802.1q trunk b/w 8PoE switch integrated in 1861 CME

Hi,
I have to deploy cme7.0 (1861). Actually two 1861 routers are bought but only one of them act as cme while the 8PoE integrated switch of other 1861 is used. half of the IP phones are connected to the 8PoE integrated switch in CME (1861 router) while half of the phones are connected to 8PoE of 1861 (only 1861's PoE is used in this setup). i want to know whether i can cascade the two switches or in other words whether i can form a 802.1q trunk b/w these switches to carry the voice and data vlans.
Regards
Naresh Rathore

Yes, you can.

Similar Messages

  • 802.1q trunking with 3rd party switch

    I'm setting up a project that requires a cisco router, which is capable of doing 802.1q trunking. This is the only function I need to test with a 3rd party switch. What is the cheapest router that I can use to accomplish this.

    Hi,
    This should be the one:
    http://cisco.com/en/US/prod/collateral/routers/ps380/ps6942/product_data_sheet0900aecd804b1b19.html
    Please rate if this helped.
    Regards,
    Daniel

  • Undersize frame on 802.1Q trunk with extreme switch

    i configure a 802.1Q trunk between 3750 and a summit7i extreme. The show controller ethernet-controller command show that the counter of undersize frame progress regularly. EDP on extreme is off for the ports, also for spanning-tree

    Roger,
    It sounds like it could be a duplex problem. A switch-to-switch connection should be able to run at the fastest speed that the ports have in common, and should be full duplex for maximum performance.
    Undersize packets normally come from collisions in the form of fragments (undersize packets with bad CRC); there shouldn't be any collisions on a full duplex connection, though.
    It could also be that if the Extreme switch is sending undersize packets with good CRC then maybe the software on the Extreme switch needs updating.
    What kind of ports are you using to connect the Cisco Catalyst 3750 to the Extreme Summit7i? What speed and duplex does each side of the link report? Is one side set to autonegotiate, and the other set manually to a fixed speed and/or duplex? What's the distance between the ports? And the media being used: copper UTP, multimode fiber, or single-mode fiber?
    If copper (RJ45 connector) on the Extreme switch, it could be to either a Gigabit-only Ethernet GBIC; or built-in autonegotiating 100/1000BASE-T, depending on the model number of the switch. On the Cisco switch, it could be 10/100 or 10/100/1000 depending on the switch model, or 1000-only if you're using the 1000BASE-T SFP.
    If fiber (SC or MT-RJ connectors) on the Extreme switch, I don't recall whether their Gigabit-only fiber ports give you the option of what duplex you run. But the Cisco switch's Gigabit-only fiber ports always run in full duplex mode only.
    Whatever ports you're using, the actual connection speed and duplex on each end of the switch-to-switch link need to match. Either both ends autonegotiate to matching values; or you need to manually set these values.
    Here's a link that might also be useful:
    Troubleshooting Switch Port and Interface Problems
    http://www.cisco.com/warp/public/473/53.shtml
    Hope this helps.

  • Is CE 500 Switch support 802.1q Trunk?

    Dear All,
    Is Cisco Express 500 switch support 802.1q trunk?
    Also, all fastethernet port on CE500 will assign VLAN 10. I would like the switch to allow VLAN 20 and 30 to pass through the trunk? Is it possible?
    Thanks.
    C.K.

    Yesh, set up the port role to switch to make it a trunk.
    Unfortunately, the CE500 series switches cannot be managed through a CLI - you have to use CNA.
    Hope that helps - pls rate the post if it does.
    Paresh

  • Does FCoE require 802.1q trunking?

    Since PFC in FCoE requires 802.1p CoS value, is it a requirement to use an 802.1q trunk for devices connected to a Nexus 10Gb Ethernet port?  There is a configuration command "priority-flow-control on" at the interface level.  Will this add the 802.1p value in the packet without requiring 802.1q trunking?

    Thanks for the answer.  I have since found the relevant documentation regarding this configuration requirement.
    http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_1/Cisco_Nexus_5000_Series_Switch_CLI_Software_Configuration_Guide_chapter31.html#con_1288667

  • 3750g-Routing kills 802.1q trunk

    I don't know how much help you guys can be, but here goes.
    I have a procurve 4104gl that is using 802.1q to connect to my Cat 3750g
    All things are good when the 3750g is in L2 mode. My 3750g can ping the 4104gl ip of 10.120.255.11 and the 3750's vlans ips (Vlan255=255.1,Vl254-254.1), 252.1, 253.1 and 254.1 can ping 255.11 using extended ping.
    I activate routing on the 3750g via:
    config t
    ip routing
    and no interface can ping the procurve with extended ping and only my 255.1 interface can ping the procurve ip of 255.11
    Trunk is still "up" according the the 3750g went the routing is enabled. So not losing my 802.1q trunk.
    If I remove the "routing" from the 3750g, all connectivity is back to normal.
    attached is how-to-trunk Procurve and Cat switches for everyones enjoyment

    thanks guys, no default gateway on the 3750.
    Here is the weird thing.
    I can take 3750 do a "no ip routing" to turn off routing.
    have 4 vlans setup
    10.120.255.3 /24 Hsrp is .1
    10.102.252.3 /24 hsrp is .1
    I plug laptop into the L2 vlan is is 10.120.252.250
    have a hub pluged into vlan 252 just to bring up the vlan for pings.
    And the laptop with dfg 252.1 can ping the 10.120.255.1 interface on the switch.
    Yep, the 252 interface has "switchport access vlan 252" on my g1/0/2 interface
    g1/0/12 has switchport access vlan 255 in it.
    Enabling IP routing does the same thing, pings are good.
    so, in short I can ping from laptop on vlan 252 to my switchs vlan 255 interface in L2 mode.
    thoughts?

  • Can I use straight cable to connect trunk ports between 2 switches?

    Hi,
    Am I able to use straight instead of cross cable to connect trunk ports between 2 switches??
    thanks!

    Hi Devang,
    When a 10/100 Fast Ethernet interface is enabled, one end of the link must perform media dependent interface (MDI) crossover (MDIX), so that the transmitter on one end of the data link is connected to the receiver on the other end of the data link (a crossover cable is typically used).
    The Auto-MDIX feature eliminates the need for crossover cabling by performing an internal crossover when a straight cable is detected during the auto-negotiation phase.
    HTH, if yes please rate the post.
    Ankur

  • [svn:bz-trunk] 23048: Update BlazeDS trunk to use Spring BlazeDS integration 1.5.0.RELEASE build .

    Revision: 23048
    Revision: 23048
    Author:   [email protected]
    Date:     2011-10-18 08:34:43 -0700 (Tue, 18 Oct 2011)
    Log Message:
    Update BlazeDS trunk to use Spring BlazeDS integration 1.5.0.RELEASE build. 
    Added Paths:
        blazeds/trunk/apps/samples-spring/WEB-INF/src/spring-samples/src/org/springframework/flex /samples/secured/SecurityHelper.java.UNCOMMENT
        blazeds/trunk/lib/spring/spring-flex-core-1.5.0.RELEASE.jar
    Removed Paths:
        blazeds/trunk/apps/samples-spring/WEB-INF/src/spring-samples/src/org/springframework/flex /samples/secured/SecurityHelper.java
        blazeds/trunk/lib/spring/org.springframework.flex-1.0.3.RELEASE.jar

    The information you provided is totally useless for determining the problem.
    If it helps, I think the message you are getting is related to BlazeDS not being able to find the service class you are calling. You either have a typo somewhere, or you didn't set up a secure channel in your service config (I am assuming you meant SSL and not SSH).

  • Switchport trunk encapsulation on L3 switches

                    Why is 'switchport trunk encapsulation <dot1q or isl> required on L3 switches?  The default trunk encapsuation mode on 'modern' Cisco switches is to 'auto' negotiate, so why doesn't 'auto-negotiate' work when configured from the L3 switch port?  If I configure 'switchport mode trunk' on an L2 switch (capable of only dot1q) and don't configure the adjacent L3 port, the trunk is auto-negotiated.  However, if I configure 'switchport mode trunk' on the L3 port first, it gives the error we've all witnessed: Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode. Interestingly, if I configure, 'switchport mode dynamic desirable' on the L3 port, the interface does indeed negotiate the trunk encapsulation and establish the trunk.  According to Cisco documentation, the 'switchport mode trunk' command is also supposed to negotiate the trunking status and encapsulation--so why doesn't this command work the same as 'switchport mode dynamic desirable?'

    John,
    You're absolutely correct.  My hope is that Cisco will change its definition for 'switchport mode trunk.'
    This is from their documentation:
    switchport mode dynamic desirable
    Makes the interface actively attempt to convert the link to a trunk link. The interface becomes a trunk interface if the neighboring interface is set to trunk, desirable, or auto mode.
    switchport mode trunk
    Puts the interface into permanent trunking mode and negotiates to convert the neighboring link into a trunk link. The interface becomes a trunk interface even if the neighboring interface is not a trunk interface.
    switchport nonegotiate
    Prevents the interface from generating DTP frames. You can use this command only when the interface switchport mode is access or trunk. You must manually configure the neighboring interface as a trunk interface to establish a trunk link.
    I've highlighted negotiates to point out that DTP frames are still sent to the neighboring device to negotiate the trunking status. Therefore, why doesn't it also negotiate the encapsulation type when desiring to trunk? My point being, if it's going to trunk unconditionally and not negotiate the trunking protocol, and since you'd have to have an ISL-only switch (non-extant), Cisco should simply get rid of ISL on their switches or have the 'negotiation' process or (unconditional state) select dot1Q as the trunking protocol.

  • FabricPath vlan on 802.1q Trunk link

    Hello Fellas.
    Is it possible to carry FabricPath vlan on 802.1q Trunk link on N7k ? If I would configure one interface in Fabricpath mode, other one in Trunk. Will I be able to forward traffic between this two ports?
    vlan 10
    mode FabricPath
    Interface x/x
    switchport mode trunk
    switchport trunk alloved vlan 10
    Interface y/y
    switchport mode Fabricpath
    thanks in advance.

    That would not be possible.
    Think of it this way, 802.1q among other things is an encapsulation mechanism so is Fabricpath. You cannot pass frames between 2 disparate encapsulation techniques.

  • Trunk Confiugration on ME4900 Switch

    Hello Technical Team,
    We have 2 Cisco ME4900 Switch with 3 Modules inside: Below are the detail for the Module:
    Mod Ports Card Type                              Model              Serial No.
    ---+-----+--------------------------------------+------------------+-----------
     1     8  4900M 10GE (X2)                        WS-C4900M         
     2    24  10GE (X2), 1000BaseX (SFP)             WS-X4908-10GE     
     3    20  10/100/1000BaseT (RJ45)                WS-X4920-GB-RJ45   
    I am trying to build trunk between these 2 Switches by using 10GE(X2) 1000Base X (SFP) Ports but unfortunately I am fail to do that. Is there any specific Command to make trunk or port channel between 2 ME-4900 Switch?
    Thanks,
    JH 

    Hi RS,
    I have below Modules:
    1     8  4900M 10GE (X2)                        WS-C4900M        
    2    24  10GE (X2), 1000BaseX (SFP)    WS-X4908-10GE     
    3    20  10/100/1000BaseT (RJ45)          WS-X4920-GB-RJ45  
    If I do show run then I have follow Ports order:
    1     8  4900M 10GE (X2)      WS-C4900M
    interface TenGigabitEthernet1/1 TO TenGigabitEthernet1/8
    2    24  10GE (X2), 1000BaseX (SFP)    WS-X4908-10GE
    interface TenGigabitEthernet2/1 TO interface TenGigabitEthernet2/8
    interface GigabitEthernet2/9 TO interface GigabitEthernet2/24
    3    20  10/100/1000BaseT (RJ45)          WS-X4920-GB-RJ45
    interface GigabitEthernet3/1 TO interface GigabitEthernet3/20
    So i am going to use SFP base X2 Convertor for Trunk between another ME-4900 Switch so do do I use 2/9-10 ports from 1st 2 SFP Ports from GBIC?
    Further what is the command to check the port group ?
    Kindly see the SH running for your advice.
    Thanks,
    JH

  • 802.1x MAB with Juniper EX switch.

    Hi,
    I tried to authenticate user from juniper EX switch to Cisco ACS Radius. The ACS can authenticate normal user via 802.1x but not MAB.
    I set in the acs to authenticate any request using RADIUS IETF.
    I also tried to connect to different ACS server using the same config and supprisingly it works. The only different is the ACS do not has my certificate installed.
    I attached the log for reference packet  capture for reference. It seems that the ACS replies encrpyted message to the EX switch
    This is the log from EX switch ( i know, this is cisco forum, but i could give some clue.)
    Feb 14 01:45:50.618026 Sending message to authentication client
    Feb 14 01:45:50.622833 Received message from authentication client
    Feb 14 01:45:50.622887 reply: 1cf7924 rply_hdr: 1cf9000 bytes_remnant len:28 reply_len:28
    Feb 14 01:45:50.622917 hdr_bytes_read 0
    Feb 14 01:45:50.622937 len read : 28 reply_len: 2983
    Feb 14 01:45:50.622991 bytes_remnant 2955 tot_bytes_read 28
    Feb 14 01:45:50.623028 bytes_read 2955
    Feb 14 01:45:50.623048 Creating background job to process reply from authentication client
    Feb 14 01:45:50.623117 Entering background job to process message from authentication client
    Feb 14 01:45:50.623145 process_auth_reply len:2983
    Feb 14 01:45:50.623182 Received Access-Challenge authentication message
    Feb 14 01:45:50.623206 Invoking state machine for authentication response for mac address 00:1E:37:86:A2:04
    Feb 14 01:45:50.623226  on intf ge-0/0/1.0
    Feb 14 01:45:50.623259  ASIF: Handing over Server frame to Authenticator
    Feb 14 01:45:50.623287  AUTH: Handling Server Frame
    Feb 14 01:45:50.623318  SessNode got from SessIdtbl for Id 126 is : 1d1d000, Port: 67
    Feb 14 01:45:50.623347 Code = 1, Id = 126, Len = 6
    Feb 14 01:45:50.623375  ASIF: Handing over Server frame to Authenticator 67.
    Feb 14 01:45:50.623403 PnacAsIfRecvFromServer : Rad Attr Statelen = 25
    Feb 14 01:45:50.623421 Rad Attr Class Len = 0
    Feb 14 01:45:50.623445 PnacAuthPrepareMD5Response Pkt type 25 is not MD5.
    Feb 14 01:45:50.623473 PnacAuthMacRadiusReply : MD5 response prep failed.
    Feb 14 01:45:50.623499 AuthHandleInServerFrame:MAC RADIUS RESP failed

    Hi,
    I tried to authenticate user from juniper EX switch to Cisco ACS Radius. The ACS can authenticate normal user via 802.1x but not MAB.
    I set in the acs to authenticate any request using RADIUS IETF.
    I also tried to connect to different ACS server using the same config and supprisingly it works. The only different is the ACS do not has my certificate installed.
    I attached the log for reference packet  capture for reference. It seems that the ACS replies encrpyted message to the EX switch
    This is the log from EX switch ( i know, this is cisco forum, but i could give some clue.)
    Feb 14 01:45:50.618026 Sending message to authentication client
    Feb 14 01:45:50.622833 Received message from authentication client
    Feb 14 01:45:50.622887 reply: 1cf7924 rply_hdr: 1cf9000 bytes_remnant len:28 reply_len:28
    Feb 14 01:45:50.622917 hdr_bytes_read 0
    Feb 14 01:45:50.622937 len read : 28 reply_len: 2983
    Feb 14 01:45:50.622991 bytes_remnant 2955 tot_bytes_read 28
    Feb 14 01:45:50.623028 bytes_read 2955
    Feb 14 01:45:50.623048 Creating background job to process reply from authentication client
    Feb 14 01:45:50.623117 Entering background job to process message from authentication client
    Feb 14 01:45:50.623145 process_auth_reply len:2983
    Feb 14 01:45:50.623182 Received Access-Challenge authentication message
    Feb 14 01:45:50.623206 Invoking state machine for authentication response for mac address 00:1E:37:86:A2:04
    Feb 14 01:45:50.623226  on intf ge-0/0/1.0
    Feb 14 01:45:50.623259  ASIF: Handing over Server frame to Authenticator
    Feb 14 01:45:50.623287  AUTH: Handling Server Frame
    Feb 14 01:45:50.623318  SessNode got from SessIdtbl for Id 126 is : 1d1d000, Port: 67
    Feb 14 01:45:50.623347 Code = 1, Id = 126, Len = 6
    Feb 14 01:45:50.623375  ASIF: Handing over Server frame to Authenticator 67.
    Feb 14 01:45:50.623403 PnacAsIfRecvFromServer : Rad Attr Statelen = 25
    Feb 14 01:45:50.623421 Rad Attr Class Len = 0
    Feb 14 01:45:50.623445 PnacAuthPrepareMD5Response Pkt type 25 is not MD5.
    Feb 14 01:45:50.623473 PnacAuthMacRadiusReply : MD5 response prep failed.
    Feb 14 01:45:50.623499 AuthHandleInServerFrame:MAC RADIUS RESP failed

  • 802.1x MDA LLDP Disabled on Switch (3750) but detected on phone?

    I have been playing around with 802.1x and some IP phones.  The test senario we have is that LLDP is globally disabled on the switch and enabled on the phone.  When the phone boots up a non-LLDP enabled device is allowed to use the data vlan to boot and learn (via DHCP) the voice vlan.
    http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/IP_Tele/IP_Telephony_DIG.html#pgfId-389460
    We found that if LLDP is disabled on the switch it still detects LLDP on the phone and blocks the LLDP enabled phone from using the data vlan.  This causes the phone to "hang" waiting for DHCP.
    Turning LLDP off on the switch port did not seem to help as the switch tests for LLDP reguardless and then blocks access to the data vlan.  It seems like *if* LLDP is disabled on the switch it should treat all devices as non-LLDP devices and allow the use of the data vlan.  Even if the device (IP Phone) is capable of LLDP.
    Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(55)SE8, RELEASE SOFTWARE (fc2)

    Turned out that this was being caused by not having a valid DATA vlan set (leaving it in vlan 1).  It looks like with MDA you cannot assign the data VLAN the phone will use to boot in a Radius reply.  It has to be assigned manually?
    Is there another way to tell the switch to allow the phone on data vlan 20 for a short period of time?
    interface x/y/z
     switchport access vlan 20
     switchport mode access
     switchport nonegotiate
     switchport voice vlan 60
     switchport port-security maximum 5
     switchport port-security
     switchport port-security aging time 2
     switchport port-security violation restrict
     switchport port-security aging type inactivity
     authentication event fail retry 1 action authorize vlan 20
     authentication event no-response action authorize vlan 20
     authentication host-mode multi-domain
     authentication order mab dot1x
     authentication priority mab dot1x
     authentication port-control auto
     authentication periodic
     authentication timer reauthenticate server
     mab
     snmp trap mac-notification change added
     dot1x pae authenticator
     dot1x timeout quiet-period 3
     dot1x timeout server-timeout 2
     dot1x timeout tx-period 5
     dot1x timeout supp-timeout 2
     spanning-tree portfast

  • 802.1x - ACS 3.3 with AD Integration

    I'm running into an issue using AD integration and 802.1x. A previous thread on this indicated the 802.1x authentication occured prior to the domain login process.
    However, when I attempt to login to a machine using a domain account and that account profile is not cached on the machine, the authentication fails indicating it could no contact te specified domain.
    Obviously the 802.1x authentication is not occuring to open the port then pass the domain credentials to the AD. The ACS is configuerd to pass unknown users to the AD for authentication at which point the ACS should import the account.
    Why is the 802.1x failing for uncached user accounts?

    Try this steps:>
    1.Check your NTLM version.
    NTLMv2 is not supported between ACS and AD. Supported is only NTLM.
    2.Check Authentication Method
    For the authenticating dot1x users on the external database you need use either PEAP or EAP-TLS as the authentication method. Both of these involve certificates. EAP-MD5 is not supported on External database for authentication.
    Try this links:>
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp33/ra/rawi.htm
    http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs32/user02/o.htm#wp624132
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/prod_release_note09186a008031479e.html

  • Trunking on older 3500XL switches

    I probably already know the answer to this but is there a way to remove vlans 1 and 1002-1005 on a trunk port on a 3548-XL? I want to be able to connect an IP phone to the port and only allow traffic from my voice and the floor vlans (599 & 730) respectively. But when I run the command:
    switchport trunk allowed vlan remove 1-598,600-729,731-1024
    all the vlans are removed exept 1,599,730,1002-1005. I know that these are "special" vlans and these are older switches, but is there a way to remove them from a port on these switches?

    If you want to configure the port for just voice vlan and data vlan then you need not to clear vlans out of the trunk, just configure voice vlan. This platform should support voice vlan. for example:
    interface FastEthernet0/2
    description DOT1Q port to IP Phone
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 730
    switchport mode trunk
    switchport voice vlan 599
    spanning-tree portfast
    For more information:
    http://www.cisco.com/en/US/tech/tk1077/technologies_configuration_example09186a00800ffdcc.shtml#vlanscat3500
    From 3500XL port configurations guide:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc6/scg/swports.htm#xtocid32
    Please rate helpful posts.

Maybe you are looking for