Buffer Misses on Cisco 2970 and 2950 switches

Similar Messages

• The difference of the IEEE802.1x Auth between Cisco Routers and Catalyst switches

  Hello
  I am investigating the difference of the IEEE802.1x Auth between Routers and Switches.
  Basically dot1x auth is availlable on Catalyst Switches. however if I want to check to
  PortBased Multi-Auth , MAC address Auth and any certification Auth with this feature,
  Is it possible to integrate into Cisco Router such as Cisco 891F ?
  In my opinion Cisco891F is also available to use basic IEEE802.1x but if it compares with Catalyst switches such as Cat3560X
  I think there might be any unsupported feature on Cisco 891F.
  I appreciate any information. thank you very much in advance.
  Best Regards,
  Masanobu Hiyoshi

  Many time in interviews asked comaprison between cisco  routers and switches that i was answerless bcoz i dont have much knowledge about that.Can anyone provide me the compariosin sheet of the same.how are the cisco devices differ with each other how much Bandwidth each routres support and Etc...
  Ummmm ... The most common question I get is "what is the difference between a router and a switch".
  However, if you get a question like this, then my impression to this line of questioning are:
  1.  The candidate they are looking for has in-depth knowledge of routers and switches.  And I mean IN-DEPTH!;
  2.  They are not looking for a candidate.  They just want to stroke their ego.  There is not alot of people who can give you the "names and numbers" of routers and switches at a snap of a finger.  And if you do happen to know the answer, then and there, then expect a tougher follow-up question. 

• How often should the Cisco 6509 and 3750 switches be rebooted? Does Cisco have a best practice recommendation?

  How often should the 6509's and 3750's switches be rebooted?
  Does Cisco have a best practice document on this and recommendation how long the switch should be up before it gets rebooted?
  Why is a reboot needed if there are no indications of issues on the log?

  I'd agree with Larry here.
  If you're not seeing any issues with your IOS revision and there are no relevant PSIRTs (security notices applicalble to features and or exposure of your device requiring an IOS upgrade) then you can go a very long time without rebooting, if ever.
  I'm sure it's far from a record, but our corporate distribution router that supports >1000 downstream devices day in and day out has never been rebooted since installation just over 5 years ago. I have a top of rack Layer 2 switch (2900 series running CatOS) that's almost at 10 years.
  That said, you should have some monitoring scheme that assures you everything is healthy. But as long as memory and cpu are happy, the device will run forever.

• SSH Configuration in Cisco 3700 and 2960 switches

  Dear All,
  I have couple of Cisco switches i need to allow some particular ip address for accessing switches through SSH
  below is the user ip address details , Kindly help me for a configuring SSH in below listed ip address
  user ip address
  ==========
  172.188.50.7
  172.188.51.7
  172.188.7.222
  172.188.100.7
  172.188.101.7
  172.16.2.222
  172.16.1.6
  Switch ip address
  =============
  1. 172.16.9.1
  2. 172.16.9.2
  3. 172.16.9.3
  4. 172.16.9.4
  Waiting for the reply 
  Regards
  Muhammed

  Please refer this doc for configuring ssh .
  http://www.cisco.com/c/en/us/support/docs/security-vpn/secure-shell-ssh/4145-ssh.html
  Define these ip address in a access-list and call that access-class into  line vty .
  Regards
  PrajithTR

• Vlan routing with cisco router and linksys switch

  I have a linksys switch width vlan configured, connected to a Cisco router (1841), but I cant route between vlan’s.
  Please help me!!
  It Works with a Cisco switch perfectly(with the same ip and vlan).

  Yes. the linksys switch (SRW2024 24-Port 10/100/1000 Gigabit Switch) supports trunking.
  If you want you can visit the link and see that the switch supports vlan, dot1q and trunking.
  http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout&packedargs=c%3DL_Product_C2%26cid%3D1123638180432&pagename=Linksys%2FCommon%2FVisitorWrapper

• Cisco WAAS and Content Switching Module compatiblity

  We are planning to implement WAAS on our hub's 6500 core switches, so that TCP connections from the end sites users to the servers in the hub can be optimized. But we have the servers VLAN groups under the Cisco CSM module already. Are the client-server connections still able to be optimized by WAAS?

  Hi Joe
  let's seperate out the two topics here.
  a) WAAS traffic interception with wccp
  b) CSM
  a) when you say vlan 200 is where target servers are connected, is that the CSM client side vlan? or the actual server vlan ?
  the bottom line is you need to make sure the interface where you configure "ip wccp 61 redirect in" is recieving traffic from servers towards .
  Good reference for WCCP best practices in 6500
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/white_paper_c11-629052.html
  b) yes you can configure stickiness for session persistance as in below URL
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/csm/4.2.x/configuration/guide/addftrs.html
  Thanks

• 3640 router and 2950 switch via fiber

  hi all,
  is it possible to get a 3640 router with a NM-1FE-FX(100basefx) module and a WS-C2950C-24(100basefx) switch and setup 802.1q between them??
  TX

  If you wan to trunk between them then the answer is yes you can trunk between as long as the router has a newer version of code on it like 12.2

• Cisco Architectures for 2950/2960 Switches and 2800 Routers

  Hello,
  I have a question regarding the architectures of these three series, i.e. the type of switch fabric they use and the general architecture (first, second, or third generation regarding the sharing of the bus, memory and the type of switch fabric). We have so far learned these three generation and our assumption is that the only generation being produced now is the third (crossbar) generation, but so far we have to information to back up this claim. We are doing a study on buffer sizing in edge routers/switches so knowing the exact architecture of each model is our priority.
  Thank you for reading and thanks in advance for the answers. 

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Exact details on Cisco switch and/or router architecture can be hard to come by, as much of the information, Cisco appears to consider proprietary.
  Most switches have some kind of cross bar architecture.  Overall bandwidth tends to be higher in later variants (to support higher port densities and/or higher bandwidth ports).  Later switch architectures are less likely to block at ports.  However, there are often other architecture changes which may improve or worsen performance.  For example, 2960 tends to have more fabric bandwidth than the 2950, but the 2960 has different port buffer management (I believe) from the 2950, often resulting in more port drops with bursty traffic.
  True routers, like the 2800 series, I believe use a PCI bus, with additional bandwidth restrictions to the modules.  They will well support the WAN bandwidths they are recommended for, but they do not well support LAN port bandwidths.  Again, specific architecture details can be hard to come by.

• Apple wired Dot1X - on Cisco 2950 switches

  Hi, I have an issue with Apple desktop computers running 10.7 and 10.8 MacOS.
  The problem is that we have only 2950 switches and we are very limited with what we can do on them, so we wanted basic DOT1X user authentication and VLAN placement. Those two are working great, except when user logs off, Mac stops sending DOT1X and port becomes unauthenticated. We alleviated that issue by using guest-vlan for failed dot1x authentications, but now we have a problem that once user logs in, there is no session change on 2950 and it doesn’t even try to authenticate user until we bounce the port.
  Is there any way to fix this, on Cisco switch or Mac computer? One of the things that crossed my mind is bouncing port on Mac PC using some kind of logon script?
  Has anyone else had this issue and was able to solve it?
  Thanks.

  Hello Align,
  Cisco 2950 switch with 12.1(9) supports 802.1 x authentications. As you are saying that you already configured 802.1x authentication and its working fine. I think there is problem with your MAC OS configuration. Please follow the below link to configure 802.1x on Apple.
  http://support.apple.com/kb/ht3326

• Cisco 2950 switch config issues

  WOOHOO that worked!  Have been on another site for a week trying to get this done.
  Now, how do I change the default SSH port from 22 to the port I want?

  Hello,I have a Cisco 2950 switch that I am trying to get working correctly. I want to be able to make console and SSH connections, but not Telnet.
  Texten!config tusername admin secret Pa55w0rden secret Pa55w0rd!line con 0password Pa55w0rdlogin local!line vty 0 4password Pa55w0rdlogin localtransport input ssh!hostname GEMSWI0001ip domain-name domain.localntp server 192.168.217.10!crypto key generate rsa2048username admin priv 15 secret Pa55w0rdaaa new-model!service password-encryption!ip http serverip http port 65410!!vlan 128name Officeint vlan128ip address 192.168.128.254 255.255.255.0shut!vlan 217name GEMint vlan217ip address 192.168.217.254 255.255.255.0shut!vlan 999name GEM-Adminint vlan999ip address 192.168.255.251 255.255.255.248no shut!int fa0/47description GEMCON0000-1switch access vlan 999switchport mode accessswitchport...
  This topic first appeared in the Spiceworks Community

• Configuration of GBIC on 2950 and 3560 switches

  Can someone please advise how to configure a "GBIC T Base Port" on a 2950 switch. I have 2 off and would like to load share and provide redundacy. All documentation that I am aware of does not indicae that they support etherchannel configuration.

  Step 1
  configure terminal
  Enter global configuration mode.
  Step 2
  interface interface-id
  Specify a physical interface to configure, and enter interface configuration mode.
  Valid interfaces include physical interfaces.
  Up to eight interfaces of the same type and speed can be configured for the same group.
  Step 3
  switchport mode {access | trunk}
  switchport access vlan vlan-id
  Assign all interfaces as static-access ports in the same VLAN, or configure them as trunks.
  If you configure the interface as a static-access port, assign it to only one VLAN. The range is 1 to 4094.
  Step 4
  channel-group channel-group-number mode
  {{auto [non-silent] | desirable [non-silent] | on} | {active | passive}}
  For more detail see Etherchannel configuration Guide:
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12122ea5/2950scg/swethchl.htm

• Dot1x Issue on Cisco 2950 Switch

  Hi,
  I have a Cisco 2950 switch running with c2950-i6q4l2-mz.121-22.EA6.bin image.When i configure a Dot1x Port Control Auto on each interface the utilization on the Cisco 2950 goes high.The moment i remove Dot1x Port Control Auto command on every interface utilization comes to normal.
  Please let me know if any idea on this why the switch is behavior like this....
  Thanks & Regds,
  Lalit

  Most likely you are hitting a bug although I did not find anything in the bug toolkit that could resemblance this.
  What process is stealing all your cpu? Please do a `show proc cpu` for me. I would start by grabbing the EA13 release and try the same with that to see if you experience the same issues.

• Cisco SG300 - IGMP and multiple switches

  Hi all,
  I have read through various Cisco documents and tried various configurations and i have been unsuccessful
  Here is the network layout
  Cisco SG300-10 in Layer 3 mode, managing all VLANS created and inter-vlan traffic is working fine
  Ports 1-4 are in LAG 1 with LACP enabled, Ports 5-8 are in LAG 2 again with LACP enabled, port 9 is connected to the ASA 5505 (Trunk port, all VLANS) and port 10, again a trunk port I use for management
  LAG 1 and 2 are connected to Cisco SG300-52 switches
  again traffic between the switches is working ok, what we would like to do is the following
  on VLAN 7, we have multiple devices streaming using UDP multicast, what we would like to do is allow PC's on VLAN 5 to be able to pick up these streams as and when they need to, the devices broadcast on their own unique UDP ranges
  Could someone please explain to me what I need to configure on the Layer 3 switch and the other two Layer 2 switches in order for this to work?
  If i put a port into VLAN 7 and can view the stream without a problem, also if there is any fine tuning to be done once this is working
  Thanks
  Andy

  Jason,
  The only advantage you would get from using SFPs (fiber tranceivers) in the GBIC slots would be if you needed to make a run of over 100m between the switches.  Unless you have a very large property with switches at either end you are just as well to use the copper ports in the setup you described.  There is also nothing wrong with chaining the SG100s together if necessary to free up a port on the RV320.  The only other thing to consider is if you are using VLANs.  Each unmanaged SG100 will only pass a single VLAN so if you need segregated distribution coming from the RV320 you would need to put each SG100 on its own port.  Or, you could run a trunk from a port on the RV320 to your SG200 and then split off your untagged VLANs from there.  Hope this answers your question and have a nice day.
  Regards,
  Mike.V

• Ask the Expert: Packet Capture Capabilities of Cisco Routers and Switches

  With Rahul Rammanohar 
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about packet capture capabilities of Cisco routers and switches.
  In May 2013, we created a video that included packet capture capabilities across multiple Cisco routers and switches. For each product, we began with a discussion about the theory of the capabilities, followed by an explanation of the commands, and we concluded with a demo on real devices. In this Ask the Expert event, you’re encouraged to ask questions about the packet capture capabilities of these Cisco devices:
  •       7600/6500: mini protocol analyzer (MPA), ELAM, and Netdr
  •       ASR9k: network processor capture
  •       7200/ISRs: embedded packet capture
  •       Cisco Nexus 7K, 5K, and 3K: Ethanalyzer
  •       Cisco Nexus 7K: ELAM
  •       CRS: show captured packets
  •       ASR1K: embedded packet capture
  More Information
  Blog URL: Packet Capture Capabilities of Cisco Routers and Switches
  Watch the Video:  https://supportforums.cisco.com/videos/6226
  Hitesh Kumar is a customer support engineer in the High-Touch Technical Services team at Cisco specializing in routing protocols. He has been supporting major service providers and enterprise customers in routing, Multiprotocol Label Switching (MPLS), multicast, and Layer 2 VPN (L2VPN) issues on routing platforms for more than three years. He has more than six years of experience in the IT industry and holds a CCIE certification (number 38757) in service. 
  Rahul Rammanohar is a technical leader with the High-Touch Technical Support Team in India. He handles escalations in the area of routing protocols and large-scale architectures for devices running Cisco IOS, IOS-XR, and IOS-XE Software. He has been supporting major service providers and large enterprise customers for routing, MPLS, multicast, and L2VPN issues on all routing platforms. He has more than 13 years of experience and holds a CCIE certification (number 13015) in routing/switching and service provider.
  Remember to use the rating system to let Hitesh and Rahul know if you have received an adequate response.  
  Because of the volume expected during this event, Hitesh and Rahul might not be able to answer each question. Remember that you can continue the conversation in the Service Provider, sub-community forum shortly after the event. This event lasts through November 1, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Erick
      Thanks for the topology. The trigger will be different for labelled  packet as you would need to mention the values of labels too in the  trigger.
       Below are two examples of one or two labels being  used, it depends on where you are capturing the packet in mplsvpn  scenario which will decide teh number of labels being imposed on the  packet.
  Trigger for one label. (if the router on which you are capturing the packet PHP is being performed)
  VPN label - 5678
  Source Address - 111.111.111.111
  Destination Address - 123.123.123.123
  show platform capture elam trigger dbus others if data = 0 0 0 0x88470162 0xE0000000 0 0 0x00006F6F 0x6F6F 7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
  Trigger for two labels. (for other core routers)
  IGP label - 1234
  VPN label - 5678
  Source Address - 111.111.111.111
  Destination Address - 123.123.123.123
  show platform capture elam trigger dbus others if data = 0 0 0 0x8847004D 0x20000162 0xE0000000 0 0 0x00006F6F 0x6F6F7B7B 0x7B7B0000 [ 0 0 0 0xffffffff 0xf000ffff 0xf0000000 0 0 0x0000ffff 0xffffffff 0xffff0000 ]
      You can check the labels being used (by using show ip cef <> details) and covert their values to hex and change the trigger accordingly.
       I have changed the colors for better understanding. If you notice carefully in the trigger the values for ip address, labels have just been converted to their respective hex values which could be replaced.
       Please let me know if this helps.
  Thanks & Regards
  Hitesh & Rahul

• Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about Cisco® NX-OS.
  The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
  vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
  This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
  Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
  Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
  Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response. 
  Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Gustavo
  Please see my responses to your questions:
  Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
  Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
  Now for Data Plane we have two types of traffic – Unicast and Multicast.
  The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
  Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
  For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
  The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
  Similarity: For both products, loop avoidance is possible due to VSL bit
  The VSL bit is set in the DBUS header internal to the Nexus.
  It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
  This mechanism is used for loop prevention within the chassis.
  The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
  Differences:  In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
  It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
  For more details please see below presentation:
  https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
  DCI Scenario:  If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
  But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
  Let us know if you have further questions.
  Thanks,
  Vishal