Search this Blog

Friday, September 30, 2011

How do you configure vlan routing through 871 router

We have a 2960 switch with three vlans connected to an 871 router. Vlan10 for servers, Vlan20 for workstations and Vlan30 for testing purpose. How can we get all three Vlans to go out the internet and have Vlan's 10 and 20 to talk to each other.

You need to do two things.

1) Configure the port on the SWITCH you are using to link to the router as a trunk port, encapsulation 802.1q and allow the required VLAN's - the following command should do it

conf t
int
switchport mode trunk
switchport trunk allowed vlan 10,20,30
end
copy run start

Enter your interface number as appropriate

2) Configure the port on the ROUTER you are using to link to the switch with some sub interfaces in dot1q mode by doing something like this (I've assumed you're using interface f0/1 - put in the one you're actually using).

conf t
int f0/1.10
encapsulation dot1q 10
description VLAN 10 Servers
ip address

exit
int f0/1.20
encapsulation dot1q 20
description VLAN 20 Workstations
ip address

exit
int f0/1.30
encapsulation dot1q 30
description VLAN 30 testing
ip address

end
copy run start

Again, use your own interface designation - this means you only have to run one connection between router and switch.

You may also have to fiddle with routing tables/NAT configurations if you are using your router to do NAT for your internet connection.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, September 29, 2011

How do you configure more private vlans on a Cisco 3750G switch

We configured a Cisco WS-3750G-24 Port as transparent mode on VTP version 2.It only allows for 1005 vlans. Is there a tool that can we use to configure more Vlans on the device,do we need to upgrade the software?

3750 support 1005 vlans (both normal and extended range). You can use extended range 1006-4094 IDs for vlans but you cannot have more than total of 1000 vlans on your switch. Consider usind "sdm prefer" if have many vlans and no routing.

If you want to configure more than 1000 vlans cisco catalyst models are 6500, 4500, 4900, 4849 and nexus 7k,5k, 3k.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, September 28, 2011

What are the differences between clear arp-cache and clear ip arp


We had an instance where a piece of equipment failed that was connected to our 6509 switch. When we replaced the unit with same make and model, the device could not ping outside the VLAN. We performed a sh arp and then a sh mac-address-table | i . The MAC address was from the original unit, so we did a clear arp-cache and then a clear mac-address-table dynamic interface . The switch still showed the original mac address and not the new one. We have a Catalyst 3750 hanging off of the 6509, the 3750 can't ping it as well until we do a clear arp-cache. Once we do that, the 3750 can ping the spare device but not the 6509. After troubleshooting some more, we did a clear ip arp on the 6509 and then we were able to ping the new device. But when you do a show ip arp and a show arp, it looks like the same table. What are the differences between the clear arp and clear ip arp? And would adjusting the arp timeout work in this case or should we just perform a clear ip arp whenever a device goes down when we replace it?

++ show arp will show you your Ethernet/ARPA/MAC addresses which are mapped to IP addresses for the hosts
which have previously ARPed your router.

++ They basically display the same info. The show arp will show you not only your IP-MAC, but other L3-MAC addresses, e.g. Appletalk.

++ While show ip arp , will by definition show you only your IP-MAC bindings.

Please click here for documentation on IP Addressing commands


++ Clear arp & clear ip arp removes the output of show arp & show ip arp respectively

clear ip arp

++ By default the arp timeout is 4 hours and mac address table timeout is 300 seconds.

++ when you issued clear arp-cache/clear arp/clear ip arp, the relevant arp table output should clear.

In addition to clearing the ARP cache, the clear arp-cache causes the particular device to send a gratuitous ARP reply regarding its own address - usable if for whatever reason, the MAC address of the device changes. The clear ip arp does not send gratuitous ARPs.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, September 22, 2011

How to build a stack WS-C3750X-24S-E and WS-C3750X-24T-L?

We have a problem with a stack // two switches.

WS-C3750X-24S-E & WS-C3750X-24T-L

Both switches have the same IOS.


WS-C3750X-24S-E
**********************
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3750X-24 15.0(1)SE C3750E-UNIVERSALK9-M

WS-C3750X-24T-L
*********************
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C3750X-24S 15.0(1)SE C3750E-UNIVERSALK9-M

The reason for the problem is different major version

*Mar 1 00:00:25.358: %STACKMGR-5-MAJOR_VERSION_MISMATCH: Major Version Mismatch (Local 1 - Received 6) with neighbor-0
*Mar 1 00:00:25.358: %STACKMGR-5-MAJOR_VERSION_MISMATCH: Major Version Mismatch (Local 1 - Received 6) with neighbor-1

WS-C3750X-24S-E
**********************
Switch Master/ Mac Address Version Current
Number Member (maj.min) State
-----------------------------------------------------------
1 Master 0007.7d3c.b280 1.46 Ready

WS-C3750X-24T-L
*********************
Switch Master/ Mac Address Version Current
Number Member (maj.min) State
-----------------------------------------------------------
1 Master 44d3.ca7d.1000 6.46 Ready


How can we upgrade the WS-C3750X-24S-E to the same major version??

We would recommend to stay away from 15.0(1)SE IOS. It's got a memory leak like you can't imagine.

Try to use the 12.2(58)SE2 and see if you have the same issue.

Looks like one of your switch's product code ends with an "L". This model has an IP Base License while the other model with the "E" has a higher license and this could be the issue.


The Cisco Catalyst 3750-X Series Switches with LAN Base feature set can only stack with other Cisco Catalyst 3750-X Series LAN Base switches. A mixed stack of LAN Base switch with IP Base or IP Services features set is not supported.
Please click here for Cisco documentation.

You can upgrade the LAN Base to IP Base on the WS-C3750X-24T-L. it will work. All the other switches in stack should have the same ip base license and IOS. Click here to download the Licensing document from Cisco.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, September 19, 2011

DSCP to COS map (table-map) on Nexus 7000


We have an application that is marking using DSCP values. All of the switchports are configured for Layer 2 and we would like to leverage queuing.
As we understand it, DSCP is useless for queuing as it only cares about COS. So we started to create a table-map.

However when we try this on the actual Nexus (running 5.1.4) and this is what we get:

test1(config)# policy-map qos_apps
test1(config-pmap-qos)# class
class-default qos_apps type
test1(config-pmap-qos)# class qos_apps
test(config-pmap-c-qos)# est ?
^
% Invalid command at '^' marker.
test1(config-pmap-c-qos)# set ?
cos IEEE 802.1Q class of service
discard-class Discard class
dscp DSCP in IP(v4) and IPv6 packets
load-sharing Load sharing across ECMP by set out-of-order bit
precedence Precedence in IP(v4) and IPv6 packets
qos-group Qos-group

It looks like we cannot map Cos to DSCP because if I try it, it rejects:

test# set cos dscp
^
% Invalid number at '^' marker.
test(config-pmap-c-qos)#

With nexus there are default classes for ingress can not be removed but you can change it and also they differ depending on the I/O model used like the 10G M1 has 8q4t queuing classes

Please click here to find the best practice recommendations from cisco when you implement your N7K qos

Also for your above question please click here to see the guide for older version. It describes it clearer as you might need to use class and policy type of qos


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Friday, September 9, 2011

Nexus 1000v, port-channel breakdown?


We are currently configuring a Nexus 1000v. If we have 4 servers, each with a system-uplink NIC, is there a need to dump them each into a port-channel?
Also, should they be trunk ports if all three of our nexus VLANS are using the same vlan?

If we have our 4 hosts, each with 2 NICs...since it's a distributed switch, in theorey, we could disable 7 of the NICs, and the traffic from all 4 hosts would still use the backplane NICs and use that last nic for egress. Is this correct?

Each ESX host will have a VEM module. The VEM module will have one or more uplinks. Each uplink will have one or more physical nics. If an uplink has more than one nic (recommended for redundancy), a portchannel for that uplink is required. If you have more than one uplink, you need to ensure they do not have overlapping VLAN.

In your statement, you stated you have a system and vmware uplink with one link each. You would not port-channel these uplinks together. You may wish to collapse the system and vm uplinks into a single uplink and create a port channel for the single uplink.

The recommended means of creating the portchannel is using LACP where supported. If not supported, MAC PINNING is the recommend means of creating the port channel.

If you have 4 hosts with 2 nics each, you will want to use all eight nics. Each ESX host will need to have access to the network. Either with two uplinks with a single nic each or a single uplink with two nics each.

Please click here for Cisco documentation "Cisco Nexus 1000V Series Switches Deployment Guide Version 2"

Please click here for Best Practices in Deploying Cisco Nexus 1000V Series Switches on Cisco UCS B and C Series Cisco UCS Manager Servers.

Because VM traffic and vCenter activities (ie vMotion) can be bandwidth intensive, it is preferred to have a dedicated port channel for VSM-VEM traffic to eliminate any contention for network bandwidth. With your limitation on NICs, it may want to collapse to single uplink.

You are ontrack with your uplink configuration. If you are using LACP on 4.2(1)SV1(4) or newer, you will want to review 'feature lacp' and 'lacp offload'

Please click here for "Cisco Nexus 1000V Command Reference, Release 4.2(1)SV1(4)"


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, September 7, 2011

WS-X6148AGE-TX module install


We would like to install the module in object in a WS-C6509 with two WS-X6K-SUP2-2GE.
The minimum CatOs version to permit at ws-x6148ge-tx to go online is 8.(4), actually the CatOs version installed is 7.1(1). The Flash memory size is 32768K, we see that the 8.x version require a 256M to work and the MSFC2. Is this right? Is it possible to do a hardware upgrade to permit the consequent software upgrade on WS-X6K-SUP2-2GE? Or do we need to buy two new Sup32?

To support the WS-X6148A-GE-TX module under CatOS you need 8.4(1) at the minimum.
Now the first thing to make clear is to get your Sup II configuration. It is unlikely that you have WS-X6K-SUP2-2GE only (this is the motherboard). In addition to that you may also have PFC2 and MSFC2 (daugterboards). After you issue the CatOS "show module" command you may see something like this for the Sup II located at the position 1:
Console (enable) >
show module
Mod Slot Ports Module-Type Model Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
1 1 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok
15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no OK
.....
Mod Sub-Type Sub-Model Sub-Serial Sub-Hw
--- ----------------------- ------------------- ----------- ------
1 L3 Switching Engine II WS-F6K-PFC2 XXXX X.X
If this is the case you have both PFC2 and MSFC2 fitted.
You can get the ammount of memory fitted in Sup II via the "show version" CatOS command down under the heading "DRAM Total". As from the release notes the CatOS 8.X version is supported by both original default 128MB and later 256MB DRAM sizes (only if you have large number of routes you need 256MB of DRAM).
If you feel uncertain will you please post both "sh mod" and "sh ver" outputs.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */