assembly number: 73-6114-10<br />Power supply part number: 34-0965-01<br />Motherboard serial number: FOC090438UQ<br />Power supply serial number: DAB09010EE6<br />Model revision number: R0<br />Motherboard revision number: A0<br />Model number: WS-C2950T-24<br />System serial number: FCZ0909Y0JD<br />Configuration register is 0xF<br /><br />Thanks again for your help.<br /><br />Chris<br /><br /> giuslarNov 17, 2009, 12:06am PSTHello Chris,<br /><br />the IOS version is quite older on first device<br /><br />System image file is "flash:c2950-i6q4l2-mz.121-6.EA2a.bin" <br /><br />second<br /><br />System image file is "flash:/c2950-i6q4l2-mz.121-22.EA2.bin" <br /><br />this is newer<br /><br />this makes the difference<br /><br />Hope to help<br />Giuseppe<br /> chandru.jNov 17, 2009, 12:02am PSTHi,<br /><br /> While testing failover with 6509 VSS switch.If we shut down the primary switch traffic going fine.when we making up the primary switch again.The secondary switch is restarting. netbeginnerNov 16, 2009, 10:01pm PSTHello, <br /><br /> We having 7206 VXR NPE300 router, which is not booting up. bootflash & Flash memory card suspected to be corrupt. router is in rommon mode. <br /><br />router is not supporting XMODEM pr TFTPDNLD command. please suggest to recover router ...<br /><br />urgent help reuired. 30 iydeNov 16, 2009, 11:27pm PSTHi Sam.<br />If you do not have XMODEM or TFTPDNLD command available then your only option might be to use another router of the same model (NPE300) and make a set of new flash devices ready in that one and then move them to your faulty one.<br />I do not have access to a C7206 NPE300 so I can't verigy, but aren't here any commands to do a download to flash when you are in ROMMON - perhaps just named in another fashion?<br />HTH, Ingolf joebenzNov 16, 2009, 3:52pm PSTI have many IE3000s running 12.2(52)SE. It looks like by default it is configured with:<br /><br />snmp-server community public RO<br />snmp-server community private RW<br /><br />I don't want these strings configured, so I do "no" statements for both, write mem, reload, and they still show up in the running-config. However, if I do a "sh start", these commands are not there. Is this a bug? Anybody seen this issue before and know how to fix it? I don't see anything in the Bug Toolkit 30 iydeNov 16, 2009, 11:23pm PSTHi Joe.<br />Sounds like a bug. You should open a TAC case to get it verified.<br />HTH, Ingolf mooreraNov 16, 2009, 1:34pm PSTI have a 877W router that we use for home users that have multiple SSIDs (one for home use, one for work). The SSID is broadcast, but the Acer Aspire One Netbook doesn't reliably see this VLAN, but other devices in the house does. ACER says it is not the netbook.<br /><br />I'm looking for a good troubleshooting document on this sort of problem, or any commands that make wireless connectivity more fully proof for all NICs.<br /><br />Thanks 30 iydeNov 16, 2009, 11:15pm PSTRandy,<br />I'd say that the fact that all other equipment does work fine but the Acer does not is pointing as a smoking gun towards Acer.<br />Try upgrading the driver of the NIC of the Acer to the newest version to see if that helps.<br />HTH, Ingolf bapatsubodhNov 16, 2009, 2:42pm PSTName Blocking Listening Learning Forwarding STP Active<br />---------------------- -------- --------- -------- ---------- ----------<br />21 vlans 4 0 0 127 131<br /><br />This is the some of the output of <br />show spanning-tree summary total.<br />What does this indicates?<br />We have in all 21 VLAN configured on this switch. Are these numbers too drastic as I have no idea about what these numbers indicate. ( Forwarding and STP active )<br />Please share the experience.<br />Any link on cisco.com is highly appreciable.<br />Thanks in advance.<br />Subodh 30ganeshh.iyerNov 16, 2009, 7:20pm PSTFollowing output specifies in your switch 21 vlans are configured out of which 127 ports are in forwarding state,4 are in blocking state and on 131 ports stp is active.<br /><br />Regards<br />Ganesh.H anserkhanNov 16, 2009, 11:11pm PSTI think this output belongs to the ROOT BRIDGE.<br /><br />Check which vlans are in the blocking state by:<br /><br />#show spanning-tree summary<br /><br />May be some on your Vlans are in " *PVID_Inc " check by giving the following commands:<br /><br />#sh spanning-tree vlan 1 (check those vlans which are in blocking state)<br />&<br />#sh spanning-tree inconsistentports<br /><br />Can you post with the outputs?<br /><br />Regards,<br />Anser medanNov 16, 2009, 10:51pm PSTHi,<br /><br />Has anyone using IOS 12.2(44)SE2 for Catalyst Switches ever notice that "show version" output is strange?<br /><br />It shows the DRAM usage as "with 0K/12280K bytes of memory." and doesn't show the FLASH at all.<br /><br />TIA<br />Dandy<br /> ')