VSS Catalyst 4500X-16 SFP+ / crashing on cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin / radius / dot1x

Similar Messages

• Recommended IOS XE version for Cisco Catalyst 4500X-16 SFP+ Switch

  Could someone confirm IOS XE version for Cisco Catalyst 4500X-16 SFP+ Switch please.
  It already has 03.06.00.E on it. I am planning to configure VSS on it with similar switch.
  VSS will participate in various Etherchannels (MES).
  Just wondering if there are any known bugs in this IOS XE release.

  Use the Bug Search Tool to look for issues with vss, vsl, etc.
  https://tools.cisco.com/bugsearch/

• EtherChannel between stacked VSS Catalyst 4500X and Stacked 2960X.

  I can have only one link in the EhterChannel up but the 2nd one goes in to suspended mode. 
  I've tried recreating channel group on different ports but with the same results. Am I doing something wrong or pagp cannot be transmitted over stacks on both ends (I have quite a few EtherChannels but all to single/non-stacked switches)?
  2960X stack config
  Version: 15.0 (2r)EX
  interface TenGigabitEthernet2/0/2
   description HR-Link1
   switchport mode trunk
   switchport nonegotiate
   channel-group 2 mode on
  interface TenGigabitEthernet1/0/2
   description HR-Link2
   switchport mode trunk
   switchport nonegotiate
   channel-group 2 mode on
  4500X Stack (VSS) config
  Version: 03.04.00.SG (fc3)
  interface TenGigabitEthernet1/1/12
   description MO-Link1
   switchport mode trunk
   switchport nonegotiate
   shutdown
   channel-group 12 mode on
  interface TenGigabitEthernet2/1/12
   description MO-Link2
   switchport mode trunk
   switchport nonegotiate
   shutdown
   channel-group 12 mode on
  Thank you,
  T

  Thanks for reply!
  I have tried desirable mode as well but no luck. I can work on this only during the weekend as downtime is not an option.
  These two 10G links were just installed last weekend and one patch cable I had to replace due to complete lack of connectivity (small shop so we no fiber testing equipment).
  I did not do a lot of troubleshooting last weekend but I will dig in to that this weekend. I was hoping to get some insight from people who work with this on daily basis.
  Post from about a year ago got me worried:  https://supportforums.cisco.com/discussion/12072281/4500-x-vss-mec-2960-x-stack
  Thanks again.
  T

• Catalyst 4500X Unidirectional Link

  Hi all,
  I want to create a unidirectional Link between two catalyst 4500X.
  Switch 1:
  interface TenGigabitEthernet1/1
   unidirectional receive-only
  end
  Switch 2:
  interface TenGigabitEthernet1/2
   unidirectional send-only
  end
  Problem:
  Switch 1 --> Port notconnect
  Switch 2 --> Port connected
  Do I need to configure any more on the switch 1 te1/1 to bring up the interface?
  I have changed the 10G spf+ transceiver + cable --> same problem.
  When I use 1G spf transceiver instead of 10G spf+ on the same ports --> no problem (???)
  IOS Version:  03.05.00.E
  Thanks for your support,
  Regards,
  Bernhard

  Hi Madu
  Ports stay up without uni directional config.
  Switch1:
  Switch1 #sh interfaces te1/1 unidirectional
  Unidirectional configuration mode: receive only
  CDP neighbour unidirectional configuration mode: send only
  Switch1#
  Switch 2:
  Switch2#sh interfaces te1/2 unidirectional
  Unidirectional configuration mode: send only
  CDP neighbour unidirectional configuration mode: off
  Switch2#
  Thanks,
  Bernhard

• ACE: VSS Catalyst 6500

  Hello,
  How does it work VSS (C6500) with ACE Module in mode redundancy?
  The ACE Module going to install for Catalyst each C6500.
  Best Regards

  See http://www.cisco.com/en/US/products/ps9336/products_tech_note09186a0080a7c72b.shtml for outline information on how the VSS handles ACE with VSL.
  HTH
  Cathy

• 6509e SUP-2T VSS and 100BASE-X SFP

  Dear All,
  i need to connect via 100BASE-X uplinks some access switches to 6509e VSS distribution Switches having SUP-2T.
  It seems that the only module on 6509e supporting 100BASE-X SFP is WS-X6148-FE-SFP. This module is going EoS and is not supportes in VSS.
  Is there any other modules that i can use?
  Thanks and Regards
  Giuseppe

  Hi,
  Here's a link that contains information about available line cards that might help you:
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/product_data_sheet0900aecd801459a7.html
  Regards,

• Slow performance through Catalyst 3560 w/SFPs

  I have some WS-C3560-48PS-S switches with 1000BaseT and fiber SX gigabit SFPs connected to a server farm switch WS-C3750G-24TS-E. Servers are attached with gigatbit-capable NICs.
  I found extremely sluggish performance when installing Windows XP to new PCs via the network, which first draw a DOS-based Windows 98 TCP/IP stack on themselves from floppy then start copying necessary files from the gigabit attached Windows 2000 servers. So client PCs are on 3560's 100Mbps ports, backbone is 1000BaseT or fiber SX (tried both, no difference) to C3750G-24TS-E, where the server is attached and set to gigabit speed.
  Cabling is fine, and no port errors occur.
  I managed to speed up the installation process (took 4 hours, become 15 minutes!!!) by any one of the next three measures:
  1. Lowered the server connection speed to 100Mbps full duplex (switch port and NIC).
  2. Set the backbone to 100Mbps full duplex.
  3. Relocated the server to a 100Mbps port on the 3560 switch.
  I could exclude the C3750G-24TS-E from the suspect list by moving the server directly to the 3560 1000BaseT SFP and still the same phenomena could be seen.
  I suspect the Windows 98 TCP/IP stack for the sluggish performance.
  Has anyone come accross similar problem or has a better idea?

  Here is what did...
  Auto QoS set on the 48 port switches. Any devices on the 24TS connecting to another device on the 24TS works fine. Devices connecting from the 48P to the 24TS with Auto-QoS on the 48P experince severe performance degradation. Below is the global command to fix this.
  **** Global Command to Fix the Issue
  mls qos queue-set output 1 threshold 2 400 400 100 400
  ****** Queue Setting Before Fix **********
  MID3750Stack#sh mls qos queue-set 1
  Queueset: 1
  Queue : 1 2 3 4
  buffers : 20 20 20 40
  threshold1: 100 50 100 100
  threshold2: 100 50 100 100
  reserved : 50 100 50 50
  maximum : 400 400 400 400
  ********** Queue Setting After Fix *************
  MID3750Stack#sh mls qos queue-set 1
  Queueset: 1
  Queue : 1 2 3 4
  buffers : 20 20 20 40
  threshold1: 100 400 100 100
  threshold2: 100 400 100 100
  reserved : 50 100 50 50
  maximum : 400 400 400 400
  Notice that in the output above that the thresholds for queue 2 by
  default are only configured to allow 50% of their buffer to be used
  before traffic is dropped since Queue 2 is the lowest priority queue
  and services the type of traffic that your switch has been
  dropping. We changed this queue to accomodate a higher amount of the
  lower priority traffic which thus resolves the issue.
  As you can see, there are core differences in the architecture of the
  two switches which account for the different behaviors when it comes
  to buffer management.

• GRE tunnel feature limitation on Cisco Catalyst 4500X

  Hi,
  I have a customer with three sites.  They have the Cisco catalyst 4500-X at each sites and wish to create GRE tunnels between each of these switches.
  I have a vague reference which tells me the Cisco cat 4500-x or any cat 4500 for that matter does have severe limitations when GRE tunnels are created, especially limiting the bandwidth to 70kbps.  Its also not recommended for data traffic but control plane traffic.
  Please advice.

  No experts to answer this?

• Cisco Catalyst 4500X

  I want to buy Cisco Catalyst 4500-X-16SFP+ and upgrade the license to Enterprise service. But license description show "IP Base to Ent. Services license for 16 Port Catalyst 4500-X". Is it means that only 16 port is Enterprise Service? If I add more 8 Ports module ,can it use Ent Service?
  Please kindly advise.
  Thanks,
  Mano

  Is it means that only 16 port is Enterprise Service?
  The license is in blocks of 16- or 32 ports.  Let's say you purchase an Enterprise license for 16-ports and you got an optional 8-port module.  You purchase an additional license of "C4500X-16P-IP-ES" and this allows you an additional 16-ports of license.  You can't purchase a license for only 8 ports.
  Cisco Catalyst 4500E Supervisor 7-E and 7L-E and Cisco Catalyst 4500-X Series Software Activation Licensing Deployment Guide

• Catalyst 4500x : Shaping traffic and appliying queuing (nested policy-maps)

  Hi Everyone, 
  I got a question on how actually I could put kind of nested policy-maps under an interface on a 4500x switch. 
  This is needed because 100Mbps link connecting 2 head office locations. The 100Mpbs is a metro ethernet link and the provider is fixing port to 100Mbps speed.
  Since 4500x is not supporting 100Mbps speed on interfaces, the provider's port is connected to an intermediary switch at 100Mbps. And the 4500x is connected to intermediary switch at 1Gbps. 
  Hence, I need to shape to 100Mpbs out to my 4500x port. But I also need do perform queuing for traffic. The thing is nested policy-maps doesn't seem to be implemented on 4500x as in routers.
  Any idea on how to workaround this? In a router world I'd do something like this: 
  policy-map SHAPER
  class class-default
  shape average 100000000
  service-policy QUEUING
  policy-map QUEUING
  class VOICE
  priority
  police 5000000 conform-action transmit exceed-action drop
  class INTERACTIVE
  bandwidth 20000
  class BULK
  bandwidth 20000
  class class-default
  dbl
  interface TenGigabitEthernet2/1/9
  description TO_REMOTE_HEADOFFICE
  service-policy output SHAPER
  Thank you.

  I have the same problem. I wanted to do sub-interfaces with dot1q tags and nested shaper policies, but the 4500x doesn't appear to support either nested shapers or subifs. Really wish there was more consistency across platforms.
  Instead of the subifs, I can simply create vlan interfaces (not my favorite method, but it works).
  As far as shaping goes, the best I've been able to come up with is a custom policy that polices for the realtime traffic (i.e marked with EF or AF41, 42, 43) and everything else is matched by a custom class that matches any and sets the shape average % on the interface accordingly.  (i.e. a 10g interface shaped to a 2G pipe would get 19% for all traffic and 100Mb for realtime apps like voice and video). Not perfect, but without nested policies it's hard to do a full 8 class policy and shape each class to a specific rate.
  class-map match-any REALTIME
  match dscp ef
  match dscp af41 af42 af43
  class-map match-any CATCH_ALL
  match any
  policy-map QOS_SHAPE_2G_OUT
   class REALTIME
    priority
    police rate percent 1
   class CATCH_ALL
    shape average percent 19
  int ten1/1/27
  service-policy output QOS_SHAPE_2G_OUT
  If you want queuing, then drop dbl in the catch all class and you're set. This is not ideal and doesn't do as well as a nested shaper policy. If anyone can come up with a better solution, please post it!

• Cisco 4500X VSS & MEC Cisco 2960X

  Hi
  I have Cisco 4500x VSS  connect to  MEC Cisco 2960X using LACP.
  I encountered a problem about C2960X
  Integration reason
  1.C2960X Ten 1/0/2 link flapping interface error-disable .  I am  disable interface then  enable interface , switch show SFP not Present .
     Te1/0/2                      notconnect   1            full    10G Not Present. (SPF plug-in  Correct)
  2.use CLI reload C2960X , Ten 1/0/1 ,Ten 1/0/2   notconnect  SPF Not Present.  (SPF plug-in  Correct)
    error message :
  Dec 18 12:40:25.250: %SYS-5-CONFIG_I: Configured from console by console
  Dec 18 12:41:48.888: % ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization.  This product may contain software that was copied in violation of Cisco's license terms.  If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet.  Please contact Cisco's Technical Assistance Center for more information.
  26F_guest_switch#show license
  Index 1 Feature: lanlite       
          Period left: 0  minute  0  second 
  Index 2 Feature: lanbase       
          Period left: Life time
          License Type: Permanent
          License State: Active, In Use
          License Priority: Medium
          License Count: Non-Counted
  3.C2960X power Cycle ,C2960X  operation normal, ,but recurring problems  every day.
  I do not know where the problem , I have  upgrade C2960X IOS but it had same problem.
  Cisco 2960X IOS version:  15.2(3)E    C2960X-UNIVERSALK9-M 
  Cisco 4500X IOS version: cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
  Thanks for your help,

  Hi Reza,
  Thanks for your help
  I can not confirm that because I have a few switch have the same problem.
  C2960X 10G port 1 is connected to C4500X slot 1, Port 2 is connected to C4500X Slot2.
   link flapping, On the switch  port 2.
  I need to do a more precise test to confirm the problem is C2960X or 4500VSS

• Cisco 4500x vss issue

  i configure vss on 4500x ,with one switch is active and the other switch go into recovery mode,with all port except the vsl links in the amber orange,shutdown,
  i want to make two switch into active state,some one could help in this.
  the configuration which i used is below
  itch virtual domain 100 
  switch 1
  exit
  switch virtual domain 100
  switch 2
  exit
  interface port-channel 10
  switchport
  switch virtual link 1
  no shut
  exit
  interface port-channel 20
  switchport
  switch virtual link 2
  no shut
  exit
  int range tengigabitethernet 1/15 - 16
  switchport
  switchport mode trunk
  switchport nonegotiate
  no shut
  channel-group 10 mode on
  int range tengigabitethernet 1/15 - 16
  switchport
  switchport mode trunk
  switchport nonegotiate
  no shut
  channel-group 20 mode on
  switch convert mode virtual 
  switch convert mode virtual 

  i can share two core switch configuration which is there 
  please suggest if something which i misconfigured and need to be corrected.
  TAKAFUL-CORE-01#show run
  Building configuration...
  Current configuration : 7510 bytes
  ! Last configuration change at 01:57:12 UTC Sun Aug 10 2014
  version 15.2
  service nagle
  no service pad
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service compress-config
  service sequence-numbers
  no service dhcp
  hostname TAKAFUL-CORE-01
  boot-start-marker
  boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
  boot-end-marker
  vrf definition mgmtVrf
   address-family ipv4
   exit-address-family
   address-family ipv6
   exit-address-family
  username admin privilege 15 password 7 104F0D140C19
  no aaa new-model
  switch virtual domain 100
   switch mode virtual
   mac-address use-virtual
  no dual-active detection pagp
  no ip source-route
  ip vrf Liin-vrf
  no ip domain-lookup
  ip dhcp pool management
   network 10.2.20.0 255.255.255.0
   default-router 10.2.20.2
   option 43 ascii "10.2.20.1"
  ip dhcp pool Data
   network 10.3.30.0 255.255.255.0
   default-router 10.3.30.2
   dns-server 4.2.2.2 8.8.8.8
  ip dhcp pool Voice
   network 10.1.10.0 255.255.255.0
   default-router 10.1.10.2
  ip dhcp pool wireless
   network 10.4.40.0 255.255.255.0
   default-router 10.4.40.2
   dns-server 4.2.2.2 8.8.8.8
  no ip bootp server
  ip device tracking
  power redundancy-mode redundant
  mac access-list extended VSL-BPDU
   permit any 0180.c200.0000 0000.0000.0003
  mac access-list extended VSL-CDP
   permit any host 0100.0ccc.cccc
  mac access-list extended VSL-DOT1x
   permit any any 0x888E
  mac access-list extended VSL-GARP
   permit any host 0180.c200.0020
  mac access-list extended VSL-LLDP
   permit any host 0180.c200.000e
  mac access-list extended VSL-SSTP
   permit any host 0100.0ccc.cccd
  spanning-tree mode rapid-pvst
  spanning-tree portfast bpduguard default
  spanning-tree extend system-id
  spanning-tree vlan 1-4094 priority 24576
  redundancy
   mode sso
  vlan internal allocation policy ascending
  class-map match-any VSL-MGMT-PACKETS
   match access-group name VSL-MGMT
  class-map match-any VSL-DATA-PACKETS
   match any
  class-map match-any VSL-L2-CONTROL-PACKETS
   match access-group name VSL-DOT1x
   match access-group name VSL-BPDU
   match access-group name VSL-CDP
   match access-group name VSL-LLDP
   match access-group name VSL-SSTP
   match access-group name VSL-GARP
  class-map match-any VSL-L3-CONTROL-PACKETS
   match access-group name VSL-IPV4-ROUTING
   match access-group name VSL-BFD
   match access-group name VSL-DHCP-CLIENT-TO-SERVER
   match access-group name VSL-DHCP-SERVER-TO-CLIENT
   match access-group name VSL-DHCP-SERVER-TO-SERVER
   match access-group name VSL-IPV6-ROUTING
  class-map match-any VSL-MULTIMEDIA-TRAFFIC
   match dscp af41
   match dscp af42
   match dscp af43
   match dscp af31
   match dscp af32
   match dscp af33
   match dscp af21
   match dscp af22
   match dscp af23
  class-map match-any VSL-VOICE-VIDEO-TRAFFIC
   match dscp ef
   match dscp cs4
   match dscp cs5
  class-map match-any VSL-SIGNALING-NETWORK-MGMT
   match dscp cs2
   match dscp cs3
   match dscp cs6
   match dscp cs7
  policy-map VSL-Queuing-Policy
   class VSL-MGMT-PACKETS
    bandwidth percent 5
   class VSL-L2-CONTROL-PACKETS
    bandwidth percent 5
   class VSL-L3-CONTROL-PACKETS
    bandwidth percent 5
   class VSL-VOICE-VIDEO-TRAFFIC
    bandwidth percent 30
   class VSL-SIGNALING-NETWORK-MGMT
    bandwidth percent 10
   class VSL-MULTIMEDIA-TRAFFIC
    bandwidth percent 20
   class VSL-DATA-PACKETS
    bandwidth percent 20
   class class-default
    bandwidth percent 5
  interface Port-channel10
   switchport
   switchport mode trunk
   switchport nonegotiate
   switch virtual link 1
  interface FastEthernet1
   vrf forwarding mgmtVrf
   no ip address
   speed auto
   duplex auto
  interface TenGigabitEthernet1/1/1
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/2
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/3
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/4
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/5
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/6
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/7
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/8
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/9
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/10
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/11
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/12
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/13
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/14
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet1/1/15
   switchport mode trunk
   switchport nonegotiate
   no lldp transmit
   no lldp receive
   no cdp enable
   channel-group 10 mode on
   service-policy output VSL-Queuing-Policy
  interface TenGigabitEthernet1/1/16
   switchport mode trunk
   switchport nonegotiate
   no lldp transmit
   no lldp receive
   no cdp enable
   channel-group 10 mode on
   service-policy output VSL-Queuing-Policy
  interface Vlan1
   no ip address
   shutdown
  interface Vlan10
   description IP Telephony VLAN
   ip address 10.1.10.2 255.255.255.0
   no ip redirects
  interface Vlan20
   description Automation & Management VLAN
   ip address 10.2.20.2 255.255.255.0
   no ip redirects
  interface Vlan30
   description Data VLAN
   ip address 10.3.30.2 255.255.255.0
   no ip redirects
  interface Vlan40
   description Wireless Users VLAN
   ip address 10.4.40.2 255.255.255.0
   no ip redirects
  ip forward-protocol nd
  no ip forward-protocol udp netbios-ns
  no ip forward-protocol udp netbios-dgm
  no ip http server
  no ip http secure-server
  ip access-list extended VSL-BFD
   permit udp any any eq 3784
  ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
   permit udp any eq bootpc any eq bootps
  ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
   permit udp any eq bootps any eq bootpc
  ip access-list extended VSL-DHCP-SERVER-TO-SERVER
   permit udp any eq bootps any eq bootps
  ip access-list extended VSL-IPV4-ROUTING
   permit ip any 224.0.0.0 0.0.0.255
  snmp-server community ro RO
  ipv6 access-list VSL-IPV6-ROUTING
   permit ipv6 any FF02::/124
  banner login ^CC
  #### Login for authorized Takaful IT Personnel ONLY ####
                        TAKAFUL
  #### Login for authorized Takaful IT Personnel ONLY ####
  ^C
  banner motd ^CC
  WARNING, unauthorised access to this network is prohibited.
  Authorized access only
  This system is the property of Takaful Company.^C
  line con 0
   privilege level 15
   login local
   stopbits 1
  line vty 0 4
   privilege level 15
   login local
  line vty 5 15
   privilege level 15
   login local
  module provision switch 1
   chassis-type 70 base-mac F40F.1B56.31D8
   slot 1 slot-type 401 base-mac F40F.1B56.31D8
  module provision switch 2
  end
  TAKAFUL-CORE-01#
  TAKAFUL-CORE-02(recovery-mode)#show run
  Building configuration...
  Current configuration : 5641 bytes
  ! Last configuration change at 02:05:27 UTC Sun Aug 10 2014
  version 15.2
  service nagle
  no service pad
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  service compress-config
  service sequence-numbers
  no service dhcp
  hostname TAKAFUL-CORE-02
  boot-start-marker
  boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
  boot-end-marker
  vrf definition mgmtVrf
   address-family ipv4
   exit-address-family
   address-family ipv6
   exit-address-family
  no aaa new-model
  switch virtual domain 100
   switch mode virtual
   mac-address use-virtual
  no dual-active detection pagp
  no ip source-route
  ip vrf Liin-vrf
  no ip domain-lookup
  no ip bootp server
  ip device tracking
  vtp mode transparent
  power redundancy-mode redundant
  mac access-list extended VSL-BPDU
   permit any 0180.c200.0000 0000.0000.0003
  mac access-list extended VSL-CDP
   permit any host 0100.0ccc.cccc
  mac access-list extended VSL-DOT1x
   permit any any 0x888E
  mac access-list extended VSL-GARP
   permit any host 0180.c200.0020
  mac access-list extended VSL-LLDP
   permit any host 0180.c200.000e
  mac access-list extended VSL-SSTP
   permit any host 0100.0ccc.cccd
  spanning-tree mode pvst
  spanning-tree extend system-id
  redundancy
   mode sso
  vlan internal allocation policy ascending
  class-map match-any VSL-MGMT-PACKETS
   match access-group name VSL-MGMT
  class-map match-any VSL-DATA-PACKETS
   match any
  class-map match-any VSL-L2-CONTROL-PACKETS
   match access-group name VSL-DOT1x
   match access-group name VSL-BPDU
   match access-group name VSL-CDP
   match access-group name VSL-LLDP
   match access-group name VSL-SSTP
   match access-group name VSL-GARP
  class-map match-any VSL-L3-CONTROL-PACKETS
   match access-group name VSL-IPV4-ROUTING
   match access-group name VSL-BFD
   match access-group name VSL-DHCP-CLIENT-TO-SERVER
   match access-group name VSL-DHCP-SERVER-TO-CLIENT
   match access-group name VSL-DHCP-SERVER-TO-SERVER
   match access-group name VSL-IPV6-ROUTING
  class-map match-any VSL-MULTIMEDIA-TRAFFIC
   match dscp af41
   match dscp af42
   match dscp af43
   match dscp af31
   match dscp af32
   match dscp af33
   match dscp af21
   match dscp af22
   match dscp af23
  class-map match-any VSL-VOICE-VIDEO-TRAFFIC
   match dscp ef
   match dscp cs4
   match dscp cs5
  class-map match-any VSL-SIGNALING-NETWORK-MGMT
   match dscp cs2
   match dscp cs3
   match dscp cs6
   match dscp cs7
  policy-map VSL-Queuing-Policy
   class VSL-MGMT-PACKETS
    bandwidth percent 5
   class VSL-L2-CONTROL-PACKETS
    bandwidth percent 5
   class VSL-L3-CONTROL-PACKETS
    bandwidth percent 5
   class VSL-VOICE-VIDEO-TRAFFIC
    bandwidth percent 30
   class VSL-SIGNALING-NETWORK-MGMT
    bandwidth percent 10
   class VSL-MULTIMEDIA-TRAFFIC
    bandwidth percent 20
   class VSL-DATA-PACKETS
    bandwidth percent 20
   class class-default
    bandwidth percent 5
  interface Port-channel20
   switchport
   switchport mode trunk
   switchport nonegotiate
   switch virtual link 2
  interface FastEthernet1
   vrf forwarding mgmtVrf
   speed auto
   duplex auto
  interface TenGigabitEthernet2/1/1
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/2
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/3
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/4
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/5
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/6
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/7
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/8
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/9
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/10
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/11
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/12
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/13
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/14
   switchport trunk native vlan 20
   switchport mode trunk
  interface TenGigabitEthernet2/1/15
   switchport mode trunk
   switchport nonegotiate
   no lldp transmit
   no lldp receive
   no cdp enable
   channel-group 20 mode on
   service-policy output VSL-Queuing-Policy
  interface TenGigabitEthernet2/1/16
   switchport mode trunk
   switchport nonegotiate
   no lldp transmit
   no lldp receive
   no cdp enable
   channel-group 20 mode on
   service-policy output VSL-Queuing-Policy
  interface Vlan1
   no ip address
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip access-list extended VSL-BFD
   permit udp any any eq 3784
  ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
   permit udp any eq bootpc any eq bootps
  ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
   permit udp any eq bootps any eq bootpc
  ip access-list extended VSL-DHCP-SERVER-TO-SERVER
   permit udp any eq bootps any eq bootps
  ip access-list extended VSL-IPV4-ROUTING
   permit ip any 224.0.0.0 0.0.0.255
  ipv6 access-list VSL-IPV6-ROUTING
   permit ipv6 any FF02::/124
  line con 0
   stopbits 1
  line vty 0 4
   login
   length 0
  module provision switch 1
  module provision switch 2
   chassis-type 70 base-mac 88F0.3104.0058
   slot 1 slot-type 401 base-mac 88F0.3104.0058
  end

• 4500 IOS-XE: Crash on ACL configuration

  Hi All ,
  We have recently migrated from standalone to VSS on our C4500 switches with Sup 7-E.
  but the switch crashes every time we edit or modify the ACL with below error message :
  %SYS-3-BADBLOCK: Bad block pointer 
  %SYS-6-MTRACE: mallocfree: addr, pc
  %SYS-6-BLKINFO: Corrupted next pointer blk
  %SYS-6-MEMDUMP: 0x7E043FF8
  We noticed that there is a new bug for this issue i.e
  CSCun33897 Symptom:
  A Catalyst 4500 series switch running IOS-XE may unexpectedly reboot when ACL configuration is applied to an interface.
  but there is no fix available yet.
  Please let me know if anyone had this kind of issue. Appreciate your suggestion and feedback on this issue .
  Current used Image : cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin .
  Thanks in advance .

  its seems to be closely matching to the bug you mentioned
  If you upload crashinfo i can look it and try to confirm.
  Regards
  Naveen
  ***rate if it is helpful***

• Cisco Catalyst 4507R+E with WS-X4748 blade, ports not working

  I have a Cisco Catalyst 4507R+E  (with Sup7-E) and two blades; one WS-X4748-RJ45V+E and one WS-X4648-RJ45-E.
  When I connect a device to a port on the WS-X4748-RJ45V+E blade the port will not come up, show interface shows the status as "notconnect". When I connect the same device to the WS-X4648-RJ45-E blade the interface comes up.
  The WS-X4748-RJ45V+E blade seems to have initialised okay, it appears in the output of "show module" as OK.
  I get exactly the same effect on a second, identically configured Catalyst 4507R+E.
  The software version is IOS XE 3.1.0SG, which according to the release notes supports the WS-X4748-RJ45V+E blade. Has anybody else seen anything like this?

  I have 2 Core switches, single SUP on each.
  Line cards #1 and #2 randomly stop forwarding packets, only solution is to reload the switch ( hw-module reset does not work ). I have cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin and the sympton looks the same as the described one,
  although the code is newer than 3.2.2SG.
  Now we are downgrading to cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin to check if that solves the issue,
  otherwise we´ll try removing/re-inserting the modules, and if issue persists, most probably RMA the Core1.
  We´ve sent a show tech to Cisco support while the issue was happening.
  Current modules on the Core switches.
  Mod Ports Card Type                              Model              Serial No.
  ---+-----+--------------------------------------+------------------+-----------
  1    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1627L48B
  2    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1629L0ZY
  3     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1629L1PD
  5    12  1000BaseX (SFP)                        WS-X4612-SFP-E     JAE163007EO
  M MAC addresses                    Hw  Fw           Sw               Status
  --+--------------------------------+---+------------+----------------+---------
  1 30f7.0d57.80c0 to 30f7.0d57.80ef 1.1                               Ok      
  2 30f7.0dac.fd40 to 30f7.0dac.fd6f 1.1                               Ok      
  3 30f7.0dca.6c00 to 30f7.0dca.6c03 2.1 15.0(1r)SG10 03.05.00.E       Ok      
  5 a493.4c44.13e8 to a493.4c44.13f3 1.1                               Ok      
  Mod  Redundancy role     Operating mode      Redundancy status
  ----+-------------------+-------------------+----------------------------------
  3   Active Supervisor   SSO                 Active                           

• CSCun15879 - CAT4K MAB not triggered when "authentication control-direction in"

  Dear all,
  We try to get WOL working in combination with MAB authentication and we think the implementation of "authentication control-direction in" is broken on the Cat4k5 platform and is working on the Cat3850.
  We run exact the same config on a Cat3850 and "authentication control-direction in" and MAB+WOL works fine.
  My question: Can other users confirm this BUG?
  So "authentication control-direction in" breaks MAB on:
  Chassis Type : WS-C4507R+E
  Power consumed by backplane : 40 Watts
  Mod Ports Card Type                              Model              Serial No.
  ---+-----+--------------------------------------+------------------+-----------
   1    48  10/100/1000BaseT Premium POE E Series  WS-X4648-RJ45V+E   JAE18280xx
   2    48  10/100/1000BaseT Premium POE E Series  WS-X4648-RJ45V+E   JAE18280xx
   3     6  Sup 7L-E 10GE (SFP+), 1000BaseX (SFP)  WS-X45-SUP7L-E     CAT1827Lxx
   5    48  10/100/1000BaseT Premium POE E Series  WS-X4648-RJ45V+E   JAE18270xx
   6    48  10/100/1000BaseT Premium POE E Series  WS-X4648-RJ45V+E   JAE18270xx
   7    48  10/100/1000BaseT Premium POE E Series  WS-X4648-RJ45V+E   JAE18280xx
  Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.05.03.E RELEASE SOFTWARE (fc1)
  cat4500e-universalk9.SPA.03.05.03.E.152-1.E3.bin
  And "authentication control-direction in" and MAB works fine on:
  Switch  Ports    Model                Serial No.   MAC address     Hw Ver.       Sw Ver.
   1       56     WS-C3850-48P          FCWxxxx  ccd8.c130.aaaa  M0            03.03.03SE
  Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.03.03SE RELEASE SOFTWARE (fc2)
  cat3k_caa-universalk9.SPA.03.03.03.SE.150-1.EZ3.bin
  Kind regards,
  Paul Boot.
  Reinier de Graaf Hospital,
  The Netherlands.

  Hello Kashish-
  Can you:
  1. Post the full switchport config
  2. Make and model of the switch
  3. Version of code running on the switch