Cisco 3400 Input Packet 0
Dears,
We re using Cisco 3400 in out network with Metro Ip Access 12.2(53)Version.
The issue is that we Plug SFP SFP-GE-L 10-2144-01,1000 BASE LX/LH and loop the Fiber Patch Cord we do not recieve any packet.
Even if we connect to other Cisco we are unable to recieve packet even the Interface status Shows UP..
Need your expert advice.
Thanks
Jawwad
Hi Jawwad,
do you mean that the issue occurs ONLY if you use SFP SFP-GE-L and not if you use other SFPs?
If this is the case, which other SFPs did you try?
What do you see on 'show interface gix/x" after you send some traffic? can you attach the outputs?
All ports are affected or just some?
Can you attach the port configuration?
regards,
Riccardo
Similar Messages
-
Configuration of Cisco 3400 switch
what is difference between UNI & NNI ports in cisco 3400 12 CS switch how to configure them to make centralised connectivity with remote location
That error is "normal" because you are using a 3500 AP. This particular model of AP requires a wireless LAN controller (WLC).
You "cannot" load autonomous IOS into the 3500 for wireless service. -
Input packet drops on uplink port-profile
Hi,
I'm using Nexus 1000v and vSphere 5.1;
I just migrated some physical servers to VM, and I have some weird reporting issues;
Just to make sure it wasn't a network issue they asked me to verify if anything was overlooked on the Nexus side of things;
Everything checked out, but I'm seeing a lot of input packet drops on the physical ports of the system uplink port-profile; I doubled checked the configs on the VSM and the Catalyst stack and all is configured properly;
should I be concerned about these Input packet drops that I'm seeing on the VSM on the physical interfaces of my uplink port-profile? If so, could it be the NICS in the ESX host that could be the issue?
Any feed back would be appreciated;
Thanks.I have the same symptomps on 3 different Nexus 1000v. All 3 run the same version - 4.2(1)SV2(1.1) VMware is 5.0 sp1 and the hardware for ESXi hosts is more or less the same (At least server blade model and CNA).
We have tried to use vempkt to capture traffic but no traffic is captured if we filter on drops even though the counter on the port-channel and member Ethernet interfaces increase. On the hosts we tried vempkt we see about 20 drops per second. Here is some info. I have removed some irrellevant stuff.
NRK-VSM-001# show int po 14
port-channel14 is up
Members in this channel: Eth6/3, Eth6/4
6172 input packet drops <- Increases
NRK-VSM-001# show mod 6
Mod Sw Hw
6 4.2(1)SV2(1.1) VMware ESXi 5.0.0 Releasebuild-1024429 (3.0)
Mod Server-IP Server-UUID Server-Name
6 10.16.1.12 4c4c4544-0034-3010-8036-b4c04f33354a nrk-vi01-h07.nt.se
FROM The ESXi
~ # vemcmd show port
LTL VSM Port Admin Link State PC-LTL SGID Vem Port Type
19 Eth6/3 UP UP F/B* 305 0 vmnic2
20 Eth6/4 UP UP F/B* 305 0 vmnic3
~ # vempkt show capture info
Stage : Drop
LTL : 305
VLAN : Unspecified
Filter : Unspecified
Even if we let the capture run for several minutes we see no drops. I set it to capture 31 packets.
~ # vempkt show info
Enabled : Yes
Total Packet Entries : 0 <- Never increases even if the capture is running filtered like above
Wrapped Packet Entries : 0
Lost Packet Entries : 0
Skipped Packet Entries : 560145
Available Packet Entries : 14169
Packet Capture Size : 88
Packet Capture Mode : Un Reliable
Stop After Packet Entry : 31
In our case, could the input drops depend on that we allow vlans from the upstream hardware switch to the VEM that do not exist on the N1000v and that this is the reason we can not capture the dropped packets?
Any ideas?
PS: We see drops on uplinks on all VEMs -
Hi all, Some days ago i had a problem with a Cisco CSM configuration. The short history is that i had to change the parse-length (virtual server submode) command to the max. 4000 bytes value for this implementation to work, if i dont do this the CSM sends resets to the client. what i would like to know is if someone knows how the CSM parses packets when it is "searching" for a string,cookie,etc, i am having some difficulties finding info about this.
The parse length on the CSM is the amount of bytes we can store to find the needed information (ie: cookie).
So when we get an HTTP request or response the CSM will buffer everything it received up to max parse-len or header limit (\r\n\r\n).
Once we reached the end of the HTTP header we stop buffering.
While buffering we also start looking for the info that we need.
If we do find it we also stop buffering.
There is nothing magic here.
If the HTTP header gets so big that the info we are looking for goes beyond the max-parse-len when we start buffering looking for the info, we endup using all the buffer space allocated to the connection and decide to drop the connections as we don't know if the info is just not there, or somewhere further in the header but we don't have space to buffer more.
When the CSM was created a long time ago, 2000bytes for the header was normal.
Nowadays, http header tends to be bigger and it is very often require to bump the parse length even further than 4000 bytes.
This can be done with a variable.
Gilles. -
I have two 7960G phones which were using SCCP
I have just upgraded them to POS3-05-3-00 to work for SIP
SInce upgrading both phones are now sending malformed packets and a wireshark trace show no checksum on the packet.
Can anyone suggest how I might change the firmware as TFTP is the only option, currently using 3CDeamon.
Thanks
Johnhello - I have just moved your post to the Topic forums - you had posted your question in an obscure, non-visible, promotional community. Hopefully our community users will see your question now.
-
WRT54G v7.0 How to increment TTL value for input packets
Hi guys
I bought Linksys WRT54G v 7.0 and want share internet connection. But my ISP(connetion is PPPoE) make TTL of incoming packets 1. How can increment the value of incoming packets?
Best Regards
Dimitar KolevHi guys
I bought Linksys WRT54G v 7.0 and want share internet connection. But my ISP(connetion is PPPoE) make TTL of incoming packets 1. How can increment the value of incoming packets?
Best Regards
Dimitar Kolev -
CRC errors and input errors on Te 1/2 of Cisco WS-C3560X-48 switch
Hi All,
I am observing CRC errors and input errors on one of the Te1/2 interface of WS-C3560X-48 Cisco switch. I have not observed any CRC errors or input errors on the connected interface at other end. Can you please let us know whether the issue is with cable or SFP module.
Effected interface:
TenGigabitEthernet1/2 is up, line protocol is up (connected)
Hardware is Ten Gigabit Ethernet, address is f866.f243.e6b6 (bia f866.f243.e6b6)
Description: *** MAN-SW1B***
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 254/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 10Gb/s, link type is auto, media type is SFP-10GBase-SR
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 3w5d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 29000 bits/sec, 30 packets/sec
5 minute output rate 45000 bits/sec, 37 packets/sec
68905128 packets input, 8272036576 bytes, 0 no buffer
Received 68904979 broadcasts (68812046 multicasts)
0 runts, 0 giants, 0 throttles
146170 input errors, 130065 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 68812046 multicast, 0 pause input
0 input packets with dribble condition detected
83524620 packets output, 12642123488 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Other end.
TenGigabitEthernet1/4 is up, line protocol is up (connected)
Hardware is Ten Gigabit Ethernet Port, address is 503d.e53b.9703 (bia 503d.e53 b.9703)
Description: *** DMZ-SW1B ***
MTU 1500 bytes, BW 10000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 10Gb/s, link type is auto, media type is 10GBase-SR
input flow-control is on, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 32000 bits/sec, 27 packets/sec
5 minute output rate 21000 bits/sec, 22 packets/sec
918379921 packets input, 312586470396 bytes, 0 no buffer
Received 881142868 broadcasts (875016400 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
463132111 packets output, 240865283601 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped outWhen there are more than two members in a cluster (stack), the Gigabit interface operates at half-duplex. Since collisions can result at half-duplex, some CRCs errors are normal.
-
Problem Cisco Catalyst 3850 input errors
Ive installed two stacked Catalyst 3850s. Connected to these two switches I have a SAN 6210 Equallogic Dell ESX .
The interfaces on the switches is bundels with Port-channel. MTU size 9198. On swich one its no problem but on switch two I see input errors on these interface.
If I move the cables from switch two to one then its ok...
I have two 10G going to the SAN. And 4 ESX server with 2 ISCSI each.
interface Port-channel21
description ESX1 ISCSI SAN
switchport access vlan 21
switchport mode access
flowcontrol receive desired
spanning-tree portfast
spanning-tree bpduguard enable
Port-channel21 is up, line protocol is up (connected)
Hardware is EtherChannel, address is
Description: ESX1 ISCSI SAN
MTU 9198 bytes, BW 2000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 17/255, rxload 16/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is
input flow-control is off, output flow-control is unsupported
Members in this channel: Gi1/0/25 Gi1/0/34
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:07:12, output never, output hang never
Last clearing of "show interface" counters 1d21h
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 128760000 bits/sec, 8233 packets/sec
5 minute output rate 137021000 bits/sec, 7343 packets/sec
520088013 packets input, 1454135312 bytes, 0 no buffer
Received 1088 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
1534 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
564793180 packets output, 978716517 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped outHi and Sorry Just copied and past the part that I thought was the problem. It seems that MTU size on switch two in the stack still has MTU 1500......
So here is the lot....
This interface is OK
sh controllers ethernet-controller g1/0/25
Transmit GigabitEthernet1/0/25 Receive
2373084674113 Total bytes 2700589618458 Total bytes
1259517537 Unicast frames 1355829627 Unicast frames
2373055994149 Unicast bytes 2700589410330 Unicast bytes
314726 Multicast frames 0 Multicast frames
25604588 Multicast bytes 0 Multicast bytes
44657 Broadcast frames 3252 Broadcast frames
3075376 Broadcast bytes 208128 Broadcast bytes
0 System FCS error frames 0 IpgViolation frames
0 MacUnderrun frames 0 MacOverrun frames
0 Pause frames 0 Pause frames
0 Cos 0 Pause frames 0 Cos 0 Pause frames
0 Cos 1 Pause frames 0 Cos 1 Pause frames
0 Cos 2 Pause frames 0 Cos 2 Pause frames
0 Cos 3 Pause frames 0 Cos 3 Pause frames
0 Cos 4 Pause frames 0 Cos 4 Pause frames
0 Cos 5 Pause frames 0 Cos 5 Pause frames
0 Cos 6 Pause frames 0 Cos 6 Pause frames
0 Cos 7 Pause frames 0 Cos 7 Pause frames
0 Oam frames 0 OamProcessed frames
0 Oam frames 0 OamDropped frames
423237 Minimum size frames 78563 Minimum size frames
593742624 65 to 127 byte frames 338414660 65 to 127 byte frames
1416083 128 to 255 byte frames 4836098 128 to 255 byte frames
558097 256 to 511 byte frames 1505992 256 to 511 byte frames
5464138 512 to 1023 byte frames 6457219 512 to 1023 byte frames
472854085 1024 to 1518 byte frames 834470341 1024 to 1518 byte frames
80781 1519 to 2047 byte frames 257961 1519 to 2047 byte frames
2891352 2048 to 4095 byte frames 13701476 2048 to 4095 byte frames
14353508 4096 to 8191 byte frames 8698824 4096 to 8191 byte frames
168093015 8192 to 16383 byte frames 147411745 8192 to 16383 byte frames
0 16384 to 32767 byte frame 0 16384 to 32767 byte frame
0 > 32768 byte frames 0 > 32768 byte frames
0 Late collision frames 0 SymbolErr frames
0 Excess Defer frames 0 Collision fragments
0 Good (1 coll) frames 0 ValidUnderSize frames
0 Good (>1 coll) frames 0 InvalidOverSize frames
0 Deferred frames 0 ValidOverSize frames
0 Gold frames dropped 0 FcsErr frames
0 Gold frames truncated
0 Gold frames successful
0 1 collision frames
0 2 collision frames
0 3 collision frames
0 4 collision frames
0 5 collision frames
0 6 collision frames
0 7 collision frames
0 8 collision frames
0 9 collision frames
0 10 collision frames
0 11 collision frames
0 12 collision frames
0 13 collision frames
0 14 collision frames
0 15 collision frames
0 Excess collision frames
LAST UPDATE 4870 msecs AGO
This interface have problem. It is in portchannel with g1/0/25. Ive got more interfaces and port-channels showing the same behavior for switch two in my cluster.
sh controllers ethernet-controller g2/0/25
Transmit GigabitEthernet2/0/25 Receive
925460044357 Total bytes 201085804055 Total bytes
702370104 Unicast frames 184041790 Unicast frames
925449913241 Unicast bytes 201085599895 Unicast bytes
118823 Multicast frames 0 Multicast frames
9171804 Multicast bytes 0 Multicast bytes
14251 Broadcast frames 3190 Broadcast frames
959312 Broadcast bytes 204160 Broadcast bytes
0 System FCS error frames 0 IpgViolation frames
0 MacUnderrun frames 0 MacOverrun frames
0 Pause frames 0 Pause frames
0 Cos 0 Pause frames 0 Cos 0 Pause frames
0 Cos 1 Pause frames 0 Cos 1 Pause frames
0 Cos 2 Pause frames 0 Cos 2 Pause frames
0 Cos 3 Pause frames 0 Cos 3 Pause frames
0 Cos 4 Pause frames 0 Cos 4 Pause frames
0 Cos 5 Pause frames 0 Cos 5 Pause frames
0 Cos 6 Pause frames 0 Cos 6 Pause frames
0 Cos 7 Pause frames 0 Cos 7 Pause frames
0 Oam frames 0 OamProcessed frames
0 Oam frames 0 OamDropped frames
155980 Minimum size frames 3226 Minimum size frames
92357460 65 to 127 byte frames 52503630 65 to 127 byte frames
542363 128 to 255 byte frames 660137 128 to 255 byte frames
1843346 256 to 511 byte frames 500600 256 to 511 byte frames
6158096 512 to 1023 byte frames 1116353 512 to 1023 byte frames
601445933 1024 to 1518 byte frames 129261034 1024 to 1518 byte frames
0 1519 to 2047 byte frames 319527 1519 to 2047 byte frames
0 2048 to 4095 byte frames 0 2048 to 4095 byte frames
0 4096 to 8191 byte frames 0 4096 to 8191 byte frames
0 8192 to 16383 byte frames 0 8192 to 16383 byte frames
0 16384 to 32767 byte frame 0 16384 to 32767 byte frame
0 > 32768 byte frames 0 > 32768 byte frames
0 Late collision frames 0 SymbolErr frames
0 Excess Defer frames 0 Collision fragments
0 Good (1 coll) frames 0 ValidUnderSize frames
0 Good (>1 coll) frames 319524 InvalidOverSize frames
0 Deferred frames 3 ValidOverSize frames
0 Gold frames dropped 0 FcsErr frames
0 Gold frames truncated
0 Gold frames successful
0 1 collision frames
0 2 collision frames
0 3 collision frames
0 4 collision frames
0 5 collision frames
0 6 collision frames
0 7 collision frames
0 8 collision frames
0 9 collision frames
0 10 collision frames
0 11 collision frames
0 12 collision frames
0 13 collision frames
0 14 collision frames
0 15 collision frames
0 Excess collision frames -
Cisco 4503 "1000BaseLH" SFP light is not coming ---- Urgent
Dear Team,
I have Cisco 4503 and I have inserted 1000BaseLH and light is not coming up but for 1000BaseSX its fine.
Please suggest.
CORE#show int GigabitEthernet1/18
GigabitEthernet1/18 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet Port, address is 001e.4aa6.b891 (bia 001e.4aa6.b891)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, Auto-speed, link type is auto, media type is 1000BaseLH
input flow-control is off, output flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 input packets with dribble condition detected
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
CORE#show inventory
NAME: "GigabitEthernet1/18", DESCR: "1000BaseLH"
PID: TRF5735AALB202 , VID: A1 , SN: OPA11241478
Thank You,
Abhisar.Dear Reza,
we connected cable and it came up. The conclusion is single m9de sfps does not show light where multimode sfp shows light when sfp is connected on switch port.
Thank you for your suggesion.
Thank You,
Abhisar. -
Cisco 3548 xl and ports broken
Hello could you please help me.
we have several ports broken in cat 3548 xl ( fast 35,37,38,39) when we are trying to connect new workstations to them, ports do not work.
there is over 80 procent packet loss.
all other ports work ok.
Do you konw if there is a known problem in cat 3548xl's. ( could not find anything in bug toolkit)
our version is flash:c3500XL-c3h2s-mz-120-5.3.WC.1.bin
Model number: WS-C3548-XL-EN
System serial number: FAB0534M322
i thank you in advance,
best regards,
SusannaHello all and thank you for the replies !
i can now open the referred cisco-page. I will check the page
Here are anwers to all questions. we will boot the switch as soon as possible and see what happens.
do you know a good debug command what to use to see if port is acting wrong ?
i know it is not a duplex problem, since we have had a lot of duplex problems ( and this is a different case). All the other ports seem to work fine ( except for 35,37,38, 38)
laptop had only 10/100 nic and it works fine with another 3548 ( next to the 'faulty switch).
both the printer and laptop had same kind of problem.
Here are the tests
1) first the switch port and printer had auto config ( auto speed/auto duplex) in ports/ nic.
--> only 20 % of pings succeeded.
sometimes ping succeeded 10 times and then there was 30 fialed ping-packets.
2) then printers configuration was changed to 100/FD. the link started to work ( ping succeeded 100%) the switch had still auto speed and duplex, and therefore switch had only 100/HD.
when i changed switch port to 100/full, printer lost its network connection and did not answer at all to pings.
3 ) when i changed the switch port back to auto ( autospeed/auto duplex) the printer did not start to work again.
when swicth and laptop/printer were configure to auto, switch saw the port as 100/FD, negotiation was ok. as soon as data was going to the port, connection stopped working.
here is the show int . it is down, since we cant use the port at the moment. but as you can see there are no errors
BTW the printer and laptop work fine in the same switch in port 41.
best regards TIA ! Susanna
FastEthernet0/38 is down, line protocol is down
Hardware is Fast Ethernet, address is 0007.5070.5d26 (bia 0007.5070.5d26
MTU 1500 bytes, BW 0 Kbit, DLY 0 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex , Auto Speed , 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 2d17h, output hang never
Last clearing of "show interface" counters 2d21h
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
12126 packets input, 2217643 bytes
Received 918 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 101 multicast
0 input packets with dribble condition detected
32145 packets output, 3533981 bytes, 0 underruns
0 output errors, 0 collisions, 50 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out -
Default class map is dropping all Packets
Hello I have a Cisco 871 router that used to have Access list based security. now I am trying the ZBFW for the first time. I thought I had a pretty good program until I found all my traffic was getting dropped. This is my first stab at ZBFWs and I am a bit confused esp with the default class part. Any help is greatly appreciated!!!!
The router is for my house and thus also has to have priority for gaming. I will add the gaming and voice QOS once I get it working,
Guest VLAN has access to 2 IP's in Data for printing.
Cisco871#sh run
Building configuration...
Current configuration : 8005 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
hostname Cisco871
boot-start-marker
boot-end-marker
logging buffered 4096
no logging console
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
clock summer-time PST recurring
crypto pki trustpoint TP-self-signed-4004039535
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4004039535
revocation-check none
rsakeypair TP-self-signed-4004039535
crypto pki certificate chain TP-self-signed-4004039535
certificate self-signed 01
3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303034 30333935 3335301E 170D3038 30323037 30373532
32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303430
33393533 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CEC2 7B89C73F AB4860EE 729C3B64 82139630 239A2301 8EA8B4C4 05505E25
B0F24E7F 26ECEC53 3E266E80 F3104F61 BDDC5592 40E12537 2262D272 08D38F8E
147F5059 7F632F5E 635B9CDF 652FFE82 C2F45C60 5F619AF0 72E640E0 E69EA9EF
41C6B06C DD8ACF4B 0A1A33CF AF3C6BFB 73AD6BE0 BD84DD7F 435BD943 0A22E0E5
F4130203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
551D1104 18301682 144C7570 696E2E44 61627567 61626F6F 732E6F72 67301F06
03551D23 04183016 801473C6 E0784818 29A89377 23A22F5E BDD430CE E282301D
0603551D 0E041604 1473C6E0 78481829 A8937723 A22F5EBD D430CEE2 82300D06
092A8648 86F70D01 01040500 03818100 299AD241 442F976F 4F030B33 C477B069
D356C518 8132E61B 1220F999 A30A4E0C D337DCE5 C408E3BC 0439BB66 543CF585
8B26AA77 91FA510B 14796239 F272A306 C942490C A44336E0 A9430B81 9FC62524
E55017FA 5C5463D7 B3492753 42315BEC 32B78F24 D10B0CA7 D1844CD5 C3E466B9
3543BD68 A4B2692D 05CBF6DC C93C8142
quit
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.5
ip dhcp excluded-address 172.16.15.1 172.16.15.5
ip dhcp excluded-address 172.16.15.14
ip dhcp excluded-address 172.16.17.1 172.16.17.5
ip dhcp excluded-address 192.168.19.1 192.168.19.5
ip dhcp pool MyNetNative
import all
network 10.0.0.0 255.255.255.248
default-router 10.0.0.1
domain-name MyNetNet.org
dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
lease 0 2
ip dhcp pool MyNetData
import all
network 172.16.15.0 255.255.255.240
dns-server 172.16.15.14 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
default-router 172.16.15.1
domain-name MyDomain.org
ip dhcp pool MyNetVoice
import all
network 172.16.17.0 255.255.255.240
dns-server 172.16.15.14
default-router 172.16.17.1
domain-name MyDomain.org
ip dhcp pool MyNetGuest
import all
network 192.168.19.0 255.255.255.240
default-router 192.168.19.1
domain-name MyNetGuest.org
dns-server 4.2.2.1 4.2.2.6 8.8.8.8 208.67.220.220
ip domain name MyDomain.org
ip name-server 172.16.15.14
ip name-server 4.2.2.4
ip inspect log drop-pkt
multilink bundle-name authenticated
parameter-map type inspect TCP_PARAM
parameter-map type inspect global
username MyAdmin privilege 15 secret 5 MyPassword
archive
log config
hidekeys
class-map type inspect match-all MyNetGuest-access-list
match access-group 110
class-map type inspect match-any Base-protocols
match protocol http
match protocol https
match protocol ftp
match protocol ssh
match protocol dns
match protocol ntp
match protocol ica
match protocol pptp
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all MyNetGuest-Class
match class-map MyNetGuest-access-list
match class-map Base-protocols
class-map type inspect match-all MyNetNet-access-list
match access-group 100
class-map type inspect match-any Voice-protocols
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any Extended-protocols
match protocol pop3
match protocol pop3s
match protocol imap
match protocol imaps
match protocol smtp
class-map type inspect match-all MyNetNet-Class
match class-map MyNetNet-access-list
match class-map Voice-protocols
match class-map Extended-protocols
match class-map Base-protocols
policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
policy-map type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
policy-map type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
class type inspect MyNetGuest-access-list
inspect
class class-default
policy-map type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
class type inspect MyNetGuest-Class
inspect
class class-default
policy-map type inspect MyNetNet-zone
class class-default
pass
zone security MyNetNet-zone
zone security MyNetGuest-zone
zone security MyNetWAN-zone
zone-pair security MyNetNet->MyNetGuest source MyNetNet-zone destination MyNetGuest-zone
service-policy type inspect MyNetNet-zone_to_MyNetGuest-zone_policy
zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
zone-pair security MyNetGuest->MyNetWAN source MyNetGuest-zone destination MyNetWAN-zone
service-policy type inspect MyNetGuest-zone_to_MyNetWAN-zone_policy
zone-pair security MyNetGuest->MyNetNet source MyNetGuest-zone destination MyNetNet-zone
service-policy type inspect MyNetGuest-zone_to_MyNetNet-zone_policy
interface FastEthernet0
description Cisco-2849-Switch
switchport mode trunk
speed 100
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
description SBS-Server
switchport access vlan 10
spanning-tree portfast
interface FastEthernet4
description WAN
no ip address
ip mtu 1492
ip nat outside
ip virtual-reassembly
zone-member security MyNetWAN-zone
ip tcp adjust-mss 1452
duplex auto
speed auto
no cdp enable
interface Vlan1
description MyNetNative
ip address 10.0.0.1 255.255.255.248
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
ip tcp adjust-mss 1452
interface Vlan10
description MyNetData
ip address 172.16.15.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
interface Vlan20
description MyNetVoice
ip address 172.16.17.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetNet-zone
interface Vlan69
description MyNetGuest
ip address 192.168.19.1 255.255.255.240
ip nat inside
ip virtual-reassembly
zone-member security MyNetGuest-zone
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
access-list 100 remark MyNetnet
access-list 100 permit ip 10.0.0.0 0.0.0.7 any
access-list 100 permit ip 172.16.15.0 0.0.0.31 any
access-list 100 permit ip 172.16.17.0 0.0.0.15 any
access-list 110 remark MyNetGuest
access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.2
access-list 110 permit ip 192.168.19.0 0.0.0.15 host 172.16.15.3
access-list 110 deny ip 192.168.19.0 0.0.0.15 10.0.0.0 0.0.0.7
access-list 110 deny ip 192.168.19.0 0.0.0.15 172.16.15.0 0.0.0.31
access-list 110 deny ip 192.168.19.0 0.0.0.15 172.16.17.0 0.0.0.15
access-list 110 permit ip 192.168.19.0 0.0.0.15 any
control-plane
banner login ^CC
You know if you should be here or not.
if not please leave
NOW
^C
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
ntp server 172.16.15.14
webvpn cef
end
Cisco871#sh zone security
zone self
Description: System defined zone
zone MyNetNet-zone
Member Interfaces:
Vlan1
Vlan10
Vlan20
zone MyNetGuest-zone
Member Interfaces:
Vlan69
zone MyNetWAN-zone
Member Interfaces:
FastEthernet4
Cisco871#sh zone-pair security
Zone-pair name MyNetNet->MyNetGuest
Source-Zone MyNetNet-zone Destination-Zone MyNetGuest-zone
service-policy MyNetNet-zone_to_MyNetGuest-zone_policy
Zone-pair name MyNetNet->MyNetWAN
Source-Zone MyNetNet-zone Destination-Zone MyNetWAN-zone
service-policy MyNetNet-zone_to_MyNetWAN-zone_policy
Zone-pair name MyNetGuest->MyNetWAN
Source-Zone MyNetGuest-zone Destination-Zone MyNetWAN-zone
service-policy MyNetGuest-zone_to_MyNetWAN-zone_policy
Zone-pair name MyNetGuest->MyNetNet
Source-Zone MyNetGuest-zone Destination-Zone MyNetNet-zone
service-policy MyNetGuest-zone_to_MyNetNet-zone_policy
Cisco871#sh int faste4
FastEthernet4 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0016.9d29.a667 (bia 0016.9d29.a667)
Description: WAN
Internet address is 10.38.177.98/25
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:34:50, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 3 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
593096 packets input, 73090812 bytes
Received 592752 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
9940 packets output, 1016025 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Zone-pair: MyNetNet->MyNetWAN
Service-policy inspect : MyNetNet-zone_to_MyNetWAN-zone_policy
Class-map: MyNetNet-Class (match-all)
Match: class-map match-all MyNetNet-access-list
Match: access-group 100
Match: class-map match-any Voice-protocols
Match: protocol h323
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol skinny
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol sip
0 packets, 0 bytes
30 second rate 0 bps
Match: class-map match-any Extended-protocols
Match: protocol pop3
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol pop3s
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol imap
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol imaps
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol smtp
0 packets, 0 bytes
30 second rate 0 bps
Match: class-map match-any Base-protocols
Match: protocol http
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol https
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ftp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ssh
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol dns
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ntp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol ica
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol pptp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol icmp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol tcp
0 packets, 0 bytes
30 second rate 0 bps
Match: protocol udp
0 packets, 0 bytes
30 second rate 0 bps
Inspect
Session creations since subsystem startup or last reset 0
Current session counts (estab/half-open/terminating) [0:0:0]
Maxever session counts (estab/half-open/terminating) [0:0:0]
Last session created never
Last statistic reset never
Last session creation rate 0
Maxever session creation rate 0
Last half-open session total 0
Class-map: class-default (match-any)
Match: any
Drop (default action)
5196 packets, 256211 bytes
Cisco871#sh log
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1745 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 1785 message lines logged
Log Buffer (4096 bytes):
001779: *Feb 15 11:00:55.979: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:61806 => 168.94.0.1:53 with ip ident 511 due to policy match failure
001780: *Feb 15 11:00:59.739: %FW-6-DROP_TCP_PKT: Dropping Other pkt 172.16.15.6:4399 => 168.94.69.30:443 due to policy match failure -- ip ident 515 tcpflags 0x7002 seq.no 974122240 ack 0
001781: *Feb 15 11:01:26.507: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:51991 => 168.94.0.1:53 with ip ident 625 due to policy match failure
001783: *Feb 15 11:01:57.891: %FW-6-DROP_UDP_PKT: Dropping Other pkt 172.16.15.6:64470 => 168.94.0.1:53 with ip ident 677 due to policy match failureHello Charlie,
I would recomend you to investigate a little bit more about how the ZBFW features works
Now I am going to help you on this one at least, then I will give you a few links you could use to study
We are going to study traffic from MyNetNet-zone to the MyNetWan-zone
First the zone-pair
zone-pair security MyNetNet->MyNetWAN source MyNetNet-zone destination MyNetWAN-zone
service-policy type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
so lets go policy-map
policy-map type inspect MyNetNet-zone_to_MyNetWAN-zone_policy
class type inspect MyNetNet-Class
inspect
class class-default
Finally to the class map
class-map type inspect match-all MyNetNet-Class
match class-map MyNetNet-access-list
match class-map Voice-protocols
match class-map Extended-protocols
match class-map Base-protocols
That keyword MATCH-ALL is the one causing the issues!!
Why?
Because you are telling the ZBFW to inspect traffic only if matches all of those class-maps so a packet will need to math the base protocols and the extended protocol and as you know that is not possible ( Just one protocol )
So here are the links
http://blogg.kvistofta.nu/cisco-ios-zone-based-policy-firewall/
https://supportforums.cisco.com/thread/2138873
http://pktmaniac.info/2011/08/zone-based-firewalls-something-to-keep-in-mind/
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml
You have some work to do
Please remember to rate all the helpful posts
Julio
CCSP -
Cisco 6509 with Reliability 255/255, txload 238/255, rxload 8/255 interface
Hi there,
I'm having an issue with my Cisco 6509. One of Internet configured as trunk Interface direct with a HP7500 is showing reliability 255/255, txload 238/255, rxload 8/255.
The Issue is that my Cacti Server show me that only 10% of the link is in use but if you look at txload you can see that almost 100% of the bandwidth is in use..
What can I do in order to figure out what's going on with this Interface. I'm thing about to put wireshark and configure a port monitor in order to capture the packets.
Is anyone has any tip to do a troubleshoot with this issue??
SWITCH01#show int port-channel 10
Port-channel10 is up, line protocol is up (connected)
Hardware is EtherChannel, address is c47d.4fbf.a8c2 (bia c47d.4fbf.a8c2)
Description: CORECISCO_X_COREHP
MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec,
reliability 255/255, txload 238/255, rxload 8/255
Encapsulation ARPA, loopback not set
Full-duplex, 1000Mb/s
input flow-control is off, output flow-control is unsupported
Members in this channel: Gi8/19 Gi8/20
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters 1w0d
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 66043000 bits/sec, 23041 packets/sec
5 minute output rate 1871148000 bits/sec, 186439 packets/sec
15127300343 packets input, 6121405739799 bytes, 0 no buffer
Received 232321316 broadcasts (161670914 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
118621325538 packets output, 141124879219641 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SWITCH01#
Regards
AdrianoThis pretty much tells you your port channel is pretty full. How many ports in the channel?
5 minute input rate 66043000 bits/sec, 23041 packets/sec
5 minute output rate 1871148000 bits/sec, 186439 packets/sec -
On our 7K’s we run our interfaces in dedicated and not shared mode. Since we are running in dedicated mode, does one need to be concerned with the input queuing policy or can we just let the egress policy take care of the queuing?
Service-policy (queuing) input: default-in-policy
SNMP Policy Index: 301990105
Class-map (queuing): in-q1 (match-any)
queue-limit percent 50
bandwidth percent 80
queue dropped pkts : 0
Class-map (queuing): in-q-default (match-any)
queue-limit percent 50
bandwidth percent 20
queue dropped pkts : 0Hi,
Please check output of command " show hardware internal interface indiscard-stats front-port x "
Support for Granular Input Packet Discards Information
Beginning with Cisco NX-OS Release 5.0(3)U2(1), you can get a more detailed information on what specific condition led to an input discard on a given interface. Use the show hardware internal interface indiscard-stats front-port x command to determine the condition that could be potentially responsible for the input discards that are seen on port eth1/x. The switch output shows the discards for IPv4, STP, input policy, ACL specific discard, generic receive drop, and VLAN related discards.
Use the show hardware internal interface indiscard-stats front-port x command to determine the condition that could be potentially responsible for the input discards. -
Strange issue with new Cisco Catalyst 2960 (IOS)
Hello all,
I am upgrading a older 2950(100M) switch replacing it with a gigabit 2960. Installed it in the same rack, the configuration is practically non-existent just set the passwords and IP. We run a single VLAN flat network for this so I started out by patching it to the existing switch, after a few days we had an opportunity to migrate because there was some downtime so I disconnected the cables on the old and moved them to the new.. Everything seemed fine, there is connectivity and things operate, but a few days later we noticed that some network transfer activities are slow. There are no errors or log entries showing on the new switch or the old one, but the low throughput is persistent.
All ports show 1G Full duplex as they should, but what I see when I test is that traffic tests look almost asynchronous when passing switch boundaries with normal read speeds and slow writes. Reversing the direction of the test hosts I get slow reads and fast writes so it seems to 'stick' to one side of the traffic path. Testing the same equipment against differente targets without the switch boundary crossing does not show the problem. All Intra-switch tests look good (gig switches transfer near a gig and 100 switches near 100), but the moment there is a crossing things behave strangely regardless of the target (new switch is center backbone with most hosts, but does no routing). Network layout is essentially a T with everything radiating from the new switch. I can eliminate the old switch soon, but I still need to resolve the problem with the crossing to the other switch.
Everything seems to point at the inter switch links. One is a patch cable under two feet, and the other is a dedicated fiber site link. We had the vendor confirm that the site link showed no issues, but having the same symptoms on both links makes me suspect the switch has something odd happening..
I checked for duplex issues first, but didn't find any. I flushed the arp caches in all of the switches (3 total) and all of the computers as well, but the problem persists.
Could this be an STP issue ? If so how can I set this switch as the STP root and force a refresh..
Any help would be greatly appreciated.Hi Paul,
That was my concern and why I worried about making a change from remote, things are not as they should be.
Here is the output for each switch..
======================================================================
First the old switch (originally old switch connected to remote directly port 24 fixed speed/duplex and no other config)
C2950Calidad#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0013.7f23.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 0013.7f23.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/16 Desg FWD 19 128.16 P2p
Fa0/21 Desg FWD 19 128.21 P2p
Fa0/22 Desg FWD 19 128.22 P2p
C2950Calidad#sh run int Fa0/22
Building configuration...
Current configuration : 34 bytes
interface FastEthernet0/22
end
C2950Calidad#sh int Fa0/22
FastEthernet0/22 is up, line protocol is up (connected)
Hardware is Fast Ethernet, address is 0013.7f23.0016 (bia 0013.7f23.0016)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 11/255, rxload 3/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 100BaseTX
input flow-control is unsupported output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:20, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1229000 bits/sec, 716 packets/sec
5 minute output rate 4361000 bits/sec, 800 packets/sec
1543435357 packets input, 1281752172 bytes, 0 no buffer
Received 3977688 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 4346 ignored
0 watchdog, 2032103 multicast, 0 pause input
0 input packets with dribble condition detected
2298226914 packets output, 1725074683 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
C2950Calidad#sh int Fa0/22 switchport
Name: Fa0/22
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
============================================================================
Now the new switch (at center between other two, patched to above, fiber dedicated provider link to remote)
This includes two port command sets because it's in the middle interconnecting the other switches.
CISCO-2960-48-GB-ASP#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 0013.7f23.0000
Cost 19
Port 48 (GigabitEthernet1/0/48)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address f41f.c2dc.9b80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Gi1/0/2 Desg FWD 19 128.2 P2p
Gi1/0/3 Desg FWD 4 128.3 P2p
Gi1/0/4 Desg FWD 4 128.4 P2p
Gi1/0/5 Desg FWD 4 128.5 P2p
Gi1/0/6 Desg FWD 4 128.6 P2p
Gi1/0/7 Desg FWD 4 128.7 P2p
Gi1/0/10 Desg FWD 4 128.10 P2p
Gi1/0/11 Desg FWD 4 128.11 P2p
Gi1/0/12 Desg FWD 4 128.12 P2p
Gi1/0/13 Desg FWD 4 128.13 P2p
Gi1/0/14 Desg FWD 4 128.14 P2p
Gi1/0/15 Desg FWD 4 128.15 P2p
Gi1/0/16 Desg FWD 19 128.16 P2p
Gi1/0/17 Desg FWD 4 128.17 P2p
Gi1/0/18 Desg FWD 4 128.18 P2p
Gi1/0/20 Desg FWD 4 128.20 P2p
Gi1/0/21 Desg FWD 19 128.21 P2p
Gi1/0/22 Desg FWD 4 128.22 P2p
Gi1/0/24 Desg FWD 4 128.24 P2p
Gi1/0/25 Desg FWD 4 128.25 P2p
Gi1/0/27 Desg FWD 19 128.27 P2p
Gi1/0/29 Desg FWD 19 128.29 P2p
Gi1/0/32 Desg FWD 19 128.32 P2p
Gi1/0/37 Desg FWD 4 128.37 P2p
Gi1/0/38 Desg FWD 19 128.38 P2p
Gi1/0/39 Desg FWD 19 128.39 P2p
Gi1/0/40 Desg FWD 19 128.40 P2p
Gi1/0/41 Desg FWD 19 128.41 P2p
Gi1/0/42 Desg FWD 4 128.42 P2p
Gi1/0/43 Desg FWD 19 128.43 P2p
Gi1/0/44 Desg FWD 19 128.44 P2p
Gi1/0/45 Desg FWD 19 128.45 P2p
Gi1/0/47 Desg FWD 19 128.47 P2p
Gi1/0/48 Root FWD 19 128.48 P2p
CISCO-2960-48-GB-ASP#show run int Gi1/0/48
Building configuration...
Current configuration : 39 bytes
interface GigabitEthernet1/0/48
end
CISCO-2960-48-GB-ASP#show int Gi1/0/48
GigabitEthernet1/0/48 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is f41f.c2dc.9bb0 (bia f41f.c2dc.9bb0)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 2/255, rxload 10/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:02, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 12712290
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 4305000 bits/sec, 801 packets/sec
5 minute output rate 1149000 bits/sec, 706 packets/sec
2196985674 packets input, 2514470162077 bytes, 0 no buffer
Received 28075666 broadcasts (15513358 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 15513358 multicast, 0 pause input
0 input packets with dribble condition detected
1534630723 packets output, 395369715690 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
CISCO-2960-48-GB-ASP#show int Gi1/0/48 switchport
Name: Gi1/0/48
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
CISCO-2960-48-GB-ASP#show run int Gi1/0/47
Building configuration...
Current configuration : 63 bytes
interface GigabitEthernet1/0/47
speed 100
duplex full
end
CISCO-2960-48-GB-ASP#show int Gi1/0/47
GigabitEthernet1/0/47 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is f41f.c2dc.9baf (bia f41f.c2dc.9baf)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 2/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:28, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 576929
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 922000 bits/sec, 233 packets/sec
5 minute output rate 453000 bits/sec, 220 packets/sec
57257892 packets input, 17029314836 bytes, 0 no buffer
Received 81580 broadcasts (29497 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 29497 multicast, 0 pause input
0 input packets with dribble condition detected
101568868 packets output, 77491607955 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
CISCO-2960-48-GB-ASP#show int Gi1/0/47 switchport
Name: Gi1/0/47
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
===========================================================================
Finally the third switch (at separate site via provider dedicated fiber link from port 47 above)
SWC2960#show spanning-tree vlan 1
VLAN0001
Spanning tree enabled protocol ieee
Root ID Priority 32769
Address 1833.9db5.cd80
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 1833.9db5.cd80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Desg FWD 19 128.2 P2p
Fa0/3 Desg FWD 19 128.3 P2p
Fa0/4 Desg FWD 19 128.4 P2p
Fa0/5 Desg FWD 19 128.5 P2p
Fa0/6 Desg FWD 19 128.6 P2p
Fa0/7 Desg FWD 19 128.7 P2p
Fa0/8 Desg FWD 19 128.8 P2p
Fa0/9 Desg FWD 19 128.9 P2p
Fa0/12 Desg FWD 19 128.12 P2p
Fa0/13 Desg FWD 19 128.13 P2p
Fa0/14 Desg FWD 19 128.14 P2p
Fa0/16 Desg FWD 19 128.16 P2p
Fa0/17 Desg FWD 19 128.17 P2p
Fa0/18 Desg FWD 19 128.18 P2p
Gi0/2 Desg FWD 4 128.26 P2p
SWC2960#sh run int Gi0/2
Building configuration...
Current configuration : 36 bytes
interface GigabitEthernet0/2
end
SWC2960#sh int Gi0/2
GigabitEthernet0/2 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 1833.9db5.cd9a (bia 1833.9db5.cd9a)
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:01, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 450000 bits/sec, 205 packets/sec
5 minute output rate 792000 bits/sec, 211 packets/sec
76476638 packets input, 76487607492 bytes, 0 no buffer
Received 528325 broadcasts (253243 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 253243 multicast, 0 pause input
0 input packets with dribble condition detected
59807938 packets output, 18071502348 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
SWC2960#sh int Gi0/2 switchport
Name: Gi0/2
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
There really isn't anything odd configured, but since CDP doesn't cross the fiber link I think it must be a q-q tunnel..
Dave -
High CPU Usage / Dropped Packets - Switch Blade WS-CBS3120X-S
Hi all,
I have a couple of Switches Blade 3120, working as active-standby model (HSRP) on a new site deployment. There are other 20 sites more or less, working on the same model, without issues. But in this one, we are seeing a high cpu usage. The traffic going through the platform is 600Mbps (on peaks), and in this case we have 40% of CPU usage. Traffic should be close to 3 Gbps. When we tried to send the whole traffic through the platform, active switch began to drop packets on the majority of interfaces.
When we analyze the CPU usage, there is a special process called "HL3U bkgrd proce" always have the most CPU use, but we do not know what concerns. We do not know if it is caused because there are PBRs configured. It should not matter. How I mentioned, there are other sites working fine and have had always the same PBR number.
Could you guys help us?. Any idea what is causing the high usage?. Is there a special debug we could to perform to diagnose the issue?. Also, we have seen a high interrupt CPU usage (9% in this case).
Find attached the whole diagnosis outputs.
Thanks for your assistance guys.
Cheers,
Juan Pablo
bog-sib-INT-rtr-1#show processes cpu sorted 5sec
CPU utilization for five seconds: 30%/9%; one minute: 25%; five minutes: 23%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
157 140004809 107071220 1307 14.24% 10.19% 9.01% 0 HL3U bkgrd proce
119 6860957 1519183 4516 0.79% 0.59% 0.53% 0 hpm counter proc
166 2511492 302802 8294 0.15% 0.15% 0.15% 0 HQM Stack Proces
199 4182906 15255882 274 0.15% 0.21% 0.20% 0 IP Input
357 237531 782101 303 0.15% 0.03% 0.00% 0 IP SNMP
186 101 148 682 0.15% 0.09% 0.02% 1 Virtual Exec
242 63071 2330717 27 0.15% 0.02% 0.00% 0 CEF: IPv4 proces
12 163754 620353 263 0.15% 0.01% 0.00% 0 ARP Input
9 0 2 0 0.00% 0.00% 0.00% 0 License Client N
8 41 1827 22 0.00% 0.00% 0.00% 0 WATCH_AFS
11 50 4 12500 0.00% 0.00% 0.00% 0 Image License br
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
bog-sib-INT-rtr-1#sh ip cef summary
IPv4 CEF is enabled for distributed and running
VRF Default
119 prefixes (119/0 fwd/non-fwd)
Table id 0x0
Database epoch: 2 (119 entries at this epoch)Hi Leolaohoo,
I had not played with this one too !!!!...
1). IOS version (It was recently updated)
bog-sib-INT-rtr-1#sh ver
Cisco IOS Software, CBS31X0 Software (CBS31X0-UNIVERSALK9-M), Version 12.2(58)SE1, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Thu 05-May-11 04:08 by prod_rel_team
ROM: Bootstrap program is CBS31X0 boot loader
BOOTLDR: CBS31X0 Boot Loader (CBS31X0-HBOOT-M) Version 12.2(0.0.951)SE3, CISCO DEVELOPMENT TEST VERSION
bog-sib-INT-rtr-1 uptime is 2 weeks, 3 days, 17 hours, 14 minutes
System returned to ROM by power-on
System restarted at 00:59:27 UTC Sat Jun 9 2012
System image file is "flash:cbs31x0-universalk9-mz.122-58.SE1.bin"
2). What interface do you want to see?, do you want to see all interfaces? . This switch has 16 interfaces that connect servers, and other going to our client. Below, the state of the two kind of interfaces:
Interface to Client (Bearer)
TenGigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Ten Gigabit Ethernet, address is 001f.275d.d81b (bia 001f.275d.d81b)
Description: BearerNContent_Aggregrate
MTU 1500 bytes, BW 10000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 10/255, rxload 14/255
Encapsulation ARPA, loopback not set
Keepalive not set
Full-duplex, 10Gb/s, link type is auto, media type is 10GBase-LR
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 2w3d, output hang never
Last clearing of "show interface" counters 07:07:56
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 562469000 bits/sec, 83641 packets/sec
5 minute output rate 430500000 bits/sec, 73141 packets/sec
2020563158 packets input, 1739897855828 bytes, 0 no buffer
Received 13257 broadcasts (13257 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 13257 multicast, 0 pause input
0 input packets with dribble condition detected
1745065310 packets output, 1347244137726 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Interface to Server
GigabitEthernet1/0/8 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001f.275d.d808 (bia 001f.275d.d808)
Description: bog-15
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 15/255, rxload 12/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:17, output hang never
Last clearing of "show interface" counters 07:09:12
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 19418
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 47705000 bits/sec, 7155 packets/sec
5 minute output rate 58897000 bits/sec, 8011 packets/sec
178178750 packets input, 153802177226 bytes, 0 no buffer
Received 4091 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
212233312 packets output, 206621942776 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Thanks for your help. I am losing my hair with this issue.
Cheers,
Juan P.
Maybe you are looking for
-
How can I create a long employment form without making the form widget drag?
How can I create a long employment form without making the form widget drag?
-
Connecting Windows-based XP note book to printer
I have a an Airport Extreme and configured network through my iMac. I can connect wirelessly to the internet with Dell Latitude note book no problem, but I want to be able to connect to the printer that's connected to the Airport Extreme. Can anyone
-
HT4859 where are my pictures in icloud back up?
I backed up my ipad yesterday to icloud. today I got a message to install update for itunes. I installed, ipad froze. I had to restore ipad on itunes. now I cannot locate my pictures and videos on my icloud.
-
Firewire File Transfer Problem/ Dual Drive G4 to iMac
Bought a new iMac. My old G4 (OSX10.3.9) has two internal HDs (30Gb & 40GB <my startup>) but only 30Gb drive shows up in target mode. Can't mount 40 Gb drive on iMac desktop to do file transfer when G4 is in "Target" mode? Called Apple "help" and was
-
Aperture update demands app store, but appstore doesn't work either
Hi, I have Aperture 3 installed. "About Aperture" reveals Version 3.1.1 1311300.1. I downloaded the 3.2.2 Update from the Apple website and it refused to run saying that I needed to use App Store to update. When I go to App Store, it says that everyt