3850 vs 3560 !?

hi all
I want to see the full comparison between these to catalyst products
3850 vs 3560
I heard there is cisco comparison tool to do that,
could you please tell me how !?
thanks,

Hi,
Here is a comparison chart :
http://www.cisco.com/c/dam/en/us/products/collateral/switches/catalyst-3650-series-switches/feature-comparison-c83-731054.pdf
HTH

Similar Messages

Cisco 3560 & 3850 SW

Hy,
Please help with the following config:
Site A
SW 3850 ip routing
vlan1 (data) 10.35.247.248/24
vlan20 (voice) 10.35.249.248/24
vlan30 (thin clients) 10.35.248.248/24
vlan60 10.35.246.248
vlan80 video
int gi1/0/47 + gi1/0/48 HSRP GW ip route 0.0.0.0 0.0.0.0 10.35.247.254 (main route wan)
int gi1/0/46 layer 2 VPN to SITE B SW 3560X
int gi1/0/45 layer 3 VPN to SITE B SW 3560X via 10.35.247.250
Site B
SW 3560X ip routing vlan1 10.35.243.248/24
nt gi0/23 + gi1/0/24 HSRP GW ip route 0.0.0.0 0.0.0.0 10.35.243.254 (main route wan)
int gi0/22 layer 2 VPN to SITE A SW 3850
int gi0/21 layer 3 VPN to SITE A SW 3850 via 10.35.243.250
Questions:
What is the best config for the equipments above to:
- HSRP on SITE A is used as default gw for SITE B also if the from there fails?
- HSRP on SITE B is used as default gw for SITE A also if the from there fails?
- for layer 2 direct connect what is the best config (trunk ports, vlan clone etc..)?
- the main purpose for 2 VPN lines is redundancy for connection A-B sites. Should we only use one type of layer? (traffic between A-B will be voice (server is on site A backup will be on B), backup for servers (each site will have a DNS & a DC for the same domain), RDS traffic (terminal servers farm members on both sites)
Thank you for your time,

Forgot to add the question for OSPF config !?.
Thank you,

2960x vs 3850

Hi,
I am deciding which switch to by to replace some of our old switches. Looking for some direct comparison between 2960x and the new 3850 (In exception of the Wireless controller and stack power).
looking for one to one comparison on PoE, performance, security, ios features, etc. the switches will be used for Layer access. no need for advanced routing.
Any idea of price different in percentage?
Need to use this for user access layer that connects directly to 6500 which is also planned to upgraded soon for 10G uplinks.
Regards,

I think 3850 should compare with 3750X series. 3650 is the other series of switches if you are looking for similar to 3560/2960 as it is cheaper than 3850.
Technically I would prefer 3650 even if you are not using WLC functionality today (it gives flexibility where you can use them in future). Here is the 3650 switch information
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3650-series-switches/qa_c67-729531.pdf
Here is the 3850 series switch information
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/qa_c67-722110.html
Pricing information you could check with your Cisco AM (I know there is no price differce between 3850 compare to 3750x, hope it is the case with 3650 & 3560x)
HTH
Rasika
*** Pls rate all useful responses ****

Up-link 2 x 3750 Stack to 4 x 3850 stack

All -
Sorry is this is a rather simple question but I’ve never worked with Stack switches before? I have a remote office that has 3 floors. On one floor we have a 2 3750s in a stack. On another we have a single 3560 and I’m going to be installing a new 3850 stack – the new stack will have 4 x 3850’s...
My question is how should I uplink the other switches to the new stack? In the new stack I have a master a slave and two member switches. Should I create a port channel from the 3750’s and use all available links and spread them across all switches in the new stack, and then do the same with the single switch on the other floor? Or should I create two port-channels from the 3750 and the 3560 to the new 3850 stack?
My thought is that if I create a single port channel form each switch to the new stack I would be basically be removing spanning tree from the environment and basically daisy chaining the switches? Is this a valid solution? Also does the stack act like a chassis where the control plan would be on the master – if so can I spread a interfaces in a port channel across all members in the stack?
Thanks in advance
Mike

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
To take advantage of fewest (logical) devices and redundancy, run a dual Etherchannel from your new 3850 to the 3750 stack and the 3650. On both the 3850 and 3750 stacks, insure the same Etherchannel links are on different stack members.
Logically, you would no longer need STP, but keep in running in case anyone accidentally creates a L2 loop.
As to what stack members to terminate uplinks/downlinks on, on 3750s, Cisco recommends avoiding the stack master (not possible on your dual 3750 stack). I don't know what Cisco's recommendations, if any, is for 3850 stacks.
Yes, stacks "appear" much like chassis devices, i.e. stack member ports "appear" like chassis line cards ports.

Catalyst 3850 QoS police

Hello,
Here is the config for Catalyst 3560 found under the link below.
I would like to do same setting on Catalyst 3850.
http://itknowledgeexchange.techtarget.com/network-engineering-journey/how-to-configure-per-vlan-qos-in-cisco-3550-and-3560/
mls qos
interface fa0/2
mls qos vlan-based
class-map INT
match input-interface fa0/2
policy-map NESTED_POLICE
class INT
policy 12800 1600 exceed-action drop
class-map HTTP
match protocol http
policy-map PARENT_MARK
class HTTP
set dscp af11
service-policy NESTED_POLICE
interface vlan 10
service-policy input PARENT_MARK
But commands like "mls qos", "mls qos vlan-based" and "match input-interface " doesn't work on 3850.
There is no helpful Cisco manual for it.
Could anyone help me?
Thanks in advance,
Taro

Hello Paul,
Thank you for the attention.
Here is the information.
#sh ver
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.01.SE RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 20-Mar-13 17:10 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
SW01 uptime is 21 weeks, 6 days, 14 hours, 27 minutes
Uptime for this control processor is 21 weeks, 6 days, 14 hours, 30 minutes
System returned to ROM by reload at 22:27:58 JST Wed Jan 8 2014
System restarted at 22:27:52 JST Wed Jan 8 2014
System image file is "flash:packages.conf"
Last reload reason: Reload command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipservices
License Type: Permanent
Next reload license Level: Ipservices
cisco WS-C3850-24T (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FOC1717V01B
24 Virtual Ethernet interfaces
56 Gigabit Ethernet interfaces
8 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
250456K bytes of Crash Files at crashinfo-2:.
1609272K bytes of Flash at flash:.
1609272K bytes of Flash at flash-2:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of Dummy USB Flash at usbflash0-2:.
0K bytes of at webui:.
Base Ethernet MAC Address          : 44:ad:d9:6d:4e:00
Motherboard Assembly Number        : 73-12238-06
Motherboard Serial Number          : FOC17163HB8
Model Revision Number              : B0
Motherboard Revision Number        : D0
Model Number                       : WS-C3850-24T
System Serial Number               : FOC1717V01B
Switch Ports Model              SW Version        SW Image              Mode
     1 32    WS-C3850-24T       03.02.01.SE       cat3k_caa-universalk9 INSTALL
     2 32    WS-C3850-24T       03.02.01.SE       cat3k_caa-universalk9 INSTALL
Switch 02
Switch uptime                      : 21 weeks, 6 days, 14 hours, 31 minutes
Base Ethernet MAC Address          : 20:bb:c0:01:86:80
Motherboard Assembly Number        : 73-12238-06
Motherboard Serial Number          : FOC17163HCM
Model Revision Number              : B0
Motherboard Revision Number        : D0
Model Number                       : WS-C3850-24T
System Serial Number               : FOC1717V01K
Configuration register is 0x102
SW01#sh sdm prefer
Showing SDM Template Info
This is the Advanced template.
Number of VLANs:                                 4094
Unicast MAC addresses:                           32768
Overflow Unicast MAC addresses:                  512
IGMP and Multicast groups:                       8192
Overflow IGMP and Multicast groups:              512
Directly connected routes:                       32768
Indirect routes:                                 8192
Security Access Control Entries:                 3072
QoS Access Control Entries:                      2816
Policy Based Routing ACEs:                       1024
Netflow ACEs:                                    1024
Input Microflow policer ACEs:                    256
Output Microflow policer ACEs:                   256
Flow SPAN ACEs:                                  256
Tunnels:                                         256
Control Plane Entries:                           512
Input Netflow flows:                             8192
Output Netflow flows:                            16384
These numbers are typical for L2 and IPv4 features.
Some features such as IPv6, use up double the entry size;
so only half as many entries can be created.

Can cisco 3560 switch act as wireless controlrer

wireless issue

Not 3560, but 3650 can do that
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3650-series-switches/data_sheet_c78-729449.html
If you have 3650 model & having some issue, then refer below post that may help you. Even though it refer 3850 configuration should be very similar on 3650
http://mrncciew.com/2013/09/29/getting-started-with-3850/
HTH
Rasika
**** Pls rate all useful respones ****

Routing issue 3560

So, with all the changes on my network I seem to have forgotten all the basic information I have learned over time. I have my 3560 as the "core" switch/router running ospf. Everything works fine on the switch itself. But on port G0/21 is my ASA firewall. As I've previously posted the IPs I will do again.
Core switch 3560 - 10.2.0.2
                     G0/21 no switchport ip address 10.3.0.4 -------> ASA 10.3.0.10
From the 3560 I can ping 10.3.0.10 no problem.
I did a extended ping and said to ping from 10.2.0.2 and was not able to ping 10.3.0.10 which is sitting attached to G0/21
Routing entry for 10.3.0.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via eigrp 100, ospf 100
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet0/21
      Route metric is 0, traffic share count is 1
router ospf 100
router-id 10.2.0.2
redistribute connected subnets
redistribute static subnets
network 10.2.0.0 0.0.255.255 area 0
network 10.3.0.0 0.0.0.255 area 0
network 10.4.1.0 0.0.0.255 area 0
network 10.4.2.0 0.0.0.255 area 0
network 10.4.0.0 0.0.255.255 area 0
network 172.18.0.0 0.0.255.255 area 0
network 192.168.1.0 0.0.0.255 area 0
default-information originate
3560_B86_Core#ping 10.3.0.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.0.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
3560_B86_Core#ping
Protocol [ip]:
Target IP address: 10.3.0.10
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.2.0.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.3.0.10, timeout is 2 seconds:
Packet sent with a source address of 10.2.0.2
What am I missing ??? :(
Thanks in advance

This is from the Core switch.
The 10.2.0.2 is not a loopback interface it's the vlan 1 ip address (yes, I know my bad). Working on getting off that vlan. Addresses other than 10.2.0.0/16 are actually on different vlans from a different distribution switch.
Gateway of last resort is 10.3.0.10 to network 0.0.0.0
S*    0.0.0.0/0 [1/0] via 10.3.0.10
      10.0.0.0/8 is variably subnetted, 24 subnets, 4 masks
C        10.2.0.0/16 is directly connected, Vlan1
L        10.2.0.2/32 is directly connected, Vlan1
C        10.3.0.0/24 is directly connected, GigabitEthernet0/21
L        10.3.0.4/32 is directly connected, GigabitEthernet0/21
O        10.3.1.0/24 [110/3] via 10.2.0.3, 00:45:33, Vlan1
O        10.3.2.0/24 [110/3] via 10.2.0.3, 00:45:33, Vlan1
O        10.3.3.0/24 [110/3] via 10.2.0.3, 00:45:33, Vlan1
O        10.3.4.0/24 [110/3] via 10.2.0.3, 00:45:33, Vlan1
O        10.3.6.0/24 [110/2] via 10.2.0.3, 00:45:33, Vlan1
C        10.4.1.0/24 is directly connected, Vlan120
L        10.4.1.1/32 is directly connected, Vlan120
C        10.4.2.0/24 is directly connected, Vlan121
L        10.4.2.1/32 is directly connected, Vlan121
O        10.5.1.4/30 [110/2] via 10.2.0.3, 00:45:33, Vlan1
O        10.5.1.8/30 [110/2] via 10.2.0.3, 00:45:33, Vlan1
D        10.8.0.0/24 [90/3072] via 10.2.0.27, 04:25:52, Vlan1
D        10.8.1.0/24 [90/3072] via 10.2.0.27, 04:25:52, Vlan1
D        10.8.2.0/24 [90/3072] via 10.2.0.3, 04:25:52, Vlan1
D        10.8.3.0/24 [90/3072] via 10.2.0.3, 04:25:52, Vlan1
D        10.8.4.0/24 [90/3072] via 10.2.0.3, 04:25:52, Vlan1
O        10.8.5.0/24 [110/2] via 10.2.0.26, 00:45:33, Vlan1
O IA     10.10.10.0/30 [110/2] via 10.2.0.60, 00:45:33, Vlan1
C        10.25.0.0/24 is directly connected, Vlan550
L        10.25.0.2/32 is directly connected, Vlan550
      172.17.0.0/24 is subnetted, 1 subnets
O E2     172.17.20.0 [110/20] via 10.2.0.60, 00:45:33, Vlan1
      172.18.0.0/24 is subnetted, 1 subnets
O E2     172.18.0.0 [110/20] via 10.2.0.60, 00:45:33, Vlan1

Communication problem between Cisco 3560 and Cisco SG300.

Dear Support,
I have a Cisco SG300 and Cisco 3560 switches.
3560 is my Core Switch and SG300 is access switch.
From 3560 VLAN information is not passed to SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Please suggest how this issue is resolve.
Regards,
JItesh Mahajan.

Dear Aleksandra,
Below Configuration is right or wrong for 3560 and SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan remove VLAN 1
switchport native vlan 1
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Regards,
JItesh Mahajan.

Single 3850(MC) how many AP can control

Hi All now i testing about 3850..
i have some question about 3850
1. how many APs can control in single 3850(MC)
if we buy Single 3850(48port) then can we use all port for AP?
2. build a MC-MA Wireless environment, If MC goes down MA Can still working without MC?(is there kind of NSF?)
3. for example MC has a AP and MA has a AP. then we can see ap only each 3850. how we can management whole APs
Prime infrastructure can see whole APs, is this only way ?. I think this is not good for management Wireless.
4. If MA has over two APs(AP1, AP2), User1 connected AP1, User2 connected AP2.
User1 need to connect with User2(FTP or something) , User1,2 can connect directly? without through of MC
MC-----------------MA
|
AP1 AP2
| |
user1 user2
if you have any answer plz talk to me.
thank you.

A 3850 can support up to 50 directly-connected APs.

3850 PoE issues with AP3600 and AP3700

The switch is more than capable of providing 30 watts of power to the 3600AP yet it negotiates 15.4 watts and then I get errors in prime. Can someone explain how to fix this issue or what is causing the problem? Both radios are enabled so I would expect it to draw about 20 watts. We are seeing the same issues with 3700 series APs on the 3850 series switches. The APs tie back to a controller and not the 3850 switch
Error Message from Prime
Virtual Domain: ROOT-DOMAIN
PI has detected one or more alarms of category AP and severity Critical in Virtual Domain ROOT-DOMAIN for the following items:
1. Message: Access point 'CAZBM-LAPA02' associated with controller 'BRO-5500' draws low power from Ethernet. Failure reason: 'The AP draws 15.4 watts from Ethernet'.
(6 times)
E-mail will be suppressed up to 30 minutes for these alarms.
Switch Info:
Show Version
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.02.SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 14-Jun-13 19:24 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE (P)
BRO-Zone-A-Stack uptime is 18 weeks, 2 days, 23 hours, 56 minutes
Uptime for this control processor is 18 weeks, 2 days, 23 hours, 59 minutes
System returned to ROM by reload
System restarted at 09:42:37 EST Sat Nov 15 2014
System image file is "flash:packages.conf"
Last reload reason: Reload command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Lanbase
License Type: Permanent
Next reload license Level: Lanbase
cisco WS-C3850-48P (MIPS) processor with 4194304K bytes of physical memory.
Motherboard Assembly Number : 73-14442-08
Model Revision Number : L0
Motherboard Revision Number : C0
Model Number : WS-C3850-48P
Switch Ports Model SW Version SW Image Mode
1 56 WS-C3850-48P 03.02.02.SE cat3k_caa-universalk9 INSTALL
Show power inline
Module Available Used Remaining
(Watts) (Watts) (Watts)
1 450.0 15.4 434.6
2 450.0 0.0 450.0
3 450.0 0.0 450.0
4 450.0 120.0 330.0
Interface Admin Oper Power Device Class Max
(Watts)
Gi1/0/1 auto off 0.0 n/a n/a 30.0
Gi1/0/2 auto off 0.0 n/a n/a 30.0
Gi1/0/3 auto off 0.0 n/a n/a 30.0
Gi1/0/4 auto off 0.0 n/a n/a 30.0
Gi1/0/5 auto off 0.0 n/a n/a 30.0
Gi1/0/6 auto off 0.0 n/a n/a 30.0
Gi1/0/7 auto off 0.0 n/a n/a 30.0
Gi1/0/8 auto off 0.0 n/a n/a 30.0
Gi1/0/9 auto off 0.0 n/a n/a 30.0
Gi1/0/10 off off 0.0 n/a n/a 30.0
Gi1/0/11 off off 0.0 n/a n/a 30.0
Gi1/0/12 off off 0.0 n/a n/a 30.0
Gi1/0/13 auto off 0.0 n/a n/a 30.0
Gi1/0/14 auto on 15.4 AIR-CAP3602I-A-K9 0 30.0
Gi1/0/15 auto off 0.0 n/a n/a 30.0

Duplicate post.
Go HERE.

Converged Access Design Help (Catalyst 3850 and WLC 5508...Mobility Oracle)

Hello,
I am an engineer working with a Cisco Gold Partner in Saudi Arabia. We have a large university as our client where they are constructing a new
building and require our services to build the network infrastructure. Therefore, we are to implement the routing and switching infrastructure as
well as the Wireless solution.
At present, I have no issues in implementing the R&S infrastructure as it is very straight forward but it has implications on the deployment of
the wireless solution which I explain further below. The R&S infrastructure comprises of the typical Core, Distribution, and Access layers and we
are focusing on the local distribution and access switches with regards to the new building. The client has a converged Layer 3 network spanning
from distribution layer to core layer and they are running EIGRP for this convergence. This is not a problem and has already been implemented.
Yet, the challenge arises in deploying the WLAN infrastructure. The client already has a Cisco WLAN infrastructure in place where they have a
large number of LAPs that are registered with their controllers in the Data Center. They have two WLC 5508 where one is the Primary and the other
the Secondary. The local distribution switch to which the WLC are connected also is the gateway for the SVIs for the SSIDs that are configured on
the controllers. This means that once the packets from the AP come in to the WLC, they are tagged with the correct VLAN and sent to the directly
connected distribution switch which then routes it into the rest of the Layer 3 network. Interestingly, the WLC 5508 are running AireOS 7.6 and
support the "New Mobility" feature. The two controllers have formed a Mobility Group (MG) between each other.
Now, the new building will have two Catalyst 3850 switches installed where each one has a total of 40 AP licenses pre-installed and activated
i.e. a total of 80 APs can be supported by the two switches. A total of 67 LAPs will be deployed in the new building which can be accommodated
between the two switches and their integrated controller.
Yet, based on my understanding and research about Converged Access is that, ideally, the Catalyst 3850 will only run the Mobility Agent (MA)
feature while a central controller would provide the Mobility Controller (MC) service. unfortunately, there are not enough licenses on the
existing WLC 5508 nor can we migrate the new licenses that will facilitate such a split deployment.
This means that I would need to configure the two Catalyst 3850 as independent MC and form a MG between them. I have done this and tested this
already and the mobility is working fine. But my concern is not about getting the Catalyst 3850 to work as this is simple but rather it is
focused on creating a common Mobility Domain (MD) so that clients can roam from this new building to the rest of the campus while maintaining the
state of their connections to the WLAN infrastructure.
To make things more complicated, since the new building will have its own Layer 3 distribution switch and the Catalyst 3850 switches will connect
to this distribution switch, it means that new VLANs and SVIs need to be created for the SSIDs broadcast in the new building. This means that new
subnets need to be assigned to the SSIDs.
As such, I have the following questions:
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means
that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG
as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to
the solution as per the next question. Please advise which is a better option?
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can
then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD).
Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Please advise at your earliest. To assist further, I have attached a topology diagram which may aid in explaining the situation with more
clarity. If these things are clarified, I will be better able to wrap my head around the technology and in turn service my clients better.
Regards,
Amir

Hi Amir,
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to the solution as per the next question. Please advise which is a better option?
I would configure them in the same mobility group. Also configure same SPG for those two 3850 stacks if users are frequently roaming within these two buildings.
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD). Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
MO is not required (it is only for very large scale deployments)
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Yes, documents are hard to find :(
These notes may be useful to you based on my experience. I am running IOS-XE 3.6.1 in my production.
http://mrncciew.com/2014/05/06/configuring-new-mobility/
http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
HTH
Rasika
*** Pls rate all useful responses ****

Why no support for 3560 Compact series in CNA?

Is there reason why WS-C3560C-8PC-S and WS-C3560C-12PC-S is not supported in Cisco Network Assistent?
According to the data sheets for these switches CNA should be supported. I saw another forum post stating that the Gigabit versions has been added to the supported list as of version 5.7.
"The Cisco Catalyst 3560-C and 2960-C Series compact switches offer both the traditional Cisco CLI for detailed configuration and Cisco Network Assistant software, a PC-based tool for quick configuration based on preset templates."
Best regards
Markus

Please reference the Release Notes for 5.7. They indicate:
With Network Assistant 5.7, you can:
•Manage these devices:
–Catalyst 3560-C switches (WS-C3560CG-8PC-S,WS-C3560CG-8TC-S, and WS-C3560CPD-8PT-S)
Hard to say why the 12-port model isn't listed. It could be an oversight in the release notes. Have you pointed a CNA 5.7 at one to check?

Error in GUI of Cisco 3850 Switch with Wireless Controller.

Hi,
I have Configured 3850 switch wireless controller. But while accessing the controller through GUI, I faced following errors while configuring it through GUI.
Because its complecated to configure it through CLI.
Attached are the snaps of error faced.
and if I didnt get this error, and able to configure, I can save it because of this error.
Please help me on this issue, so that I can easily configure the controller.
Brgds,
Ninad Thakare

Hi Sandeep,
Here is the configuration which I have did.
ip http server
ip http secure-server
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
wireless mobility controller
wireless management interface Vlan4 ( Voice VLAN )
wlan FG-WiFi 1 FG-WiFi
client vlan 4
ip dhcp server 10.106.72.1
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 testing1234
no security wpa wpa2
no security wpa wpa2 ciphers aes
no wmm
no shutdown
wlan GLOBALACCESSII 2 GLOBALACCESSII
client vlan 4
ip dhcp server 10.106.72.1
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 testing1234
no security wpa wpa2
no security wpa wpa2 ciphers aes
no wmm
no shutdown
ap group default-group
ap group 3850WLC
wlan FG-WiFi
vlan 4
wlan GLOBALACCESSII
vlan 4
end
Brgds,
Ninad Thakare

3850 Stack not displayed correctly in CiscoView 6.1

HI,
our customer installed lms 4.2, updated it to 4.2.5 and applied the Maintenance_Release_4_2_5_01_LNX. Its a fresh installation, so there are no previous data. After a discovery via SNMPv3 the 3850 (stacks with 2 or 3 units) show up in CiscoView but only one unit, the others are missing. When I take a look in the fan status, it displays the fan status of the other stack members, so the stack is recognized, but not displayed...
Installed Packages:
CiscoView version is 6.1.156
Cat3850.cv50.v1-0.zip (installed with the 4.2.5 update)
Anybody got an idea how to fix this?
Thanks!

The reason why the C3850 switch stack is showing as standalone in LMS CiscoView is because
it's returning sysObjectID as standalone.
It should return as 1.3.6.1.4.1.9.1.1745 --cat38xxstack
While, if you poll it for sysObjectID, the Catalyst 3850 stack switches will be returning OID 1.3.6.1.4.1.9.1.1641.
This is an IOS bug "CSCul00003 - Incorrect Sys OID for Cat3850 Stack device".
Unless this bug is fixed, LMS will not be able to show it as stack device.
You can try to check if you can manually change the device identity to cat38xxstack from Inventory > add/edit device > edit identity.
Else we need to wait for the fix of this bug.
-Thanks
Vinod

[Cisco ISE 1.2 with 3850 - Trunk AP] Problem with MAB

Hi everyone,
After reading some documentation about using MAB in a trunk port with the 3850 I would like to know if someone has implemented ISE policies with a 3850 interface in trunk mode. My problem is that when I try using MAB in a trunk port the mac address of the AP it´s no visible in the "show mac address interface" and because of that the AP is not authenticated in ISE. The thing is that if I use a 2960 everything goes smoothly with no problems!
Let me show you what I have,
interface GigabitEthernet1/0/3
description AP
switchport trunk native vlan 999
switchport mode trunk
trust device cisco-phone
authentication event fail action next-method
authentication host-mode multi-host
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x max-req 4
auto qos voip cisco-phone
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
############################################# switch model - 3850 ##################################################
SW1#sh mac address-table interface GigabitEthernet1/0/3
          Mac Address Table
Vlan    Mac Address       Type        Ports
SW1#sh dot1x interface Gi1/0/3
Dot1x Info for GigabitEthernet1/0/3
PAE                       = AUTHENTICATOR
QuietPeriod               = 60
ServerTimeout             = 0
SuppTimeout               = 30
ReAuthMax                 = 2
MaxReq                    = 4
TxPeriod                  = 30
Switch Ports Model              SW Version        SW Image              Mode
*    1 56    WS-C3850-48P       03.03.03SE        cat3k_caa-universalk9 INSTALL
############################################# Different switch model - 2960 ##################################################
interface GigabitEthernet1/0/1
description AP
switchport trunk native vlan 999
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication event fail action next-method
authentication host-mode multi-host
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x max-req 4
auto qos voip cisco-phone
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
SW1#$cation sessions interface GigabitEthernet1/0/1
            Interface: GigabitEthernet1/0/1
          MAC Address: xxxx.xxxx.4a38
           IP Address: 172.18.1.170
            User-Name: xx-xx-xx-xx-4A-38
               Status: Authz Success
               Domain: DATA
       Oper host mode: multi-host
     Oper control dir: both
        Authorized By: Authentication Server
          Vlan Policy: N/A
      Session timeout: N/A
         Idle timeout: N/A
    Common Session ID: 0A18129D000060E39DAE8A8A
      Acct Session ID: 0x0000725D
               Handle: 0x0F00028C
Runnable methods list:
       Method   State
       mab      Authc Success
       Switch Ports Model              SW Version            SW Image
     1 28    WS-C2960X-24PS-L   15.0(2)EX5            C2960X-UNIVERSALK9-M
SW2#sh dot1x interface Gi1/0/1
Dot1x Info for GigabitEthernet1/0/1
PAE                       = AUTHENTICATOR
QuietPeriod               = 60
ServerTimeout             = 0
SuppTimeout               = 30
ReAuthMax                 = 2
MaxReq                    = 4
TxPeriod                  = 30
Am I doing something wrong?
BR,

I know what you mean and I agree with what you are saying :) Nonetheless, at the moment, the official stance from Cisco on this is that 802.1x is not supported on trunk ports. Now one can argue that MAB is different but I think we are just splitting hairs here :)
Like I said, I have gotten stuff to work before but always had some goofy things happening so in general I have stayed away from doing it.
Now in your situation, if your configuration is working fine on the 2960 but not on the 3850, then most likely the issue is with the XE code running on the 3850s. The XE code has been very problematic until recently so you are probably hitting some sort of a defect. As a result, I recommend that you upgrade the switch(es) to 3.3.5 or 3.6.1. Version 3.7.x is also out but it just came out 8 days ago so I would not recommend going to it.
Thank you for rating helpful posts!

3850 vs 3560 !?

Similar Messages

Maybe you are looking for