Search this Blog

Thursday, December 29, 2011

Please explain the password recovery enable procedures for 3560

The following procedures get to the switch: dir flash and get the following.....unable to stat flash//: no such device

Can you please explain how to resolve this?

Try the following

switch: flash_init
switch: load_helper
switch: rename flash:config.text flash:config.old
switch: boot

after the switch boots and you are at the enable prompt, type this:

switch# rename flash:config.old flash:config.text
Switch# copy flash:config.text system:running-config

Alternatively you can also try this -

Issue the dir flash: command.
Note: Make sure to type a colon ":" after the dir flash.

Please click here for more information on Password recovery for Layer2 Layer3 questions.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, December 22, 2011

How do you implement mac access-list in 881 and 892 router ?

We can get additional switch-port in the same router but we can't see the function in this router. Can you please confirm that the switch port must function like the catalyst 2960 switch. We want to allow only the specific mac address from the switch port, so, We are looking for the mac access-list concept in this router.

Looks like you want to implement port-security on the integrated switch. This should be possible.
Please click here for more information on Cisco 860 and 880 Series Integrated Services Routers. It should be ok for the 880 series and 892 series.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, December 21, 2011

%C4K_EBM-4-HOSTFLAPPING: Host 86:AA:C0:79:AA:6A in vlan 60 is flapping between port Gi5/9 and port Gi5/23

%C4K_EBM-4-HOSTFLAPPING: Host 86:EE:E0:79:AF:6D in vlan 60 is flapping between port Gi5/9 and port Gi5/23.

Can you please suggest a fix?

Message means that packets with same source MAC address coming from two different interface. That means you may have a netwrok loop causing this. You need to go to devices connected to interfaces Gi5/9 and Gi5/23 and check where this MAC is learnt on those. And trace it further same way checking the STP details.

By this you will find a loop to fix it. Most common cause is High CPU on one f the switches in the way or uni-directional link causing STP problems.

Do a show cdp neighbor and see if the switch sees itself on those 2 ports , if so then those 2 ports are somehow physically tied together and must be fixed , spanning tree won't always fix this situation though it should.

Please click here for more information on the common issues in Cat 4500 switches.



Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Friday, December 16, 2011

Etherchannel limitations WS-X4548-GB-RJ45

Is anyone aware of any limitation on building an etherchannel on the abovementioned linecard, when bundling more than one port on the same card? The 4506 is using a 6L-E supervisor engine 12.2(54)SG1.

If it's done on a 6500 with a WS-X6148-GE-TX linecard it affectivley can only reach 1gb throughput.
There are no limitation information on this WS-X4548-GB-RJ45 (just like we could find for WS-X6148-GE-TX)...

Please pay attention to the distribution of the Etherchannel ports across the different ASIC ports group in the card (as per the 8-to-1 oversubscription) of this classic module WS-X4548-GB-RJ45 ==> Capacity of 6 Gbps (full duplex) connections to the central forwarding engine

WS-X4548-GB-RJ45V:
#
• Bandwidth is allocated across six 8-port groups, providing 1 Gbps per port group

The amount of oversubscription can be controlled by varying the number of ports used at 1000 Mbps. All ports can use Gigabit EtherChannel or IEEE 802.3ad for high-speed interconnection applications
Please click here for more documentation on product specification for Cat4500.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, December 14, 2011

%C4K_EBM-4-HOSTFLAPPING: Host 86:AA:C0:79:AA:6A in vlan 60 is flapping between port Gi5/9 and port Gi5/23

Can you please suggest a fix for this error?

This error code means that packets with same source MAC address coming from two different interface. That means you may have a netwrok loop causing this. You need to go to devices connected to interfaces Gi5/9 and Gi5/23 and check where this MAC is learnt on those. And trace it further same way checking the STP details.
By this you will find a loop to fix it. Most common cause is High CPU on one f the switches in the way or uni-directional link causing STP problems.

Also do a show cdp neighbor and see if the switch sees itself on those 2 ports , if so then those 2 ports are somehow physically tied together and must be fixed , spanning tree won't always fix this situation though it should.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, December 8, 2011

Duplication packet occured on Catalyst 4507R+E

What does the message below mean?This log message is produced Catalyst4507R+E.The device is inserted SUP-7 with 3.1.0SG Image.With this log message, the device produced duplication packet of multicast.
Dec 2 16:40:00.276: (Suppressed 269 times)Dup Packet Fail for Sw Port

The message "Dup Packet Fail for Sw Port" is seen when certain multicastpackets are software bridged and software has run out of buffers whilereplicating the packets in software.In typical deployments, one should NOT have a lot of multicast packets to CPU. Could you check what iscausing multicast packets to CPU periodically? Can you get the output of"show platform cpu packet driver" ? This could provide a hint as to packets drops due to high incoming rate to CPU. It can be normal situation as some multicast should come to CPU to build all records, so depending on the mcast groups number sometimes buffers can be filled. So you can Change the logging level to '5' not to see that message. Other possibility is that you get Multicast packets with TTL expired (TTL=1) thus those punted to CPU and dropped there. For this sniffer should be done on mcast ports to check mcast packets.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, December 5, 2011

VTP Pruning issues

We have just recently cut over from an older core switch/router platform (running CatOS 8.x) to a newer platform running IOS 15. So all the SVI's for our VLANs moved over from the old platform to the new, and a trunk link (4x1GB etherchannel) was configured between the two. All the other access layer switches that had trunk links to the old core were also migrated to the new core (also still trunked of course.) Most of the company's servers, the IP PBX and phones, and some other departmental access switches are still homed into the old core (they will soon be migrated to the new core as we have time.)

The old core and most of the access layer switches are running VTP v2 in a given domain. The new core is also in the same VTP domain, but is in transparent mode (we plan to do away with VTP as a part of this migration, but it hasn't happened yet for all switches.)

So, we have been having a problem since the cut with the old core switch doing VTP pruning of various VLANs off the trunk link between the old core and new core. This isolates the devices on that VLAN on the old core, because that VLAN's devices can not reach their network gateway which is now on the new core. I am familiar with the concept of VTP Pruning, but I thought that if there were other switches "down the line" from the switch that does not have ports in a given VLAN, that the switch that would otherwise do the pruning would NOT prune the VLANs from the trunk. So what I'm trying to say is like this:

[ switch 1 ] ===trunk=== [switch 2 ] ===trunk=== [ switch 3 ]
(has ports (does NOT (has ports
in V100) have ports in V100)
in V100)

So, if in this case "switch 1" is the old core, and "switch 2" is the new core, why would switch 1 prune V100 off the trunk link between itself and switch 2 if there is another switch (or switches) past switch 2 that have that same VLAN?

Note that I am not having VLAN pruning problems on any of the other trunks into the new core.

Network devices in VTP transparent mode do not send VTP join messages. On Catalyst 6500 series switches with trunk connections to network devices in VTP transparent mode, configure the VLANs that are used by the transparent-mode network devices or that need to be carried across trunks as pruning ineligible (use the clear vtp pruneeligible command). »

So in your scenarion I would use the command clear vtp pruneeligible 100, in order to exclude the vlan 100 for any pruning eligibility on the trunk and define the vlans you DO NOT want to be pruned on the trunk

Please click here for more information on how to configure a VTP.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Sunday, December 4, 2011

%DUAL-5-NBRCHANGE: IP-EIGRP(0) 250: Neighbor 10.100.1.1 (Tunnel120) is down: holding time expired

We configured a 2811 series router for dmvpn. Our two tunnels are up but one of the tunnel is flapping with this message. How can we fix this problem.

It's actually called the hold timer in EIGRP but is really the same thing as the dead timer in OSPF. The holding timer expired means that you missed three hellos and declared the peer down. A possibly necessary band aid is setting the hold time higher, though you should also really find out why packets are not being delivered

Tweak the ip hold-time and you should be able to resolve the issue.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Friday, December 2, 2011

NAT inside-to-inside (hairpinning) with NVI on 887VA problem

We are trying to configure hairpinning on our Cisco 887VA VDSL router, so all LAN users can connect to the server using SMTP port 25 which is also in the same LAN subnet, using external router address, which is assigned to dialer1 interface.
Traffic coming in from outside works fine.

Traffic coming from outside to 1.1.1.1:25 goes through fine, but LAN users are unable to connect to 1.1.1.1:25

When we run tcpdump on the server on port 25 nothing happens. The traffic is not going through. We have also noticed in debug ip packet is this line:
s=1.1.1.1 (Vlan1), d=192.168.101.200 (Vlan1), len 52, rcvd local pkt

We have encountered the same connectivity issues with the NVI NAT configuration if the addresses we translated into were actually located in the directly connected networks of the router. What helped, after a tedious search, was to configure no ip redirects on the egress ('outside'-alike) interfaces. There are some strange interactions with the ICMP redirect mechanism and we stumbled across this workaround.

Can you add the no ip redirects command to all your IP-enabled interfaces, i.e. E0.101, Vlan1 and Dialer1? Even if it turns out to not solve your issue, it should not do any harm (basically, this command stops sending the ICMP Redirect messages and should allow the router to hairpin any streams).


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

How to upload outputs other than running or startup config to ftp server?


How do you upload the running or startup config to an ftp server but I was wondering If there Is a way to upload , lets say , the output of a sh ip int command ?

Router#show ip interface brief | redirect flash:ShowInt.txt

Then upload ShowInt.txt to where you want.

Or you can do

sh ip interface brief | redirect tftp:///filename.txt


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, December 1, 2011

Problems with Cisco 887 3G functionality

We have a question about the configuration of the 3G functionality on the cisco 887 router. The 3G connection should be the primary connection, because we don't have a direct internet connection. We make use of a data card of KPN NL. On the internet we found some information about the configuration of the 3G module, but won't get a 3G connection. If we look to the gsm profiles we see that the profile is still inactive. Can someone help me with the configuration of the 3G functionality and tell me how to activate the gsm profile?

Make sure the SIM card is not locked with a pin code, you can check from the router with
sh cell 0 security

If the output contains "SIM Status = Locked" then type cellular 0 gsm sim unlock [current pin code] to unlock the card.

When you are sure there is no PIN, you can use the following template:
cellular 0/0/0 gsm profile create 1 office.vodafone.nl ipv4 pap vodafone vodafone

interface Cellular0/0/0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer string gsm
dialer-group 1
async mode interactive
ppp authentication pap callin
ppp chap refuse
ppp pap sent-username vodafone password 0 vodafone
end


dialer-list 1 protocol ip list 1

!
chat-script gsm "" "atdt*98*1#" TIMEOUT 30 "CONNECT"
line 0/0/0
exec-timeout 0 0
password vodafone
script dialer gsm
login
modem InOut
no exec
rxspeed 7200000
txspeed 2000000

ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 permanent


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */