Cat 3750 duplicating packets

Similar Messages

• CoS/DSCP to queue mapping in Cat 3750

  Hi..
  Cat 3750 supports mapping of CoS to queue as well as mapping DSCP to queue.
  WOuld like to understand which one will the switch use when actually placing packets in the queue..
  thanks
  Eng Wee

  My apologies, that was not a very good explanation :-)
  Here is what really happens:
  - when a frame is received on a port, the switch maps the CoS or DSCP in the packet to a QoS label to distinguish one kind of traffic from another. If the port is set to trust CoS, the CoS value is used to generate the QoS label. If the port is set to trust DSCP, the DSCP value is used to generate the QoS label.
  - The QoS label that is generated identifies all future QoS actions to be performed on this packet.
  - when the packet is switched to the egress interface, an output queue is selected based on the QoS label. If the QoS label was based on DSCP, the DSCP-to-queue mapping is used. If the QoS label was based on CoS, the CoS-to-queue mapping is used.
  Hope that helps - pls rate the post if it does.
  Paresh

• CAT 3750 and WCCP?

  Is WCCP supported in CAT 3750?

  Is WCCP supported in CAT 3750?
  Hi,
  Yes WCCP is supported with release 12.2 (37) SE in IP Services.Check out the below link from cisco for more information
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/prod_qas09186a00801b0971.html
  Hope to Help !!
  Ganesh.H
  Remember to rate the helpful post

• WLC 5508 LAG and CAt 3750 cross stack

  Hello,
  I would like to use the LAG feature on my 5508 WLCs and connect each of them to two different port of a 3750 stack using cross stack. Do you think it will work?
  Cisco suggests not to connect different LAG ports of a WLC to different CAT3750 but it's not clear if it was referred to different standalone 3750s or to a stackwise of 3750s.
  Tnks all
  Johnny

  The HA kicks in when the primary looses gateway, do a small test, keep a continuous ping to WLC  from its gateway as source and break one of the link in the LAG and see if you drop any packet ?

• CAT 3750 Policy base routing preformance

  Does anybody know where i can find data about preformance of routing on Catalyst 3750 when i use the policy base routing on it. And what methods of packets switching is availalbe witch policy base routing.

  check out the following link on configuring PBR on Catalyst 3750 switches :
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a0080502417.html#wp1228588

• Multicast: duplicated packets on nexus 7k with vpc and HSRP

  Hi guys,
  I'm testing multicast deployment on the lab shown below. The sender and the receiver are connected to the 6500 in two different vlans. The sender is in vlan 23 and the reciever in vlan 500. They are connected to the 6500 with a trunk link. There is VPc between the two nexus 7k and the 6500.
  Furthermore, there is HSRP running on the two vlan interface 23 and 500 on both nexus.
  I have configured the minimum to use PIM-SM with static RP. The RP is the 3750 above the nexus. (*,G) and (S,G) states are created correctly.
  IGMP snopping is enabled on 6500, and the two nexus.
  I'm using iperf to generate my flow, and netflow and snmp to monitor what happens.
  All works correctly, my receiver receive the flow and it takes the good route. My problem is that I have four times more multicast traffic on the vlan interface 500 on both nexus but this traffic is only sent one time to the receiver (which is the good comportment) and the rest of the traffic is not shown on any other physical interface in outbound.
  Indeed, I'm sending one flow, the two nexus receive it (one from peer link and the other from the 6500) in the vlan 23 (for example 25 packets inbound).
  But when the flow is routed in the vlan 500, there is 100 packets on each interface vlan 500 on each nexus in outbound.
  And when monitoring all physical interfaces, I only see 25 packets outbound on the interface linked with the receiver and the overflow isn't outgone.
  I have joined the graphs I obtain on one of the nexus for the vlan 23 and the vlan 500. Netflow says the same things in bits/s.
  Had someone already seen that? Any idea about the duplication of the packets?
  Thanks for any comment,
  Regards,
  Configuration:
  Nexus 1: n7000-s1-dk9.5.2.7.bin, 2 SUP1, 1 N7K-M132XP-12, 1 N7K-M148GS-11
  Nexus 2: n7000-s1-dk9.5.2.7.bin, 2 SUP1, 1 N7K-M132XP-12, 1 N7K-M148GS-11
  6500: s72033-adventerprisek9_wan-mz.122-33.SXI5.bin (12.2(33)SXI5)
  3750: c3750-ipservicesk9-mz.122-50.SE5.bin (12.2(50)SE5)

  Hi Kuldeep,
  If you intend to put those routers on a non-vpc vlan, you  may create  a new inter-switch trunk between the N7K and allow that non-vpc vlan . However if those will be on a VPC vlan, best to create two links to the N7K pair and create a VPC, otherwise configure those ports as orphan ports which will leverage the VPC peer link .
  HTH
  Jay Ocampo

• Cat 3750-Span (Port Mirroring issue)

  Hello team
  I am facing port mirroring issue in my setup. Details of the setup are mentioned below
  Setup--
  Stack of 4 catalyst switches WS-C3750X-48P running software 15.0(1) SE3 .Approximately 12 vlans are configured in this setup and port mirroring is done for all vlans with destination configured as single Gig Ethernet port...The setup works fine from mirroring perspective for 3-4 days and after that machine connected to destination port stops getting data.
  Observations-
  It has been observed that during the issue, the port configured for mirror destination has lot of packet drop/input errors on the port statistics.
  If we configure only TX packet mirroring, it works for 8 -10 days
  If we configure TX & RX packet mirroring, it works for 2-3 days
  Testing done
  Tried clearing counter on destination port but no success (mirroring doesn’t start)
  Tried  shut /no shut for the destination port but no success.
  Tried restarting the machine connected to destination port but no success
  Workaround
  We need to reconfigure the mirroring configuration after removing the mirroring config from the switch. Once the same is done, mirroring starts working.
  Want to understand
  1-is there any HW limitation for the switch (destination port not capable of handling mirroring traffic)
  2-is there any software related issue?
  3-what can be permanent resolution for the same..

  Hello
  We have tried this previously but found same result.
  1- we deleted the monitror session and recreated again with same session number
  2-we deleted the monitor session and created new session (session id diffrent ) with same config..
  in both cases its working for 3-4 days..

• Cat 3750 Switch: Dynamic vlan assignment

  Hey guys,
  I am trying to configure 802.1x on the switch and authenticate users against a Radius server. My radius server is FreeRadius running on Redhat. The authentication works fine but the switch just doesn't take the VLAN assigned by the server. I captured the packets between the server 172.17.1.1 and the switch 172.17.254.100. The cap file is attached here. Can anybody please verify that all the attributes are there and are all correct?
  The client laptop is running Windows XP and it's using EAP-MD5. The laptop in on port F1/0/1. Here is the configuration on the switch:
  aaa new-model
  aaa authentication dot1x default group radius none
  aaa authorization network default group radius none
  interface FastEthernet1/0/1
  switchport mode access
  dot1x pae authenticator
  dot1x port-control auto
  dot1x violation-mode protect
  dot1x reauthentication
  dot1x guest-vlan 17
  dot1x auth-fail vlan 18
  spanning-tree portfast
  radius-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx
  I also tried to debug dot1x errors and there is no output so I guess there is no errors... Any advise is appreciated! Thank you!

  Hey Kush, thanks for reply! I did those debugs and I will upload them here. In the debug radius the output is saying that unknow cisco AVP type. I think the switch just doesn't like the Freeradius's attributes. I think what I will do is that I will setup ACS server (with the evaluation software) and configure it to dynamically assign vlan and use the wireshark to watch the attributes sent by the server and adjust my Freeradius setting accordingly and see if that helps...

• How to do NAT on cat 3750 switch?

  give me an example or a link
  thanks

  Hi,
  NAT is not supported on the 3750s. Here is a link that confirms that:
  http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00802c10bd.html#wp1031988
  Pls do remember to rate posts.
  Paresh

• Re: Cat 3750 Stack Management

  Hello,
  I am building a few 3750 stacks with three or more units, I want to be able to poll/monitor each  individual switch in the stack but as it only has 1 ip associated with  the stack, how can I do this?   I am blind to a switch  going down in the middle of the stack.  I saw this in a four-year-old forum, but I say no specific resolution.

  All stack management happens through the commander.  The stack looks like a huge switch.  If you want to monitor a specific switch's interfaces you can.  They will be numbered as *EthernetX/0/Y, where X is the stack member number and Y is the interface number.  CPU utilization can only be monitored on the active stack master, though.  Inventory can be obtained from each stack member using ENTITY-MIB.  Environmental data can be obtained for each switch using the CISCO-ENVMON-MIB.

• AP1252-AG with Cat 3560 / Cat 3750

  Hi All,
  please advise, I am probably not the only one, but I have come to realise that 15.4W provided by switch ports on 3560/3570 catalysts is not sufficient to power up an AP1252-AG dual radio device. I have read the spec and it says that a dual radio AP requires 16.9W, but a single radio AP will consume/need 12.95W plus a little more depending on the ethernet cable length. As a test I physically removed one radio from the AP1252-AG and tried to power it up via poe port on switch. The AP powered up OK with just one radio module installed.
  However the AP cannot be installed with one module removed, so my alternatives are to either power the AP with direct power supply or use the Power Injector which will provide enough power to start both radios.
  I was wondering whether it is possible to have both radios installed 2.4/5.0 Ghz but have one disabled through the software, so that the AP will only effectively be running with one Radio Module (UP), but it will have two Radios installed physically.
  I have tried this numerous times, when I try to use poe for the ap, it negotiates with the switch port that it need more power for the two radios, the switch can't provide it so it goes into low power mode.
  I was hoping that by disabling one radio and then booting the AP it would only request enough power to feed 1 radio, the switch would be able to provide the requested amount and then the AP would work. But I cannot get this to work, Is it at all possible?

  Well yes, if the clients are in range of the same AP, they will use the AP to communicate with one another. But if you have several APs, say one AP in one room and another AP in another room, then usually signal travels from wireless client 1 to AP 1 via the radio, then AP 1 forwards the packet over a cable to a switch that relays to the second AP, then the second AP relays the signal wirelessly to the second client. This system is used because usually APs would not use their radio to talk to each other, for many reasons.
  In your case, if you have a controller, Aps need to talk to the controller, and the controller doesn't have any radio anyway, so you need cables to connect to your controller. If it is a 2100 controller, you can forget the switch and connect your APs to the controller.
  If you have a 4400 series, you need a switch as APs cannot connect directly to 4400 controllers.
  Cheers
  Jerome

• How to configure cat 3750 to support ssh2

  hey,
  I'm trying to configure, my catalyst 3750 to support sshv2 im running IOS c3750-ipbasek9-mz.122-25.SEB2.
  what commands do I need to enter on the Switch? I got a pdf from cisco showing how to do it. but I don't quite understand it. Right now my switch is just using telnet. I want to configure it to support telnet, sshv1 or sshv2.
  Also all the switches use tacacs as well
  thanks alot!

  This should do it..
  aaa new-model
  username cisco secret cisco
  hostname
  ip domain name
  crypto key generate rsa (this one is interactive)
  line vty 0 4
  transport input telnet ssh
  SSHv1 or SSHv2 is dependant on which version of the IOS you use...
  Check this document:
  http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

• Cat 3750 and EEM

  HI,
  I have a 3750 as below and it doesnt seem to have eem commands on it.
  I thought EEM was supported for this platform,IOS version and Package level?
  Any Ideas?
  Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2010 by Cisco Systems, Inc.
  System image file is "flash:c3750-ipbasek9-mz.122-53.SE2.bin"

  Is this definitely not a defect that the CLI commands are disabled?
  I have the same issue and when i look at the processes i get this:
  #show process | inc EEM
     9 Mwe  1CF14D8          49       971      50  7708/9000    0 EEM ED Syslog
    57 Mwe  1CD7DB0      286447   1855661     154  7700/9000    0 EEM ED ND
    58 Mwe  1CC7330           0       187       0  7676/9000    0 EEM ED Identity
    59 Mwe  1CC7330           0       333       0  7668/9000    0 EEM ED MAT
  282 Mwe  1CDE97C           0         2       0  7852/9000    0 EEM ED Routing
  288 Mwe  1C82058           9        53     169  4556/6000    0 EEM Server
  289 Mwe  1CA2888           0         2       0  5100/6000    0 EEM Policy Direc
  291 Mwe  1CC7330           0         2       0  7820/9000    0 EEM ED CLI
  292 Mwe  1CC7330           0         3       0  7824/9000    0 EEM ED Counter
  293 Mwe  1CC7330           0         3       0  7820/9000    0 EEM ED Interface
  294 Mwe  1CC7330           0         3       0  7824/9000    0 EEM ED IOSWD
  295 Mwe  1CC7330           0         3       0  7820/9000    0 EEM ED None
  296 Mwe  1CC7330           0         3       0  7824/9000    0 EEM ED OIR
  298 Mwe  1CC7330           0         3       0  7824/9000    0 EEM ED SNMP
  299 Mwe  1CC7330           0         3       0  7824/9000    0 EEM ED SNMP Obje
  300 Mwe  1CC7330           0         3       0  7824/9000    0 EEM ED Ipsla
  301 Mwe  1CEE868           0         2       0  7856/9000    0 EEM ED SNMP Noti
  302 Mwe  1CC7330       11653    150780      77  7624/9000    0 EEM ED Timer
  Looks like all the event detector processes are running and getting invoked. The syslog one has been invoked 971 times for example.
  Does the auto smart ports feature use all of these? Also the policies are for eem 3.2 not eem 2.4 which is what is in the feature navigator. Would be really nice to be able to have cli access to these processes seeing as they are running.

• Web Authentication on Layer 3 interface with Cat 3750 - doc is wrong?

  Cisco 3750 with IP Service Image 12.2.55
  Trying to enable Web Authentication on Layer 3 interface:
  ip auth-proxy name bp_auth_proxy http inactivity-time 60
  interface GigabitEthernet1/0/5
  no switchport
  ip address 192.168.1.27 255.255.255.0
  ip access-group 101 in
  ip admission bp_auth_proxy
  last line fails:
  % This config is not supported on this platform. Try configuring a new rule.
  I also tried to set this on vlan interface, same result.
  The line works on layer 2 interface, but this is not what I need.
  Doc says everything must work with Layer 3 i/f, since 12.2.52:
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/configuration/guide/swwebauth.html#wp1104204
  Am I doing something wrong?
  Thanks a lot for help!
  Sergey

  Hi, I'm having the same issue issue in 12.2(55)SE6 IP services, did you ever get it working or find a work around?
  Web-Auth-TestSW1(config-if)#int fa3/0/1
  Web-Auth-TestSW1(config-if)#no sw
  Web-Auth-TestSW1(config-if)# ip address 10.x.x.x 255.255.255.128
  Web-Auth-TestSW1(config-if)# ip admission webauth1
  % This config is not supported on this platform. Try configuring a new rule

• Cat 3750 with Voice VLAN and Dynamic VLANs

  Morning,
  Has anyone had any success with configuring a Catalyst 3750 with a Voice VLAN (Cisco phones) and 802.1x dynamic VLANs?
  Is a RADIUS server able to provide values to change the native vlan?
  Is there a decent tech note knocking about for configuring 'dynamic VLAN assignment through MAC addresses'?
  Thanks,

  Voice VLAN's don't require trunk ports to be configured (unless you are talkling about 2900XL/3500XL switches). Cisco added the ability to trunk a single 802.1q VLAN down an access port in addition to the access vlan - so in 2950 or above the only config you need is:
  interface FastEthernet0/1
  switchport
  switchport mode access
  switchport access vlan 10
  switchport voice vlan 100
  This is effectively the same as:
  interface FastEthernet0/1
  switchport
  switchport trunk encapsulation dot1q
  switchport mode trunk
  switchport trunk native vlan 10
  switchport trunk allowed vlan 10,100
  The only difference is the CDP message with the first config will advertise the Voice VLAN capability and the tag.
  With the older 2900XL/3500XL switches you had to configure the interfaces like the second example (plus adding the command switchport voice vlan xx for CDP to inform the IP Phone of the voice vlan).
  QoS is not detailed anywhere here and that obviously plays an important role with voice.
  In your scenario I am not sure ACS can do what you describe as this will require 802.1x supplicants on the client PC's (I may be wrong here and I do remember someone talking about switches being able to do an 802.1x 'proxy' using the MAC address on behalf of non 802.1x capable devices). This seems to me more of a VMPS application.
  Personally I would reconfigure the network each time and charge the occupants a small fee for network setup.....
  HTH
  Andy