VSS Catalyst 4500X-16 SFP+ / crashing on cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin / radius / dot1x
Hi guys,
I am not sure if I am hitting IOS bug CSCtx61557
according to the bug tool this is the info:
crash after authc result 'success' from 'dot1x' for client (Unknown MAC)
CSCtx61557
Description
Symptoms: The switch crashes after logging "success" from "dot1x" for client
(Unknown MAC).
Conditions: The symptom is observed with the following conditions:
1. A switchport is configured with both of the following:
authentication event server dead action authorize...
authentication event server alive action reinitalize
2. The radius server was down previously, and a port without traffic (for
example: a hub with no devices attached) was authorized into the inaccessible
authentication bypass (IAB) VLAN without an associated MAC address.
3. The radius server becomes available again, and a dot1x client
attempts to authenticate.
Workaround: There is no workaround.
I am running the following IOS on my 4500X-16 SFP+:
cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin
This is what I configured, and what happened:
HOSTNAME(config)#aaa group server radius rad_eap
HOSTNAME(config-sg-radius)# server name ACS1
HOSTNAME(config-sg-radius)# server name ACS2
HOSTNAME(config-sg-radius)# server name ACS3
HOSTNAME(config-sg-radius)#$ication login default group radius local
HOSTNAME(config)#aaa authentication login CONSOLE local
HOSTNAME(config)#aaa authentication enable default group radius enable
HOSTNAME(config)#aaa authentication ppp default local group radius
HOSTNAME(config)#aaa authentication dot1x default group radius
HOSTNAME(config)#aaa authorization exec default if-authenticated
HOSTNAME(config)#aaa authorization network default group radius
HOSTNAME(config)#aaa accounting update newinfo
HOSTNAME(config)#aaa accounting dot1x default start-stop group radius
HOSTNAME(config)#aaa accounting network default start-stop group
eption to IOS Thread:
Frame pointer 897BAE38, PC = 1C03EECC
IOSD-EXT-SIGNAL: Aborted(6), Process = Exec
-Traceback= 1#49176b00b95a50f3145e3825de17d470 c:1C008000+36ECC c:1C008000+3BE50 c:1C008000+3BF48 :1F679000+201A18C :1F679000+31CEE2C :1F679000+2C22958 :1F679000+2C293E4 :1F679000+1166260 :1F679000+2C3C20C
Fastpath Thread backtrace:
-Traceback= 1#49176b00b95a50f3145e3825de17d470 uld:1F224000+2DE8 uld:1F224000+2DE4 iosd_unix:1C3ED000+186A0 pthread:1AA69000+6450
Auxiliary Thread backtrace:
-Traceback= 1#49176b00b95a50f3145e3825de17d470 pthread:1AA69000+BB8C pthread:1AA69000+BB6C c:1C008000+F61E4 iosd_unix:1C3ED000+21270 pthread:1AA69000+6450
Buffered messages: (last 8192 bytes only)
6 left the port-channel Port radius
HOSTNAME(config)#aaa accounting system default start-stop group radius
HOSTNAME(config)#
HOSTNAME(config)#
HOSTNAME(config)#no authentication logging verbose
HOSTNAME(config)#
HOSTNAME(config)#
HOSTNAME(config)#login block-for 300 attempts 5 within 60
-channel1
*Aug 28 01:08:47.873 UTC: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session DOWN on slot 11 port 12.
*Aug 28 01:08:48.056 UTC: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 172.16.5.98 port 514 started - CLI initiated
*Aug 28 01:08:48.571 UTC: %FASTHELLO-2-FH_DOWN: Fast-Hello interface Te2/1/12 lost dual-active detection capability
*Aug 28 01:08:49.099 UTC: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 172.16.250.61 on interface Vlan250
*Aug 28 01:15:08.753 UTC: %C4K_IOSINTF-5-LMPHWSESSIONSTATE: Lmp HW session UP on slot 11 port 1.
*Aug 28 01:15:24.759 UTC: %VSLP-5-VSL_UP: Ready for control traffic
*Aug 28 01:15:27.760 UTC: %VSLP-5-RRP_ROLE_RESOLVED: Role resolved as ACTIVE by VSLP
*Aug 28 01:15:27.760 UTC: %EC-5-BUNDLE: Interface TenGigabitEthernet2/1/1 joined port-channel Port-channel2
*Aug 28 01:15:28.049 UTC: %C4K_REDUNDANCY-6-DUPLEX_M
<Thu Aug 28 01:18:32 2014> Message from sysmgr: Reason Code:[2] Reset Reason:Service [iosd] pid:[6813] terminated abnormally [6].
Details:
Service: IOSd service
Description: IOS daemon
Executable: /tmp/sw/mount/cat4500e-universalk9.SPA.152-1.E.pkg//usr/binos/bin/iosd
Started at Wed Aug 27 22:27:48 2014 (647795 us)
Stopped at Thu Aug 28 01:18:32 2014 (115506 us)
Uptime: 2 hours 50 minutes 44 seconds
Start type: SRV_OPTION_RESTART_STATELESS (23)
Death reason: SYSMGR_DEATH_REASON_FAILURE_SIGNAL (2)
Last heartbeat 0.00 secs ago
PID: 6813
Exit code: signal 6 (no core)
CWD: /var/sysmgr/work
PID: 6813
UUID: 512
FAILURE: syslogd shutdown
I had a ICMP ping going, and it was not affected, as the Standby VSS chassis kicked in and took over, while the previous active chassis reloaded.
2nd time it happened:
Now this time, I had waited until the previous active chassis was back up and running and came back up as Standby hot.
once again I pasted the same config, and bang, It happened a second time on the second chassis which was acting now as Active supervisor.
And once again, the ICMP continuous ping was not interrupted, as the other chassis remained up, while the "new" active crashed after configuring the same configs in a slight different order.
HOSTNAME(config)#radius server ACS2
HOSTNAME(config-radius-server)#$5.22 auth-port 1812 acct-port 1813
HOSTNAME(config-radius-server)# timeout 1
HOSTNAME(config-radius-server)# key 0 XXXX
HOSTNAME(config-radius-server)#!
HOSTNAME(config-radius-server)#radius server ACS3
HOSTNAME(config-radius-server)#$xxxx auth-port 1812 acct-port 1813
HOSTNAME(config-radius-server)# timeout 1
HOSTNAME(config-radius-server)# key 0 xxxxxxx
HOSTNAME(config-radius-server)#
HOSTNAME(config-radius-server)#aaa group server radius rad_eap
HOSTNAME(config-sg-radius)# server name XXXX
HOSTNAME(config-sg-radius)# server name XXXX
HOSTNAME(config-sg-radius)# server name XXXX
HOSTNAME(config-sg-radius)#
HOSTNAME(config-sg-radius)#
PER-3-S
Exception to IOS Thread:
Frame pointer 89455E38, PC = 1CC27ECC
IOSD-EXT-SIGNAL: Aborted(6), Process = Exec
-Traceback= 1#e495ba4f9346cc1496eecd01ebf1814a c:1CBF1000+36ECC c:1CBF1000+3BE50 c:1CBF1000+3BF48 :20276000+201B18C :20276000+31D0DA8 :20276000+2C24800 :20276000+2C2B28C :20276000+11671B0 :20276000+2C3E0B4
Fastpath Thread backtrace:
-Traceback= 1#e495ba4f9346cc1496eecd01ebf1814a iosd_unix:1CFD6000+1C230 iosd_unix:1CFD6000+1C284 iosd_unix:1CFD6000+18854 pthread:1B653000+6450
Auxiliary Thread backtrace:
-Traceback= 1#e495ba4f9346cc1496eecd01ebf1814a pthread:1B653000+BB8C pthread:1B653000+BB6C c:1CBF1000+F61E4 iosd_unix:1CFD6000+21270 pthread:1B653000+6450
Buffered messages: (last 8192 bytes only)
INTF-5-TRANSCEIVERINSERTED: Slot=11 Port=3: Transceiver hasW-9(config-sg-radius)#
HOSTNAME(config-sg-radius)#no authentication logging verbose
HOSTNAME(config)#
HOSTNAME(config)#
HOSTNAME(config)#login block-for 300 attempts 5 within 60
been inserted
*Aug 28 01:26:03.864 UTC: %C4K_IOSINTF-5-TRANSCEIVERINSERTED: Slot=11 Port=4: Transceiver has been inserted
*Aug 28 01:26:03.864 UTC: %C4K_IOSINTF-5-TRANSCEIVERINSERTED: Slot=11 Port=5: Transceiver has been inserted
*Aug 28 01:26:03.864 UTC: %C4K_IO
<Thu Aug 28 01:28:10 2014> Message from sysmgr: Reason Code:[2] Reset Reason:Service [iosd] pid:[6770] terminated abnormally [6].
Details:
Service: IOSd service
Description: IOS daemon
Executable: /tmp/sw/mount/cat4500e-universalk9.SPA.152-1.E3.pkg//usr/binos/bin/iosd
Started at Thu Aug 28 01:13:52 2014 (60006 us)
Stopped at Thu Aug 28 01:28:10 2014 (993041 us)
Uptime: 14 minutes 18 seconds
Start type: SRV_OPTION_RESTART_STATELESS (23)
Death reason: SYSMGR_DEATH_REASON_FAILURE_SIGNAL (2)
Last heartbeat 0.00 secs ago
PID: 6770
Exit code: signal 6 (no core)
CWD: /var/sysmgr/work
are these the symptoms related to CSCtx61557 ?
I have tested this in a test environment, where no ACS was reachable!
Thanks
Colin
Another update,
It seems not only the 4500X platform is affected, its also 4510R+E's:
WS-C4510R+E
WS-X45-SUP8-E
IOS-XE (cat4500es8-UNIVERSALK9-M), Version 03.03.01.XO
4510R+E#sh redundancy /| i | i state
Current Software state = ACTIVE
Uptime in current state = 2 hours, 39 minutes
Current Software state = STANDBY HOT
Uptime in current state = 6 minutes
4510R+E(config)#login block-for 300 attempts 3 within 60
Exception to IOS Thread:
Frame pointer 8D104E28, PC = C9C0FF4
IOSD-EXT-SIGNAL: Aborted(6), Process = Exec
-Traceback= 1#9492282023e5ef761bd83af205155966 c:C98A000+36FF4 c:C98A000+3C2B0 c:C98A000+3C3A8 :10000000+201B994 :10000000+31CA4E4 :10000000+2C1DC54 :10000000+2C246E0 :10000000+116A3F0 :10000000+2C37508
Fastpath Thread backtrace:
-Traceback= 1#9492282023e5ef761bd83af205155966 c:C98A000+E29C0 c:C98A000+E29A0 iosd_unix:CD74000+1877C pthread:B3FE000+647C
Auxiliary Thread backtrace:
-Traceback= 1#9492282023e5ef761bd83af205155966 pthread:B3FE000+BBB4 pthread:B3FE000+BB94 c:C98A000+FA4E8 iosd_unix:CD74000+21270 pthread:B3FE000+647C
Buffered messages: (last 8192 bytes only)
at least one now can directly "redundancy failover" from config mode..... :)
Similar Messages
-
Recommended IOS XE version for Cisco Catalyst 4500X-16 SFP+ Switch
Could someone confirm IOS XE version for Cisco Catalyst 4500X-16 SFP+ Switch please.
It already has 03.06.00.E on it. I am planning to configure VSS on it with similar switch.
VSS will participate in various Etherchannels (MES).
Just wondering if there are any known bugs in this IOS XE release.Use the Bug Search Tool to look for issues with vss, vsl, etc.
https://tools.cisco.com/bugsearch/ -
EtherChannel between stacked VSS Catalyst 4500X and Stacked 2960X.
I can have only one link in the EhterChannel up but the 2nd one goes in to suspended mode.
I've tried recreating channel group on different ports but with the same results. Am I doing something wrong or pagp cannot be transmitted over stacks on both ends (I have quite a few EtherChannels but all to single/non-stacked switches)?
2960X stack config
Version: 15.0 (2r)EX
interface TenGigabitEthernet2/0/2
description HR-Link1
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
interface TenGigabitEthernet1/0/2
description HR-Link2
switchport mode trunk
switchport nonegotiate
channel-group 2 mode on
4500X Stack (VSS) config
Version: 03.04.00.SG (fc3)
interface TenGigabitEthernet1/1/12
description MO-Link1
switchport mode trunk
switchport nonegotiate
shutdown
channel-group 12 mode on
interface TenGigabitEthernet2/1/12
description MO-Link2
switchport mode trunk
switchport nonegotiate
shutdown
channel-group 12 mode on
Thank you,
TThanks for reply!
I have tried desirable mode as well but no luck. I can work on this only during the weekend as downtime is not an option.
These two 10G links were just installed last weekend and one patch cable I had to replace due to complete lack of connectivity (small shop so we no fiber testing equipment).
I did not do a lot of troubleshooting last weekend but I will dig in to that this weekend. I was hoping to get some insight from people who work with this on daily basis.
Post from about a year ago got me worried: https://supportforums.cisco.com/discussion/12072281/4500-x-vss-mec-2960-x-stack
Thanks again.
T -
Catalyst 4500X Unidirectional Link
Hi all,
I want to create a unidirectional Link between two catalyst 4500X.
Switch 1:
interface TenGigabitEthernet1/1
unidirectional receive-only
end
Switch 2:
interface TenGigabitEthernet1/2
unidirectional send-only
end
Problem:
Switch 1 --> Port notconnect
Switch 2 --> Port connected
Do I need to configure any more on the switch 1 te1/1 to bring up the interface?
I have changed the 10G spf+ transceiver + cable --> same problem.
When I use 1G spf transceiver instead of 10G spf+ on the same ports --> no problem (???)
IOS Version: 03.05.00.E
Thanks for your support,
Regards,
BernhardHi Madu
Ports stay up without uni directional config.
Switch1:
Switch1 #sh interfaces te1/1 unidirectional
Unidirectional configuration mode: receive only
CDP neighbour unidirectional configuration mode: send only
Switch1#
Switch 2:
Switch2#sh interfaces te1/2 unidirectional
Unidirectional configuration mode: send only
CDP neighbour unidirectional configuration mode: off
Switch2#
Thanks,
Bernhard -
Hello,
How does it work VSS (C6500) with ACE Module in mode redundancy?
The ACE Module going to install for Catalyst each C6500.
Best RegardsSee http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c72b.shtml for outline information on how the VSS handles ACE with VSL.
HTH
Cathy -
6509e SUP-2T VSS and 100BASE-X SFP
Dear All,
i need to connect via 100BASE-X uplinks some access switches to 6509e VSS distribution Switches having SUP-2T.
It seems that the only module on 6509e supporting 100BASE-X SFP is WS-X6148-FE-SFP. This module is going EoS and is not supportes in VSS.
Is there any other modules that i can use?
Thanks and Regards
GiuseppeHi,
Here's a link that contains information about available line cards that might help you:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet0900aecd801459a7.html
Regards, -
Slow performance through Catalyst 3560 w/SFPs
I have some WS-C3560-48PS-S switches with 1000BaseT and fiber SX gigabit SFPs connected to a server farm switch WS-C3750G-24TS-E. Servers are attached with gigatbit-capable NICs.
I found extremely sluggish performance when installing Windows XP to new PCs via the network, which first draw a DOS-based Windows 98 TCP/IP stack on themselves from floppy then start copying necessary files from the gigabit attached Windows 2000 servers. So client PCs are on 3560's 100Mbps ports, backbone is 1000BaseT or fiber SX (tried both, no difference) to C3750G-24TS-E, where the server is attached and set to gigabit speed.
Cabling is fine, and no port errors occur.
I managed to speed up the installation process (took 4 hours, become 15 minutes!!!) by any one of the next three measures:
1. Lowered the server connection speed to 100Mbps full duplex (switch port and NIC).
2. Set the backbone to 100Mbps full duplex.
3. Relocated the server to a 100Mbps port on the 3560 switch.
I could exclude the C3750G-24TS-E from the suspect list by moving the server directly to the 3560 1000BaseT SFP and still the same phenomena could be seen.
I suspect the Windows 98 TCP/IP stack for the sluggish performance.
Has anyone come accross similar problem or has a better idea?Here is what did...
Auto QoS set on the 48 port switches. Any devices on the 24TS connecting to another device on the 24TS works fine. Devices connecting from the 48P to the 24TS with Auto-QoS on the 48P experince severe performance degradation. Below is the global command to fix this.
**** Global Command to Fix the Issue
mls qos queue-set output 1 threshold 2 400 400 100 400
****** Queue Setting Before Fix **********
MID3750Stack#sh mls qos queue-set 1
Queueset: 1
Queue : 1 2 3 4
buffers : 20 20 20 40
threshold1: 100 50 100 100
threshold2: 100 50 100 100
reserved : 50 100 50 50
maximum : 400 400 400 400
********** Queue Setting After Fix *************
MID3750Stack#sh mls qos queue-set 1
Queueset: 1
Queue : 1 2 3 4
buffers : 20 20 20 40
threshold1: 100 400 100 100
threshold2: 100 400 100 100
reserved : 50 100 50 50
maximum : 400 400 400 400
Notice that in the output above that the thresholds for queue 2 by
default are only configured to allow 50% of their buffer to be used
before traffic is dropped since Queue 2 is the lowest priority queue
and services the type of traffic that your switch has been
dropping. We changed this queue to accomodate a higher amount of the
lower priority traffic which thus resolves the issue.
As you can see, there are core differences in the architecture of the
two switches which account for the different behaviors when it comes
to buffer management. -
GRE tunnel feature limitation on Cisco Catalyst 4500X
Hi,
I have a customer with three sites. They have the Cisco catalyst 4500-X at each sites and wish to create GRE tunnels between each of these switches.
I have a vague reference which tells me the Cisco cat 4500-x or any cat 4500 for that matter does have severe limitations when GRE tunnels are created, especially limiting the bandwidth to 70kbps. Its also not recommended for data traffic but control plane traffic.
Please advice.No experts to answer this?
-
I want to buy Cisco Catalyst 4500-X-16SFP+ and upgrade the license to Enterprise service. But license description show "IP Base to Ent. Services license for 16 Port Catalyst 4500-X". Is it means that only 16 port is Enterprise Service? If I add more 8 Ports module ,can it use Ent Service?
Please kindly advise.
Thanks,
ManoIs it means that only 16 port is Enterprise Service?
The license is in blocks of 16- or 32 ports. Let's say you purchase an Enterprise license for 16-ports and you got an optional 8-port module. You purchase an additional license of "C4500X-16P-IP-ES" and this allows you an additional 16-ports of license. You can't purchase a license for only 8 ports.
Cisco Catalyst 4500E Supervisor 7-E and 7L-E and Cisco Catalyst 4500-X Series Software Activation Licensing Deployment Guide -
Catalyst 4500x : Shaping traffic and appliying queuing (nested policy-maps)
Hi Everyone,
I got a question on how actually I could put kind of nested policy-maps under an interface on a 4500x switch.
This is needed because 100Mbps link connecting 2 head office locations. The 100Mpbs is a metro ethernet link and the provider is fixing port to 100Mbps speed.
Since 4500x is not supporting 100Mbps speed on interfaces, the provider's port is connected to an intermediary switch at 100Mbps. And the 4500x is connected to intermediary switch at 1Gbps.
Hence, I need to shape to 100Mpbs out to my 4500x port. But I also need do perform queuing for traffic. The thing is nested policy-maps doesn't seem to be implemented on 4500x as in routers.
Any idea on how to workaround this? In a router world I'd do something like this:
policy-map SHAPER
class class-default
shape average 100000000
service-policy QUEUING
policy-map QUEUING
class VOICE
priority
police 5000000 conform-action transmit exceed-action drop
class INTERACTIVE
bandwidth 20000
class BULK
bandwidth 20000
class class-default
dbl
interface TenGigabitEthernet2/1/9
description TO_REMOTE_HEADOFFICE
service-policy output SHAPER
Thank you.I have the same problem. I wanted to do sub-interfaces with dot1q tags and nested shaper policies, but the 4500x doesn't appear to support either nested shapers or subifs. Really wish there was more consistency across platforms.
Instead of the subifs, I can simply create vlan interfaces (not my favorite method, but it works).
As far as shaping goes, the best I've been able to come up with is a custom policy that polices for the realtime traffic (i.e marked with EF or AF41, 42, 43) and everything else is matched by a custom class that matches any and sets the shape average % on the interface accordingly. (i.e. a 10g interface shaped to a 2G pipe would get 19% for all traffic and 100Mb for realtime apps like voice and video). Not perfect, but without nested policies it's hard to do a full 8 class policy and shape each class to a specific rate.
class-map match-any REALTIME
match dscp ef
match dscp af41 af42 af43
class-map match-any CATCH_ALL
match any
policy-map QOS_SHAPE_2G_OUT
class REALTIME
priority
police rate percent 1
class CATCH_ALL
shape average percent 19
int ten1/1/27
service-policy output QOS_SHAPE_2G_OUT
If you want queuing, then drop dbl in the catch all class and you're set. This is not ideal and doesn't do as well as a nested shaper policy. If anyone can come up with a better solution, please post it! -
Cisco 4500X VSS & MEC Cisco 2960X
Hi
I have Cisco 4500x VSS connect to MEC Cisco 2960X using LACP.
I encountered a problem about C2960X
Integration reason
1.C2960X Ten 1/0/2 link flapping interface error-disable . I am disable interface then enable interface , switch show SFP not Present .
Te1/0/2 notconnect 1 full 10G Not Present. (SPF plug-in Correct)
2.use CLI reload C2960X , Ten 1/0/1 ,Ten 1/0/2 notconnect SPF Not Present. (SPF plug-in Correct)
error message :
Dec 18 12:40:25.250: %SYS-5-CONFIG_I: Configured from console by console
Dec 18 12:41:48.888: % ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization. This product may contain software that was copied in violation of Cisco's license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center for more information.
26F_guest_switch#show license
Index 1 Feature: lanlite
Period left: 0 minute 0 second
Index 2 Feature: lanbase
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
3.C2960X power Cycle ,C2960X operation normal, ,but recurring problems every day.
I do not know where the problem , I have upgrade C2960X IOS but it had same problem.
Cisco 2960X IOS version: 15.2(3)E C2960X-UNIVERSALK9-M
Cisco 4500X IOS version: cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
Thanks for your help,Hi Reza,
Thanks for your help
I can not confirm that because I have a few switch have the same problem.
C2960X 10G port 1 is connected to C4500X slot 1, Port 2 is connected to C4500X Slot2.
link flapping, On the switch port 2.
I need to do a more precise test to confirm the problem is C2960X or 4500VSS -
i configure vss on 4500x ,with one switch is active and the other switch go into recovery mode,with all port except the vsl links in the amber orange,shutdown,
i want to make two switch into active state,some one could help in this.
the configuration which i used is below
itch virtual domain 100
switch 1
exit
switch virtual domain 100
switch 2
exit
interface port-channel 10
switchport
switch virtual link 1
no shut
exit
interface port-channel 20
switchport
switch virtual link 2
no shut
exit
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 10 mode on
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 20 mode on
switch convert mode virtual
switch convert mode virtuali can share two core switch configuration which is there
please suggest if something which i misconfigured and need to be corrected.
TAKAFUL-CORE-01#show run
Building configuration...
Current configuration : 7510 bytes
! Last configuration change at 01:57:12 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-01
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
username admin privilege 15 password 7 104F0D140C19
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
ip dhcp pool management
network 10.2.20.0 255.255.255.0
default-router 10.2.20.2
option 43 ascii "10.2.20.1"
ip dhcp pool Data
network 10.3.30.0 255.255.255.0
default-router 10.3.30.2
dns-server 4.2.2.2 8.8.8.8
ip dhcp pool Voice
network 10.1.10.0 255.255.255.0
default-router 10.1.10.2
ip dhcp pool wireless
network 10.4.40.0 255.255.255.0
default-router 10.4.40.2
dns-server 4.2.2.2 8.8.8.8
no ip bootp server
ip device tracking
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel10
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface TenGigabitEthernet1/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet1/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
shutdown
interface Vlan10
description IP Telephony VLAN
ip address 10.1.10.2 255.255.255.0
no ip redirects
interface Vlan20
description Automation & Management VLAN
ip address 10.2.20.2 255.255.255.0
no ip redirects
interface Vlan30
description Data VLAN
ip address 10.3.30.2 255.255.255.0
no ip redirects
interface Vlan40
description Wireless Users VLAN
ip address 10.4.40.2 255.255.255.0
no ip redirects
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
snmp-server community ro RO
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
banner login ^CC
#### Login for authorized Takaful IT Personnel ONLY ####
TAKAFUL
#### Login for authorized Takaful IT Personnel ONLY ####
^C
banner motd ^CC
WARNING, unauthorised access to this network is prohibited.
Authorized access only
This system is the property of Takaful Company.^C
line con 0
privilege level 15
login local
stopbits 1
line vty 0 4
privilege level 15
login local
line vty 5 15
privilege level 15
login local
module provision switch 1
chassis-type 70 base-mac F40F.1B56.31D8
slot 1 slot-type 401 base-mac F40F.1B56.31D8
module provision switch 2
end
TAKAFUL-CORE-01#
TAKAFUL-CORE-02(recovery-mode)#show run
Building configuration...
Current configuration : 5641 bytes
! Last configuration change at 02:05:27 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-02
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
no ip bootp server
ip device tracking
vtp mode transparent
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode pvst
spanning-tree extend system-id
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel20
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 2
interface FastEthernet1
vrf forwarding mgmtVrf
speed auto
duplex auto
interface TenGigabitEthernet2/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet2/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
line con 0
stopbits 1
line vty 0 4
login
length 0
module provision switch 1
module provision switch 2
chassis-type 70 base-mac 88F0.3104.0058
slot 1 slot-type 401 base-mac 88F0.3104.0058
end -
4500 IOS-XE: Crash on ACL configuration
Hi All ,
We have recently migrated from standalone to VSS on our C4500 switches with Sup 7-E.
but the switch crashes every time we edit or modify the ACL with below error message :
%SYS-3-BADBLOCK: Bad block pointer
%SYS-6-MTRACE: mallocfree: addr, pc
%SYS-6-BLKINFO: Corrupted next pointer blk
%SYS-6-MEMDUMP: 0x7E043FF8
We noticed that there is a new bug for this issue i.e
CSCun33897 Symptom:
A Catalyst 4500 series switch running IOS-XE may unexpectedly reboot when ACL configuration is applied to an interface.
but there is no fix available yet.
Please let me know if anyone had this kind of issue. Appreciate your suggestion and feedback on this issue .
Current used Image : cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin .
Thanks in advance .its seems to be closely matching to the bug you mentioned
If you upload crashinfo i can look it and try to confirm.
Regards
Naveen
***rate if it is helpful*** -
Cisco Catalyst 4507R+E with WS-X4748 blade, ports not working
I have a Cisco Catalyst 4507R+E (with Sup7-E) and two blades; one WS-X4748-RJ45V+E and one WS-X4648-RJ45-E.
When I connect a device to a port on the WS-X4748-RJ45V+E blade the port will not come up, show interface shows the status as "notconnect". When I connect the same device to the WS-X4648-RJ45-E blade the interface comes up.
The WS-X4748-RJ45V+E blade seems to have initialised okay, it appears in the output of "show module" as OK.
I get exactly the same effect on a second, identically configured Catalyst 4507R+E.
The software version is IOS XE 3.1.0SG, which according to the release notes supports the WS-X4748-RJ45V+E blade. Has anybody else seen anything like this?I have 2 Core switches, single SUP on each.
Line cards #1 and #2 randomly stop forwarding packets, only solution is to reload the switch ( hw-module reset does not work ). I have cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin and the sympton looks the same as the described one,
although the code is newer than 3.2.2SG.
Now we are downgrading to cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin to check if that solves the issue,
otherwise we´ll try removing/re-inserting the modules, and if issue persists, most probably RMA the Core1.
We´ve sent a show tech to Cisco support while the issue was happening.
Current modules on the Core switches.
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 48 10/100/1000BaseT EEE (RJ45) WS-X4748-RJ45-E CAT1627L48B
2 48 10/100/1000BaseT EEE (RJ45) WS-X4748-RJ45-E CAT1629L0ZY
3 4 Sup 7-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7-E CAT1629L1PD
5 12 1000BaseX (SFP) WS-X4612-SFP-E JAE163007EO
M MAC addresses Hw Fw Sw Status
--+--------------------------------+---+------------+----------------+---------
1 30f7.0d57.80c0 to 30f7.0d57.80ef 1.1 Ok
2 30f7.0dac.fd40 to 30f7.0dac.fd6f 1.1 Ok
3 30f7.0dca.6c00 to 30f7.0dca.6c03 2.1 15.0(1r)SG10 03.05.00.E Ok
5 a493.4c44.13e8 to a493.4c44.13f3 1.1 Ok
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+----------------------------------
3 Active Supervisor SSO Active -
CSCun15879 - CAT4K MAB not triggered when "authentication control-direction in"
Dear all,
We try to get WOL working in combination with MAB authentication and we think the implementation of "authentication control-direction in" is broken on the Cat4k5 platform and is working on the Cat3850.
We run exact the same config on a Cat3850 and "authentication control-direction in" and MAB+WOL works fine.
My question: Can other users confirm this BUG?
So "authentication control-direction in" breaks MAB on:
Chassis Type : WS-C4507R+E
Power consumed by backplane : 40 Watts
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE18280xx
2 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE18280xx
3 6 Sup 7L-E 10GE (SFP+), 1000BaseX (SFP) WS-X45-SUP7L-E CAT1827Lxx
5 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE18270xx
6 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE18270xx
7 48 10/100/1000BaseT Premium POE E Series WS-X4648-RJ45V+E JAE18280xx
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.05.03.E RELEASE SOFTWARE (fc1)
cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin
And "authentication control-direction in" and MAB works fine on:
Switch Ports Model Serial No. MAC address Hw Ver. Sw Ver.
1 56 WS-C3850-48P FCWxxxx ccd8.c130.aaaa M0 03.03.03SE
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.03SE RELEASE SOFTWARE (fc2)
cat3k_caa-universalk9.SPA.03.03.03.SE.150-1.EZ3.bin
Kind regards,
Paul Boot.
Reinier de Graaf Hospital,
The Netherlands.Hello Kashish-
Can you:
1. Post the full switchport config
2. Make and model of the switch
3. Version of code running on the switch
Maybe you are looking for
-
HP Officejet Pro 8600 - Faxes from Win 7 computer are cancelled
When attempting to fax from the computer (i.e. word doc) the fax is cancelled. I have a wireless network, but the computer I am faxing from and the HP 8600 are connected to the router via RJ45 connections. I can fax OK from the HP8600 control panel,
-
Access to local file system for desktop application
As a .NET and VBA developer/user, I have found Flash to be a great RAD development solution for certain desktop app. projects... if only actionscript could access the local file system and talk to local (preferably non-XML) data-sources! I'm not fami
-
Passing instance to other classes
Hi, I have the following class public class myApp extends SingleFrameApplicationWhen I pass the instance like as given below, the instance of SingleFrameApplication is passed. How can I pass the instance of myApp along with this, so that I can access
-
Mobility groups and MAC filtering
We have a 4402 controller and we are doing MAC filtering. We have reached the default number of MAC addresses, 512. It has been recommended that we add an additional controller instead of increasing this past the default. Three questions: 1. Is there
-
Let's start by asking our dear friends at nokia why the device cant' do what was designed for ? as is ... i don't know ,PLAYING MUSIC perhaps ? The device keeps freezing in the refresh library option ,it can't deliver sound quality ,the internal stor