Search this Blog

Monday, October 31, 2011

Juniper switches - Metric2 change and route selection

Can we change metric2 of a BGP prefix?

For BGP routes, metric corresponds to the MED, and metric2 corresponds to the IGP metric if the BGP next hop loops through another router
You can create routing policy with any action, but only actions relevant to the protocol will be executed. So, can't set external type for BGP routes nor add community to routes exported to OSPF and the like.

Regarding route preference, it's local value (device specific) and you can't set it in export policy. Additionally, OSPF import policy is limited to filtering OSPF external routes (from going into RIB), other actions are not effective.

Please click here for more information on the summary of Key Routing Policy Actions


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, October 25, 2011

Wrong userid/password 2960G-24TC-L

We bought a new Cisco 2960G-24TC-L, and connected to it through a web browser. We tried the logon screen with different passwords below, but got the error of bad user/password.

We used :
cisco / cisco
Cisco / Cisco
cisco / Cisco
Cisco /cisco

Any suggestions?

Please login to the switch via console port and add this command to your switch and try using the Web browser again.

ip http server


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, October 18, 2011

IP DHCP Help while configuring 2921

Our current configuration on a cisco 2921 (Verson 15.0(1r)M9 Release (fc1)):

ip dhcp pool Voice
network 10.21.179.0 255.255.255.128
default-router 10.21.179.1
option 150 ip 10.21.179.196 10.21.179.200

Issue is when a device looks to renew their lease no IP's are available. Debug ip dhcp events tells us the dhcp pool is exhausted. It appears that when the devices, Cisco phones in this case, goes to renew their lease, they do not renew with the current IP they already have. This causes the pool to become exhausted of ip addresses. For some reason, the router holds the IP's in reserved status and will not reassign them back out for a specific amount of time.

There are two choices to explore
  1. Decrease your dhcp timer.
  2. Increase your dhcp scope.
If you have more devices than your scope allows, you're going to see this problem over and over.
If you don't, then just decreasing the time the router keeps the mac address assigned to the ip will do the trick.

The DHCP command below is listed below - default is 24 hours or 1 day.

Router(dhcp-config)#lease

Also if you haven't got thousands of phones then assign them static bindings for their specific mac-addresses

ip dhcp pool PHONE1
host x.x.x.x
hardware-address xxxx.xxxx.xxxx

and so on for each phone keeping the parent pool with all the settings then each child pool will inherit these: default-router, tftp server,...


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, October 17, 2011

VTP question about "Show Run" in Cisco 2950

We have a Cisco 2950. When we type "show vtp status" and it tells me this switch is in client mode, and it's in such-and-such domain, etc., However, the command does not show this information when we type "show run"? Can some one please explain?

Because the vlan configuration when running in VTP server/client mode is stored in the vlan.dat file and not in the running config. If you put the switch in VTP transparent mode then the vlan information is written into the running config and then you would be able to see it. It is also stored in the vlan.dat with VTP transparent as well.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Sunday, October 16, 2011

Junos Pulse and Cisco Mobile VOIP app on iPhone

We have 2 SA6500s in an active/active cluster and are using Junos Pulse to allow iPhones to access our network. However, we are trying to use the Cisco Mobile VOIP app (I'm using 8.1) for voice calling. When we're on our internal wireless, VOIP works fine. When connected via Pulse, the voice mail works but Internet calling is disconnected. It looks like it repeatedly connects and disconnects. Has anyone seen this before? Thanks.

Solved disabling SIP INSPECTION on Cisco FWSM facing CUCM!

No reason: indeed it's the very same firewall that packets from iPAD meet from intranet.

May be the problem was that from vpn connections packets go trough another more Cisco Firewall. SIP inspection on Cisco Firewalls never used to work with third party sip devices, now does not work with Cisco SIP devices as well!


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, October 13, 2011

Is Tcl supported on 2811? IOS 12.4(15)T10

We are trying do some tcl scripting on our 2811 routers for research, but none of the commands seem to be working. In priveledged mode 'tclsh' isn't found, and neither is 'event'. According to all the documentation, our IOS 12.4(15)T10 should come with EEM, but we are unsure about the tcl shell. Can you please explain.

Since it is IOS 12.4 (15)T10, we think it should support tcl scripting. For event manager applet, you need to be in configuration mode.
Command will be :

conf t
event manager applet

For going into tcl scripting mode, please try these exact commands and the place from where it would be run.

Router# tclsh

If above doesn't works

Router # conf t
Router # tclsh


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, October 12, 2011

What is the command to check supervisor crc error threshold is needed

We have seen the following message on a CISCO 7609-S (12.2(33)SRD3):

%FABRIC_INTF_ASIC-4-FABRICCRCERRS: Fabric ASIC 0: 239 Fabric CRC error events in 100ms period

Explanation (Output Interpreter): The Switch Fabric interface Fabric interface encountered more crc error events than the Supervisor crc error threshold allows.

We would like to check the current crc error counter and crc error threshold on the supervisor.

Does anybody know which commands have to be issued to get this information?

Please take off the following outputs several times with a slight interval between them:

show fabric channel-counters
show fabric errors
show fabric drops

remote command switch sh fabric errors

it might be a one time occurrence (most likely).

Also please click here to get the documentation on Truncated mode and understanding the Catalyst 6500 Switch Fabric Module with Supervisor Engine 2.

If you're using truncated, it looks like the default threshold is 2. You may also want to look at Switch Fabric Module Redundancy in the same document.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, October 11, 2011

What is the maximum allowed NAT/PAT Translations on Sup720

We are trying to figure out maximum allowed NAT/PAT Translations allowed on a WS-SUP720-BASE. At any one time we can expect about 30k active users browsing the internet. Can someone please confirm if it supports 300k+ translations.

General rules are:

- the Sup720 is not conceived to NAT all the traffic handled by it. It can do it of course but since the feature is hardware assisted, as Giuseppe correctly pointed out, which means that it cannot be entirely performed in hardware but requires the assistance of software (read CPU) there are scalability considerations to be aware of.
In other words if you require that all the traffic (or vast majority of it) going through your system has to be NAT'ted it is better that you use another device for that (a software based router is better equipped for that). NAT on Sup720 can be used as a temporary measure or for limited traffic volume.

- Performance depends on some variables such as packet size, transport protocol (TCP vs UDP), and type of NAT (static vs dynamic; NAT vs PAT).
NAt is more performing than PAT with UDP being slighlty more performing than TCP.

NAT is declared hardware assisted on sup720 datasheet. Please click here for the datasheet.

Don't expect the system to be able to handle more NAT entries then the size of its TCAM tables used for multilayer switching operations.
for sup 720 3B
256,000 route entries
128,000 netflow entries
see table 1 of above document


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, October 10, 2011

WS-C2960-48TC-S, WS-C2960G-24TC-L, and modules MiniGBIC GLC-GE-100FX

WS-C2960-48TC-S, WS-C2960G-24TC-L, and modules MiniGBIC GLC-GE-100FX
We have a network of fiber MM 62,5 / 125 um SC connector length 800 m. We would like to buy two switches WS-C2960-48TC-S, WS-C2960G-24TC-L, and modules MiniGBIC GLC-GE-100FX + MM patchcord 62,5 / 125 um LC-SC connectors.

Does the configuration the equipment meet our requirements?

Consider GLC-SX-MM if you are going to connect both switches together. GLC-GE-100FX has a speed of 100 Mbps while GLC-SX-MM operates at 1Gbps.

The bandwidth that you plan to push - 100 Mbps or 1Gbps has a direct implication. If you want to push 1Gbs between the links then consider the GLC-LH-SM.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, October 6, 2011

How to configure DHCP option 60 & 43 on IOS to an Aruba AP

How do you configure a Cisco Router 2811 which is also acting as the DHCP server for our branch office for DHCP option 60 and 43 so Aruba AP's at my branch can discover it's master Controller? Could any please help me with the command we need to enter in the Cisco router?

Here is an example of DHCP pool

ip dhcp pool wireless

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

lease 5

also if you need to exclude certain ips use

ip dhcp excluded-address 192.168.1.1

Please click here for more information on Cisco IOS DHCP server.

Please click here for more information on "DHCP OPTION 43 for Lightweight Cisco Aironet Access Points Configuration Example"


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, October 3, 2011

Cisco Sup720 not able to boot

We are working on Cisco 6505 with Supervisor 720. In the configreg we somehow deleted or corrupted the IOS Image. Now When switch on my Switch its going to Rommon mode. We downloaded image in flash disk(disk0). When we try to boot from that image its giving following error -

rommon 11 > dir disk0:

Initializing ATA monitor library...

Directory of disk0:

2 49141220 -rw- s72033-ipservicesk9-mz.122-33.SXH2.bin

---------------------------------------------------------------------------------------------------------------------------------------------

rommon 10 > boot disk0:s72033-ipservicesk9-mz.122-33.SXH2.bin

Loading image, please wait ...

Initializing ATA monitor library...

*** TLB (Load/Fetch) Exception ***

Access address = 0x0

PC = 0x0, Cause = 0x8, Status Reg = 0x30409003

monitor: command "boot" aborted due to exception
  1. This issue can be caused by a software image with a bad checksum. Re-download the Cisco IOS Software image from the TFTP server.
  2. If a re-download does not resolve the issue, format the Flash card and re-download the Cisco IOS Software image.
Please click here for documentation from Cisco on Trouble shooting issues on CAT 6500 / 6000.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Sunday, October 2, 2011

Top 5 Tech Support questions on Cisco System's products - Weekly Update Sept 25th

The most actively discussed Tech Support questions on the web for Cisco System's products (Week of Sept 25th 2011)
  1. Flowcontrol on trunk ports
  2. How do you connect catalyst 3750 to Procurve 2910
  3. How do you configure vlan routing through 871 router
  4. How do you configure more private vlans on a Cisco 3750G switch
  5. What are the differences between clear arp-cache and clear ip arp

Ask your question to Cisco Experts and get a free answer at www.qsolved.com

How do you connect catalyst 3750 to Procurve 2910


If the connecting port on 3750 to procurve 2910 belongs vlan 10, does the connecting port on procurve 2910 has to belong to the same vlan?

Would both switches be connected if their connecting ports do not have the same vlan number? Do both connecting ports have to be tagged or untagged or does not matter?

In general, without being vendor-specific, if you are interconnecting two switches, they should be conected by ports that are either both placed into the same and single untagged VLAN only (we call them access ports), or they are members of the same set of VLANs (we call them trunk ports in Cisco parlance).

Connecting two access ports that belong to different untagged VLANs on each switch is incorrect. That would make the two VLANs leak into each other and effectively merge.

Also, connecting an access port on one switch with a trunk port on another switch is incorrect. A trunk ports expects to be able to carry data from multiple VLANs, while the access port is capable of carrying a single VLAN only. This would lead to connectivity issues.

Tagging mode must be identical on both ends of the link - the set of tagged and untagged (native VLANs) should be identical.

Interconnect switches using trunks unless there is a particular special need to have the neighboring switch as a whole placed into a single VLAN only. This would mean that the configuration on the Cisco port would be:

interface Fa0/1
switchport trunk encapsulation dot1q ! Not necessary/supported on many switches
switchport mode trunk
switchport trunk native vlan 1


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Flowcontrol on trunk ports


Based on port capabilities can flowcontrol can be enabled on a trunk port?

TenGigabitEthernet1/1/1
Model: WS-C3750X-48
Type: SFP-10GBase-SR
Speed: 10000
Duplex: full
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)

What will be the behavior when a pause frame is received? This is a dot1q trunk - will all traffic for all vlans be paused, or just particular sessions? We are concerned that one server, for example, on vlan 10 could pause traffic on another vlan by sending the port a pause frame. This is a 10Gb link to a hosting environment, that has several different SAN vlans on it.

It will pause all the traffic. Not just one session. A Iscsi san will pause to a nexus 5000 and the 5000 started dropping packet on it's uplinks. DCB can help if your san can support it. (equalogic for now) Unfortunately Flowcontrol is a no go.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */