Search this Blog

Thursday, June 30, 2011

How do you disable DHCP in a Cisco 1841 Router?


We are moving from peer-to-peer to Client-Server. We are installing MS Small Business Server 2011 that needs to provide DHCP services: How do you disable 1841 DHCP server using SDM ?
Help file reads: "...click Additional Tasks on the Cisco SDM category bar, click DHCP, and configure..." but Additional Tasks button is inop.
Router ip = 192.168.1.1, SBS server ip = 192.168.1.2

In SDM you can enter CLI commands and they will be sent to the router. Please click here for more information on SDM configuration.
To disable DHCP the CLI command is: no service dhcp.

Also you can specify the IP address of the server that will be using as the DHCP server. Go to the interface that you will be connecting your clients and type:
config-if)# ip helper-address 192.168.1.2
Where 192.168.1.2 is the DHCP server.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, June 28, 2011

How do you design a EOBC dual channel in 6500?


We have had hardware fault issue with EOBC primary channel, so we are planning to architect with EOBC dual channel. Is this possible? Is there a qualified EOBC dual channel included in the supervisor 32 engine, WS-X6848 line card, etc.

On a 6500 EOBC is a bus, located on the chassis and every line card has a connection to this bus.
Troubleshooting errors with EOBC can sometimes be challenging as we cannot isolate which line card is causing EOBC problems.

When you look at Nexus 7000 - EOBC there is a full duplex one to one connection between the line card and the supervisor. So if there is a problem with one module jamming EOBC - it will not effect other modules.

On the 6500 EOBC will continue to be a shared bus (on a 6500).


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, June 23, 2011

Is mixed feature sets in 3750 stack fully supported?


Can you please clarify what is supported in terms of running a mixed feature set in a Cisco 3750 switch stack.
We are looking at setting up a stack consisting of 5 x 3750V2 and 2 x 3750G. Due to a requirement for full EIGRP we need the IP Services feature set. Is it a supported configuration to run with 2 or 3 switches running the IP Services feature set as stack masters and the others running IP Base? We understand that if stack master priorities were set these switches with the higher feature set could manage the stack and offer IP Services accross the stack. If we were to lose all of the switches running IP Services the stack would drop back to IP Base.

What is the supported configuration that does not breach any license policies? Is this likely to cause any problem other than above now and for future IOS releases?


The Cisco StackWise technology requires that all units in the stack run the same release of Cisco IOS Software. When the stack is first built, it is recommended that all of the stack members have the same software feature set - either all IP Base or all IP Services. This is because later upgrades of Cisco IOS Software mandate that all the switches to be upgraded to the same version as the master.


Please click here for a white paper from Cisco that provides an overview of the Cisco® StackWise™ and Cisco StackWise Plus technologies and the specific mechanisms that they use to create a unified, logical switching architecture through the linkage of multiple, fixed configuration switches.



Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, June 21, 2011

% Remove layer 3 binding first - how to remove "no pri-group"


We are trying to remove "no pri-group timeslots 1-24 service mgcp" on a Controller T1 from a 2621MX Router IOS 12.3(11)T and i'm getting "% Remove layer 3 binding first". Can you please let us know the steps?

This is the Controller T1 config

controller T1 1/0
shutdown
framing esf
linecode b8zs
pri-group timeslots 1-24 service mgcp

The following should work

int s0/0/1:23

3825-A(config-if)#no isdn bind-l3 ccm-manager
3825-A(config-if)#contr t1 0/0/0
3825-A(config-controller)#no pri
3825-A(config-controller)#

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, June 20, 2011

How do you connect MPLS Over EThernet Xconnect More than two sides


We have a Site Headquarters and 2 Customer Sites. The lan network Site Headquarters is: 192.168.0.0/24 Vlan 30 and we need extended this lan to our two sites Costumer A and B.

We tried do this with command below -

int f0/0.30
encapsulatio dot1 30
xconect 2.2.2.2 20 encapsulation mpls
xconect 3.3.3.3 30 encapsulation mpls

The problem is that xconect 3.3.3.3 30 overrides xconect 2.2.2.2 20

Can you please recommend the right topology configuration?


EoMPLS (what you have) is a point to point technology. So you can create pseduwires between 2 sites only.

To connect more than 2 locations at L2 you need VPLS which is supported only on some specific platforms with specific hardware.

Please click here (Cisco credentials required) for more Cisco documentation on EoMPLS


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Saturday, June 18, 2011

Software Version license is missing. Call Manager Service will not start. Please upload SW Feature license file.


We upgraded our environment from CUCM Version 8.5 to CUCM Version 8.6 (virtual HW) and have seen that on UCM startup page the SW Feature license is missing:

"Software Version license is missing. Call Manager Service will not start. Please upload SW Feature license file."

The software is a demo license.

Demo SW feature licenses don't survive upgrades. You need to do a fresh install of 7.0.2 or purchase the lab SKU from Cisco for actual licenses that will survive upgrades."


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Friday, June 17, 2011

How do you change hardware (WS 6509) on a VSS


We need to change two blades from our WS-6509-Es, which are configured in VSS and is in production. The blades that will replace the old blades are a different kind, we will exchange two WS-X6704-10GEs for two WS-X6748s. Do we need to reload the chassis after the hardware change in order to compile a new running-config? Or, since the blades are hot swappable, will the supervisor engine take care of this without reloading?

6500 support OIR without reloading the system, this is independent of operational mode - VSS or Standalone. If this modules will be removed from production network then you may want to follow best practice to minimize data loss with OIR process. Refer to Catalyst 6500-E Linecard Module Recovery Analysis section in Chapter 4 of following Design Guide. Please click here for the guide.

Also you do not need to reboot the switch. If you are putting the 6748 in the 6704 slot, you need to provision the new module. Please click here for more details.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, June 16, 2011

ME3400 configuraion- what is the difference between police and rate-limit


While configuring an ME3400 for the first time, we noticed that the physical interfaces offer the ability to enter a 'rate-limit' command. There is also the option to configure policing within a 'policy-map' and attach that to an interface using the 'service-policy' command. What is the difference between the two, if any? If there is no difference, then why does 'rate-limit' offer more flexible BC options (1000-512000000) than the policy-map 'police' option which imposes a 1Mb burst limitation?

Cisco recommends using the modular QoS CLI features when possible to implement quality of service in your network. Use class-based policing through the police command in a service policy to implement rate limiting without buffering or queuing. Avoid using CAR, for which no new features or functionality is planned.

Please click here for more information on comparing Class-Based Policing and Committed Access Rate

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, June 15, 2011

How do you enable Telnet on Switchports - CAT 3560


We are using a Catalyst 3560 POE 8 switch to terminate our metro internet connection.
We have our external stuff setup on VLAN 999 on F0/1, and our internal stuff is on VLAN 666 on F0/2 and F0/3. We recently realized that our VLAN 999 (which is exposed to the internet) also has telnet enabled. We need to shut that down. But we also need to retain telnet access from the inside.

Can we get ssh working on this switch? It doesn't have a crypto load. Our question is "how can we enable telnet on some switchports or VLAN's (F0/2, F0/3, VLAN 666), and disable it on others (F0/1, VLAN 999)? Is that possible?

Please follow the steps below

Under line vty 0 5
You can invoke a standard ACL using
access-class in xx
access-list xx permit 10.66.66.0
The ACL can specify the IP subnet associated to the inside Vlan

The switch may have more vty lines then 0 - 5 be aware of this. Also consider configuring on all of them for your safety.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, June 14, 2011

CiscoWorks LMS 3.2 Campus Manager missing a switch


We have a problem with Campus Manager on LMS 3.2, it all worked fine until we had a failure with the supervisor on one of the 6500 switches, since it was replaced the switch is not available CM.

The switch is in Common Servers and RME and the credentials test fine but it isn't in CM. The databases are set to auto, initially afterward it appeared as an unmanaged device in CM, I added it but nothing happened. I've also removed it from Common Services and rediscovered and it appears in CS but still not in CM. On the topology diagram all of the connections from other switches to the 6500 are displayed as vertical grey lines with nothing on the other end.

CDP works fine and they have a older copy of LMS 3.0 which shows the switch fine. To me it looks like the CM and DCR databases are out of sync.

LMS = 3.2
CM = 5.2.0
Common services = 3.3

Given that you're still on CM 5.2.0 you may be seeing a bug where Data Collection does not complete. You should consider upgrading to LMS 3.2 SP1 (downloadable from Cisco.com), then run a full Data Collection and see if the missing switch shows up.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, June 13, 2011

Using the BGP ASN from multiple locations


Can the same AS number be used by a organization at two different sites to peer with two different ISPs?

The scenario is as per what is shown below:

ASN 1111-a (100.100.100.0/24)---ASN XXX---ASN YYY---ASN 1111-b (200.200.200.0/24)

The AS number is 1111. The organization using it at location A to advertise network 100.100.100.0/24 to the ISP peer. At location B the organization is is using the same ASN to advertise 200.200.200.0/24 to another ISP. There is no peering between the two AS 1111 routers as they are physically separated.

It is very common for a single organization to have multiple routers running BGP to route with several different iSPs. In this case the organization will use the same AS number on each of its routers running BGP.

Note that when the organization does this there should be a BGP session between the organization's own routers (running IBGP between its routers). It does not matter that they are physically separated - the organization's routers should run BGP between its own routers.

You need to advertise separate public ip address blocks out of the two sites.
If you try to advertise something more specific that a /24 you may have problems with summarization of your routes at the ISP level.
So it can work in real world if you have at least two /24 public ip address blocks registered with your AS number

Without knowing the details of the remote site routes it is difficult to say what is happening when something goes wrong. The BGP rule that says an AS will not accept routes that have it's own ASN in the route

This can be overriden with the command neigh x.x.x.x allowas-in #times

where x.x.x.x is the ISP neighbor

You can still run an iBGP session between the two sites using the public ip addresses over the ISP links just to get the details of routes on the other site.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, June 8, 2011

Top 5 Tech Support questions on Cisco System's products - Weekly Update May 30th


The most actively discussed Tech Support questions on the web for Cisco System's products (Week of May 30th 2011)
  1. Can you include the boot sequence for SUP7-E upgrading ROMMON
  2. WS-SVC-AGM-1-K9 What is the product Migration Option?
  3. How do you connect a modem-2950-2 gateway/firewall appliances
  4. Cisco switch 10Mb port and trunk question in 1900 series
  5. FWSM and IDSM-2 with Sup-720 BackPlane question


Cisco 2621xm Bootstrap Upgrade


Can we upgrade the bootstrap of our 2621xm so that we can upgrade it to latest IOS and for the 256mb ram to be used instead of 128mb?

Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-JS-M), Version 12.2(16), RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2003 by cisco Systems, Inc.
Compiled Fri 07-Mar-03 01:45 by pwade
Image text-base: 0x8000808C, data-base: 0x8145B328

ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)

The system bootstrap (rommon) resides in boot ROM, ie. it cannot be erased or re-programmed but it should be replaced instead (it is socketed). For the 256MB RAM you need 12.2(8r) version (you currently have 12.2(7r) version). The rommon could be ordered from Cisco (either separately or with the RAM upgrade). But as these devices reached EOL & EOS stage, I really doubt this would be an option now.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Sunday, June 5, 2011

How many number of GRE Tunnels are supported on Cisco 2811?


We are in planning phase of a network design, wherein it is required to setup a network comprising of Cisco 2811 as WAN edge routers. We need to understand that how many GRE and IPSec tunnels supported by this platform.

By default the Cisco 2811 supported 200 vpn connections with k9 bundle. If you want to use more than 200 connections then you need to insert additional AIM module. There is a finite resource limit to number of tunnels that can be supported, but you're much more likely to run into platform capacity/performance issues before you hit the limits of number of tunnels that can be defined. If fact, if your tunnel(s) will use Ethernet interfaces, one tunnel could be too much (as is the case with the FastEthernet interfaces too). NB: if the tunnel needs to fragment packets, this too will place additional load on the router.

IPSec tunnels further increase load, and if there are enough of them, the load of supporting key exchange, alone, can overtax the router, i.e. even without any user traffic passing across the tunnels. NB: BTW, if supporting IPSec, there might be a hardware option to enhance performance beyond what the on-board crypto module supports.

You can check Interface Descriptor Block (IDB) on the router by using a "show idb" command.

There are two main types of IDBs:
Hardware IDBs (HWIDBs)
Software IDBs (SWIDBs)

A tunnel interface(GRE) consumes an HWIDB plus one SWIDB per tunnel. So you can create as many as the software can handle. Just check it by using the command I told you.

Please click here for more information on Maximum Number of Interfaces and Sub interfaces for Cisco IOS Platforms: IDB Limits.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, June 2, 2011

ISR 2921, memory leak, process *Dead* holding more than 1MB of memory


Got problem with 2921, it was restarting 2 times automatically(the second time it went down for couple of minutes, only power LED was active, all others down, it repairs from that state without any interaction), after that it is operating normally about 5 day now, but I was restarting it manually, during that time. I was analyzing statistics, before load and after load with cisco output interpreter, and found that after load its '*Dead*' process is holding more than 1 MB of ram. This is cisco output interpreter output:

WARNING: The process '*Dead*' is holding more than 1 MB of memory.
This is considered to be high, and indicates a possible memory leak. The 'Dead'
process is not a real process. It only accounts for the memory allocated under
the context of another process which is terminated.
TRY THIS: If a memory leak is detected, and the 'Dead' process seems to be consuming
the memory, issue the "show memory dead" command from your device, and analyze
which process consumes more memory. To do so, look at the "What" section of
the output. This problem can also be caused due to a Cisco IOS Bug. Review the
Bug Tool Kit for potential bugs and upgrade the device with the latest version
of Cisco IOS software. If the problem persists, open a service request with Cisco
at Service Request Tool.

It can be normal to see the Dead process holding memory. The Dead process is simply a holding area for memory that was allocated by a process that was released and the memory is still being used. A good example of Dead memory usage is when you telnet into a router, make a config change then kill the telnet session. When you initually telnet into the router a Virtual Exec process is created to deal with the telnet session. While telneted in, if you go into config mode and increase the logging buffered to say 10mb then 10mb of memory will be allocated for the log. The allocation happened under the Virtual Exec process (a show mem proc would show Virtual Exec holding 10mb). When the telnet session is killed, the memory allocated by Virtual Exec is still needed, therefore the 10mb is moved to the Dead process and the Virtual Exec process is removed. Now, if the router is rebooted, the 10mb allocated for the Log will now show up under the Init process (Init allocates memory when the router is booting).

Seeing 1mb in Dead is nothing to be concerned about. If you saw 30mb or more then it may warrant a closer look. As far as the router rebooting, a show version will tell you when the last reboot occurred and the reason for it. If it was a crash, you should see the reboot reason be something like "Bus error" or "Segv". A crash should also result in a crashinfo being produced and saved to the flash.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

NAT table in an RV 120W? (Equivalent of hosts file)


We are trying to administer the small biz network for the satellite office we work out of. We're using an RV120W Small Business router. The problem we have is that when people visit the office from our main site, their Outlook connections won't work because they're set up to use a local server address, since usually they're on the same LAN as the email server. The server is externally accessible, so all we need to do is set up an entry in their hosts file translating the network alias (server.local) to the external IP. However, this is obviously pretty time consuming and requires them to switch it off whenever they're back on the main site. Is there a way to do it automatically in our router instead? Unfortunately though, we can't seem to find what this might be called anywhere. Is there an equivalent of the hosts file, or a DNS table, or something like that?

The clients are going to see the router as their primary DNS server. All DNS query requests will first be sent to the router. the router will resolve for the mail server to it's INTERNAL IP address. For all other queries( for eg hosts trying to reach google.com) will be forwarded by the router to the 10.10.10.10 DNS server. Here is how you can configure your router for this:

1. Ip dns server
2. Ip host 10.10.20.1 -------------mapped the domain name to the IP address
3. Ip name-server 10.10.10.10 ------------set the previously configured DNS as the forwarding address
4. Ip domain look-up

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, June 1, 2011

Trunking commands on Catalyst 2950 ver 12.1


We have a Cisco 2950 with a trunk link which reads as follows.

interface FastEthernet0/4
switchport mode trunk
switchport nonegotiate
speed 100
duplex full

1) Why does the encapsulation method not show?
2) When we try to place the same configuration on a 3560 we have to specify the encapsulation method before it will let me configure the port as a trunk.. and when we show the running config is shows encapsulation method in the running config unlike the 2950.. why the difference? and is there any functionality difference?
3) Why does the native VLAN not show under the running config on the 2950?

1) The encapsulation method does not show because the 2950 (along with the 2940, 2955 and 2960) support only Dot1Q.

2) Also 3560 and the rest of the 3XX0 series switches will support both Dot1Q and ISL. In both switches, enter the command "sh interface capabilities" and look under "Trunk encap. type:".

3)The native VLAN does not show because vlan 1 is the default vlan. If you change the native vlan 1 to a different number, it will then show up in the config
have a look at below config from a 2950 switch I have changed vlan 1 to native 20

Current configuration : 129 bytes
!
interface FastEthernet0/25
switchport trunk native vlan 20
switchport mode trunk
no ip address
spanning-tree portfast
end

Management-Switch(config-if)#

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */