Catalyst 3850 Stack VLANs, layer 2 vs. layer 3 design question
Hello there:
Just a generic, design question, after doing much reading, I am just not clear as when to use one or the other, and what the benefits/tradeoffs are:
Should we configure the switch stack w/ layer 3, or layer 2 VLANs?
We have a Catalyst 3850 Stack, connected to an ASA-X 5545 firewall via 8GB etherchannel.
We have about 100 servers (some connected w/ bonding or mini-etherchannels), and 30 VLANs.
We have several 10GB connections to servers.
We push large, (up to) TB sized files from VLAN to VLAN, mostly using scp.
No ip phones, no POE.
Inter-VLAN connectivity/throughput and security are priorities.
Originally, we planned to use the ASA to filter connections between VLANs, and VACLs or PACLs on the switch stack to filter connections between hosts w/in the same VLAN.
Thank you.
If all of your servers are going to the 3850 then I'd say you've got the wrong switch model to do DC job. If you don't configure QoS properly, then your servers will start dropping packets because Catalyst switches have very, very shallow memory buffers. These memory buffers get swamped when servers do non-stop traffic.
Ideally, Cisco recommends the Nexus solution to connect servers to. One of the guys here, Joseph, regularly recommends the Catalyst 4500-X as a suitable (and financial) alternative to the more expensive Nexus range.
In a DC environment, if you have a lot of VM stuff, then stick with Layer 2. V-Motion and Layer 3 don't go hand-in-hand.
Similar Messages
-
Disabling Catalyst 3850 Stack Discovery?
At Cisco Live! 2013 Orlando a mention was made which I understood to mean that by turning off the stacking ports of a Catalyst 3850 the switch would not wait for stack discovery but proceed with the boot sequence (by virtue of knowing the topology i.e. no other switches).
However, if I issue
switch 1 stack port 1 disable
switch 1 stack port 2 disable
save the config and do a reboot, the switch still sits for a long time just before the stack discovery completion messages, and boots no faster than a default out-of-the-box switch. Did I misunderstand, or is there some other command to tell the switch to not bother with stack discovery?Here is a late reply:
It doesn't disable it completely:
When a stack port is flapping and causing instability in the stack, be careful when using the switch stack-member-number stack port port-number disable privileged EXEC command. When you disable the stack port, the stack operates at half bandwidth. -
Catalyst 3850 Stack - 10G Modules
I have installed a (3) switch stack of Catalyst 3850 switches. I installed a 10G module in the 1st switch (the master) configured it and plugged it into the network and all works fine. Now I would like to add a second 10 Gigabit Ethernet connection to the stack in a channel group. When I install the 10G module into the standby switch (switch 3) I can do a "show inventory" and the 10G module is there. I can configure TenGigabitEthernet 3/1/3 and do a show run interface TenGigabitEthernet 3/1/3 all looks normal, but when I do a "show interface status" it is not listed and I cannot get the interface to come up. Is there anything I maybe missing when installing the 10G module or in my configurations?
Thanks!Hello Martin,
As a reference, please look at this link, it may help you,
https://supportforums.cisco.com/docs/DOC-36084
Berta.
MARTIN HUERTER escribió:I have installed a (3) switch stack of Catalyst 3850 switches. I installed a 10G module in the 1st switch (the master) configured it and plugged it into the network and all works fine. Now I would like to add a second 10 Gigabit Ethernet connection to the stack in a channel group. When I install the 10G module into the standby switch (switch 3) I can do a "show inventory" and the 10G module is there. I can configure TenGigabitEthernet 3/1/3 and do a show run interface TenGigabitEthernet 3/1/3 all looks normal, but when I do a "show interface status" it is not listed and I cannot get the interface to come up. Is there anything I maybe missing when installing the 10G module or in my configurations?Thanks! -
3850 Stack not displayed correctly in CiscoView 6.1
HI,
our customer installed lms 4.2, updated it to 4.2.5 and applied the Maintenance_Release_4_2_5_01_LNX. Its a fresh installation, so there are no previous data. After a discovery via SNMPv3 the 3850 (stacks with 2 or 3 units) show up in CiscoView but only one unit, the others are missing. When I take a look in the fan status, it displays the fan status of the other stack members, so the stack is recognized, but not displayed...
Installed Packages:
CiscoView version is 6.1.156
Cat3850.cv50.v1-0.zip (installed with the 4.2.5 update)
Anybody got an idea how to fix this?
Thanks!The reason why the C3850 switch stack is showing as standalone in LMS CiscoView is because
it's returning sysObjectID as standalone.
It should return as 1.3.6.1.4.1.9.1.1745 --cat38xxstack
While, if you poll it for sysObjectID, the Catalyst 3850 stack switches will be returning OID 1.3.6.1.4.1.9.1.1641.
This is an IOS bug "CSCul00003 - Incorrect Sys OID for Cat3850 Stack device".
Unless this bug is fixed, LMS will not be able to show it as stack device.
You can try to check if you can manually change the device identity to cat38xxstack from Inventory > add/edit device > edit identity.
Else we need to wait for the fix of this bug.
-Thanks
Vinod -
Cisco Catalyst 3850 as ntp master
Hi All,
I have 2 x Cisco Catalyst 3850 stacked together. What are your recommendations if I use the C3850 as a ntp master for all edge switches connected in my network? All edge switches must be authenticated if it needs NTP sychronization. But other than that, what are the downsides?
For example,
1. I heard that switches do not have an internal clock so is a poor device to be a centralized NTP master.
2. I have also read that switches also have slow CPU processors that may lack the processing required.
3. Its NTP sychronization will use external NTP servers which are resolved into IP addresses (e.g. pool.ntp.org). IP address can change. What other more reliable NTP sources are there?
4. Any other thoughts and comments are most welcome.Firstly, DO NOT use the command "ntp master". Cisco do not recommend using this commands because this will confuse the NTP propagation inside the network.
Next, all Cisco devices do not have a dedicated clock. All appliances need to get SNTP/NTP time synch from somewhere. This "somewhere" could either be a dedicated GPS-based NTP server and/or a time synch somewhere out in the internet.
You can also use the command "ntp update-calendar". This new command allows appliances to take regular "snapshot" of the time and save it into the NVRAM. In case there was a reboot or a power failure, the appliance's time is not too far away instead of waiting 5 to 10 minutes for SNTP/NTP to synch. -
How many Cisco Catalyst 3850 switches can make up a Cisco StackPower stack?
I know the number of Cisco 3850 switches for stacking is 9, so, if I make up a Cisco StackPower stack, MAX is 9, too?
Hi, emma, only 4 switches can become part of the same Cisco StackPower stack in a ring topology.
For the Cisco 3850 switches stack number,there are two types:
Up to 9 Cisco Catalyst 3850 switches can be stacked together to build single logical StackWise-480 switch since Cisco IOS XE Release 3.3.0SE. Prior to Cisco IOS XE Release3.3.0SE, up to 4 Cisco Catalyst 3850 switches could be stacked together. -
Catalyst 3850 Cross-Stack EtherChannel
On 3850 configuration guide, I came across PAgP desirable mode is not supported in the switch stack (cross-stack EtherChannel).
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/layer2/configuration_guide/b_lay2_3se_3850_cg/b_lay2_3se_3850_cg_chapter_0101.html
But on Q&A document, it mentioned 3850 supports PAgP.
Q. What cross-stack EtherChannel link bundling protocols are supported?
A. The Cisco Catalyst 3850 supports Cisco Port Aggregation Protocol (PAgP) and industry-standard IEEE 802.3ad Link Aggregation Control Protocol (LACP). Other 3750 Series Switches support only LACP for cross-stack EtherChannel.
Seems like both statements are contradicting.
Can someone shed some light on this?
Thank you.Hi, adimakmur
Cisco Catalyst 3850 Cross-Stack EtherChannel can be PAgP+ and can be used for VSS dual active detection.
In last deployment of 3850 we use Cross-Stack EtherChannel and use it as trusted for VSS dual active detection.
c6500-V#sh switch virtual dual-active pagp
PAgP dual-active detection enabled: Yes
PAgP dual-active version: 1.1
----skiped----
Channel group 106 dual-active detect capability w/nbrs
Dual-Active trusted group: Yes
Dual-Active Partner Partner Partner
Port Detect Capable Name Port Version
Te1/7/7 Yes c3850-307 Te1/1/3 1.1
Te2/7/7 Yes c3850-307 Te2/1/3 1.1
---skiped----
c6500-V#sh etherchannel 106 protocol
Protocol: PAgP
c3850-307#sh etherchannel port-channel
Channel-group listing:
Group: 1
Port-channels in the group:
Port-channel: Po1
Age of the Port-channel = 235d:20h:50m:10s
Logical slot/port = 12/1 Number of ports = 2
GC = 0x00010001 HotStandBy port = null
Port state = Port-channel Ag-Inuse
Protocol = PAgP
Port security = Disabled
Ports in the Port-channel:
Index Load Port EC state No of bits
------+------+------+------------------+-----------
0 00 Te1/1/3 Desirable-Sl 0
0 00 Te2/1/3 Desirable-Sl 0
Time since last port bundled: 169d:04h:58m:49s Te1/1/3
Time since last port Un-bundled: 169d:05h:00m:47s Te1/1/3 -
Converged Access Design Help (Catalyst 3850 and WLC 5508...Mobility Oracle)
Hello,
I am an engineer working with a Cisco Gold Partner in Saudi Arabia. We have a large university as our client where they are constructing a new
building and require our services to build the network infrastructure. Therefore, we are to implement the routing and switching infrastructure as
well as the Wireless solution.
At present, I have no issues in implementing the R&S infrastructure as it is very straight forward but it has implications on the deployment of
the wireless solution which I explain further below. The R&S infrastructure comprises of the typical Core, Distribution, and Access layers and we
are focusing on the local distribution and access switches with regards to the new building. The client has a converged Layer 3 network spanning
from distribution layer to core layer and they are running EIGRP for this convergence. This is not a problem and has already been implemented.
Yet, the challenge arises in deploying the WLAN infrastructure. The client already has a Cisco WLAN infrastructure in place where they have a
large number of LAPs that are registered with their controllers in the Data Center. They have two WLC 5508 where one is the Primary and the other
the Secondary. The local distribution switch to which the WLC are connected also is the gateway for the SVIs for the SSIDs that are configured on
the controllers. This means that once the packets from the AP come in to the WLC, they are tagged with the correct VLAN and sent to the directly
connected distribution switch which then routes it into the rest of the Layer 3 network. Interestingly, the WLC 5508 are running AireOS 7.6 and
support the "New Mobility" feature. The two controllers have formed a Mobility Group (MG) between each other.
Now, the new building will have two Catalyst 3850 switches installed where each one has a total of 40 AP licenses pre-installed and activated
i.e. a total of 80 APs can be supported by the two switches. A total of 67 LAPs will be deployed in the new building which can be accommodated
between the two switches and their integrated controller.
Yet, based on my understanding and research about Converged Access is that, ideally, the Catalyst 3850 will only run the Mobility Agent (MA)
feature while a central controller would provide the Mobility Controller (MC) service. unfortunately, there are not enough licenses on the
existing WLC 5508 nor can we migrate the new licenses that will facilitate such a split deployment.
This means that I would need to configure the two Catalyst 3850 as independent MC and form a MG between them. I have done this and tested this
already and the mobility is working fine. But my concern is not about getting the Catalyst 3850 to work as this is simple but rather it is
focused on creating a common Mobility Domain (MD) so that clients can roam from this new building to the rest of the campus while maintaining the
state of their connections to the WLAN infrastructure.
To make things more complicated, since the new building will have its own Layer 3 distribution switch and the Catalyst 3850 switches will connect
to this distribution switch, it means that new VLANs and SVIs need to be created for the SSIDs broadcast in the new building. This means that new
subnets need to be assigned to the SSIDs.
As such, I have the following questions:
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means
that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG
as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to
the solution as per the next question. Please advise which is a better option?
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can
then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD).
Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Please advise at your earliest. To assist further, I have attached a topology diagram which may aid in explaining the situation with more
clarity. If these things are clarified, I will be better able to wrap my head around the technology and in turn service my clients better.
Regards,
AmirHi Amir,
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to the solution as per the next question. Please advise which is a better option?
I would configure them in the same mobility group. Also configure same SPG for those two 3850 stacks if users are frequently roaming within these two buildings.
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD). Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
MO is not required (it is only for very large scale deployments)
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Yes, documents are hard to find :(
These notes may be useful to you based on my experience. I am running IOS-XE 3.6.1 in my production.
http://mrncciew.com/2014/05/06/configuring-new-mobility/
http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
HTH
Rasika
*** Pls rate all useful responses **** -
Hosts no longer obtaining ip address on switch in 3850 stack
I have a six switch 3850 stack that has been in production for over a month now, and everything is running normal. Last week, hosts plugged into one of the switches stopped working, the hosts are not getting an IP address (this is access layer so PC's and phones). In addition, if I look at the MAC address table for a port, I am not seeing a MAC address.
All of them are running 03.03.03SE cat3k_caa-universalk9 .
I am thinking this is hardware related, only because on occasion I see the following messages in the logs:
Dec 17 12:21:18.052: %IOSXE-3-PLATFORM: MEMBER: 5 process fed: : -Traceback=1#88b11e4e26f5ac75f4f2f18f023e5220 :550E7000+3B9240 ngwcutils:2AF2C000+BE94 ngwcutils:2AF2C000+DA9C pthread:2E3C2000+5DC8
Also, I have a phone in a port on this switch for troubleshooting. When I removed the service-policy from the port to rebuild the port configuration, I received this message:
%FED_QOS_ERRMSG-3-QUEUE_BUFFER_HW_ERROR: MEMBER: 5 fed: Failed to allocate buffers for Gi5/0/1: code 18.It could also be a software issue (bug). Open a ticket with TAC and send them the logs so they can help you resolve the issue.
HTH -
I am seeing strange behavior from a 3850 stack running EIGRP to a couple of 4507's. Let me start out by saying that over the past couple of weeks, we have replaced 5 stacks using the same configuration template, code version, etc. with no issues. Before we execute the change to install these switches, we always run failover testing to prove routing. Last night, on the 6th switch stack, failover testing did not succeed. Maybe you can help me figure out why.
Here is what happened. I have a loopback configured on the stack. We connect the stack to each of the 4507's at the distribution layer and bring up an eigrp adjacency. I start a continuous ping from another site to the loopback. Then we pull the first link and the ping continues successfully. Plug it back in, bring up the adjacency. Then we pull the second uplink and the ping begins failing (TTL Lost in transit). The route at the source of the ping was lost so it was using the default route which led to nowhere. When I check the route against the table on the 4507's the subnet is not in the table but the adjacency is up.
I have attached a topology drawing of the relevant devices (as I see it). Again, we never experienced this issue with the 5 previous stacks which are all connected to the 4507's the same way.Joshua
So you have equal cost paths on the 4507 to the loopback. You pull the first link and the ping continues because it still has one route. You reconnect the link and an adjacency is formed but no routes are passed from the 3850 to the 4500 and then when you pull the second link the only remaining routes is lost on the 4507 ?
When you plug the first link back in -
1) what do you see in the EIGRP topology tables on the 4507
2) You may need to run debugging on EIGRP to see what is happening from the 4500 and 3850 end
Jon -
Hi,
Is it possible to upgrade the IOS on a cisco 3850 stack in a non disruptive way?
Reloading 1 switch at a time?
Or do you need to reload the entire stack at once, like a 3750 stack?"And repeat the same command for the second switch"
You actually dont have to do this. First verify that you are in "INSTALL" mode by issuing a "show version." Once you have this file in your local flash, just run the following:
Switch#software install file flash:cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin switch 1-2
**This will expand the .bin file onto your switch and ask you to reload. After reload, you will be on new version
+++++++++++++++++++++++++++
Here is a snippet from my lab – I ran through a quick upgrade from 3.2.0 to 3.2.2
+++++++++++++++++++++++++++
F340.04.23-3850-8#show ver
OS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.00SE <-------- Version currently running
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Wed 09-Jan-13 21:50 by prod_rel_team
ROM: IOS-XE ROMMON
BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
F340.04.23-3850-8 uptime is 1 minute
Uptime for this control processor is 4 minutes
System returned to ROM by reload
System image file is "flash:packages.conf"
Last reload reason: Reload command
License Level: Ipservices
License Type: Permanent
Next reload license Level: Ipservices
cisco WS-C3850-48P (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FOC1705V0T8
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
1609272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of at webui:.
Base Ethernet MAC Address : 24:01:c7:23:20:00
Motherboard Assembly Number : 73-12241-08
Motherboard Serial Number : XXXXXXXX
Model Revision Number : A0
Motherboard Revision Number : C0
Model Number : WS-C3850-48P
System Serial Number : XXXXXXXX
Switch Ports Model SW Version SW Image Mode
1 56 WS-C3850-48P 03.02.00SE cat3k_caa-universalk9 INSTALL <--- Mode
F340.04.23-3850-8#show flash
-#- --length-- ---------date/time--------- path
2 74410468 Feb 23 2013 21:42:02 +00:00 cat3k_caa-base.SPA.03.02.00SE.pkg
3 2773680 Feb 23 2013 21:42:02 +00:00 cat3k_caa-drivers.SPA.03.02.00.SE.pkg
4 32478044 Feb 23 2013 21:42:02 +00:00 cat3k_caa-infra.SPA.03.02.00SE.pkg
5 30393116 Feb 23 2013 21:42:02 +00:00 cat3k_caa-iosd-universalk9.SPA.150-1.EX.pkg
6 18313952 Feb 23 2013 21:42:02 +00:00 cat3k_caa-platform.SPA.03.02.00.SE.pkg
7 63402700 Feb 23 2013 21:42:02 +00:00 cat3k_caa-wcm.SPA.10.0.100.0.pkg
8 1218 Feb 23 2013 21:42:12 +00:00 packages.conf
9 2097152 Aug 28 2013 17:39:17 +00:00 nvram_config
10 616 Jul 30 2013 05:32:53 +00:00 vlan.dat
11 223734376 Aug 24 2013 08:30:12 +00:00 cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin <--- IOS downloaded from cisco.com
1089032192 bytes available (450543616 bytes used)
F340.04.23-3850-8#software install file flash:cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin switch 1-2 <---add as many switches as you have in the stack here
Preparing install operation ...
[1]: Starting install operation
[1]: Expanding bundle flash:cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
[1]: Copying package files
[1]: Package files copied
[1]: Finished expanding bundle flash:cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
[1]: Verifying and copying expanded package files to flash:
[1]: Verified and copied expanded package files to flash:
[1]: Starting compatibility checks
[1]: Finished compatibility checks
[1]: Starting application pre-installation processing
[1]: Finished application pre-installation processing
[1]: Old files list:
Removed cat3k_caa-base.SPA.03.02.00SE.pkg
Removed cat3k_caa-drivers.SPA.03.02.00.SE.pkg
Removed cat3k_caa-infra.SPA.03.02.00SE.pkg
Removed cat3k_caa-iosd-universalk9.SPA.150-1.EX.pkg
Removed cat3k_caa-platform.SPA.03.02.00.SE.pkg
Removed cat3k_caa-wcm.SPA.10.0.100.0.pkg
[1]: New files list:
Added cat3k_caa-base.SPA.03.02.02.SE.pkg
Added cat3k_caa-drivers.SPA.03.02.02.SE.pkg
Added cat3k_caa-infra.SPA.03.02.02.SE.pkg
Added cat3k_caa-iosd-universalk9.SPA.150-1.EX2.pkg
Added cat3k_caa-platform.SPA.03.02.02.SE.pkg
Added cat3k_caa-wcm.SPA.10.0.111.0.pkg
[1]: Creating pending provisioning file
[1]: Finished installing software. New software will load on reboot.
[1]: Committing provisioning file
[1]: Do you want to proceed with reload? [yes/no]: yes
[1]: Reloading
///////////// Reload
F340.04.23-3850-8#show ver
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.02.SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 14-Jun-13 19:24 by prod_rel_team
ROM: IOS-XE ROMMON
BOOTLDR: C3850 Boot Loader (C3850-HBOOT-M) Version 1.1, RELEASE SOFTWARE (P)
F340.04.23-3850-8 uptime is 1 minute
Uptime for this control processor is 7 minutes
System returned to ROM by reload
System image file is "flash:packages.conf"
Last reload reason: Reload command
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Ipservices
License Type: Permanent
Next reload license Level: Ipservices
cisco WS-C3850-48P (MIPS) processor with 4194304K bytes of physical memory.
Processor board ID FOC1705V0T8
1 Virtual Ethernet interface
52 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
2048K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
250456K bytes of Crash Files at crashinfo:.
1609272K bytes of Flash at flash:.
0K bytes of Dummy USB Flash at usbflash0:.
0K bytes of at webui:.
Base Ethernet MAC Address : 24:01:c7:23:20:00
Motherboard Assembly Number : 73-12241-08
Motherboard Serial Number : XXXXXXXXXX
Model Revision Number : A0
Motherboard Revision Number : C0
Model Number : WS-C3850-48P
System Serial Number : XXXXXXXXX
--More-- Switch Ports Model SW Version SW Image Mode
1 56 WS-C3850-48P 03.02.02.SE cat3k_caa-universalk9 INSTALL
+++++++++++++++++++++++++
Updating Cisco IOS XE Software
When the switch is in install mode, you can install any new Cisco IOS XE Software bundle by using the software Installcommand.
Note: This command works only when the Cisco Catalyst 3850 Switch is booted in install mode.
Reference:
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/deployment_guide_c07-727067.html#wp9000183 -
Catalyst series - Private VLAN over trunk
Hey every body
I was planning to implement a Cisco Nexus 5596 in a data center as it supports private VLAN over trunk.
But now, I av been forced to use a Cisco Catalyst series instead of the Nexus one.
Based on the feature that is very important for my manager (private VLAN over trunk), which Catalyst switch can be replaced with the Nexus 5596? In other words, what Catalyst series switch works at the same scale and efficiency of Nexus 5596 and supports private VLAN over trunk feature?
Cheers4500x Yes
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
Nexus 5k Yes
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
3850s
They dont support pvs at all yet
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
Restrictions for VLANs
The following are restrictions for VLANs:
The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
Private VLANs are not supported on the switch.
You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches. -
Problem Cisco Catalyst 3850 input errors
Ive installed two stacked Catalyst 3850s. Connected to these two switches I have a SAN 6210 Equallogic Dell ESX .
The interfaces on the switches is bundels with Port-channel. MTU size 9198. On swich one its no problem but on switch two I see input errors on these interface.
If I move the cables from switch two to one then its ok...
I have two 10G going to the SAN. And 4 ESX server with 2 ISCSI each.
interface Port-channel21
description ESX1 ISCSI SAN
switchport access vlan 21
switchport mode access
flowcontrol receive desired
spanning-tree portfast
spanning-tree bpduguard enable
Port-channel21 is up, line protocol is up (connected)
Hardware is EtherChannel, address is
Description: ESX1 ISCSI SAN
MTU 9198 bytes, BW 2000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 17/255, rxload 16/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, link type is auto, media type is
input flow-control is off, output flow-control is unsupported
Members in this channel: Gi1/0/25 Gi1/0/34
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:07:12, output never, output hang never
Last clearing of "show interface" counters 1d21h
Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 128760000 bits/sec, 8233 packets/sec
5 minute output rate 137021000 bits/sec, 7343 packets/sec
520088013 packets input, 1454135312 bytes, 0 no buffer
Received 1088 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
1534 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
564793180 packets output, 978716517 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped outHi and Sorry Just copied and past the part that I thought was the problem. It seems that MTU size on switch two in the stack still has MTU 1500......
So here is the lot....
This interface is OK
sh controllers ethernet-controller g1/0/25
Transmit GigabitEthernet1/0/25 Receive
2373084674113 Total bytes 2700589618458 Total bytes
1259517537 Unicast frames 1355829627 Unicast frames
2373055994149 Unicast bytes 2700589410330 Unicast bytes
314726 Multicast frames 0 Multicast frames
25604588 Multicast bytes 0 Multicast bytes
44657 Broadcast frames 3252 Broadcast frames
3075376 Broadcast bytes 208128 Broadcast bytes
0 System FCS error frames 0 IpgViolation frames
0 MacUnderrun frames 0 MacOverrun frames
0 Pause frames 0 Pause frames
0 Cos 0 Pause frames 0 Cos 0 Pause frames
0 Cos 1 Pause frames 0 Cos 1 Pause frames
0 Cos 2 Pause frames 0 Cos 2 Pause frames
0 Cos 3 Pause frames 0 Cos 3 Pause frames
0 Cos 4 Pause frames 0 Cos 4 Pause frames
0 Cos 5 Pause frames 0 Cos 5 Pause frames
0 Cos 6 Pause frames 0 Cos 6 Pause frames
0 Cos 7 Pause frames 0 Cos 7 Pause frames
0 Oam frames 0 OamProcessed frames
0 Oam frames 0 OamDropped frames
423237 Minimum size frames 78563 Minimum size frames
593742624 65 to 127 byte frames 338414660 65 to 127 byte frames
1416083 128 to 255 byte frames 4836098 128 to 255 byte frames
558097 256 to 511 byte frames 1505992 256 to 511 byte frames
5464138 512 to 1023 byte frames 6457219 512 to 1023 byte frames
472854085 1024 to 1518 byte frames 834470341 1024 to 1518 byte frames
80781 1519 to 2047 byte frames 257961 1519 to 2047 byte frames
2891352 2048 to 4095 byte frames 13701476 2048 to 4095 byte frames
14353508 4096 to 8191 byte frames 8698824 4096 to 8191 byte frames
168093015 8192 to 16383 byte frames 147411745 8192 to 16383 byte frames
0 16384 to 32767 byte frame 0 16384 to 32767 byte frame
0 > 32768 byte frames 0 > 32768 byte frames
0 Late collision frames 0 SymbolErr frames
0 Excess Defer frames 0 Collision fragments
0 Good (1 coll) frames 0 ValidUnderSize frames
0 Good (>1 coll) frames 0 InvalidOverSize frames
0 Deferred frames 0 ValidOverSize frames
0 Gold frames dropped 0 FcsErr frames
0 Gold frames truncated
0 Gold frames successful
0 1 collision frames
0 2 collision frames
0 3 collision frames
0 4 collision frames
0 5 collision frames
0 6 collision frames
0 7 collision frames
0 8 collision frames
0 9 collision frames
0 10 collision frames
0 11 collision frames
0 12 collision frames
0 13 collision frames
0 14 collision frames
0 15 collision frames
0 Excess collision frames
LAST UPDATE 4870 msecs AGO
This interface have problem. It is in portchannel with g1/0/25. Ive got more interfaces and port-channels showing the same behavior for switch two in my cluster.
sh controllers ethernet-controller g2/0/25
Transmit GigabitEthernet2/0/25 Receive
925460044357 Total bytes 201085804055 Total bytes
702370104 Unicast frames 184041790 Unicast frames
925449913241 Unicast bytes 201085599895 Unicast bytes
118823 Multicast frames 0 Multicast frames
9171804 Multicast bytes 0 Multicast bytes
14251 Broadcast frames 3190 Broadcast frames
959312 Broadcast bytes 204160 Broadcast bytes
0 System FCS error frames 0 IpgViolation frames
0 MacUnderrun frames 0 MacOverrun frames
0 Pause frames 0 Pause frames
0 Cos 0 Pause frames 0 Cos 0 Pause frames
0 Cos 1 Pause frames 0 Cos 1 Pause frames
0 Cos 2 Pause frames 0 Cos 2 Pause frames
0 Cos 3 Pause frames 0 Cos 3 Pause frames
0 Cos 4 Pause frames 0 Cos 4 Pause frames
0 Cos 5 Pause frames 0 Cos 5 Pause frames
0 Cos 6 Pause frames 0 Cos 6 Pause frames
0 Cos 7 Pause frames 0 Cos 7 Pause frames
0 Oam frames 0 OamProcessed frames
0 Oam frames 0 OamDropped frames
155980 Minimum size frames 3226 Minimum size frames
92357460 65 to 127 byte frames 52503630 65 to 127 byte frames
542363 128 to 255 byte frames 660137 128 to 255 byte frames
1843346 256 to 511 byte frames 500600 256 to 511 byte frames
6158096 512 to 1023 byte frames 1116353 512 to 1023 byte frames
601445933 1024 to 1518 byte frames 129261034 1024 to 1518 byte frames
0 1519 to 2047 byte frames 319527 1519 to 2047 byte frames
0 2048 to 4095 byte frames 0 2048 to 4095 byte frames
0 4096 to 8191 byte frames 0 4096 to 8191 byte frames
0 8192 to 16383 byte frames 0 8192 to 16383 byte frames
0 16384 to 32767 byte frame 0 16384 to 32767 byte frame
0 > 32768 byte frames 0 > 32768 byte frames
0 Late collision frames 0 SymbolErr frames
0 Excess Defer frames 0 Collision fragments
0 Good (1 coll) frames 0 ValidUnderSize frames
0 Good (>1 coll) frames 319524 InvalidOverSize frames
0 Deferred frames 3 ValidOverSize frames
0 Gold frames dropped 0 FcsErr frames
0 Gold frames truncated
0 Gold frames successful
0 1 collision frames
0 2 collision frames
0 3 collision frames
0 4 collision frames
0 5 collision frames
0 6 collision frames
0 7 collision frames
0 8 collision frames
0 9 collision frames
0 10 collision frames
0 11 collision frames
0 12 collision frames
0 13 collision frames
0 14 collision frames
0 15 collision frames
0 Excess collision frames -
Hi,
I would like to know if the Catalyst 6500 (Sup720-3b) supports the fonctionnality Stacked VLANs (802.1Q-in-Q)
And if Yes, in witch IOS version.
Thanks for your helpYes it does. As early as 12.1 supports this feature.
Hope this helps. Please rate helpful posts. -
About Catalyst 3850 Wireless Multicast
Hello
i'm testing for catalyst 3850 wireless multicast, and i've tried several configurations but it's always fault. I took a pc with the wired as the multicast video source, and another pc as the receiver with wireless, the two pc in the same vlan, for example, vlan 10. the followed is the detail configuration about 3850.
<omitted>
ip routing
ip multicast-routing
ip multicast auto-enable
ip igmp snooping querier
interface Vlan6 ------The Access Point Vlan and it's the same vlan as wireless management vlan
description TO-Wireless_AP
ip address 192.168.6.254 255.255.255.0
ip pim sparse-dense-mode
interface Vlan10 ----The video source vlan and the wireless receiver client vlan.
description TO-EXSi
ip address 192.168.10.254 255.255.255.0
ip pim sparse-dense-mode
wireless mobility controller
wireless management interface Vlan6
wireless multicast
wlan VideoStream 3 VideoStream
client vlan 10
no security wpa
no security wpa akm dot1x
no security wpa wpa2
no security wpa wpa2 ciphers aes
no shutdown
ap capwap multicast 239.100.1.1
<omitted>
The video multicast group address is 239.100.1.1, here are some show command results.
show ip mroute
(*, 239.100.1.1), 00:01:13/stopped, RP 10.1.1.1, flags: SPF
Incoming interface: GigabitEthernet1/0/1, RPF nbr 10.0.0.2
Outgoing interface list: Null
(192.168.10.6, 239.100.1.1), 00:01:13/00:01:46, flags: PFT
Incoming interface: Vlan10, RPF nbr 0.0.0.0
Outgoing interface list: Null
(*, 239.255.255.250), 01:21:59/00:02:05, RP 10.1.1.1, flags: SJC
Incoming interface: GigabitEthernet1/0/1, RPF nbr 10.0.0.2
Outgoing interface list:
Vlan5, Forward/Sparse-Dense, 01:21:59/00:02:05
(*, 224.0.1.40), 01:21:59/00:02:02, RP 10.1.1.1, flags: SJCL
Incoming interface: GigabitEthernet1/0/1, RPF nbr 10.0.0.2
Outgoing interface list:
Vlan5, Forward/Sparse-Dense, 01:21:59/00:02:02
show ip igmp snooping wireless mgid
Total number of L2-MGIDs = 3
Total number of MCAST MGIDs = 0
Wireless multicast is Enabled in the system
Vlan bcast nonip-mcast mcast mDNS-br mgid Stdby Flags
1 Disabled Disabled Enabled Enabled Disabled 0:0:1:0
5 Disabled Disabled Enabled Enabled Disabled 0:0:1:0
6 Disabled Disabled Enabled Enabled Disabled 0:0:1:0
7 Disabled Disabled Enabled Enabled Enabled 0:0:1:0
8 Disabled Disabled Enabled Enabled Enabled 0:0:1:0
9 Disabled Disabled Enabled Enabled Disabled 0:0:1:0
10 Disabled Disabled Enabled Enabled Enabled 0:0:1:0
1002 Enabled Enabled Enabled Enabled Disabled 0:0:1:0
1003 Enabled Enabled Enabled Enabled Disabled 0:0:1:0
1004 Enabled Enabled Enabled Enabled Disabled 0:0:1:0
1005 Enabled Enabled Enabled Enabled Disabled 0:0:1:0
Index MGID (S, G, V)
The C3850 software version is Version 03.03.03SE RELEASE SOFTWARE (fc2), and i've tried the Version 03.02.02SE, it's the same result. if the multicast not worked, i can't do the Videostream function demo next step.if video multicast group is 239.100.1.1, then same group cannot be configured for AP mcast -mcast mode communication.
Try this:
config t
no ap capwap multicast 239.100.1.1
ap capwap multicast 239.10.10.10
regards,
sudha
Maybe you are looking for
-
Ipod Nano won't connect to windows vista
Help Help Help ive had an ipod nano 3rd gen for xmas and my hewlett packard pc with windows vista operating system wont recognise the ipod thus meaning im sat here wiv a shiny new ipod with absolutely nothing on it SOB SOB please someone help meeeee
-
Weblogic server 9.2 How to clear up JMS file store messages
Hi, We are facong one issue in our weblogic production environment. The JMS file store size has become 7.2 G and its eatimg up almost all the server space. I have cheked through the jms module queues/ topics to see that if any messages are pending an
-
I have an i pod classic, 6+ yrs old, with the recent apple upgrade to i tunes I can no longer get my podcasts to sync to my ipod, the playlists do not show on the ipod and neither do the podcasts ... I've created new playlists, and they do not synch
-
After 10.4.7 update iPod won't mount
I updated to 10.4.7 and now my nano won't mount. I reinstalled iTunes, but still no joy. any suggestions?
-
Query to display info depending on certain criteria
Hi, I have a CFC with the following query in cfcomponent. <cfcomponent> <cffunction name="getMarket" access="remote" returntype="query"> <cfquery name="qmarket" datasource="test" > select DISTINCT tbl_orders.market as marketname from tbl_orders where