4500X VSS Trunking issue
Hi,
I am having an issue that the VSS is different for each switch and the trunking is not working, is there anyway to configure the trunking on the VSL port without breaking the VSS? I have set the trunking on both switches but somehow after the VSS connection is up the trunking is removed on the switch 2. The following are the snippet of the VSS configuration:
Switch 1:
interface Port-channel1
description *** VSS Port-Channel 1 ***
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
interface TenGigabitEthernet1/2/8
description *** VSS Links ***
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 1 mode on
service-policy output VSL-Queuing-Policy
Switch 2:
interface Port-channel2
switchport
switch virtual link 2
interface TenGigabitEthernet2/2/8
no lldp transmit
no lldp receive
no cdp enable
channel-group 2 mode on
service-policy output VSL-Queuing-Policy
Now I only have limited command on the Port-Channel 2:
SWITCH01(config)#int po2
SWITCH01(config-if)#?
virtual link interface commands (restricted):
default Set a command to its defaults
description Interface specific description
exit Exit from virtual link interface configuration mode
load-interval Specify interval for load calculation for an interface
logging Configure logging for interface
no Negate a command or set its defaults
service-policy Configure CPL Service Policy
shutdown Shutdown the selected interface
switch Configure switch link
Thanks in advance for any helpful comment.
Hi,
You don't need to configure the VSL link as trunk:
just follow this config example:
Switch-1(config)# interface port-channel 10
Switch-1(config-if)# switch virtual link 1
Switch-1(config-if)# no shutdown (If the port is admin shutdown)
Switch-1(config)# interface tenGigabitEthernet 5/1
Switch-1(config-if)# channel-group 10 mode on
Switch-1(config-if)# no shutdown (If the port is admin shutdown)
Switch-2(config)# interface port-channel 25
Switch-2(config-if)# switch virtual link 2
Switch-2(config-if)# no shutdown (If the port is admin shutdown)
Switch-2(config-if)# interface tenGigabitEthernet 5/2
Switch-2(config-if)# channel-group 25 mode on
Switch-2(config-if)# no shutdown (If the port is admin shutdown)
link:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/vss.html#wp1060298
HTH
Similar Messages
-
Cisco 4500X VSS & MEC Cisco 2960X
Hi
I have Cisco 4500x VSS connect to MEC Cisco 2960X using LACP.
I encountered a problem about C2960X
Integration reason
1.C2960X Ten 1/0/2 link flapping interface error-disable . I am disable interface then enable interface , switch show SFP not Present .
Te1/0/2 notconnect 1 full 10G Not Present. (SPF plug-in Correct)
2.use CLI reload C2960X , Ten 1/0/1 ,Ten 1/0/2 notconnect SPF Not Present. (SPF plug-in Correct)
error message :
Dec 18 12:40:25.250: %SYS-5-CONFIG_I: Configured from console by console
Dec 18 12:41:48.888: % ILET-1-AUTHENTICATION_FAIL: This Switch may not have been manufactured by Cisco or with Cisco's authorization. This product may contain software that was copied in violation of Cisco's license terms. If your use of this product is the cause of a support issue, Cisco may deny operation of the product, support under your warranty or under a Cisco technical support program such as Smartnet. Please contact Cisco's Technical Assistance Center for more information.
26F_guest_switch#show license
Index 1 Feature: lanlite
Period left: 0 minute 0 second
Index 2 Feature: lanbase
Period left: Life time
License Type: Permanent
License State: Active, In Use
License Priority: Medium
License Count: Non-Counted
3.C2960X power Cycle ,C2960X operation normal, ,but recurring problems every day.
I do not know where the problem , I have upgrade C2960X IOS but it had same problem.
Cisco 2960X IOS version: 15.2(3)E C2960X-UNIVERSALK9-M
Cisco 4500X IOS version: cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
Thanks for your help,Hi Reza,
Thanks for your help
I can not confirm that because I have a few switch have the same problem.
C2960X 10G port 1 is connected to C4500X slot 1, Port 2 is connected to C4500X Slot2.
link flapping, On the switch port 2.
I need to do a more precise test to confirm the problem is C2960X or 4500VSS -
Prime 2.1 and 4500X-VSS support?
Anyone with a Prime 2.1.2 that successfully archives configurations from a WS-C4500X-16 running VSS?
Error message after Configuration Archive:
No device package found for the specified device.
The software on the 4500X is 03.04.03SG.
Support for 4500X in PI 2.1.2:
Device Type
SYSOIDS
S/W Version
Software
Cisco Catalyst 4500X-16 SFP+ Switch
OID:1.3.6.1.4.1.9.1.1605
IOS
Cisco Catalyst 4500X-32 SFP+ Switch
OID:1.3.6.1.4.1.9.1.1606
IOS
TanksYes, all device packages are installed (including 7.0) and the Pi 2.1.2 patch.
Info from "ifm_config_archive.log" when trying Archive the Configuration:
[2014-12-09 19:58:11,300] [pool-37-thread-5] [service] [ERROR] - Thread Id : [9,460] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching VLAN file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]'
Maybe the Prime don't know where to find the vlan.dat on the 4500X-VSS ?
#dir cat4000_flash:
Directory of cat4000_flash:/
1 -rw- 2236 <no date> vlan.dat
sysObjectID (1.3.6.1.2.1.1.2) is
.iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cat4xxxVirtualSwitch
That is not the expected and supported value "4500X-16" above
Update: Error on fetching running and startup config as well:
[2014-12-09 20:24:21,818] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching RUNNINGCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]
[2014-12-09 20:25:31,882] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching STARTUPCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.] -
Hello
I have (2) Cisco 4500x with a VSS config. I als have a couple cables "SFP-H10GB-CU1M".
I want to make sure I have this physically setup correctly. I have searched but not found anything specific enough.
Please review and advise.Yes, all device packages are installed (including 7.0) and the Pi 2.1.2 patch.
Info from "ifm_config_archive.log" when trying Archive the Configuration:
[2014-12-09 19:58:11,300] [pool-37-thread-5] [service] [ERROR] - Thread Id : [9,460] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching VLAN file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]'
Maybe the Prime don't know where to find the vlan.dat on the 4500X-VSS ?
#dir cat4000_flash:
Directory of cat4000_flash:/
1 -rw- 2236 <no date> vlan.dat
sysObjectID (1.3.6.1.2.1.1.2) is
.iso.org.dod.internet.private.enterprises.cisco.ciscoProducts.cat4xxxVirtualSwitch
That is not the expected and supported value "4500X-16" above
Update: Error on fetching running and startup config as well:
[2014-12-09 20:24:21,818] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching RUNNINGCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.]
[2014-12-09 20:25:31,882] [pool-37-thread-9] [service] [ERROR] - Thread Id : [10,013] : IFM_CONFIG_ARCHIVE_ERROR_DETAILS: [Error in fetching STARTUPCONFIG file] : IFM_CONFIG_ARCHIVE_ERROR: [com.cisco.ifm.config.archive.service.exceptions.XDEFeatureExecutionException: No device package found for the specified device.] -
Issue:
Need some assistance configuring 3 aditional lines on my SRV3000, There are two lines that are working fine but when trying to add 3 new ones, It was unable for them to work. Provider explained that this is a Trunking issue, The three aditional lines state they belong to Trunk 9-DID Any suggestions?
Thanks in advance.Hi Juan,
Do you mean a Linksys One SVR3000?
If so, this is a specialized services router that was designed to only work in the Linksys One environment registered to a Service Node.
I can't offer any help with this device.
Regards,
Patrick -
i configure vss on 4500x ,with one switch is active and the other switch go into recovery mode,with all port except the vsl links in the amber orange,shutdown,
i want to make two switch into active state,some one could help in this.
the configuration which i used is below
itch virtual domain 100
switch 1
exit
switch virtual domain 100
switch 2
exit
interface port-channel 10
switchport
switch virtual link 1
no shut
exit
interface port-channel 20
switchport
switch virtual link 2
no shut
exit
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 10 mode on
int range tengigabitethernet 1/15 - 16
switchport
switchport mode trunk
switchport nonegotiate
no shut
channel-group 20 mode on
switch convert mode virtual
switch convert mode virtuali can share two core switch configuration which is there
please suggest if something which i misconfigured and need to be corrected.
TAKAFUL-CORE-01#show run
Building configuration...
Current configuration : 7510 bytes
! Last configuration change at 01:57:12 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-01
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
username admin privilege 15 password 7 104F0D140C19
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
ip dhcp pool management
network 10.2.20.0 255.255.255.0
default-router 10.2.20.2
option 43 ascii "10.2.20.1"
ip dhcp pool Data
network 10.3.30.0 255.255.255.0
default-router 10.3.30.2
dns-server 4.2.2.2 8.8.8.8
ip dhcp pool Voice
network 10.1.10.0 255.255.255.0
default-router 10.1.10.2
ip dhcp pool wireless
network 10.4.40.0 255.255.255.0
default-router 10.4.40.2
dns-server 4.2.2.2 8.8.8.8
no ip bootp server
ip device tracking
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel10
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 1
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
interface TenGigabitEthernet1/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet1/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet1/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 10 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
shutdown
interface Vlan10
description IP Telephony VLAN
ip address 10.1.10.2 255.255.255.0
no ip redirects
interface Vlan20
description Automation & Management VLAN
ip address 10.2.20.2 255.255.255.0
no ip redirects
interface Vlan30
description Data VLAN
ip address 10.3.30.2 255.255.255.0
no ip redirects
interface Vlan40
description Wireless Users VLAN
ip address 10.4.40.2 255.255.255.0
no ip redirects
ip forward-protocol nd
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
snmp-server community ro RO
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
banner login ^CC
#### Login for authorized Takaful IT Personnel ONLY ####
TAKAFUL
#### Login for authorized Takaful IT Personnel ONLY ####
^C
banner motd ^CC
WARNING, unauthorised access to this network is prohibited.
Authorized access only
This system is the property of Takaful Company.^C
line con 0
privilege level 15
login local
stopbits 1
line vty 0 4
privilege level 15
login local
line vty 5 15
privilege level 15
login local
module provision switch 1
chassis-type 70 base-mac F40F.1B56.31D8
slot 1 slot-type 401 base-mac F40F.1B56.31D8
module provision switch 2
end
TAKAFUL-CORE-01#
TAKAFUL-CORE-02(recovery-mode)#show run
Building configuration...
Current configuration : 5641 bytes
! Last configuration change at 02:05:27 UTC Sun Aug 10 2014
version 15.2
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service compress-config
service sequence-numbers
no service dhcp
hostname TAKAFUL-CORE-02
boot-start-marker
boot system flash bootflash:cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin
boot-end-marker
vrf definition mgmtVrf
address-family ipv4
exit-address-family
address-family ipv6
exit-address-family
no aaa new-model
switch virtual domain 100
switch mode virtual
mac-address use-virtual
no dual-active detection pagp
no ip source-route
ip vrf Liin-vrf
no ip domain-lookup
no ip bootp server
ip device tracking
vtp mode transparent
power redundancy-mode redundant
mac access-list extended VSL-BPDU
permit any 0180.c200.0000 0000.0000.0003
mac access-list extended VSL-CDP
permit any host 0100.0ccc.cccc
mac access-list extended VSL-DOT1x
permit any any 0x888E
mac access-list extended VSL-GARP
permit any host 0180.c200.0020
mac access-list extended VSL-LLDP
permit any host 0180.c200.000e
mac access-list extended VSL-SSTP
permit any host 0100.0ccc.cccd
spanning-tree mode pvst
spanning-tree extend system-id
redundancy
mode sso
vlan internal allocation policy ascending
class-map match-any VSL-MGMT-PACKETS
match access-group name VSL-MGMT
class-map match-any VSL-DATA-PACKETS
match any
class-map match-any VSL-L2-CONTROL-PACKETS
match access-group name VSL-DOT1x
match access-group name VSL-BPDU
match access-group name VSL-CDP
match access-group name VSL-LLDP
match access-group name VSL-SSTP
match access-group name VSL-GARP
class-map match-any VSL-L3-CONTROL-PACKETS
match access-group name VSL-IPV4-ROUTING
match access-group name VSL-BFD
match access-group name VSL-DHCP-CLIENT-TO-SERVER
match access-group name VSL-DHCP-SERVER-TO-CLIENT
match access-group name VSL-DHCP-SERVER-TO-SERVER
match access-group name VSL-IPV6-ROUTING
class-map match-any VSL-MULTIMEDIA-TRAFFIC
match dscp af41
match dscp af42
match dscp af43
match dscp af31
match dscp af32
match dscp af33
match dscp af21
match dscp af22
match dscp af23
class-map match-any VSL-VOICE-VIDEO-TRAFFIC
match dscp ef
match dscp cs4
match dscp cs5
class-map match-any VSL-SIGNALING-NETWORK-MGMT
match dscp cs2
match dscp cs3
match dscp cs6
match dscp cs7
policy-map VSL-Queuing-Policy
class VSL-MGMT-PACKETS
bandwidth percent 5
class VSL-L2-CONTROL-PACKETS
bandwidth percent 5
class VSL-L3-CONTROL-PACKETS
bandwidth percent 5
class VSL-VOICE-VIDEO-TRAFFIC
bandwidth percent 30
class VSL-SIGNALING-NETWORK-MGMT
bandwidth percent 10
class VSL-MULTIMEDIA-TRAFFIC
bandwidth percent 20
class VSL-DATA-PACKETS
bandwidth percent 20
class class-default
bandwidth percent 5
interface Port-channel20
switchport
switchport mode trunk
switchport nonegotiate
switch virtual link 2
interface FastEthernet1
vrf forwarding mgmtVrf
speed auto
duplex auto
interface TenGigabitEthernet2/1/1
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/2
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/3
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/4
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/5
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/6
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/7
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/8
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/9
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/10
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/11
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/12
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/13
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/14
switchport trunk native vlan 20
switchport mode trunk
interface TenGigabitEthernet2/1/15
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface TenGigabitEthernet2/1/16
switchport mode trunk
switchport nonegotiate
no lldp transmit
no lldp receive
no cdp enable
channel-group 20 mode on
service-policy output VSL-Queuing-Policy
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip access-list extended VSL-BFD
permit udp any any eq 3784
ip access-list extended VSL-DHCP-CLIENT-TO-SERVER
permit udp any eq bootpc any eq bootps
ip access-list extended VSL-DHCP-SERVER-TO-CLIENT
permit udp any eq bootps any eq bootpc
ip access-list extended VSL-DHCP-SERVER-TO-SERVER
permit udp any eq bootps any eq bootps
ip access-list extended VSL-IPV4-ROUTING
permit ip any 224.0.0.0 0.0.0.255
ipv6 access-list VSL-IPV6-ROUTING
permit ipv6 any FF02::/124
line con 0
stopbits 1
line vty 0 4
login
length 0
module provision switch 1
module provision switch 2
chassis-type 70 base-mac 88F0.3104.0058
slot 1 slot-type 401 base-mac 88F0.3104.0058
end -
4500X VSS Password Recovery issue
Hello -
I am trying to recover the password for 4500X in VSS following the guide below:
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_tech_note09186a0080c17598.shtml
However the config-register is setting to 0x2141 and the configuration file is not being ignored. I am unable to directly set the config-register (the command errors and says to use confreg command) - when I check the SET variables it is 0x2141 and not 0x2142.
The confreg wizard indicates the configuration file will be ignored; and I have cleared the swnum (had to use clear swnum; it would not let me use the VSS_SWITCH_NUMBER=0 command); however the configuration file is still being loaded and I am unable to reset the password.
Does anyone have any insight or suggestions?
Thanks
JohnIn order to set 0x2142 you need to answer Y to:
change the boot characteristics? y/n
Then select 2 - this changes the config-register to 0x2142
Also, another difference from the guide, as mentioned above, you need to use the clear swnum command as it does not accept the VSS_SWITCH_NUMBER=0 command
Booting into password recover (no configuration) mode now.
Thanks - solved my own question -
Hello Guys,
I am having an issue withVSS ports that I was hopingyou could assist with. I have a pair of 4500x switch, and VSS is completely configured and working properly, however when I uplink both switches using the same port on both to another switch, I cannot pass traffic between them. I have a trunk port setup on both ends, and vlans on both sides, however traffic doesn't cross the trunks. I have tested these same ports as layer 3 routed ports and they work fine. I uplink directly into my laptop with them using a copper GBIC, but when i connect to another cisco switch, traffic does not pass. Could there be a setting im missing to be configrued on the 4500x switches?Hey Jon,
Thanks for the prompt response, I've attached the requested config output below. If you need anything else, just let me know. I am tryin to communciate over VLAN 19.
Cisco Layer 2 Switch
interface FastEthernet0/1
switchport mode trunk
interface FastEthernet0/2
switchport mode trunk
Switch# show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Fa0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1,19-20,200
Fa0/2 1,19-20,200
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,19-20,200
Fa0/2 1,19-20,200
Cisco 4500x Switch Primary
interface TenGigabitEthernet1/1/3
description UPLINK_TO_SWITCH
switchport mode trunk
interface TenGigabitEthernet2/1/3
description UPLINK_TO_SWITCH
switchport mode trunk
4500x#show int trunk
Port Mode Encapsulation Status Native vlan
Te1/1/3 on 802.1q trunking 1
Te2/1/3 on 802.1q trunking 1
Po10 on 802.1q trunking 1
Po20 on 802.1q trunking 1
Port Vlans allowed on trunk
Te1/1/3 1-4094
Te2/1/3 1-4094
Po10 1-4094
Po20 1-4094
Port Vlans allowed and active in management domain
Te1/1/3 1,19-20,200
Te2/1/3 1,19-20,200
Po10 1,19-20,200
Po20 1,19-20,200
Port Vlans in spanning tree forwarding state and not pruned
Te1/1/3 1,19-20,200
Te2/1/3 1,19-20,200
Po10 none
Po20 none -
Cisco 4500X + VSS + Trust Sec Switch to Switch Encryption
Hi,
actually im testing and evaluationg the Cisco 4500X switch as new distribution switch for our Company.... Now i have some issues with one of our requirements.
For security reasons i need to encrypt the links between the 4500X and the access switches in other buildings (no issue with Trust Sec)
But ... now i also need to encrypt the link between the two 4500X if i run VSS ... my question is .. is it possible to encrypt the VSL link with TrustSec Switch to Switch encryption?
BR,
FlorianHi Frloian,
If you have 2 switches in different data centers than you do not need VSS. In fact this is very bad design as the whole concept of VSS is grasped on dual home design. In the essence the proper design of VSS system is to have every downsteram switch connected with one link to one VSS switch and other link to second VSS switch, so that when one VSS switch would fail other can take over. Please look at the VSS best practises:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-6500-virtual-switching-system-1440/109547-vss-best-practices.html#vss_best
Update:
There is possibility to encrypt VSL link, but only in 6500 sup2t environment:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/15-0SY/configuration/guide/15_0_sy_swcg/virtual_switching_systems.html#wp1341144 -
Trunking issue with autonomous AP
I was at a customers that wanted a new ssid configured on his 20 1252 AP's and to stand up a new one with the olds and new SSID on it. Added the vlans, trunked them down and configured the interfaces and SSID's on the existing AP's no biggie. The new AP(not really new been kicking around in a lab) is giving me some weird issues. I deleted the exisiting config from it and took one of the running configs fromm the others that are working, modified the name and ip and pasted it in. This should have worked just fine. However the trunk port on the 4507 will not come up. The radio's are up and so is the BVI, however I cannot ping to it since the trunk is down. I started looking at the config and the thing I notice is that the AP's are in vlan 2, and the native vlan is set for vlan 2 on all the working trunk ports on the switch. However the AP's do not have vlan 2 on them, and their native vlan is 1. This should not work! I always thought the native had to match on both sides?? In any case I am probably missing something stupid, I have been up since 4am it was a 4 hour drive to get here. Oh and I have to go back and make firewall changes at midnight. Here is the relavent configs please let me know if its something stupid I usually do a lot of controller based installs havnet done a autonomous one in years. Thanks!
Here is a port on the switch
interface GigabitEthernet3/9
description AP 1 - SMT
switchport access vlan 2
switchport trunk native vlan 2
switchport trunk allowed vlan 2,9,15
switchport mode trunk
end
Here is the AP hanging off that works fine
cstwap01#sh vlans
Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)
vLAN Trunk Interfaces: Dot11Radio0
Dot11Radio1
GigabitEthernet0
This is configured as native Vlan for the following interface(s) :
Dot11Radio0
Dot11Radio1
GigabitEthernet0
show run on the AP
dot11 mbssid
dot11 vlan-name VoIPVLan vlan 9
dot11 vlan-name Wireless-101-Legacy vlan 15
dot11 ssid 101
vlan 15
authentication open
mbssid guest-mode
dot11 ssid VoIPVLan
vlan 9
authentication open
mbssid guest-mod
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
ssid 101
ssid VoIPVLan
interface Dot11Radio0.9
encapsulation dot1Q 9
no ip route-cache
bridge-group 9
bridge-group 9 subscriber-loop-control
bridge-group 9 block-unknown-source
no bridge-group 9 source-learning
no bridge-group 9 unicast-flooding
bridge-group 9 spanning-disabled
interface Dot11Radio0.15
encapsulation dot1Q 15
no ip route-cache
bridge-group 15
bridge-group 15 subscriber-loop-control
bridge-group 15 block-unknown-source
no bridge-group 15 source-learning
no bridge-group 15 unicast-flooding
bridge-group 15 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.9
encapsulation dot1Q 9
no ip route-cache
bridge-group 9
no bridge-group 9 source-learning
bridge-group 9 spanning-disabled
interface GigabitEthernet0.15
encapsulation dot1Q 15
no ip route-cache
bridge-group 15
no bridge-group 15 source-learning
bridge-group 15 spanning-disabled
interface BVI1
ip address 10.190.2.51 255.255.255.0
no ip route-cache
ip default-gateway 10.190.2.1Hello Mike,
actually, native VLAN doesn't have to match on two sides of a trunk, in fact it's quite common with autonomous APs. Your BVI1 is usually tied to a native VLAN 1, but switch port native VLAN is usually configured for whatever VLAN you want AP's management IP to belong to, in your case VLAN 2.
When you connect two catalyst switches together with a trunk that has different native VLAN configured on two sides, you will keep getting logging messages warning you about it. It's not recommended, but some scenarios require such setup.
Something else is wrong, maybe a physical issue. When you say the trunk is down, do you mean the interface is down ? Can you paste config of bad switch port and bad AP?
Regards,
Roman -
VSS Permission Issue - Event ID 8194
I have a server 2012 cluster server that gets the following error a number of times every minute.
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {957ea24a-fb64-4b24-98f6-26efe5481451}
I have checked permissions on any third party vss writers and they are good. I'm able to stop this error from occurring if I stop the Cryptographic Services service which seems to indicate a problem with one of windows built in VSS writers. If
I run a vssadmin list writers then all of them come back stable with no errors. Any suggestions on how to fix this at this point would be greatly appreciated, thank you.Hi,
There is a similar thread, please go through it to help troubleshoot this issue:
Server 2012 - VSS Event ID 8194 - Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005 Access is denied
http://social.technet.microsoft.com/Forums/windowsserver/en-US/329e9b71-f27e-4e42-87c0-f6bac31516dc/server-2012-vss-event-id-8194-unexpected-error-querying-for-the-ivsswritercallback-interface-hr?forum=winserverfiles
If this error occurs on Cluster nodes and no other symptoms are observed, the error can be safely ignored.
Regards,
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Question about 4500X VSS management port
I have two standalone 4500X switches that I'm planning to convert to VSS. If I cable the management port on both switches to a management cloud, which management port should I put the management IP address? Is it the port on the active switch? if the active switch failed, would the management port on the standby switch take over the management IP?
The management port is in VRF mgmtVrf. Should I create a default route for the VRF such as "ip route vrf mgmtvrf 0.0.0.0 0.0.0.0 ....." to point to its default gateway IP?
ThanksWhen you convert the chassis to VSS, only the management interfaces (FastEthernet1) for switch-1 (active) will be visible in the config. So you want to cable both management interfaces to your management cloud, but you only apply the IP to the active switch.
The management port is in VRF mgmtVrf. Should I create a default route for the VRF such as "ip route vrf mgmtvrf 0.0.0.0 0.0.0.0 ....." to point to its default gateway IP?
Correct, you need a default route in that mgmt vrf pointing to the gateway.
HTH -
NAC Appliance + OOB Virtual Gateway Trunking issues
I have the following problem. When I connect the CAS eth0 to a trunk port in the core switch it disconnects from the CAM. When the port is in access mode, the CAM can connect to the CAS. The core switch is a 4500 with IOS 12.2(25)EW. What could be the problem?
Hi prananth,
I managed to resolve the issue. It was a HA issue. I had configured "Link failure detect" on the redundant CAS app. Apparently the CAS couldnt reach the pingable IP causing failover to take place many times between the two boxes causing the CAS not to communicate with the CAM.
Kindly help me with the following problem I am now having:
http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddf45d4/0#selected_message
I will really appreciate. Thank you. -
Hi Everyone,
I just need a clarity on one issue. We have a scenario where we have 2 basestations with Cisco 2950 series switches. There is layer 2 connectivity on bridged mode in between the 2 basestations.
a<--->b<---->NOC
The connectivity between b and NOC is also on layer 2 via bridged mode.
there is a requirement of trinking the ports that cross connect the switches thru wireless bridged mode.At the extreme most end at noc the port is in access-mode. The switch at NOC is extreme summit 48 si.
When i tried to make the port at switch b in trunk mode i lost the vty access.
Please suggest as to what an be the reason since a trunk port should also allow untagged traffic.Hi ER,
Trunk port bydefault allow only vlan 1 as native vlan which will be send across the trunk without tagging.
Regards,
Ankur -
HELP - Licence Error on 4500x VSS
HI there,
have 2 4500x in vss mode. both are running 3.4.2 ipbase and are running on the correct licences etc.
after putting them in VSS mode the following error shows in the logs.
%SW_LEVEL-6-RESULT: Operational redundancy mode is UNKNOWN, due to software license-level mismatch at ACTIVE and STANDBY. Software Level on Active: ipbase; on Standby: ipbase
Any suggestions would be appreciated.
I thought it maybe related to bug CSCui54147 but cant see any details of it and it only seems to relate to 3.5.x
Thanks in advance.
RossHi Apologies for not getting back.
To fix this I had to manually accept the EULA for ipbase licence on the 4500x.
After the reload everything worked correctly and I stopped getting this error.
Maybe you are looking for
-
I have a 5th Generation 30gb iPod video that I need help with. It cycles from the apple logo to the sad ipod screen and it is not recognized by my computer or itunes. Is this because the battery cant hold the charge? Please help me!
-
Print ,Export etc options not working on dashboard level in 11g OBIEE ?
Hi I have multiple analyses on a dashboard and now i want to add print,export etc links on dashboard level but when i try to do this with following steps 1- Edit dashboard > Tools > Dashboard properties > Dashboard Report links Select Print , Export
-
Hello All, I wanted to customize Purchase Order Application(wave 2 App).I made necessary changes in index.html,configuration.js(url) and component.js(modulePath) and tried running locally using Tomcat but it was not working..then I tried testin
-
Saving down from CS5 to CS4 cross-platform
Working on a PC, I am saving down from CS5 to CS4, exporting as an idml. The client is using CS4 on a MAC. When the file opens, the Master Page content is superimposing over the content of the page. Help!
-
Detect codepage in text files - Help!
Hi, I'm a newbie about this kind of problem. I wrote a class that reads an input .txt, manages the content to another format and then writes another .txt file. Since in the input file there are some characters with accents, they cause problems during