ACL not working on 3750 Switch Stack on a trunk port

Similar Messages

• Snmp for 3750 switch stack

  Hi,
  I have two 3750 switch stack together with one ip address mange the stack.
  Can I monitor the memory and cpu for each individual switch? what is the oid then?
  Thanks.
  C.K.

  Hello CK,
  On the Catalyst 3750, the stack master handles the SNMP requests and traps for the whole switch stack.
  The stack master transparently manages any requests or traps that are related to all stack members. When a new stack master is elected, the new master continues to handle SNMP requests and traps as configured on the previous stack master, assuming that IP connectivity to the SNMP management stations is still in place after the new master has taken control.
  So to answer your question, with the OID for CPU and Mempory usage the switch will return only values for the active master. The other stack members are hot standby and do not produce SNMP information for CPU and/or Memory.
  HTH
  --Leon

• IPhone 4, 16 GB. After upgrading to iOS 7, despite having 10 GB free, the phone says No storage available. Tried a soft reset, tried restore as well. Still not working. iCloud is switched off.

  My wife has an iPhone 4, 16 GB. After upgrading to iOS 7, despite having 10 GB free, the phone says No storage available. Tried a soft reset, tried restore as well. Still not working. iCloud is switched off.
  Please help.. This has become a pain.. and of course theres no way to go back to iOS 6.

  Make sure you have the Latest Version of iTunes (v11.1.5) Installed on your computer
  iTunes free download from www.itunes.com/download
  Then... Restore as New (not backup) and Re-Sync your Content.
  Restoring  >  http://support.apple.com/kb/HT1414
  SYNCING with iTunes >  http://support.apple.com/kb/HT1386

• After last update the split keyboard option is not working and side switch button option works opposite for mute and rotation lock

  After last update the split keyboard option is not working and side switch button option works opposite for mute and rotation lock.

  Hi
  A long story about your issue... I think the reason of this is why you have deleted some registry keys. If you delete something in the Windows registry you should really know what you do. You can damage the complete Windows system!
  So I think this is the reason why the keyboard doesnt anymore.
  In the user manual I have founded that the CD-ROM booting option is only available with optional optical disk drive.
  So for me it sounds like that your USB CD drive is not compatible to the notebook

• [svn:bz-trunk] 16395: Bug: #2621264 [Regression] Small messages not working with NIO-HTTP endpoints in LCSD/trunk.

  Revision: 16395
  Revision: 16395
  Author:   [email protected]
  Date:     2010-06-02 05:00:56 -0700 (Wed, 02 Jun 2010)
  Log Message:
  Bug: #2621264 Small messages not working with NIO-HTTP endpoints in LCSD/trunk.
  QA: Yes
  Doc: No
  Checkintests: Pass
  Details: This is the BlazeDS side of the fix. This wasn't a regression, it probably never worked correctly. So, in the scenario where there's a Producer and a Consumer, and Producer sends a message for the Consumer, there are 2 messages from the server. The ACK message for Producer's send, and the actual message Consumer receives. I found that the ACK message was in small form, but the actual message was not in streaming messages. This was because we never really tried to convert streamed messages into small messages before.
  Modified Paths:
      blazeds/trunk/modules/core/src/flex/messaging/endpoints/BaseStreamingHTTPEndpoint.java
      blazeds/trunk/modules/core/src/flex/messaging/endpoints/StreamingAMFEndpoint.java
      blazeds/trunk/modules/core/src/flex/messaging/endpoints/StreamingHTTPEndpoint.java

• 3750 switch stacks

  I am new to the networking world and have some questions.
  I have 1 stack of six 3750 switches with a 10.50.3.10 ip address
  On the first stack (.10)I have int 6/0/19 , 20 and 21 assigned.
  I have a second ip scheme with one switch with an ip of 10.50.3.11
  Do I use a smartwise cable to connect the switches even though they have different ip schemes? Or do I use a only a cat 5 to connect the 2 differenet stacks. Also, do I need to configure the 6/0/19, 20 and 21 ports on the second ip scheme. I don't think it is possible now that I am writing this if the smartwise cables are not used. Any help would be appreciated.

  I apologize but I am not following you entirely. If you stack the 3750, you must use the stacking port and use the stackwise cable.
  You said: I have 1 stack of six 3750 switches with a 10.50.3.10 ip address
  >> This would mean you stacked them using the stackwise cable and all these six switches are seen as one single device.
  What do you mean by you have int 6/0/19-21 assigned? Assigned them what?
  You said: I have a second ip scheme with one switch with an ip of 10.50.3.11
  >> Sounds like you have another stack? Because the device will complaint if you address two different interfaces in teh same switch/router to the same subnet (10.50.3.10 and 10.50.3.11), unless these addresses are masked as host but I doubt that.

• ASA , 3750 Switch stack ,Etherchanel cross-stack and HA

  Hi Guys,
  I have run into a scenario where there they use a switch stack of four 3750’s and two ASA 5540 in Active-stanby HA Pair.
  ASA's are connected with 4 interfaces across stack (1 interface to each switch).
  1 Etherchannels (4 ports) is configured between ASA and switch. All vlans are terminated on ASA as a subiterfaces.
  somehting like:
  Port-channell1
  no ip address
  Port-channell1.10
  vlan 10
  ip address 192.168.10.1 255.255.255.0 stanby 192.168.10.2
  Port-channell1.20
  vlan 10
  ip address 192.168.20.1 255.255.255.0 stanby 192.168.20.2
  ..and so on..
  There is about different 60-70 vlans currently terminated on ASA.
  We found a problem with failover testing:
  When we test the failover and fail manually with “failover active” command,
  It looks like only 29 vlans can fail to backup ASA instantly , the rest can take up to 5 min.
  Is there a limitation for ASA or 3750 etherchannel  in this scenario why it would not failover instantly for all vlans ?
  Thanks
  Martin

  sory mistake there :
  Port-channell1.20
  vlan 20
  ip address 192.168.20.1 255.255.255.0 stanby 192.168.20.2
  Martin

• Mini player does not work, can only switch playlists by closing and restarting iTunes

  For the last few versions of iTunes, my mini player does not work, only choices are large window and larger window.  Also, if I am listening to a playlist and hit the pause button, then switch to another playlist, the old playlist keeps playing when I hit play.  The only way I can figure out to switch playlists is to quit and relaunch iTunes.

  try rebooting the ipad
  you know holding down the on button and the home button until the slider comes
  and turn it off and start it up again

• My iphone 3gs is not working properly, when switched on it says 'Update Completed' as though it has just been updated. On the next screen it says to 'Connect to iTunes'. It doesn't, however, connect to iTunes and more often than not just resets itself.

  My iPhone 3gs is not working properly and hasn't been since about September of last year. When switched on (Quite often it won't even turn on) it says 'Update Completed' as though it has just been updated. On the next screen it says to 'Connect to iTunes'. It doesn't, however, connect to iTunes and just resets itself over and over until power is gone. Occasionally after switching on and off a few times it functions normally for a few hours and some times even a couple of days but eventually always turns itself off and goes back to the 'Update Completed' screen. Does anyone know what might be causing this and/or a way of fixing it?

  Morning JordenR,
  Thanks for using Apple Support Communities.
  You can resolve many restore issues using the troubleshooting steps documented here.
  For more information on this, take a look at this article:
  iOS: Resolving update and restore alert messages
  http://support.apple.com/kb/ts1275
  Best of luck,
  Mario

• Dock not working; command-tab switch between programs not working

  The Dock does not work. I have restarted (although the computer will not restart under "Restart", getting stuck at the last part, and needs to be restarted manually). When I change Dock preferences it reverts back to default settings. If I am lucky, the dock will appear and then disappear (poof) without having functioned.
  The command tab function for switching between programs stopped working also.
  The individual programs work, but I have to go to recent items to switch programs.
  Further, I have two Previews open (with different documents in each) even though I have only one Preview program.
  A whole lot of bizarre things that may be connected? I would appreciate any help.

  You could try removing the .plist file again, but this time, try also removing the com.apple.dock.db file. Then log out and log in again.
  Also, it seems as if many people are having similar problems. See [this thread|http://discussions.apple.com/thread.jspa?messageID=9126119].
  So, does the problem persist with another user account?
  If it were my machine, the next thing I'd try is downloading the combo updater from Apple's website and reinstalling it. 10.5.6 is available [here|http://support.apple.com/downloads/MacOS_X_10-5-6_ComboUpdate].

• Flash player is not working whenever I switch to airport connection

  The flash player is not working in both Safari and firefox, when I switch the internet connection to the airport (WiFi), but the Ethernet connection is working fine with flash player.
  reinstall of Mac os x 10.6 --> not working
  repair disk and permission from DVD ---> not working
  I have now. First I ran repair permissions with Disk utility, got some promising repair stuff like
  18.4.2008 14.52.55 Disk Utility282 User differs on "Library/Internet Plug-Ins/Flash Player.plugin/Contents/Resources/Flash Player.rsrc", should be 0,
  user is 501.
  Any further ideas? Or tips on how I could try debugging this? Console gives me squat.

  Crashes or other problems with certain multimedia content in Firefox (such as Youtube videos and Flash animations or games) can often be resolved by performing the steps in these Knowledge Base articles:
  * [[Flash Plugin - Keep it up to date and troubleshoot problems]]
  * [[Flash 11.3 crashes]]
  * [[Flash 11.3 doesn't load video in Firefox]]
  On Windows Vista and above, you can disable Flash protected mode by following the instructions on these pages:
  * http://forums.adobe.com/thread/1018071#TemporaryWorkaround
  * http://kb.mozillazine.org/Flash#Disabling_Protected_Mode_in_Flash_11.3
  (See [http://blogs.adobe.com/asset/2012/06/inside-flash-player-protected-mode-for-firefox.html this Adobe blog post] for technical details about Flash protected mode.)
  Please tell us if this helped!

• AAA Radius accounting command is not taking in 3750 switch

         Hi Cisco Support community,
  I am facing a issue with radius accounting in Cisco 3750 switch with version 12.2. I am unable to start accounting for radius server.
  This is the config that is on the switch for Radius.
  aaa authentication login default group radius local
  aaa authentication dot1x default group radius
  aaa authorization exec my-authradius group radius if-authenticated.
  radius-server attribute 6 on-for-login-auth
  radius-server dead-criteria time 20 tries 5
  radius-server host 10.100.1.225 auth-port 1645 acct-port 1646 key 7 14341A5801103F3904266021
  radius-server host 10.100.1.226 auth-port 1645 acct-port 1646 key 7 05280E5C2C585B1B390B4406
  When i try to add the following command for accounting, this is not saving.
  (aaa accounting commands 0 default start-stop group radius
  aaa accounting commands 1 default start-stop group radius
  aaa accounting commands 15 default start-stop group radius)
  If i do paste this command one by one after start-stop group it is showing only two options either tacacs+ or server, no radius option is there as well.
  I  tried to create a server group and add the radius server  in the group.  Even then when i am trying to implement the aaa accounting command with the server command it is not showing in show run.
  Can anyone please help me with this issue.

  Hi,
  thanks for your reply but the thing is that  i want to see the command that are being run by a user on  this particular device. If i use the network command it will only show me the  network-related service requests, including Serial Line Internet Protocol (SLIP), PPP, PPP Network Control Protocols (NCPs), and AppleTalk Remote Access Protocol (ARAP).
  I have read the document from this link and it is stating that we can use command accounting. Below is the link
  http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html. 
  Can anyone please tell me if this a version issue because even in version 15.4 i was not seeing the radius option in the end
  aaa accounting commands 15 default start-stop group (radius)- in radius place it was showing only Tacacs+ or group.

• My Keynote and iPhoto are not working together to build stacked photos

  I am new to the Mac world (1st day on the Mac) and I am trying to stack 3 photos on to one Keynote slide. I cannot get my photos in iPhoto to come up when I click on Media.
  What am I doing wrong?

  We need clarification here.
  Please don't just state version numbers, also state which software.  iTunes 10.7 requires OSX 10.6.8 or higher.  Leopard is OSX 10.5.8.  You have two alternatives right now.  One is to stay with Leopard for a while (ultimately you should upgrade) and install iTunes 10.6.3 which is the last version to work with Leopard.  This should work with iOS6 on an iPhone4.  The other is to call Apple and order OSX 10.6 (Snow Leopard) and upgrade the computer to 10.6.8 which will allow you to run iTunes 10.7.  The caveat is we know nothing about which computer you run and if it even can run any system higher than Leopard.
  Here is iTunes 10.6.3
  iTunes 10.6.3 - http://support.apple.com/kb/DL1575
  If you want to try upgrading:
  Get more information about your computer. Go to the Apple in the upper left corner of any window, then "About this Mac" and "More Info..."  Copy and paste the information here, but omit the serial number and Hardware UUID (if present).  If it says something about Intel or Core Duo or Core 2 Duo in the processor you can upgrade to Snow Leopard (assuming you have sufficient RAM/"memory").  If it says PPC or PowerMac, you cannot.
  Kappy 08/2012 post on upgrading to Snow Leopard, then Lion or Mountain Lion -  https://discussions.apple.com/message/19401628 - including how to get Snow Leopard and Lion since Apple removed them from the online store. 
  It would help when posting issues here if you would state exact error messages you see.  "It's still not working!" while a description of the situation does not speed us to a diagnosis of the underlying issue.

• Ping to Switch in DMZ not working from Edge Switch

  Hi Everyone,
  Below is my home Lab setup
  Sw1----trunk ----ospf  sw2-------direct conenction to ASA------DMZ  ------SW3 -------
  Switch3 has SVI IP 192.168.69.1
  I can ping the IP 169.168.69.1 from sw2 as this has default static route to ASA outside interface IP address.
  But i can not ping IP 192.168.69.1 from SW1 need to why ?
  is this default behaviour?
  On switch 1 i add the static route 192.168.69.0 255.255.255.0 192.168.11.1
  Where 192.168.11.1  is interface IP of Sw2 which has direct connection to ASA outside Interface IP ---192.168.11.2.
  Also i define Loopback IP 192.167.77.1  on Sw3.
  This IP i can ping from Sw1  but IP 192.168.69.1 i can not ping.
  I define below static route of Sw1
  ip route 192.168.77.0 255.255.255.0 192.168.10.2
  where 10.2 is vlan 10 IP  on Sw2.
  Thanks
  Mahesh
  Message was edited by: mahesh parmar

  Hi jouni,
  yesterday i already tried with gateway IP of 192.168.10.2  it did  not work then i used 11.1 as gateway same issue.
  Today i tried again same thing.
  3550SMIA(config)#ip route 192.168.69.0 255.255.255.0 192.168.10.2
  3550SMIA(config)#end
  3550SMIA#ping 192.168.69.1
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 192.168.69.1, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  3550SMIA#
  here is sh ip route
  3550SMIA# sh ip route
  Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2
         i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, * - candidate default, U - per-user static route
         o - ODR, P - periodic downloaded static route
  Gateway of last resort is 192.168.5.3 to network 0.0.0.0
       100.0.0.0/32 is subnetted, 1 subnets
  O       100.100.100.100 [110/3] via 192.168.5.3, 5d02h, FastEthernet0/11
       3.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
  O       3.3.3.3/32 [110/2] via 192.168.5.3, 5d02h, FastEthernet0/11
  C       3.4.4.0/24 is directly connected, Loopback0
  C    192.168.30.0/24 is directly connected, Vlan30
       64.0.0.0/32 is subnetted, 1 subnets
  O E2    64.59.135.150 [110/300] via 192.168.5.3, 5d02h, FastEthernet0/11
  S    192.168.77.0/24 [1/0] via 192.168.10.2
  C    192.168.10.0/24 is directly connected, Vlan10
       172.31.0.0/24 is subnetted, 4 subnets
  O E2    172.31.3.0 [110/300] via 192.168.5.3, 5d02h, FastEthernet0/11
  O E2    172.31.2.0 [110/300] via 192.168.5.3, 5d02h, FastEthernet0/11
  O E2    172.31.1.0 [110/300] via 192.168.5.3, 5d02h, FastEthernet0/11
  O E2    172.31.0.0 [110/300] via 192.168.5.3, 5d02h, FastEthernet0/11
  O    192.168.11.0/24 [110/3] via 192.168.5.3, 5d02h, FastEthernet0/11
  O    192.168.98.0/24 [110/2] via 192.168.99.1, 5d02h, FastEthernet0/8
  C    192.168.99.0/24 is directly connected, FastEthernet0/8
  C    192.168.20.0/24 is directly connected, Vlan20
       192.168.5.0/31 is subnetted, 1 subnets
  C       192.168.5.2 is directly connected, FastEthernet0/11
       192.168.6.0/31 is subnetted, 1 subnets
  O       192.168.6.2 [110/2] via 192.168.5.3, 5d02h, FastEthernet0/11
  S    192.168.69.0/24 [1/0] via 192.168.10.2
  O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 5d02h, FastEthernet0/11
  Thanks
  MAhesh

• ACL not working in ASA 8.4

  An ACL has been applied on the inside interface to of the ASA 8.4 but it is not working. The aim of this list to allow only a few host for outside access and deny rest of the hosts for outside access. The syntex of the access list is
  access-list ACL-Inside extended permit ip host 192.168.100.101 any
  access-list ACL-Inside extended permit ip host 192.168.100.108 any
  access-list ACL-Inside extended permit ip host 192.168.100.109 any
  access-list ACL-Inside extended permit ip host 192.168.100.243 any
  access-list ACL-Inside extended permit ip host 192.168.100.241 any
  access-group ACL-Inside in interface inside

  Did you configure the NAT statement for the inside hosts to be mapped to a public IP? The below config will NAT 192.168.100.0 -100.254 to outside interface and the access-list you defined only allow those hosts to go out.
  object network Inside_Net
  subnet 192.168.100.0 255.255.255.0
  nat  (inside, outside)  dynamic interface
  If you alread did the above config please send us the packet capture as Mike requested.