ARD and Cisco switches (multicast storm issue)?

Similar Messages

• Remote span between Extreme and Cisco switches

  Hello,
  I need to configure remote span between Extreme Networks X460-24p and Cisco Cataylst 2960X switches. 2 IP phones are connected to ports 15 and 17 on Extreme switch, and should be monitored to port 1/0/47 on Cisco switch. Extreme and Cisco switches are interconnected with trunk (port 28 on Extreme with port 1/0/51 on Cisco).
  I configured the following:
  On Extreme switch:
  configure mirror mode enhanced
  enable mirroring to port 28 remote-tag 1000
  configure mirroring add port 17 ingress-and-egress
  configure mirroring add port 15 ingress-and-egress
  On Cisco switch:
  vlan 1000
   name RemoteSPAN
   remote-span
  monitor session 1 destination interface Gi1/0/47
  monitor session 1 source remote vlan 1000
  But this is not working :(
  Does enyone have experience with this? I really need help to make this work.
  Thanks.

  OK, this configuration is actually working :)

• 3com and cisco switches (802.1q)vlan integration problem - broadcast storm?

  Hi forum,
  we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.
  my questions:
  1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?
  2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?
  3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?
  4) is there a way on the design side to effectly counter this problem?
  Kind regards,
  paul

  It sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.
  As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.
  P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do.

• Cisco Transparent firewall and cisco switch issues.

  Dears,
  I have a very plain scenario
   LAN cisco switch <2 vlans>  ----------> cisco transparent firwall with bvi interface ------------>  crypto box ---------> cisco router ------ <remote/other site>
  i have vlan 61 configured on bvi interface of firewall, crypto box and also on the switch port and vlan of 61 is up up .
  The issue is i can connect remotely to cisco transparent firewall but cannot ping or connect to cisco switch. ???????????
  Need to know some trobuleshooting tips and basic settings that i need to verify. I simply want lan switch with 2 vlans to pass through the cisco transparent firewall and go to other site/remote site.

  Well,
  i have put the inspection icmp turned on for the sessions , and the version i am using is 9.1 
  moreover, i have put u p the ACLs for inbound and outboudn traffic, and while i ping across the firewall from the inside interface towards outside interface PC, i can see packet counts increasing on the acl , during the show access-llist command.
  i have requested the client to verify his part. do let me know further tips if you have any.
  [ moreover we cannot try to use packet-tracer from cli in transparent mode ]

• Windows 7 LLDP and Cisco Switches

  Does Windows 7 support IEEE LLDP (not to be confused with MS LLTP). We have LLDP enabled on are Cisco Switches and want to be able to see are what ports the Windows 7 devices are connected to. Using the Cisco Show LLDP neighbors.

  Hi,
  I suggest you refer to the following article in MSDN blog:
  Link Layer Topology Discovery Protocol Specification
  http://msdn.microsoft.com/en-us/library/windows/hardware/gg463061.aspx
  Thanks,
  Vincent Wang
  TechNet Community Support

• Converged 10gig server adapters and Cisco switches

  I have little network with 4 vsphere servers connected to clustered 3750x with 4*1Gig NICs per server.
  Servers are connected to central storage with two 8Gbps FC links per server. I don’t have FO switches cause central storage is equipped with 4 FO ports per controller.
  I want to upgrade servers and central storage. Servers will have two converged 10gig (HP FlexFabric) and 4*1 Gig interfaces
  I need to upgrade 3750x switches with new one with 10 gig interfaces.
  I am looking for two new Cisco switches that can handle converged traffic from server 10gig interfaces (iSCSI, FCoE).
  Nice feature will be if it is possible to connect existing FC storage to the new switches.
  Kind regards,
  Vice Lacmanovic

  Hello, vlacmanov. 
  I recommend at least the Nexus 5000 to support iSCSI and FCoE over your 10GE interface. (http://cs.co/9001SoyL) Do you already have any existing Cisco Nexus on your network?
  Let me know if you have additional concerns or e-mail ([email protected]) me directly. Kind regards. 

• 3750 switch and HP switch fiber connectivity issue

  I have connected 2 Cisco 3750 switches "WS-C3750-48TS-S" with the LC to LC Duplex Single Mode fiber cable. Both the switches are communicating with each other.
  As i have checked in the cisco document that GLC-SX-MM support only Multimode fiber cable. So i am surprised how does it support single mode fiber optic cable.
  Can anyone tell me the reason for supporting single mode fiber optic cable?
  But when i connect HP 4208 switch with the same Cisco 3750 the interface is showing up but the input packets are 0 and output packets are increasing on both ends.
  I have checked the SFP's and fiber cable are compatible with HP. 
  Can anybody suggest me what can be the possible cause of this?
  Regards,
  Mukesh Kumar
  Network Engineer
  Spooster IT Services

  I tried to troubleshoot this issue by using some show commands.
  As i have checked that there are some specific commands to check SFP transreceiver as given below:
  show hw-module subslot slot/subslottransceiver port idprom.
  show interfaces {{[int_name] transceiver {[detail]} | {transceiver [module mod] | detail [module mod]}}
  But these commands support only those transreceivers which support DOM. GLC-SX-MM doesn't support DOM.
  Can anyone tell me that are there some troubleshoting commands to solve out the issue?
  Regards,
  Mukesh Kumar
  Network Engineer
  Spooster IT Services

• IOS 6 and Cisco guest login safari issues

  Hi all,
  I have been having issues with my Cisco m10 wifi router which has been installed at home and the same model at my beauty salon.
  It seems that with iOS 6, Safari will not allow a login page to display for guests to log on.
  I have been searching for a solution and the problem continues. Autofill has been disabled, I have changed a few settings on the router (found in another forum)
  The problem persists!
  One thing I have found though is, if I use Google chrome the browser goes right to the login screen! I therefore presume it is an issue with Safari.
  The problem is no issue at home, but at my salon it would require that every client come in and load Chrome first! The only way to do that is to first enter my secure non guest side of my network download chrome and then go back into the guest side and run chrome in order to login .
  This makes no sense at all. Along with this, after a chrome login, safari will then work on the login.
  Please Apple what is the most simple solution?

  First of all, you won't get answers from Apple here.  These forums are only user-to-user, like you and I.
  Did you try reloading the page in Safari when you launched it?  I don't get the login screen unless I reload the page first.
  If you have to, go to Settings > General > Reset > Reset Network Settings.  This will erase all of the Wi-Fi data on your iThing, such as router passwords, Auto-Join, etc, which might remove network-joining glitches on your iDevice.  Just know your router password (if you have one) before you do this, as you will have to enter it again.
  Hope I helped!

• Cisco Switches and HP Interoperability with Spanning-Tree (RSTP)

  Hello All.
  I read a lot of information from this forum about Spaning-Tree interoperability between HP Switches and Cisco Switches.
  Rather than having questions I would like to post that I manage to configure successfully HP and Cisco using RSTP (802.1w).
  SWPADRAO]display stp root
  MSTID  Root Bridge ID        ExtPathCost IntPathCost Root Port
    0    32768.cc3e-5f3a-2939  0           0
  [SWPADRAO]display stp brief
  MSTID      Port                         Role  STP State     Protection
    0        GigabitEthernet1/0/47        DESI  FORWARDING    NONE
    0        GigabitEthernet1/0/48        DESI  FORWARDING    NONE
  [SWPADRAO]display stp instance 0
  -------[CIST Global Info][Mode RSTP]-------
  CIST Bridge         :32768.cc3e-5f3a-2939
  Bridge Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
  CIST Root/ERPC      :32768.cc3e-5f3a-2939 / 0
  CIST RegRoot/IRPC   :32768.cc3e-5f3a-2939 / 0
  CIST RootPortId     :0.0
  BPDU-Protection     :enabled
  Bridge Config-
  Digest-Snooping     :disabled
  TC or TCN received  :17
  Time since last TC  :0 days 0h:1m:52s
  SWNHAM17#show spanning-tree VLAN0001
   Spanning tree enabled protocol rstp
   Root ID    Priority    32768
              Address     cc3e.5f3a.2939
              Cost        4
              Port        26 (GigabitEthernet0/2)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
              Address     001b.54db.7200
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
              Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Altn BLK 4         128.25   P2p
  Gi0/2            Root FWD 4         128.26   P2p
  SWNHAM18#show spanning-tree VLAN0001
   Spanning tree enabled protocol rstp
   Root ID    Priority    32768
              Address     cc3e.5f3a.2939
              Cost        4
              Port        26 (GigabitEthernet0/2)
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec  Bridge ID  Priority    61441  (priority 61440 sys-id-ext 1)
              Address     001b.0cbc.4300
              Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
              Aging Time 300 Interface        Role Sts Cost      Prio.Nbr Type
  Gi0/1            Desg FWD 4         128.25   P2p
  Gi0/2            Root FWD 4         128.26   P2p

  Hello, David.
  Your command doesn't work because it's made only for tha ports that has command "spanning-tree portfast" in them. Try change spanning tree mode at the HP switch to MSTP if this is possible.

• RedHat Enterprise Cluster and Cisco IGMP Snooping/Querying

  Has anyone else had any experience with IGMP Snooping/Querying and RedHat Enterprise Cluster?
  We have been experiencing a large amount of problems with this functionality.
  We are running IGMP Querying in our environment and we recently set up a second querier.
  Here's the steps we took
  Existing querier:  192.168.3.248
  Everything was running fine.
  Added a new querier on a different switch: 192.168.3.247
  At this point, all of our RedHat Enterprise Clusters fenced themselves and needed to be restarted in order to restore
  access.  In order to restart the RedHat Enterprise Clusters, the physical servers must be rebooted.
  Are there any known issues with RedHat Enterprise Clustering and Cisco Switches (3750
  series)?  I would expect the querier change to be seamless, but it does not seem that this
  is the case. 

  Hi,
  In our organizaiton we have Red Hat Cluster with 2 cisco switch (Model: cisco WS-C2960S-24TD-L, Version: "flash:/ c2960s-universalk9-mz.122-55.SE3/c2960s-universalk9-mz.122-55.SE3.bin").
  - We are using HP Chassis c7000 and Server is on the chassis. There are 2 service IC & Med. Each server has one service primary and other secondary running.
  - The two cluster switches are connected each other with Ether channer trunk (1+1) link. Also these 2 switches are connected to our Mgmt switch for Server Admin access to HP Chassis via OA port. The Red Hat system has cluster lan (pri & sec) & OA lan (01 & 02 of HP chassis) connected to Cluster switches. The Mgmt VLAN is 501 - 172.31.10.0/24.
  Problem:
  When the CluserSW01 goes down the cluser shifted to CluseterSW02 with Cluser_Secondary_LAN and OA2. But when the ClusterSW01 switch comes again than the communication breaks and cluster don come up.
  I was thinking this is either STP or IGMP, well sure though. As these are production systems hence we also couldn't do much more test as well.
  If you have face any such issue or have experience with it or know what the problem might be... kindly share with me.
  Thanks,
  Adnan

• Physical port security on Cisco switching

  We have a security problem I would like to resolve. Like most sites our wired network has live ports that periodically, non corporate PCs and laptops connect up to without our knowledge. In our network we do not filter for valid MAC addresses although Ive learned this is a poor approach to security as MAC can be changed in about 10 seconds.
  I would like a solution that would validate corporate systems and let them through the Cisco layer 3 switching and block out all other devices which attempt connection. We do not currently have IDS or IPS and are not likely to in short term.
  Is there a hardware or software or combination solution out there that works well for this ?
  Thank you

  Steve
  2 solutions spring to mind
  1) 802.1x authentication. Microsoft XP/Vista has built in 802.1x supplicant and Cisco switches support Network EAP used to pass the 802.1x messages. What you also need is an authentication server such as Cisco Secure ACS server although Microsoft IAS server also supports 802.1x.
  Basically before a client is allowed access to the network they have to authenticate to the network with valid credentials otherwise the port is shutdown.
  2) NAC - Network Admission Control. This goes one step further than 1) whereby the client is also checked to see if it conforms to company policy eg. does it have the right virus checker on it etc.. and if it doesn't the client can be quarantined.
  A search on Cisco's website for both NAC and 802.1x will provide a lot of useful links.
  Jon

• "Genuine" SFP/GBIC's in Cisco switches

  I've heard some rumbling that not all GBIC/SFP products will work in Cisco switches because they are not "genuine Cisco" and Cisco switches have some way of checking to make sure they are. I can't seem to get any search hits confirming this. Can anyone point me to a document that references this?
  Searching for vendors of "genuine Cisco" SFP/GBIC products we've noticed amazing pricing disparity! Can anyone comment on their experiences in the marketplace.
  Thanks for your help - Steve

  I've heard some rumbling that not all GBIC/SFP products will work in Cisco switches because they are not "genuine Cisco" and Cisco switches have some way of checking to make sure they are.
  Starting with the 2960, 3560 & 3750, Cisco switches will interrogate the SFPs by computing the IDProm value.  If the IDProm value of the SFP is incorrect, the port goes into error-disable. 
  I can't seem to get any search hits confirming this. Can anyone point me to a document that references this?
  I won't post the command here but the command can be found in this forum.  I have seen one guy approach the manufacturer of the SFP+ and he asked the manufacturer to reflash the SFP+ so it'll show up as Cisco.  And it worked.

• 3COM and cisco link Fiber

  Hi
  I am using a 3COM and cisco switch. I have a GBIC GLC-SX-MM on one side and a 3com SFP Transeciver on the other side)
  My machines on each side canot ping. 
  On the same side its ok.
  I htought there was little or no config in cases like this?
  I have never worked with 3com nor fibre. any help wouldbe great!
  Sinead

  GBIC GLC-SX-MM on CISCO 
  3com has SFP Transeciver 1000base - SX

• Multicasting (IGMP Snoop) between Nortel and Cisco

  We are currently having issues with Zen imaging (multicasting) and our setup is the following.
  Please take into account, our knowledge is very limited with IGMP Snooping setup etc.
  MDF = 6 Nortel 450-24T's using FirmWare -1.48 / SoftWare - 4.5.2.4
  IGMP Settings are such :
  VLAN: [ 1 ]
  Snooping: [ Enabled ]
  Proxy: [ Disabled ] -----> This was on...but once off, runs much smoother.
  Robust Value: [ 2 ]
  Query Time: [ 125 seconds ]
  Set Router Ports: [ Version 1 ]
  In the MDF (anythig directly in those switches) images fine now. (once I disabled PROXY)
  However I have a few IDF's off the MDF that are using OLD Nortel 350F-HD's (no IGMP Snooping support) and it's horrible (can only do a few computers at a time.
  So in one of the IDF's (the biggest one) I pulled out the 350F-HD and replaced it with a CISCO 2950 w/Fiber and it's using 12.1.20EA1 and I left IGMP Snooping on (thinking this will fix it) and couldn't even get ONE machine to connect and image in the multicast session. It's settings were (by default):
  Global IGMP Snooping configuration:
  IGMP snooping : Disabled
  IGMPv3 snooping (minimal) : Enabled
  Report suppression : Enabled
  TCN solicit query : Disabled
  TCN flood query count : 2
  Vlan 1:
  IGMP snooping : Disabled
  Immediate leave : Disabled
  Multicast router learning mode : pim-dvmrp
  Source only learning age timer : 10
  I then completly disabled IGMP Snooping on the CISCO and we're able to Image 5-7 Computers without a crash (more than that and it crashes - disconnects etc)
  In the area's that I have All 450's or all CIsco's the imaging seems to go fine. (with minor errors)
  Can any one give me some advice (or hopefully ran into this mixed setup before)?
  Thank you.

  Bosalaza,
  Thank you for replying (and I read even more on the ip multicast routing). However I've not ran into the same issue at any school that has 100% cisco switches or 100% Nortels (that are setup correctly and not older than dirt). I think we've not needed the multicast routing setup as we only have one router on the network (and it's flat at the moment anyway). As long as IGMP Snooping is enabled correctly (on the switches) it seems to serve us well.
  Although from what I've read (where you pointed me too) it seems even in our setup we would benifeit from taking time to setup "ip pim ....." etc.
  I was able to scrounge from another network and change out a few very old Nortels (that didn't support IGMP Snoop) and all seems well now.
  So long story short (and incase anyone else needs this info. The Nortel 350T and F - HD's were the main issue. It seems (for now) that a mixture of Nortel 350/450-24T's (any model that at least has IGMP Snooping) and Cisco's mixed (also Snoop on) works pretty well.
  I'm going to consider this solved as I was able to fix it with changing out some old product. However I really appreciate your efforts and pointing my towards some good info. (Which I'm going to read up on more, as I'm sure we'll need to get it setup in the near future.)
  Thanks again.

• Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

  We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
  We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

  Hi,
  So you have N7k acting as L3 with servers connected to 4510?.
  Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
  This will help narrow down if issue is between server to 4510 or 4510 to N7k.
  Thanks,
  Nagendra