3com and cisco switches (802.1q)vlan integration problem - broadcast storm?

Similar Messages

• 3COM and cisco link Fiber

  Hi
  I am using a 3COM and cisco switch. I have a GBIC GLC-SX-MM on one side and a 3com SFP Transeciver on the other side)
  My machines on each side canot ping. 
  On the same side its ok.
  I htought there was little or no config in cases like this?
  I have never worked with 3com nor fibre. any help wouldbe great!
  Sinead

  GBIC GLC-SX-MM on CISCO 
  3com has SFP Transeciver 1000base - SX

• Remote span between Extreme and Cisco switches

  Hello,
  I need to configure remote span between Extreme Networks X460-24p and Cisco Cataylst 2960X switches. 2 IP phones are connected to ports 15 and 17 on Extreme switch, and should be monitored to port 1/0/47 on Cisco switch. Extreme and Cisco switches are interconnected with trunk (port 28 on Extreme with port 1/0/51 on Cisco).
  I configured the following:
  On Extreme switch:
  configure mirror mode enhanced
  enable mirroring to port 28 remote-tag 1000
  configure mirroring add port 17 ingress-and-egress
  configure mirroring add port 15 ingress-and-egress
  On Cisco switch:
  vlan 1000
   name RemoteSPAN
   remote-span
  monitor session 1 destination interface Gi1/0/47
  monitor session 1 source remote vlan 1000
  But this is not working :(
  Does enyone have experience with this? I really need help to make this work.
  Thanks.

  OK, this configuration is actually working :)

• NAP- Settings required on Cisco switches- 802.1X

  Hi All,
  We have to provide access control for users using NAP and Cisco 2960s switches.
  The request is to have only domain users authenticate to the operations vlan, non domain users will be assigned to a guest network.
  What would be the configs on the switch to allow this config to work? What will force the switch port to assign to the operations vlan when authenticated to the domain?
  Thanks much

  Hi,
  I suppsoe you are using ACS 4.x version.
  you need to config dot1x under the switchport. use the default VLAN as the guest VLAN.
  You need to configure the ACS to allow access to domain users only (by forcing MACHINE authentication with PEAP for example).
  In the NAP, you need to match the NAP selection on the NAS-IP-Address of the switch so that this NAP is only selected if this switch sends the request.
  Now, inside the NAP you have to allow only PEAP-MSCHAPv2. (you already forced machine authenticaiton with PEAP from under external DB config already as per earlier step).
  When auth works, from under the user/or group, send the attributes to assign a specific VLAN to the user.
  Otherwise, if the user auth is not successful it will be put in the default vlan which is the guest vlan.
  with ACS 5.x version, doing this is more flexible.
  HTH
  Amjad
  Rating useful replies is more useful than saying "Thank you"

• ARD and Cisco switches (multicast storm issue)?

  We had Cisco bring in an engineer to look into our problem where ARD stalls/fails to push packages or pull reports (etc.). We never have a problem remotely controlling computers.
  They told us "Multicast" needs to be on at every switch that has Macs connected. In one environment all Macs are on the 10.100.9.xx subnet, and Macs are at different locations. All the switches these dot-9 subnet Macs are connected to need "Multicast" turned on.
  I've read numerous threads regarding how Macs drift in and out and ARD is not able to do what it's advertised to do. Has anyone run into this issue where Cisco switch configuration caused ARD to not perform properly?
  I will summarize once Cisco resolves the issue. They're due in for another test or two before we can make the necessary switch adjustments.
  Thanks,
  Don

  I have 3COM switches and they appear to be performing as your CISCOs are. I have computers drift in and out all day as well as my task server not responding to input at all. When trying to browse the LAN for computers, I don't receive any information regarding my computers, or I only get 5 out of 2100. I will talk with my Network Administrator and find out if Multicast is turned on. I have sent Apple 300 crash reports over the past 3 months, but have not received any word on a fix for ARD issues.

• Cisco Transparent firewall and cisco switch issues.

  Dears,
  I have a very plain scenario
   LAN cisco switch <2 vlans>  ----------> cisco transparent firwall with bvi interface ------------>  crypto box ---------> cisco router ------ <remote/other site>
  i have vlan 61 configured on bvi interface of firewall, crypto box and also on the switch port and vlan of 61 is up up .
  The issue is i can connect remotely to cisco transparent firewall but cannot ping or connect to cisco switch. ???????????
  Need to know some trobuleshooting tips and basic settings that i need to verify. I simply want lan switch with 2 vlans to pass through the cisco transparent firewall and go to other site/remote site.

  Well,
  i have put the inspection icmp turned on for the sessions , and the version i am using is 9.1 
  moreover, i have put u p the ACLs for inbound and outboudn traffic, and while i ping across the firewall from the inside interface towards outside interface PC, i can see packet counts increasing on the acl , during the show access-llist command.
  i have requested the client to verify his part. do let me know further tips if you have any.
  [ moreover we cannot try to use packet-tracer from cli in transparent mode ]

• How to get info over snmp on cisco switch whether native vlan on a port is tagged or not?

  Hi!
  I want to know which oid(s) should I query to know whether native vlan on trunk port on cisco switch is tagged or not?
  I am querying the oid .1.3.6.1.4.1.9.9.46.1.6.3.0 (vlanTrunkPortsDot1qTag) on cisco 3560 (E Series) and I am getting global value. Also, this OID is showing as deprecated. So I query .1.3.6.1.4.1.9.9.246.1.6 (cltcDot1qAllTagged) and its subtree, but no value is returned.
  Switch Version is
  Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(50)SE2

  Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
  Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
  That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
  HTH,
  Steve

• Windows 7 LLDP and Cisco Switches

  Does Windows 7 support IEEE LLDP (not to be confused with MS LLTP). We have LLDP enabled on are Cisco Switches and want to be able to see are what ports the Windows 7 devices are connected to. Using the Cisco Show LLDP neighbors.

  Hi,
  I suggest you refer to the following article in MSDN blog:
  Link Layer Topology Discovery Protocol Specification
  http://msdn.microsoft.com/en-us/library/windows/hardware/gg463061.aspx
  Thanks,
  Vincent Wang
  TechNet Community Support

• NPS Discarding RADIUS request from Cisco switch (802.1x)

  Last few weeks I've been busy to get the following to work:
  - Cisco 2960 switch as the suppliant
  - Another Cisco 2960 as the authenticator switch
  - The supplicant is only able to send MS-EAP MS-ChapV2 requests
  - The NPS server is Windows 2008 R2 (and also tested on 2012 R2)
  This is called "NEAT" by Cisco; which does seem to work with Cisco ISE (http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116681-config-neat-cise-00.html)
  but I'd like to get it to work with Windows NPS.
  Within NPS I've setup the following Connection Request policy:
  - NAS Port Type: Ethernet
  I'm using the following Network Policy:
  - User Group: DOMAIN\Switches (the useraccount used by the switch is part of this group)
  - NAS Port Type: Ethernet
  - Autehntcation Type: EAP
  Now the request sent by the switch is discarded. The actual error is the following (excluded irrelevant information):
  User:
  Account Name: Rotterdam-Switch-8-1
  Account Domain: DOMAIN
  Authentication Details:
  Connection Request Policy Name: Secure Wired Connections
  Network Policy Name: Switches Allowed
  Authentication Provider: Windows
  Authentication Server: SERVER.DOMAIN.local
  Authentication Type: EAP
  EAP Type: -
  Account Session Identifier: -
  Reason Code: 1
  Reason: An internal error occurred. Check the system event log for additional information.
  Wireshark on the NPS server shows:
  1. The RADIUS Access-Request (1) being received by the NPS Server
  2. The NPS Server sending out a RADIUS Access-Challenge (11) to the authenticator switch
  3. Another RADIUS Access-Request (1) is beging received by the NPS Server
  Packet 2 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 1 (Challange)
  Packet 3 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 2 (Response)
  I've also tried the following:
  - I've also tested with an invalid username/password. The request is correctly denied
  - I've also tested by added ALL EAP Types as condition to the Network Policy. The request isn't pickup by this policy anymore.
  Any help would be greatly appriciated ofcourse.
  Kind regards,
  Peter

  It only took like.. uhm.. forever.. but there's an answer which is "OK ish..".
  Cisco 2960 switches support EAP-MSCHAP; but it seems that NPS only supports EAP-MSCHAP for VPN Connections and not for Wired/Wirelss authentication. Something to do with inner and outer methods and NPS requireing PEAP as an outer method for Wired/Wirelss
  authentication.
  End result is that both the Cisco switches and NPS do support EAP-MD5. Though it's definitly not as secure (at all), it's definitly a step in the right direction and it's something that we'll be implementing.
  Now it seems that NPS doesn't support EAP-MD5 (which is supposidly depricated), it's possible to re-enable it. Using the following articles.
  http://support.microsoft.com/kb/922574/en-us
  Microsft mentioned me that "Though this article says it applies to Windows Vista only, it does apply to Server 2008R2 as well. Also I would suggest you the following link:
  http://support.microsoft.com/kb/981190"
  Please note that you'll have to enable 'Store password using reversible encryption’  on the accounts that will be used for NEAT authentication.
  All though I would have hoped EAP-MSCHAPv2 would work, I feel I do need to clarify that I understand Microsoft's point of view on this as well. They feel EAP methods without PEAP are simply not safe; which is understandable, espcially for EAP-MD5 which
  could be sniffer using a hub/repeater/etc.
  Kind regards,
  Peter

• Configuration Cisco switch 802.1x for ISE

  Hi dears,
  I configurated EAP_FAST authentication on Cisco ISE  from Cisco Video material. Now I need full 802.1X configuration in cisco switch  guide or video link.
  Please provide this.
  Thanks.

  See this link:
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_sw_cnfg.html

• Converged 10gig server adapters and Cisco switches

  I have little network with 4 vsphere servers connected to clustered 3750x with 4*1Gig NICs per server.
  Servers are connected to central storage with two 8Gbps FC links per server. I don’t have FO switches cause central storage is equipped with 4 FO ports per controller.
  I want to upgrade servers and central storage. Servers will have two converged 10gig (HP FlexFabric) and 4*1 Gig interfaces
  I need to upgrade 3750x switches with new one with 10 gig interfaces.
  I am looking for two new Cisco switches that can handle converged traffic from server 10gig interfaces (iSCSI, FCoE).
  Nice feature will be if it is possible to connect existing FC storage to the new switches.
  Kind regards,
  Vice Lacmanovic

  Hello, vlacmanov. 
  I recommend at least the Nexus 5000 to support iSCSI and FCoE over your 10GE interface. (http://cs.co/9001SoyL) Do you already have any existing Cisco Nexus on your network?
  Let me know if you have additional concerns or e-mail ([email protected]) me directly. Kind regards. 

• Cisco switch 300 configure vlan and ports

  Hi i need help
  i cant see the vlan on port vlan membership
  i did create the vlan and i did configure the port the access
  but when i try to port vlan membership to tell which port to wich vlan i cant see the vlan i have created in the list
  thanks to help

  Hi,
  This forum is focusing on the issues related Windows Server.
  To get better help, please post your question on the forum of cisco.
  Here is the address,
  https://supportforums.cisco.com/
  Best Regards.
  Steven Lee
  TechNet Community Support

• Have airport snow (duel) and have switched from DSL to Cable , problems .

  Hi all my problem is that since the switch I now use a Moto surfboard 5101 and the activity light just stays blinking both on the snow and on the modem . If I turn the airport off the activity light on the modem stops , plug in the airport and it starts blinking . I can get on the net but this bothers me as it didn't do this when I had DSL with a westell modem . I have uploaded the default software to the airport and that did nothing . There are no other computers using or even turned on . The laptop is turned off and still the activity lights on both are blinking like crazy . Also there is no one leaching my wifi , this all started when I installed the cable modem . Has anyone had this experience ?

  It's always a good idea to do a complete power-recycle of all of your network components when making changes.
  Try the following, in order, checking for Internet access after each step, or until resolved:
  1. If the modem has a reset switch, use it to reset the modem. Wait at least 5-10 minutes for the modem to initialize.
  2. Remove power from the modem. If it has a backup battery, remove this as well. Wait 5-10 minutes. Replace the battery, and add power back to the modem.
  3. Perform a complete power recycle of your network components as follows:
  Modem/Router Power Recycling - Quick
  o Power-off the modem, AirPort Base Station (ABS), & computer(s); Wait at least 5 minutes.
  o Power-on the modem; Wait at least 5 minutes.
  o Power-on the ABS; Wait at least 5 minutes.
  o Power-on the computer(s)
  If this fails to get the modem to "recognize" the Internet router, then try the "Full" version.
  Modem/Router Power ReCycling - Full
  o Power-off the modem, ABS, & computer(s). (Wait at least 30 minutes. If possible, leave the modem off overnight.)
  o Power-on the modem; Wait at least 15 minutes.
  o Power-on the ABS; Wait at least 5 minutes.
  o Power-on the computer(s)
  4. Contact your ISP to have them perform a "modem reset."

• Cisco Switches and HP Interoperability with Spanning-Tree (RSTP)

  Hello All.
  I read a lot of information from this forum about Spaning-Tree interoperability between HP Switches and Cisco Switches.
  Rather than having questions I would like to post that I manage to configure successfully HP and Cisco using RSTP (802.1w).
  SWPADRAO]display stp root
  MSTID  Root Bridge ID        ExtPathCost IntPathCost Root Port
    0    32768.cc3e-5f3a-2939  0           0
  [SWPADRAO]display stp brief
  MSTID      Port                         Role  STP State     Protection
    0        GigabitEthernet1/0/47        DESI  FORWARDING    NONE
    0        GigabitEthernet1/0/48        DESI  FORWARDING    NONE
  [SWPADRAO]display stp instance 0
  -------[CIST Global Info][Mode RSTP]-------
  CIST Bridge         :32768.cc3e-5f3a-2939
  Bridge Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
  CIST Root/ERPC      :32768.cc3e-5f3a-2939 / 0
  CIST RegRoot/IRPC   :32768.cc3e-5f3a-2939 / 0
  CIST RootPortId     :0.0
  BPDU-Protection     :enabled
  Bridge Config-
  Digest-Snooping     :disabled
  TC or TCN received  :17
  Time since last TC  :0 days 0h:1m:52s
  SWNHAM17#show spanning-tree VLAN0001
   Spanning tree enabled protocol rstp
   Root ID    Priority    32768
              Address     cc3e.5f3a.2939
              Cost        4
              Port        26 (GigabitEthernet0/2)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
              Address     001b.54db.7200
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
              Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Altn BLK 4         128.25   P2p
  Gi0/2            Root FWD 4         128.26   P2p
  SWNHAM18#show spanning-tree VLAN0001
   Spanning tree enabled protocol rstp
   Root ID    Priority    32768
              Address     cc3e.5f3a.2939
              Cost        4
              Port        26 (GigabitEthernet0/2)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
              Address     001b.0cbc.4300
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
              Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Desg FWD 4         128.25   P2p
  Gi0/2            Root FWD 4         128.26   P2p

  Hello, David.
  Your command doesn't work because it's made only for tha ports that has command "spanning-tree portfast" in them. Try change spanning tree mode at the HP switch to MSTP if this is possible.

• Cisco and Huawei switch compatibility

  Hi all. In our company we are going to implement VoIP in our regional offices were all the networking equipment is Cisco. We were thinking of using Huawei 8 port PoE switches to which we would connect our Cisco phones and then connect the Huawei switch to the Cisco switch using a trunk.
  I was wondering if anyone has experience connecting Cisco and Huawei switches? Are there known problems interconnecting these switches and what should I pay attention to on the Cisco side of things?
  We mostly deal with Cisco equipment in our company so connecting/configuring Huawei switches is something new for us.
  Thanks in advance for any help.

  Hi Igor,
  As Glen indicated , the main problem is spanning tree. Huawei switches use mstp where cisco has pvst by default.
  The other problem is qos on switch ports for IP Phones. Cisco Switches automatically discover and configure some settings for IP Phones but Huawei will not do any of these by default.
  If you are planning to use some L3 configuration on Huawei switches be sure that their administrative distances differ from Cisco.For example , static routes have admin distance of 60 :) Also routing protocols have different admin distances as well.
  There are many differences on MPLS functions as well , but I guess they are all out of your scope.
  Please let me know if you need further information.
  Hope to help,
  Kerem