3650 PVLAN Config

hi all,
i'm trying to configure a few 3650s for PVLAN but it seems it doesn't support it.
it's already configured for VTP transparent mode.
i thought 'newer' switches should already have this feature.
anyone can advise if i need to upgrade IOS or is it a platform restriction?
or is there some command that i need to enable on this kind of switch?
SW#sh vtp status
VTP Version capable             : 1 to 3
VTP version running             : 1
VTP Domain Name                 : <SNIP>
VTP Pruning Mode                : Disabled
VTP Traps Generation            : Disabled
Device ID                       : 74a2.e665.2200
Configuration last modified by 192.168.1.1 at 0-0-00 00:00:00
Feature VLAN:
VTP Operating Mode                : Transparent    <<<
Maximum VLANs supported locally   : 1005
Number of existing VLANs          : 14
Configuration Revision            : 0
MD5 digest                        : 0xBC 0x96 0x7F 0xE1 0xA8 0x8A 0x1C 0x82
                                    0x1F 0x1C 0x90 0x9A 0x82 0xA7 0xB7 0x9F
SW(config-vlan)(config)#vlan 81
SW(config-vlan)(config-vlan)#?
VLAN configuration commands:
are          Maximum number of All Route Explorer hops for this VLAN (or zero
               if none specified)
backupcrf    Backup CRF mode of the VLAN
bridge       Bridging characteristics of the VLAN
exit         Apply changes, bump revision number, and exit mode
media        Media type of the VLAN
name         Ascii name of the VLAN
no           Negate a command or set its defaults
parent       ID number of the Parent VLAN of FDDI or Token Ring type VLANs
remote-span Configure as Remote SPAN VLAN
ring         Ring number of FDDI or Token Ring type VLANs
said         IEEE 802.10 SAID
shutdown     Shutdown VLAN switching
state        Operational state of the VLAN
ste          Maximum number of Spanning Tree Explorer hops for this VLAN (or
               zero if none specified)
stp          Spanning tree characteristics of the VLAN
tb-vlan1     ID number of the first translational VLAN for this VLAN (or zero
               if none)
tb-vlan2     ID number of the second translational VLAN for this VLAN (or
               zero if none)
SW(config-vlan)#p?
parent
SW(config-vlan)# private-vlan community
                           ^
% Invalid input detected at '^' marker.
SW#sh ve
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.04SE RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Fri 29-Aug-14 22:22 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2014 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE (P)
--More--
*Feb 3 04:50:55.883: %SYS-5-CONFIG_I: Configured from console b        e
ends10sw06 uptime is 26 minutes
Uptime for this control processor is 28 minutes
System returned to ROM by reload
System image file is "flash:packages.conf"
Last reload reason: reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipbase
License Type: Permanent
Next reload license Level: Ipbase
cisco WS-C3650-48PS (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FDO1852Exxx
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
1609272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of at webui:.
Base Ethernet MAC Address          : 74:a2:e6:65:22:00
Motherboard Assembly Number        : 73-15131-05
Motherboard Serial Number          : FDO18530xxx
Model Revision Number              : D0
Motherboard Revision Number        : A0
Model Number                       : WS-C3650-48PS
System Serial Number               : FDO1852Exxx
Switch Ports Model              SW Version        SW Image              Mode
*    1 52    WS-C3650-48PS      03.03.04SE        cat3k_caa-universalk9 INSTALL
Configuration register is 0x102

Hello
fyi - Looks like IOS-XE doesn't support it
http://https://tools.cisco.com/Support/CLILookup/cltSearchAction.do
res
Paul

Similar Messages

PVLAN Config with UCS and 1000v Question ??

We are attempting to setup a multi-tenant environment where the customer would like each tenant to have a single subnet which is segmented with private vlans. The design calls for three (3) UCS chassis'. Two (2) of the chassis' are fully populated with half-width blades and the third chassis has two half-width blades. The two chassis' that are fully populated will all be ESX hosts with Palo adapters and will operate with 1000v.
As their current VLAN plan is to have approximately 10 private vlans per tenant/subnet, i'm concerned this design will not scale well at all within a UCS enviroment due to the limitations related to the total number of vnics/vhbas per chassis. I viewed a post where it was indicated that we could bypass the vnic limitation by simply trunking down all VLAN's to the VEM and configure all private-vlans on the 1000v only. This would allegedly alleviate the vnic limitation in a larger multi-tenant environment. Is this a valid and supported design/configuration and/or does this actually work? Or do we instead actually need to create a vnic for every private vlan we want to present to each ESX host as recommended/required in the config guides?

Hey Joey,
Thanks for the response. I've added this same post to the TAC case but i'll update this discussion with the same for anyone else who may be interested.
Our customer is still debating their requirement for PVLAN use within this Pod. However, if they choose to move forward, my primary concern is mostly with the UCS configuration related to PVLANs, how the UCS PVLAN configuration differs (if at all) with the integration of the 1000v and if this multitenant setup will cause the Fabric Interconnects to exceed their max VIF count. Related to the UCS configuration, it's my understanding that for every isolated private VLAN we would like to present to a blade, we need to create a separate vNIC in UCS. This customer is attempting to construct an environment based on the FlexPod model where multiple tenants would be present in the environment. Their idea, was to create a single subnet for each tenant and then isolate tier/purpose traffic via layer-2 PVLANs within each tenant subnet. This is where the need for the PVLANs come in. Simply a customer request in their design.
So how this relates to my primary questions; if for every tenant we have to add 5+ vNICs as they are introduced into the Pod, my understanding is that this will easily cause us to have more than 120 VIFs per chassis in no time. It's my understanding that we have a total of (15*[number of I/O Module uplinks] - 2) VIFs available in total. (I'm assuming this is 118 total VIFs for two fully populated 2104's per chassis???) Currently, the design calls for a combination of ten (12) VIFs (10 vNICs and 2 vHBAs) as a standard on each of the eight blades in each chassis. On top of this would be when we begin adding tenant specific vNIC's for each tenant's PVLANs (If this is the proper/required config). However, I have later read that if we integrate the 1000v's into the environment, the necessity to create a new vNIC in UCS for every isolated PVLAN is no longer in play as all that is required is to trunk down all "parent" vlans to the VEMs and there, at the 1000v level only, we can perform the PVLAN config. It has been recommended to configure this environment similar to the strategy where the upstream switch does not understand/perform PVLANs. Is this correct or would we still need to add the vNIC's to the service profiles in UCS even when integrating the Nexus 1000v's?
I have yet to really find a document that discusses the use of PVLANs within the UCS environment when implementing Nexus 1000v which would tie all of these questions together.
Thanks,
Eric

Double Private VLAN

I want to ask if my Vswitch on the VM ware has using 1st time Private VLAN and at the N5K can I use apply second time Private VLAN?
VM Servers <--- Trunk---> N5K
First VM has primary vlan say 100
First VM secondary vlan say 101,102,103
Second VM has primary vlan say 200
Second VM secondary vlan say 201,202,203
So will N5K able to has following PVLAN config
Primary VLAN 300
Secondary VLAN say 100,200

Vlad,
From networks connected behind router1 need to reach networks connected behind router2
------[router1]--------------gig1/4[vdmz]gig2/16----------------[router2]-------
gig1/4 is community vlan 121
gig2/16 is in community vlan 119
Primary vlan is Vlan116
VDMZ is our 6503 configured with private vlans.
some more of the config is this (and I do have a 6503 with an mscf daughter card):
interface Vlan116
description vendor-dmz public/private primary vlan
ip address 10.248.15.2 255.255.255.128 secondary
ip address 211.121.108.66 255.255.255.192
ip access-group 140 in (this one has a permit any any at the end)
no ip redirects
no ip unreachables
private-vlan mapping 117-122
ip route 10.82.35.0 255.255.255.0 211.121.108.96
(where 211.121.108.96 is address of router1)
I have a bgp peering with 211.121.108.90 which is router2.
in router1 they can see the routes advertised via bgp and also in router2 they
can see the route for 10.82.35.0 that I advertise to them via bgp.
I really appreciate your help,
Alban

Spanning-tree not working: SG500 to Cat3650

Hi All,
Trying to turn up a new site. I have 2 switches: Cat 3650 & SG500-52P. I want to connect up two ethernet cables between these switches in the event one fails, STP will put the blocked one in forwarding. However, when I connect up the 2nd ethernet cable, I get the following:
IPADTBL-N-IPDUPLICATE: Duplicate IP address 192.168.5.232 from MAC a0:ec:f9:ef:6a:18 was detected on VLAN 1, port gi1/1/24
This log message is then followed by the network locking up & crashing until I remove the 2nd cable (i.e. STP Loop). Removing the redundant cable solves the problem. This is because STP is allowing both links to transitioning to forwarding state (confirmed in show spanning-tree & show cdp neighbor).
Why is spanning-tree not correctly blocking one of the lines? Is that type of architecture not supported when there is an SG300/500 in the equation?
Configs below:
Core 3650: (box configs basically)
Switch#show run
Building configuration...
Current configuration : 2686 bytes
! Last configuration change at 10:01:53 UTC Thu Jan 22 2015
! NVRAM config last updated at 09:24:03 UTC Thu Jan 22 2015
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
hostname Switch
boot-start-marker
boot-end-marker
vrf definition Mgmt-vrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
logging console emergencies
enable secret 5 $1$Qi5N$u/5q1HESY/TyQsPFNKVah1
no aaa new-model
clock timezone UTC -6 0
clock summer-time UTC recurring
switch 1 provision ws-c3650-24ts
ip device tracking
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
redundancy
mode sso
class-map match-any non-client-nrt-class
match non-client-nrt
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
interface GigabitEthernet1/0/1
interface GigabitEthernet1/0/2
interface GigabitEthernet1/0/3
interface GigabitEthernet1/0/4
interface GigabitEthernet1/0/5
interface GigabitEthernet1/0/6
interface GigabitEthernet1/0/7
interface GigabitEthernet1/0/8
interface GigabitEthernet1/0/9
interface GigabitEthernet1/0/10
interface GigabitEthernet1/0/11
interface GigabitEthernet1/0/12
interface GigabitEthernet1/0/13
interface GigabitEthernet1/0/14
interface GigabitEthernet1/0/15
interface GigabitEthernet1/0/16
interface GigabitEthernet1/0/17
interface GigabitEthernet1/0/18
interface GigabitEthernet1/0/19
interface GigabitEthernet1/0/20
interface GigabitEthernet1/0/21
interface GigabitEthernet1/0/22
interface GigabitEthernet1/0/23
interface GigabitEthernet1/0/24
interface GigabitEthernet1/1/1
interface GigabitEthernet1/1/2
interface GigabitEthernet1/1/3
interface GigabitEthernet1/1/4
interface Vlan1
ip address 192.168.5.230 255.255.255.0
ip default-gateway 192.168.5.1
ip http server
ip http secure-server
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
line vty 0 4
password scrubbed
login
line vty 5 15
password scrubbed
login
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
ap group default-group
end
SG500 Switch:
switchff1182#show run
config-file-header
switchff1182
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname switchff1182
no passwords complexity enable
username cisco password encrypted scrubbed privilege 15
ip ssh server
snmp-server server
no ip http server
ip telnet server
interface vlan 1
ip address 192.168.5.231 255.255.255.0
no ip address dhcp
exit
ip default-gateway 192.168.5.1

Hi Peter,
Thanks for replying. Unfortunately (or fortunately if it worked), STP is running and BPDU's are flooding below:
SW500A#show spanning-tree
Spanning tree enabled mode RSTP
Default port cost method: long
Root ID Priority 24577
Address a0:ec:f9:ef:6a:00
Cost 20000
Port gi1/1/43
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32768
Address 2c:3e:cf:ff:11:82
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
SW500A#show spanning-tree bpdu
Global: Flooding
I guess I'm doing etherchannels instead of redundant links :-/
This is one of many reasons why I regret these small business models being made; A lot of things that are polished and functional in the enterprise grade (i.e. real switches) just don't seem to work on these units. But unfortunately, as the price is significantly cheaper, companies will continue purchasing these over the better quality units, and engineers like myself will be stuck working with the cut-corners version of a Cisco switch.

Cisco 3650 Issue with 1231 AP

hi all,
i've got an issue with a new cisco 3650 48 port wherein older AP 1231 keeps on disconnecting.
the connection is just a simple trunk.
#sh run int g1/0/47
Building configuration...
Current configuration : 62 bytes
interface GigabitEthernet1/0/47
switchport mode trunk
end
1231 is working fine on a 3560.
could someone advice if anything else need to do on 3650?
*Apr 21 09:32:33.243: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to down
*Apr 21 09:32:34.255: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to down
*Apr 21 09:32:37.369: %ILPOWER-7-DETECT: Interface Gi1/0/47: Power Device detected: IEEE PD
*Apr 21 09:32:40.406: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/47: PD removed
*Apr 21 09:32:40.407: %ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi1/0/47: Power given, but Power Controller does not report Power Good
*Apr 21 09:32:48.994: %ILPOWER-7-DETECT: Interface Gi1/0/47: Power Device detected: Cisco PD
*Apr 21 09:32:49.473: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/47: Power granted
*Apr 21 09:32:53.355: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to up
*Apr 21 09:32:55.356: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to up
*Apr 21 09:34:27.142: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/47: PD removed
*Apr 21 09:34:27.142: %ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi1/0/47: Power Controller reports power Imax error detected
*Apr 21 09:34:27.847: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to down
*Apr 21 09:34:28.855: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to down
*Apr 21 09:34:39.384: %ILPOWER-7-DETECT: Interface Gi1/0/47: Power Device detected: Cisco PD
*Apr 21 09:34:40.235: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/47: Power granted
*Apr 21 09:34:43.875: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/47, changed state to up
*Apr 21 09:34:45.874: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/47, changed state to up

pre,
i don't think it's a cable issue. correction on the working AP, it's supposed to be a AIR-SAP1602E.
this AP is working on the 3650.
i've searched and i think the AIR-AP1231 isn't supported on this switch platform.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3e/release_notes/OL3264701.html#18425
this new switch isn't friendly. first, i had the issue with PVLAN and now this :(

Win 8.1 and ATI Radeon 3650

Is there a driver for Win 8.1 which allows to use the switchable graphics function?
After installing Win 8.1 I just can use the onboard graphic card. The only driver I found is made for Win 7 and doesn't work. A driver for ATI Radeon 3650 is installed but the device manager detects an error.
Thanks a lot for any help

Hi Noah,
Welcome to Lenovo Community Forums!
I’m sorry to hear that you had difficulties in finding ATI Radeon drivers for your Lenovo ThinkPad after upgrading to Windows 8.1.
Check in the BIOS under Config > Display if there is an option for switchable graphics.
If you cannot find related drivers in Lenovo Support page, try running the AMD Driver Autodetect application which will auto detect the drivers and update it to the latest version that is compatible with your current operating system.
Hope this helps!
Best regards,
Mithun.
Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.
Follow @LenovoForums on Twitter!

NAT problems on a L3 3650 switch

So, I am trying to setup NAT on our new 3650 switch running IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.06.00E RELEASE SOFTWARE
This simple setup involves a layer 3 port (1/0/46) to our gateway and a Vlan for NAT
My hosts on my NAT Vlan (Vlan 2) do not seem able to ping anywhere else than the switch itself (all its interfaces) and their local subnet. Pings from the switch to outside are fine (NAT debug enabled):
Switch#ping 8.8.8.8 source 192.168.122.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.122.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/66/70 ms
Switch#
*Nov 10 14:27:04.145: NAT: ICMP id=1->1025
*Nov 10 14:27:04.145: NAT: s=192.168.122.1->165.211.28.194, d=8.8.8.8 [5]
*Nov 10 14:27:04.210: NAT: ICMP id=1025->1
*Nov 10 14:27:04.210: NAT: s=8.8.8.8, d=165.211.28.194->192.168.122.1 [0]
Running Config:
! Last configuration change at 13:51:06 UTC Mon Nov 10 2014
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
hostname Switch
boot-start-marker
boot system switch all flash:packages.conf
boot-end-marker
vrf definition Mgmt-vrf
address-family ipv4
exit-address-family
no aaa new-model
switch 1 provision ws-c3650-48ps
ip routing
ip dhcp excluded-address 192.168.122.1
ip dhcp pool Pool14
import all
network 192.168.122.0 255.255.255.0
dns-server 165.211.29.1
default-router 192.168.122.1
domain-name my.domain
crypto pki trustpoint TP-self-signed-1875358754
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
redundancy
mode sso
class-map match-any non-client-nrt-class
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
interface GigabitEthernet1/0/46
description conf GW
no switchport
ip address 165.211.28.194 255.255.255.192
ip nat outside
interface GigabitEthernet1/0/47
switchport access vlan 2
spanning-tree portfast
spanning-tree bpduguard enable
interface GigabitEthernet1/0/48
switchport access vlan 2
spanning-tree portfast
spanning-tree bpduguard enable
interface Vlan1
no ip address
shutdown
interface Vlan2
ip address 192.168.122.1 255.255.255.0
ip nat inside
ip nat inside source list 61 interface GigabitEthernet1/0/46 overload
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 165.211.28.193
access-list 61 permit 192.168.122.0 0.0.0.255
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
line vty 5 15
login
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
ap group default-group
end
I also tried using a Vlan (+nat outside) instead of the Layer3 port (1/0/46) with the same results

Hello Paul,
1)yes the public addressing is correct. Our gateway is 165.211.28.193/26 and my public is setup 165.211.28.194/26.
2) Ip routing is enabled on the switch as you can see on my configuration
3)Switch#sh sdm prefer
Showing SDM Template Info
This is the Advanced (low scale) template.
Number of VLANs: 4094
Unicast MAC addresses: 32768
Overflow Unicast MAC addresses: 512
IGMP and Multicast groups: 4096
Overflow IGMP and Multicast groups: 512
Directly connected routes: 16384
Indirect routes: 7680
Security Access Control Entries: 1536
QoS Access Control Entries: 3072
Policy Based Routing ACEs: 1024
Netflow ACEs: 768
Wireless Input Microflow policer ACEs: 256
Wireless Output Microflow policer ACEs: 256
Flow SPAN ACEs: 512
Tunnels: 256
Control Plane Entries: 512
Input Netflow flows: 8192
Output Netflow flows: 16384
SGT/DGT entries: 4096
SGT/DGT Overflow entries: 512
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.

Xorg + 3650 + fglrx...

alright, this is seriously making me sad.
if any of you lurk on irc youve probly argued with me once or twice in the past.
so i was so unlucky i got an ati graphics card. my whole system is compatible, the only thing that refuses to work is xorg+fglrx.
i started off about a year ago or a bit more, trying to make it work. i tried, didnt work, i thought xorg wouldnt work, or fglrx wouldnt anyway, so i put it aside for a while, i said who cares i have the windows pc right next to me. (3 pcs in the house)
no matter what ive tried, i always ended up wiping the hard disk and starting all over. its always better if youve got nothing to lose. i for one didnt.
so i just like reinstalled it and im on a dead end. i cannot believe that this is like the 4th or 5th time im going through this, the exact same problem for the last year or more.
i wipe the disk clean, so i get a clean install. then i make my user, config pacman, all good and ready.
setup xorg with pacman -S xorg, everything installs properly.
however catalyst as i found out was no longer in the repositories. i downloaded both and installed both from aur. first catalyst-utils with makepkg --asroot and then catalyst with the same procedure.
so the software is all prepped and ready to go.
i have never found ONE xorg.conf that ever worked. i even tried that this last time, still didnt work. so i thought ill just skip xorg.conf, ill just do it without a xorg.conf. without xorg.conf everything WORKED, for once. i saw images instead of black and white text coming from the bloody screen, rejoice! screw that, didnt last long. took me a while until i figured out that i couldnt find a way to use fglrx without a xorg.conf. so i made a xorg.conf that worked from the xorg.0.log file. tried to then aticonfig --initial -input blabla whatever. the xorg.conf changed, and then when i tried to run it, everything was unusable. at first it told me it couldnt get the depth right, so i set like default depth 24. when that was out of the way, it had a problem with monitor range. so i set the vertical sync to 60 as my monitor is meant to be. then i ran startx again, and my screen just kept flickering for no reason, getting stuck into an image of a few green and purple lines and boxes (artifacts), with no way of return through ctrl+alt+backspace or whatever. even trying to revert to vesa from that point onward didnt work. total screw up, so i reinstalled again.
i remember being told that with previous versions of xorg there was no such problem. so i downloaded a xorg-server-1.5.3 and when trying to install it i had to install a package called gl which isnt even in the repos. like wtf anyway.
so i scrapped that plan, deleted the archive, and now have my system clean, with only root, a user and xorg installed. i havent installed catalyst yet. suggestions?
my gfx card is hd radeon 3650 and cpu intel pentium 4 3.2ghz
my brain is about to blow...
(if anyone is going to make a comment like "buy a real card", the back button looks like "<".)

come on, people? its been two days.
i cant be the only one that has an hd3650 and runs arch, the only one that tried installing catalyst and be the only one that is still trying.
if im missing some info that could help you understand, just let me know. theres gotta be a way out of this mess with the proprietary drivers.
and im mainly persistent merely cos i think its something im doing wrong on my side that you can help me with. if its hopeless because the drivers are awfully crappy, then ill let it be. if its difficult, i dont care, just hit me with what you know.

LMS 3.2 on Solaris 10 - CatOS PVlan Mapping commands to MSFC not being saved by Ciscoworks

Hi All,
We are doing some troubleshooting after the recovery of a Cat6500 Hybrid switch and we've encoutered something strange. It seems that Ciscoworks does not save the pvlan mapping statements applied to the MSFC (module 15 in this case). Below I have two excerpts. The first one is from an export of the latest saved config of a similar device. The other one is from the actual same switch.
Any ideas why this is happening?
Thanks
Jose Ribeiro
-bash-3.00$ cat ctspitdcemsw303-172-raw.cfg | grep mapping
#Macro-Port mapping
#vlan mapping
set pvlan mapping 2100 2101 1/7
set pvlan mapping 2100 2103 1/7
set pvlan mapping 2100 2104 1/7
set pvlan mapping 2100 2106 1/7
set pvlan mapping 2100 2109 1/7
set pvlan mapping 2600 2603 5/11-12
set pvlan mapping 2600 2604 5/11-12
set pvlan mapping 2800 2801 5/4
set pvlan mapping 2800 2802 5/4
set pvlan mapping 2800 2803 5/4
set pvlan mapping 2800 2804 5/4
set pvlan mapping 2800 2805 5/4
set pvlan mapping 2800 2806 5/4
set pvlan mapping 2800 2807 5/4
set pvlan mapping 2800 2808 5/4
set pvlan mapping 2800 2809 5/4
set pvlan mapping 2300 2303 9/31
set pvlan mapping 2300 2304 9/31
set pvlan mapping 2600 2603 9/28
set pvlan mapping 2600 2604 9/28
-bash-3.00$
ctspitdcemsw303> (enable) sh runn | incl mapping
set pvlan mapping 2100 2101 1/7
set pvlan mapping 2100 2103 1/7
set pvlan mapping 2100 2104 1/7
set pvlan mapping 2100 2106 1/7
set pvlan mapping 2100 2109 1/7
set pvlan mapping 2600 2603 5/11-12
set pvlan mapping 2600 2604 5/11-12
set pvlan mapping 2800 2801 5/4
set pvlan mapping 2800 2802 5/4
set pvlan mapping 2800 2803 5/4
set pvlan mapping 2800 2804 5/4
set pvlan mapping 2800 2805 5/4
set pvlan mapping 2800 2806 5/4
set pvlan mapping 2800 2807 5/4
set pvlan mapping 2800 2808 5/4
set pvlan mapping 2800 2809 5/4
set pvlan mapping 2300 2303 9/31
set pvlan mapping 2300 2304 9/31
set pvlan mapping 2600 2603 9/28
set pvlan mapping 2600 2604 9/28
set pvlan mapping 2300 2303 10/35-36
set pvlan mapping 2300 2304 10/35-36
set pvlan mapping 2300 2305 10/35-36
set pvlan mapping 2300 2309 10/35-36
set pvlan mapping 2300 2303 11/34
set pvlan mapping 2300 2304 11/34
set pvlan mapping 2600 2603 11/12-13,11/38-39
set pvlan mapping 2600 2604 11/12-13,11/38-39
set pvlan mapping 2300 2303 12/45-46
set pvlan mapping 2300 2304 12/45-46
set pvlan mapping 2600 2603 12/41-44
set pvlan mapping 2600 2604 12/41-44
set pvlan mapping 2000 2001 15/1
set pvlan mapping 2000 2002 15/1
set pvlan mapping 2000 2003 15/1
set pvlan mapping 2000 2005 15/1
set pvlan mapping 2000 2009 15/1
set pvlan mapping 2200 2201 15/1
set pvlan mapping 2200 2202 15/1
set pvlan mapping 2200 2203 15/1
set pvlan mapping 2200 2208 15/1
set pvlan mapping 2300 2301 15/1
set pvlan mapping 2300 2302 15/1
set pvlan mapping 2300 2303 15/1
set pvlan mapping 2300 2304 15/1
set pvlan mapping 2300 2305 15/1
set pvlan mapping 2300 2306 15/1
set pvlan mapping 2300 2307 15/1
set pvlan mapping 2300 2309 15/1
set pvlan mapping 2300 2312 15/1
set pvlan mapping 2500 2501 15/1
set pvlan mapping 2500 2503 15/1
set pvlan mapping 2600 2602 15/1
ctspitdcemsw303> (enable)

Hi Joseph,
When I run a write term I can see the whole switch config, though in pages (I need to hit enter several time to go trhu the whole config).
ctspitdcemsw303> (enable) write terminal
This command shows non-default configurations only.
Use 'write terminal all' to show both default and non-default configurations.
begin
# ***** NON-DEFAULT CONFIGURATION *****
#time: Mon May 9 2011, 09:08:46 EDT
#version 8.5(2)
Also a View Config Raw from Device Center shows configuration up to module 10, completely missing modules 11, 12 and 15 (pvlan mappings to the MSFC).
Thanks,
Jose

Dot1x authentication - Switch 3650 / Polycom phone 430

Hi,
I have a switch 3650 with the IP base image IOS 12.2(25) SEE3, a polycom phone SoundPoint IP 430 SIP, A radius server IAS 2003 and a Windows XP PC.
I enabled the windows XP pc for wired authentication ( started the service Wired AutoConfig, added the registry entries AuthMode, SupplicantMode, choose Enable IEEE 802.1x authenticaiton with PEAP, then secured password EAP-MSCHAP-v2.
I configured the RADIUS server for ethernet authentication and domain users. In the profile I choose Eap, mschap v2
The port configuration of the switch is as following:
Switch#sh run int fa0/1
Building configuration...
Current configuration : 590 bytes
interface FastEthernet0/1
switchport access vlan 121
switchport mode access
switchport voice vlan 155
switchport priority extend trust
service-policy input QoS-Policy-LAN
speed 100
duplex full
spanning-tree portfast
end
I configured the switch as the following:
switch(config)#dot1x system-auth-control
Under the interface configuration mode:
switch(config-if)#dot1x port-control auto
switch(config-if)#dot1x pae authenticator
switch(config-if)#dot1x host-mode multi-host
I plugged the PC directly into the switch port, I got that additional credentials are required for the PC to connect to the network, So I put my username and password for windows and was successfully authenticated.
Then I plugged the PC to the phone( Polycom 430) and the phone into the switch port. the network card appears as attempting to authenticate but it doesn't prompt, and I am not able to access the network, neither I am able to use the phone.( the problem that the authentication packets sent from the PC do not reach the switch, as I see in the debug dot1x (on the switch) comparison when I was connecting the PC alone and when I connected the PC&Phone, the client ID trying to authenticate is different in each case. I will put the debug for both down, when it connects and when it was unable to connect)
I tried dot1x host-mode single-host
I did many changes , one time with single-host and then with multi-host: ( each time , I tried to disable/enable Network card of the PC, and make a phone call in order generate traffic)
First added dot1x mac-auth-bypass - disconnected and reconnected -- didn't work(neither phone , nor PC)
Second in addition to First , i added dot1x control-direction in   --- didn't work (neither phone , nor PC).
Then I removed both these settings and I set:
dot1x guest-vlan 155 where 155 is the voice vlan
dot1x auth-fail vlan 155
Nothing was working
Then I added these 2 records, in addition to the dot1x mac-auth-bypass, nothing was working.
In the attachment, I marked with blue font, where I saw the ClientID, After that state-machine record that shows the client ID, I saw that the debug output of the debug changed
CDP is enabled on both the phone and the switch, and when I use show cdp , i see the phone connected to the port.
Thanks
Sayed

I run a test that I run was making the duplex to half on all switches/phone/PC,
I brought a small switch, connected to the the cisco 3650 with the port configuration
and I did two more tests:
test1,
     dot1x port-control auto
     dot1x authenticator pae
     dot1x host-mode multi-host
the PC authenticated successfully and I was able to to access the network as well as to make phone calls.
Test2.
     dot1x port-control auto
     dot1x authenticator pae
     dot1x host-mode single-host
The PC was able to authenticate and access the network but the phone was not able.
The problem that I am thinking is that the phone wants to try to authenticate, and doesn't let the authentication of the PC to pass.
I hope somebody can help me, regarding this problem
Thanks

5508 MC with 3650 MA L2 roaming problem

Hello,
I am testing L2 roaming on an open SSID between 3650 (MA) and 2 x 5508 in SSO (MC).
The output of the show wireless mobility summary on the 3650 is :
3650-ERM-LT1#show wireless mobility summary
Mobility Agent Summary:
Mobility Role : Mobility Agent
Mobility Protocol Port : 16666
Mobility Switch Peer Group Name : 3650-ERM-LT1
Multicast IP Address : 0.0.0.0
DTLS Mode : Enabled
Mobility Domain ID for 802.11r : 0x6549
Mobility Keepalive Interval : 10
Mobility Keepalive Count : 3
Mobility Control Message DSCP Value : 0
Switch Peer Group Members Configured : 1
Central Management : Disabled
Link Status is Control Link Status : Data Link Status
The status of Mobility Controller:
IP Public IP Link Status
172.17.1.1 172.17.1.1 UP : UP
Switch Peer Group members:
IP Public IP Data Link Status
172.17.27.1 172.17.27.1 N/A
The output of show mobility summary on 5508 is :
(WLC5508-MAR-1) >show mobility summary
New Mobility (Converged Access).................. Enabled
Mobility Protocol Port........................... 16666
Default Mobility Domain.......................... mobility
Multicast Mode .................................. Disabled
DTLS Mode ....................................... Enabled
Mobility Domain ID for 802.11r................... 0x6549
Mobility Keepalive Interval...................... 10
Mobility Keepalive Count......................... 3
Mobility Group Members Configured................ 1
Mobility Control Message DSCP Value.............. 0
Mobility Oracle.................................. Disabled
Mobility MC public IP ........................... 172.17.1.1
Mobility Oracle IP address ...................... 0.0.0.0
Controllers configured in the Mobility Group
IP Address Public IP Address Group Name Multicast IP MAC Address Status
172.17.1.1 172.17.1.1 mobility 0.0.0.0 f4:cf:e2:94:c0:00 Up
Switch Peer Group Configuration:
Switches configured in Switch Peer Group: 3650-ERM-LT1
IP Address Public IP Address Status
172.17.27.1 172.17.27.1 Up
So the mobility domain ID is the same.
The show wlan id :
On 3650 :
3650-ERM-LT1#sh run wlan testNXO
wlan test 6 TEST
no broadcast-ssid
no mobility anchor sticky
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
session-timeout 1800
no shutdown
On 5508 :
WLAN Identifier.................................. 6
Profile Name..................................... test
Network Name (SSID).............................. TEST
Status........................................... Enabled
Broadcast SSID................................... Disabled
AAA Policy Override.............................. Disabled
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
User Idle Timeout................................ Disabled
Sleep Client..................................... disable
Sleep Client Timeout............................. 720 minutes
User Idle Threshold.............................. 0 Bytes
NAS-identifier................................... WLC5508-MAR-1
CHD per WLAN..................................... Enabled
I enabled fast-ssid-change on both side.
So, on both side :
- mobility domain and bridge domain ID are the same
- WLAN settings are the same
The coverage area for my test is OK.
The wireless management interface on both 3650 and 5508 is on the same VLAN (172.17.0.0 /16).
I test with android smartphone and windows laptop.
The WLC version : 8.0.115.0
The 3650 version : 03.07.00E
Others elements to check ?
From the config guide I don't see what I miss :
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3se/mobility/configuration_guide/b_mobility_3se_3650_cg/b_mobility_3se_3650_cg_chapter_01001.html

Going forward this setup not going to be supported. ie you cannot make 5508 (or AireOS) controller as MC for 3850/3650 MA. In AireOS 8.1 code this support is not there, so better to get a 5760 if you want a dedicated MC in converged access.
Still you should be able to have roam between 5760 & 5508 set up in same mobility group.
If you have to go ahead with this testing, first try to do it with single 5508 (without SSO) & see. I would suggest 3.6.2aE for 3650 ( 3.7 is latest, but there may be unknows issues)
HTH
Rasika
*** Pls rate all useful responses ***

Cisco 3650 tacacs+ with SSH works, not for http to use wireless GUI

Hi
Last week I installed a brand new Cisco 3650 switch and the wireless option.
Everything works fine.
I also configured tacacs+. Login through SSH works fine.
Now I want to manage the wireless part from the GUI bij entering https://ip-address/wireless
Local authentication with priv 15 works fine.
Now I configured tacacs. After entering username password I received a blank screen.
After debugging, I got a SSl failed.
Mar 4 07:35:53.675: eah: url=/wireless is for us with a secondary connection
Mar 4 07:35:53.675: eah: Secondary authentication required for realm priv_15_access
Mar 4 07:35:53.675: Tue, 04 Mar 2014 07:35:53 GMT <source address> /wireless auth_required
Protocol = HTTP/1.1 Method = GET
Mar 4 07:35:53.675:
Mar 4 07:35:53.799: %HTTPS: SSL read fail (-6992)
Mar 4 07:35:58.400: eah: url=/wireless is for us with a secondary connection
Mar 4 07:35:58.401: eah: Secondary authentication required for realm priv_15_access
Mar 4 07:35:58.401: HTTP AAA Login-Authentication List name: TACACS
Mar 4 07:35:58.401: HTTP AAA Login-Authentication List name: TACACS
Mar 4 07:35:58.401: TPLUS: Queuing AAA Authentication request 4673 for processing
Mar 4 07:35:58.401: TPLUS: processing authentication start request id 4673
Mar 4 07:35:58.401: TPLUS: Authentication start packet created for 4673(my username)
Mar 4 07:35:58.402: TPLUS: Using server <tacacs server IP>
Mar 4 07:35:58.407: TPLUS(00001241)/0/NB_WAIT/3AF752D4: Started 5 sec timeout
Mar 4 07:35:58.449: TPLUS(00001241)/0/NB_WAIT: socket event 2
Mar 4 07:35:58.450: TPLUS(00001241)/0/NB_WAIT: wrote entire 37 bytes request
Mar 4 07:35:58.450: TPLUS(00001241)/0/READ: socket event 1
Mar 4 07:35:58.450: TPLUS(00001241)/0/READ: Would block while reading
Mar 4 07:35:58.511: TPLUS(00001241)/0/READ: socket event 1
Mar 4 07:35:58.511: TPLUS(00001241)/0/READ: read entire 12 header bytes (expect 16 bytes data)
Mar 4 07:35:58.511: TPLUS(00001241)/0/READ: socket event 1
Mar 4 07:35:58.511: TPLUS(00001241)/0/READ: read entire 28 bytes response
Mar 4 07:35:58.511: TPLUS(00001241)/0/3AF752D4: Processing the reply packet
Mar 4 07:35:58.511: TPLUS: Received authen response status GET_PASSWORD (8)
Mar 4 07:35:58.512: TPLUS: Queuing AAA Authentication request 4673 for processing
Mar 4 07:35:58.512: TPLUS: processing authentication continue request id 4673
Mar 4 07:35:58.512: TPLUS: Authentication continue packet generated for 4673
Mar 4 07:35:58.512: TPLUS(00001241)/0/WRITE/3AFD3D3C: Started 5 sec timeout
Mar 4 07:35:58.512: TPLUS(00001241)/0/WRITE: wrote entire 26 bytes request
Mar 4 07:35:58.566: TPLUS(00001241)/0/READ: socket event 1
Mar 4 07:35:58.566: TPLUS(00001241)/0/READ: read entire 12 header bytes (expect 6 bytes data)
Mar 4 07:35:58.566: TPLUS(00001241)/0/READ: socket event 1
Mar 4 07:35:58.566: TPLUS(00001241)/0/READ: read entire 18 bytes response
Mar 4 07:35:58.567: TPLUS(00001241)/0/3AFD3D3C: Processing the reply packet
Mar 4 07:35:58.567: TPLUS: Received authen response status PASS (2)
Mar 4 07:35:58.656: HTTP: Priv level authorization success priv_level: 15
Mar 4 07:35:58.690: %HTTPS: SSL read fail (-6992)
Mar 4 07:35:59.096: eah: urlhook called for url=/favicon.ico
Mar 4 07:35:59.096: eah: Not for us
Mar 4 07:35:59.096: eah: urlhook called for url=/favicon.ico
Mar 4 07:35:59.096: eah: Not for us
Mar 4 07:35:59.096: eah: urlhook called for url=/favicon.ico
Mar 4 07:35:59.096: eah: Not for us
Mar 4 07:35:59.097: eah: urlhook called for url=/favicon.ico
Mar 4 07:35:59.097: eah: Not for us
Mar 4 07:35:59.097: eah: urlhook called for url=/favicon.ico
Mar 4 07:35:59.097: eah: Not for us
Mar 4 07:35:59.097: eah: urlhook called for url=/favicon.ico
Mar 4 07:35:59.097: eah: Not for us
Mar 4 07:35:59.097: eah: urlhook called for url=/favicon.ico
Mar 4 07:35:59.097: eah: Not for us
Mar 4 07:35:59.097: eah: urlhook called for url=/favicon.ico
Mar 4 07:35:59.097: eah: Not for us
So authentication seems fine to me.
Do I miss something in the ACS server?
Configuration for ip http login:
ip http secure-server
ip http authentication aaa login-authentication TACACS
ip http authentication aaa exec-authorization TACACS
ip http authentication aaa command-authorization 15 TACACS
Thanks!

hi Erik,
command auth is not supported for GUI for the IOS-XE boxes.
Also can you try dong the following to check if this is a config issue.
I see that you have used TACACS as a method-list. Can you try using “default”?
To use “default”, you need to maje the following changes.
Aaa authentication login default group <server-grp>
Aaa authorization exec default group <server-grp>
On the http front, remove all the commands that you have configured below and only have this
Ip http authentication aaa
Can you paste the o/p of the folllowing commands?
sh run | sec http
sh run | sec aaa
Does http work instead of https?

Can anyone tell what exactly does the 3650 MA or MC does

Hi
Datasheet is not very helpfull..
I want to now if there is any benefit if i have a local 5508 HA pair at my central site and a 3650 MC Controller in my branch?
Is there any config sync between WLC or Prime with this 3650 in Mobility Agent or Mobility Controller mode?
regards
Chris

Hi Chris,
MC-Mobility Controller & MA-Mobility Agent are two different roles assign to a wireless controller. In legacy systems (5508,WiSM2,2504) both roles reside on the same physical unit.
Typically MA is responsisble for terminate CAPWAP tunnels from AP, maintain client database where as MC is responsible for Roaming, RRM, wIPS, etc.Another important aspect is MC hold the license for AP registration. In legacy system you do not want to worry about both are doing by the same controller/device.
With this new Converged Access deployment model you have the option of seperate these data plane (MA) & control plane (MC) funtionality into two sepearte device. In a large scale deployments, you should have central controller acting as MC (it can be 5508,5760) & all your access layer 3850/3560 will act as MA & terminate all directly connected AP CAPWAP tunnels.
In small/branch deployment, you can use a 3850/3560 to do the MC funtionality as well. In that case it will act as a full WLC (with MC& MA functionality).
In your case, yes you can use 3650 to do the MA/MC at your branch (think of you got a WLC at your branch). If you require guest tunneling/etc, then your 5508 need to be run specific code (7.3.112.0 ,7.5.102.0 or 7.6.100.0) in order to inter-communicate with branch 3650.
As Scott mentioned, it is different architecture, so better you familiar prior to deploy it. Here is another good presentation you should watch.
https://www.ciscolive.com/online/connect/sessionDetail.ww?SESSION_ID=74990&backBtn=true
HTH
Rasika
**** Pls rate all useful responses ****

Etherchannel - Config Question

First time configuring etherchannel. I have followed the documentation, watched videos, etc. The channel is up, but wanted to verify I did it right - and have not missed something.
Scenario:
Connecting a brand new 3650X into a 3750. The 3750 is the "Core" and does the layer 3 routing, etc. The 3650 is going to become a new Server Backbone - should participate on VLAN 10 only. All servers in our data farm will connect into it (eventually).
Normally we just create one trunk port on each switch and call it done (we do not have a big data farm/and or IT team) but I wanted to start looking at Etherchannel, etc.
Config - Core:
interface GigabitEthernet2/0/12
description ***Trunk to 203 - Server Backbone***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
Server Backbone:
interface GigabitEthernet1/0/1
description ***Server Backbone - Switch 3 - Trunk***
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
channel-group 1 mode on
interface Port-channel1
switchport trunk allowed vlan 10
switchport mode trunk
switchport nonegotiate
(Does not have the encapsulation command, as not available in that IOS - assuming it is automatic?).
Basically I am looking to improve throughput and redundancy. Is there anything else I should add and/or change about what was configured?
(NOTE: I know these may or may not be the best switches to use - but they are what we can afford on our budget).

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Well, of course, you want more than one link in your port-channel, both for additional aggregate bandwidth and additional redundancy.
You may want to review whether you're using the optimal hashing algorithm for your port-channel.

AP with Clean-air Express and 3650 controller

Hi,
Is Clean-air express supported on the 3650 wireless controller with 1602e APs? The Clean-air options on the controller are available but do not seem to be active. In the controller gui the Clean-air admin status is disabled and the Clean-air operation status is down. I did confirm the Clean Air option is enabled on the config menu for the b/g/n band. Am I missing something here or are these AP's just not supported? Thanks!

CleanAir Express is different than CleanAir. Express means that the AP does the function of detection, not the controller. 1600's & 1700's run CleanAir Express and you don't have the 100% functionality of CleanAir with these access points.
-Scott

3650 PVLAN Config

Similar Messages

Maybe you are looking for