Search this Blog

Monday, April 29, 2013

How to configure C3560 dhcp server for Nortel ip phones

We are just trying to setup a dhcp server in my catalyst 3560 switch for a nortel ip phones.   
We would like to setup the dhcp server on our c3560.
!
ip dhcp pool voice
   network 10.2.110.0 255.255.255.0
    default-router 10.2.110.200
   option 191 ascii "VLAN-A:3"
    option 128 ascii "Nortel-i2004-A,10.2.100.200:4100,1,5."
   lease 0 2
!

The same switch will be the dhcp server

interface Vlan3
ip address 10.2.110.1 255.255.255.0

Can you please help?

VOICE VLAN: 3
DATA VLAN: 1

S1:10.2.110.200
port:4100
Nortel IP Phones: IP 2002 (Firmware Version 0604D9H)  & IP 1110 (Firmware Version 0623C7)


 

You don't need an IP helper address on the switch.

A IP phone send out a dhcp discover on the DATA vlan first.
So you have to move the vlan option, in your case option 191, to the DATA scope. The IP phone will see this option when it get's an IP address of the DATA scope. Then it will release the IP address and sends out a discover in the VOICE LAN. Then it will get an IP address of the VOICE scope and will recognize option 128 to find out where the nortel systems are.

This is normal behaviour of an IP phone.
There are other techniques to implement IP phones on the network,Like LLDP-MEDfor example.
The IP  phone has to support these techniques
 


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, April 25, 2013

How do you setup Wan limit with QoS

We need to limit the HTTP trafic from a WAN link (10mbps) to no more than 5mbps to a specific network.

We made this script and i would like to know if is correct.

ip access-list ext Traffic_QoS
permit ip 105.113.54.0 0.0.0.255 any eq http
!
class-map match-any QoS_HTTP
match access-group Traffic_QoS
!
policy-map Filter_HTTP
class QoS_HTTP
bandwidth percent 50
!
interface GigabitEthernet0/1
service-policy in Filter_HTTP

The interface G0/1 have this configuration:

interface GigabitEthernet0/1
description [ SELA Costa Rica L2  ]
ip address 105.113.52.1 255.255.255.0 secondary
ip address 105.113.53.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
h323-gateway voip interface
h323-gateway voip id XGK1 ipaddr 10.254.10.15 1719
h323-gateway voip h323-id D300807987_001
h323-gateway voip bind srcaddr 105.113.53.1
 

Over G0/0 we have the internet link (10mbps) and G0/1 is the Lan interface (1gb)
The bandwidth of your gig interface is 1000mb. 50% of this will be 500mb. So your policy will not work how you want it to work at 10mb instead of bandwidth percent 50 you may need to shape.

policy-map Filter_HTTP
class QoS_HTTP
shape average 10000

This will only shape your http outbound traffic. you want to half it. You will use 5000 to limit http traffic at 5mbps.



Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, April 24, 2013

What is the number of users supported on ISRs G2

This is a feature that we have researched for by looking at ISRs G2 data sheets and cisco.com website.
The number of users that can be supported or the recommended number of users per router chassis/model is not mentioned anywhere.
However this is mentioned in the Cisco 880 ISR data sheet.

Can someone please shed some light on the number of users that can be supported or the recommended number of users on Cisco 1900/2900/3900 ISRs?


There is no recommended limit on ISR G2s, there's limit to the number of packets/second that can be switched through the router or some specific recommendations for advanced features - like firewall sessions/second, VPN sessions and things like that.

There are thus bandwidth recommendations not user recommendations.

Small ASA (5505) was limited to the number of users (10/50/unlimited) using license.

Please click here for details on "Portable Product Sheets – Routing Performance".

 


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Friday, April 19, 2013

How do you change number of internal port-channel on Nexus 5000?

We are in the middle of a Nexus 5000 project and recognized today while configuring port-channels, that some of the interface numbers are reserved for internal use.

Is it possible to change or configure which port-channel interface numbers are allocated for internal use by NX-OS?

Unfortunately we were not able to find a solution for this issue in the official Nexus documentation, the search function of this forum or Google. If we did miss something or didn't look careful enough at the Nexus docs, We are also happy with RTFM (... fine manual) responses and links to the info. Thanks.
 
Nexus5k(config)# interface port-channel 128
ignored port-channel128: internally used, configuration not allowed

Port-Channels 111, 113, 115, 119, 121, 200, 211, 222 were created manually, but 127 - 129 were not.

Nexus5k# show port-channel usage
Total 11 port-channel numbers used
============================================
Used  :   111 , 113 , 115 , 119 , 121 , 127 - 129 , 200 , 211 , 222
Unused:   1 - 110 , 112 , 114 , 116 - 118 , 120 , 122 - 126 , 130 - 199
          201 - 210 , 212 - 221 , 223 - 4096
          (some numbers may be in use by SAN port channels)

Unfortunately it is not currently possible to adjust which internal Port-channel numbers are used for interaction with the L3 daughter card, although only 127 and 128 should be used for that purpose (not sure what the Po129 in your configuration refers to). There is an open internal enhancement CSCtl19659 to consider allowing such configuration in the future.

Just FYI, if Po127 & 128 are configured before installing the L3 daughter card or activating the license, the system will use other free channel numbers, but for various reasons that is not recommended.



Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Tuesday, April 16, 2013

What are the differences between Cisco WS-C3750G-24T-E and WS-C3750G-24T-S

Is there any hardware difference between Cisco  WS-C3750G-24T-E and WS-C3750G-24T-S or they are the same switch with different running IOS? We have an stack of some WS-C3750G-12S-S and want to introduce a new WS-C3750G-24T. Our provider offers us only a WS-C3750G-24T-E and we do not know if we are going to be able to downgrade the IOS.


There is no hardware difference. Between this two models there is only a software difference, when you buy them from Cisco / Reseller. Please note that if you buy them refurbished, software can be different.

WS-C3750G-24T-E - Enhanced Image
WS-C3750G-24T-S - Standard Image

Yes the 3750G-24T-E is compatible when it comes to adding it to the stack.
Just have the right ios image version ready

However it might not be compatible when it comes to the connectors it is replacing.
the 24T has 24 Copper ports and if i do not remember wrong 0 sfp ports
but the 12-S has 12 sfp ports
so you are missing 12 sfp ports (12 vs 0) and unless they either are empty, copper ports or you can rearange links to the other 12S switches in the stack then you will have lost links.

You can add it to the stack if you have the right version of the image to match the others already in the stack.

WS-C3750G-24T-E comes with IP Services Image installed and WS-C3750G-24T-S comes with IP Base Image installed
And we can run dymanic IP routing in WS-C3750G-24T-E but cant run in WS-C3750G-24T-S
WS-C3750G-24T-S upgradeable to full dynamic IP routing.

See the below difference points for the same

WS-C3750G-24T-E
• 24 Ethernet 10/100/1000 ports
• 32 Gbps, high-speed stacking bus
• Innovative stacking technology
• 1 RU stackable, multilayer switch
• Enterprise-class intelligent services delivered to the network edge
• IP Services Image installed
• Full dynamic IP routing

WS-C3750G-24T-S
• 24 Ethernet 10/100/1000 ports
• 32 Gbps, high-speed stacking bus
• Innovative stacking technology
• 1 RU stackable, multilayer switch
• Enterprise-class intelligent services delivered to the network edge
• IP Base Image installed
• Basic RIP and static routing, upgradeable to full dynamic IP routing



Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, April 11, 2013

Cisco Configuration Professional 2.6 viewing problem in IE 10

We used the CP 2.3 on Internet Explorer IE 10.
 
Currently, the window are displayed with no (truncated) content. We emptied the emptied the cache Java and IE, update to ver 2.6  did not help. We also updated the FlashPlayer to the latest version, still the content is not displayed in its full.

Open Internet Explorer 10 and press Alt key for view up menu, then click the Tools menu and Compatibility View Settings
 
Add IP address 127.0.0.1 for compatibility view.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Monday, April 8, 2013

How do you configure ipsla monitor in IOS XR Software, Version 4.2.3?

How do you configure ipsla monitor in IOS XR Software, Version 4.2.3?
We don't see ipsla commands in IOS XR Software, Version 4.2.3. Any other ways to detect ethernet WAN links to trigger HSRP on ASR 9000 series routers? We don't even see track commands.
RP/0/RSP0/CPU0:grx-rtr2(config)#ip
iphc ipv4 ipv6
RP/0/RSP0/CPU0:grx-rtr2(config)#t
tacacs-server tacacs taskgroup tcam
tcp telnet template tftp

Try the following
1. configure
2. track track-name
3. type line-protocol state
4. interface type interface-path-id
5. exit
6. (Optional) delay {up seconds|down seconds}
7. Use one of the following commands:
end
commit

Please click here for "Implementing Object Tracking on the Cisco ASR 9000 Series Router" . It contains details of the commands available on cli

And then to use the track command in HSRP

hsrp [group-number] track type interface-path-id [priority-decrement]

RP/0/0/CPU0:router(config)# router hsrp
RP/0/0/CPU0:router(config-hsrp)# interface TenGigE 0/2/0/1
RP/0/0/CPU0:router(config-hsrp-if)# hsrp track TenGigE 0/1/0/1
RP/0/0/CPU0:router(config-hsrp-if)# hsrp track TenGigE 0/3/0/1
RP/0/0/CPU0:router(config-hsrp-if)# hsrp preempt
RP/0/0/CPU0:router(config-hsrp-if)# hsrp ipv4 192.92.72.46

Please click here for "HSRP Commands on Cisco ASR 9000 Series Router"
 

There were below packages missing in ASR9001 router and hence I could not find track commands. After installing below packages I could see track and ipsla commands.
asr9k-mgbl-supp-4.2.3
iosxr-mgbl-4.2.3
asr9k-mgbl-p-4.2.3
==============================
router hsrp
interface GigabitEthernet0/0/1/0
address-family ipv4
hsrp 1 version 1
preempt
address *******
!
hsrp 2 version 1
preempt
priority 110
address *******
track object WAN 15
!
!
!
!
track WAN
type rtr 1 reachability
!
ipsla
operation 1
type icmp echo
destination address *******
frequency 60
!
!
schedule operation 1
start-time now
life forever
!
!
=============================


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Thursday, April 4, 2013

EEM configuration for a TCL script dissapear from config if it is an "abort"

FridayWe loaded 4 TCL scripts to the router. We configured EEM to execute the TCL scripts with kron event trigger.

Saturday

The EEM launched the 4 scripts...
3    3      Actv success  Sat Feb23 09:00:00 2013  timer cron         applet: 1-refresh
4    4      Actv success  Sat Feb23 09:52:00 2013  timer cron         applet: 2-refresh
5    5      Actv abort    Sat Feb23 09:55:00 2013  timer cron         applet: 3-refresh
6    6      Actv abort    Sat Feb23 09:58:00 2013  timer cron         applet: 4-refresh

The EEM code for the scripts that failed was removed by system from running-config at this time without human intervention.

Sunday
EEM only executes the "success" scripts becuase there is no more code for anything else:
7    7      Actv success  Sun Feb24 09:00:00 2013  timer cron         applet: 1-refresh
8    8      Actv success  Sun Feb24 09:52:00 2013  timer cron         applet: 2-refresh

Monday 

We reviewed the running-config:
Router#sh run | i event manager
event manager applet 1-refresh
event manager applet 2-refresh

No more applets in the running-config.
IOS with this issue is: c7200p-advipservicesk9-mz.151-4.M6.bin (it also happens in M5)

All scripts works fine with c7200p-advipservicesk9-mz.152-4.M2.bin for several days.

Re-enter the missing code in 151-4.M6 (also M5) in the running config doesn't fix the issue, it is happening again.

Is this the expected behaviour of 15.1-4M train?



The EEM Tcl code has the header on it to run directly out of EEM.  You can simply the code by using the built-in HTTP API provided in EEM Tcl.  Using tclsh is fine if you are only using tclsh.  When you need to use EEM to schedule or automate code, you shouldn't wrap tclsh within EEM.  Instead, use EEM Tcl.

If the config is modified now, hopefully things will be simpler and easy to debug using the single Tcl policy.  Tcl hasn't had any "major" changes since it was introduced in 12.3(2)T.

The abort is typically caused by an expiration of the maxrun timer.  However, I don't see a debug for an abort.  I don't know what your Tcl script is doing, but perhaps it needs longer than 300 seconds to do it.  That said, what you are doing is not recommended.  You should not call tclsh our of applets.  Instead, port your tclsh script to EEM Tcl.  Depending on what the script does it may be very easy to do that.


Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

Wednesday, April 3, 2013

Cisco 3750 does not learn MAC address from LLDP multicasts

Does the 3750 switch learn MAC address from LLDP multicasts generated every 30 seconds by end device connected to the port .
We are experiencing issues, not sure if this is expected behavior or not. It is not dependent on if port security is set or not.

For the issue above we had a Polycom IP phone connected to the port. It generates LLDP multicast every 30 seconds, but does not do anything else.The switch sees the phone as LLDP neighbour, but does not learn its MAC address.
We reproduced this scenario later on with Cisco switches only, and it 'works' the same way.

Does this mean that the switch does not forward the frame and processes it just within the switch it does not learn the MAC address. We have not found any explicit document that would say LLDP multicast are not used for learning process.

We compared those to LOOP protocol (  used by keepalive ) frames. These frames are also not ( normally ) forwarded, but the switch learns MAC address from them. But maybe  this comparison is not good, as in case of loops LOOP frames would be forwarded, so there is probably no reason why they should not be used for learning.

Are there an explicit list of all protocols that are not used for learning process?


See 802.1Q-2011 section 7.5: "Frames that carry control information to determine the active topology and current extent of each VLAN, i.e., spanning tree and MVRP PDUs, and frames from other link constrained protocols, such as EAPOL and LLDP, are not forwarded".

"Are not forwarded" means not relayed from a port to another port, through the MAC 802.3 switching function. So, the learning process is not invoked.

you are referring to a specific function of the link OAM sub family included in the Slow protocols family. This loop function inverts SA and DA in the MAC frame received, and returns the frame to the same port. So, there is no need of forwarding between ports!

If it is a loop through another port, it is not a link OAM protocol but a network OAM protocol with other characteristics.

There is not a exhaustive list, it depends on the implementation.

For example, for EVPLAN in a WAN bridge, you have systematically PAUSE ad LLDP discard: see G.8011.2 (01/2009) table 8-2.
Generally, this question concerns (1) the SA addresses when the DA addresses are with OUI = 00-80-C2, (2) the configuration of the filtering database.
 

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.
 
/* Google Analytics begin ----------------------------------------------- */ /* Google Analytics end ----------------------------------------------- */