Cisco 3548 xl and ports broken
Hello could you please help me.
we have several ports broken in cat 3548 xl ( fast 35,37,38,39) when we are trying to connect new workstations to them, ports do not work.
there is over 80 procent packet loss.
all other ports work ok.
Do you konw if there is a known problem in cat 3548xl's. ( could not find anything in bug toolkit)
our version is flash:c3500XL-c3h2s-mz-120-5.3.WC.1.bin
Model number: WS-C3548-XL-EN
System serial number: FAB0534M322
i thank you in advance,
best regards,
Susanna
Hello all and thank you for the replies !
i can now open the referred cisco-page. I will check the page
Here are anwers to all questions. we will boot the switch as soon as possible and see what happens.
do you know a good debug command what to use to see if port is acting wrong ?
i know it is not a duplex problem, since we have had a lot of duplex problems ( and this is a different case). All the other ports seem to work fine ( except for 35,37,38, 38)
laptop had only 10/100 nic and it works fine with another 3548 ( next to the 'faulty switch).
both the printer and laptop had same kind of problem.
Here are the tests
1) first the switch port and printer had auto config ( auto speed/auto duplex) in ports/ nic.
--> only 20 % of pings succeeded.
sometimes ping succeeded 10 times and then there was 30 fialed ping-packets.
2) then printers configuration was changed to 100/FD. the link started to work ( ping succeeded 100%) the switch had still auto speed and duplex, and therefore switch had only 100/HD.
when i changed switch port to 100/full, printer lost its network connection and did not answer at all to pings.
3 ) when i changed the switch port back to auto ( autospeed/auto duplex) the printer did not start to work again.
when swicth and laptop/printer were configure to auto, switch saw the port as 100/FD, negotiation was ok. as soon as data was going to the port, connection stopped working.
here is the show int . it is down, since we cant use the port at the moment. but as you can see there are no errors
BTW the printer and laptop work fine in the same switch in port 41.
best regards TIA ! Susanna
FastEthernet0/38 is down, line protocol is down
Hardware is Fast Ethernet, address is 0007.5070.5d26 (bia 0007.5070.5d26
MTU 1500 bytes, BW 0 Kbit, DLY 0 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex , Auto Speed , 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 2d17h, output hang never
Last clearing of "show interface" counters 2d21h
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
12126 packets input, 2217643 bytes
Received 918 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 101 multicast
0 input packets with dribble condition detected
32145 packets output, 3533981 bytes, 0 underruns
0 output errors, 0 collisions, 50 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Similar Messages
-
I want to be able to upgrade my Firefox installations that are located behind a Cisco PIX Firewall. What are the TCP/IP addresses and ports required to be opened for updating to occur?
This is less likely to be a firefox problem, as it appears something bad has happened to your network. Can you access the internet with other programs? Try email/ IRC/ Skype or even updating your computer.
What operating system are you using?
Ian. -
We have OpenVMS running on a Streams Environment OSI protocol connecting to a Cisco 3548 switch with fiber GBIC trunk ports. The ports display link lights, but network connection to a Windows NT 4.0 Server (Service Pack 6) with Allied Telesyn NICs (half-duplex) fails with LAN Connection Errors reported on DHCP Client Computers. However, when the Switch is bypassed, and directly connected to the Server, problem disappears. Do I have a duplex mismatch problem or IOS release issue?
You have to check to see how the switchports are configured , by default the speed is auto/auto , if the ports are hardcoded to a specific speed and duplex then you probably have a speed/duplex mismatch. Match both ends of the links , if nics are auto then the switchport should be auto . If the nics are hard set to a speed/duplex then you have to set the switchport the same.
-
Hi Guys,
Iam seeing above issue on two of my switches connected to core switch ....i know there are quite of few discussion open on same issue but mine is diff....
i see same issue on two switches connected via core swicth on same vlan ( 112)....when i do mac address lookup it says the mac thats generating this error is invalid so cant track the source of this mac....also just saw on topoogy change notification on core traced it back to originating switch which is also generating this error but dnt see any change on the switch that is generated topology change notification....prob is vlan 112 all interface on both switches conected via core are generating this message so five interfaces each .....any expert advise on how to approach it as i cant get to source port generating this as nearly five ports in vlan 112 on bloth switches generating this error. thanks
Apr 15 15:56:08: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 15:56:50: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 15:56:51: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 15:58:29: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 15:59:27: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa2/0/46
Apr 15 15:59:45: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 16:00:14: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa3/0/46
Apr 15 16:00:36: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 16:02:40: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 16:03:22: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 16:03:31: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa2/0/46
Apr 15 16:04:03: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa3/0/46 and port Gi3/0/1
Apr 15 16:04:34: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 16:04:41: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa2/0/46
Apr 15 16:05:05: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Fa2/0/46 and port Gi3/0/1
Apr 15 16:05:13: %SW_MATM-4-MACFLAP_NOTIF: Host 00ff.ffff.ffff in vlan 112 is flapping between port Gi3/0/1 and port Fa3/0/46
sh spanning-tree vlan 112
VLAN0112
Spanning tree enabled protocol rstp
Root ID Priority 8192
Address 001e.13c1.5a70
Cost 3004
Port 109 (GigabitEthernet3/0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 49264 (priority 49152 sys-id-ext 112)
Address 001f.261c.1d80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
UplinkFast enabled but inactive in rapid-pvst mode
Interface Role Sts Cost Prio.Nbr Type
Fa2/0/46 Desg FWD 3019 128.104 P2p
Fa1/0/46 Desg FWD 3019 128.50 P2p
Gi3/0/1 Root FWD 3004 128.109 P2p
Fa3/0/46 Desg FWD 3019 128.158 P2p
Fa3/0/47 Desg FWD 3100 128.159 P2p
Fa3/0/48 Desg FWD 3019 128.160 P2pASAK Mohammed,
There are lots of thread discussing about this, you should do a search before creating a new post.
Anyway, this is how you approach these types of flapping:
1. Is the the given MAC flapping in the log flapping only 1 time or you see it multiple times over a reasonobly short time?
If you see it only once or once every 2-3 hours this might be not an issue worth being investigated. Sporadic one time flapping are expected in L2 broadcast domain.
If you see it often continue to step 2.
2. Identify and locate the flapping mac in vlan 125: 3270.990a.a504
Is the mac of a dual-homes server using some kind of load balancing algorithm (active/active) for which the same address is used from both NICs?
If yes, the message is not and issue but just an indication. Fix this type of LB (make it active/standby or make sure the server uses 2 different mac addresses, one per NIC) or if it is not possible leave it like this.
3. Is the MAC a the wireless NIC of a PC?
Make sure that the user was not moving from one AP to another (flapping is normal in this case)
4.
See if you have increasing TCN's and check if they are coming from the same interface.
From this point on you keep on troubleshooting STP until you find the offending link (likely going up and down) or the switch. You also need to check if STP in vlan112 is coherent with the actual L2 topology you have.
=====================================================
2- Some more details information which might be helpfull to you.
http://www.cisco.com/en/US/products/hw/switches/ps663/products_tech_note09186a
00801434de.shtml#subtopic1k
Problem
The switch generates %SYS-3-P2_ERROR: Host xx:xx:xx:xx:xx:xx is flapping
between ports? messages, where xx:xx:xx:xx:xx:xx is a MAC address.
Description
This example shows the console output that you see when this error occurs:
%SYS-4-P2_WARN: 1/Host 00:50:0f:20:08:00 is flapping between port 1/2 and port
4/39
Use the steps and guidelines in this section in order to understand and
troubleshoot the cause of this error message.
The message indicates that your Catalyst 4500/4000 switch has learned a MAC
address that already exists in the content-addressable memory (CAM) table, on
a port other than the original one. This behavior repeatedly occurs over short
periods of time, which means that there is address flapping between ports..
If the message appears for multiple MAC addresses, the behavior is not normal.
This behavior indicates a possible network problem because the MAC addresses
move quickly from one port to another port before the default aging time. The
problem can be looping traffic on the network. Typical symptoms include:
· High CPU utilization
· Slow traffic throughout the network
· High backplane utilization on the switch
For information on how to identify and troubleshoot issues with spanning tree,
refer to Spanning Tree Protocol Problems and Related Design Considerations
<http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800
951ac.shtml> .
If the error message appears for one or two MAC addresses, locate these MAC
addresses in order to determine the cause. Issue the show cam mac_addr command
in order to identify from where these MAC addresses have been learned. In this
command, mac_addr is the MAC address that the error reports as flapping.
After you determine between which ports this MAC address is flapping, track
down the MAC address. Connect to the intermediate devices between your
Catalyst 4500/4000 and the device that has the problem MAC address. Do this
until you are able to identify the source and how this device connects to the
network.
Note: Because the MAC address is flapping between two ports, track down both
of the paths.
This example shows how to track both of the paths from which this MAC address
has been learned:
Note: Assume that you have received this message and you have begun to
investigate it.
%SYS-4-P2_WARN: 1/Host 00:50:0f:20:08:00 is flapping between port 1/2 and port
4/39
In order to track down how this MAC address was learned from both ports,
complete these steps:
1. Consider port 1/2 first, and issue the show cam dynamic 1/2 command.
If you see the MAC address 00:50:0f:20:08:00 in the list of the MAC addresses
that have been learned on this port, determine if this is a single host that
is connected or if there are multiple hosts that are registered on that port.
2. On the basis of whether there is a single or multiple hosts,
investigate the device:
o If there is a single host (00:50:0f:20:08:00) that is connected, check the
other port that is registered and see if the host is dually attached to the
switch.
In this example, the other port is port 4/39.
o If the host has connections to other devices that can eventually lead back
to this switch, try to track down the intermediate devices.
With Cisco devices, issue the show cdp neighbors mod/port detail command. The
output provides information about intermediate devices.
Here is sample output:
Cat4K> (enable) show cdp neighbors 1/2 detail
Port (Our Port): 1/2
Device-ID: brigitte
Device Addresses:
IP Address: 172.16.1.1
Novell address: aa.0
Holdtime: 171 sec
Capabilities: ROUTER
Version:
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-JS-L), Version 12.0(7)T, RELEASE SOFTWARE (fc2)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Mon 06-DEC-99 17:10 by phanguye
Platform: cisco 2500
Port-ID (Port on Neighbors's Device): Ethernet0
VTP Management Domain: unknown
Native VLAN: unknown
Duplex: half
System Name: unknown
System Object ID: unknown
Management Addresses: unknown
Physical Location: unknown
Cat4K> (enable)
3. Establish a Telnet session with the device and follow the path of the
MAC address.
In this example, the IP address is 172.16.1.1.
Repeat the procedure for all MAC addresses that the error message reports as
flapping.
4. Create a simple diagram of the source device with that MAC address and
of the physical connections (the Catalyst 4500/4000 ports) from which and to
which this MAC address is flapping.
The diagram enables you to determine if this is a valid port and path for your
network layout.
If you verify that both ports on which the MAC address is flapping provide a
path toward that network node, there is a possibility that you have a
spanning-tree failure issue. Refer to Spanning Tree Protocol Problems and
Related Design Considerations
<http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800
951ac.shtml> in order to isolate and troubleshoot this loop.
In large networks in which multiple hosts from multiple vendors are
interconnected, difficulty arises as you try to track down the host with use
of just the MAC address. Use the search utility for the IEEE OUI and
Company_id Assignments <http://standards.ieee.org/regauth/oui/index.shtml> in
order to track down these MAC addresses. This list is the front end of the
database where IEEE has registered all MAC addresses that have been assigned
to all vendors. Enter the first three octets of the MAC address in the Search
for: field of this page in order to find the vendor that is associated with
this device. The first three octets in the example are 00:50:0f.
These are other issues that can cause this message to appear:
· Server NIC redundancy problem?There is a server with a dual-attached
NIC that misbehaves and does not follow the standards. The server uses the
same MAC address for both ports that connect to the same switch.
· Hot Standby Router Protocol (HSRP) flapping?Flapping HSRP can cause
these messages to appear in the Supervisor Engine console. If you notice that
HSRP implementation in your network is unstable, refer to Understanding and
Troubleshooting HSRP Problems in Catalyst Switch Networks
<http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a00800
94afd.shtml> in order to resolve the problem.
· EtherChannel misconfiguration?A misconfigured EtherChannel connection
can also cause these symptoms. If ports that the flapping message reports are
members of the same channel group, check your EtherChannel configuration and
refer to Understanding EtherChannel Load Balancing and Redundancy on Catalyst
Switches
<http://www.cisco.com/en/US/tech/tk389/tk213/technologies_tech_note09186a00800
94714.shtml> in order to troubleshoot the configuration.
· Host reflects packets back onto the network?The reflection of packets
back onto the network by a host can also cause flapping. Typically, the root
cause of this packet reflection is a broken NIC or any failure of the physical
interface of the host that is connected to the port.
If the reflection of packets by the host is your root cause, obtain a sniffer
trace and examine the traffic that goes to and from the ports on which the
messages have appeared. If a host reflects packets, you typically see
duplicate packets in the trace. The duplicate packets are a possible symptom
of this flapping of the MAC address.
Refer to Configuring SPAN and RSPAN
<http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/6.3and6.4/configura
tion/guide/span.html> for details on how to configure a port for use with a
sniffer.
· Software or hardware defect?If you have tried to troubleshoot the
flapping message with the instructions in this section but you still notice
the issue, seek further assistance from Cisco Technical Support
<http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html> . Be
sure to mention and provide documentation of the information that you have
collected while you followed the steps. This information makes further
troubleshooting quicker and more efficient.
HTH
REgards
Inayath
*Plz rate all usefull posts. -
Cisco SG300 - IGMP and multiple switches
Hi all,
I have read through various Cisco documents and tried various configurations and i have been unsuccessful
Here is the network layout
Cisco SG300-10 in Layer 3 mode, managing all VLANS created and inter-vlan traffic is working fine
Ports 1-4 are in LAG 1 with LACP enabled, Ports 5-8 are in LAG 2 again with LACP enabled, port 9 is connected to the ASA 5505 (Trunk port, all VLANS) and port 10, again a trunk port I use for management
LAG 1 and 2 are connected to Cisco SG300-52 switches
again traffic between the switches is working ok, what we would like to do is the following
on VLAN 7, we have multiple devices streaming using UDP multicast, what we would like to do is allow PC's on VLAN 5 to be able to pick up these streams as and when they need to, the devices broadcast on their own unique UDP ranges
Could someone please explain to me what I need to configure on the Layer 3 switch and the other two Layer 2 switches in order for this to work?
If i put a port into VLAN 7 and can view the stream without a problem, also if there is any fine tuning to be done once this is working
Thanks
AndyJason,
The only advantage you would get from using SFPs (fiber tranceivers) in the GBIC slots would be if you needed to make a run of over 100m between the switches. Unless you have a very large property with switches at either end you are just as well to use the copper ports in the setup you described. There is also nothing wrong with chaining the SG100s together if necessary to free up a port on the RV320. The only other thing to consider is if you are using VLANs. Each unmanaged SG100 will only pass a single VLAN so if you need segregated distribution coming from the RV320 you would need to put each SG100 on its own port. Or, you could run a trunk from a port on the RV320 to your SG200 and then split off your untagged VLANs from there. Hope this answers your question and have a nice day.
Regards,
Mike.V -
No Device Name and Port in UserTracking Report for Ipphones
Hello,
I'm having problems with Usertracking to IpPhones. The report provides information of usertracking IPPhone number, CCM Address, MAC, etc.. But the information in "Device Name" and "Port" (which would be connected) do not appear.
The CCM normally appear in Topology Services, and reports Usertracking EndHosts to operate normally, even in the same switches that the phones are connected.
ThanksWhat version of Campus Manager are you running ?
What version of the Call Manager do you have ?
What kind of IP Phone is this ?
Post screenshot of the problem re-run data collection and UT . Ensure that you don't have any filters in place and all subnets are included.
Do an snmpwalk from the CiscoWorks LMS server to the Cisco Call Manager and see if you can poll those values from the cli and let us know the results using the "ccmPhoneTable" ?
Get the ut.log and ani.log with neccesary debugs enabled for phones. -
Cisco pix 525 and 515 cannot archieve configuration in LMS 3.0.1
Hi,
we have several cisco pix 525 and 515 cannot archieve configuration in LMS 3.0.1
Any help would be greatly appriciated.
Thanks in advance
SamirHi,
Here is the output.
*** Device Details for ***
Protocol ==> Unknown / Not Applicable
Selected Protocols with order ==> TFTP,SSH,HTTPS
Execution Result:
RUNNING
CM0151 PRIMARY RUNNING Config fetch failed for ********* Cause: SSH: Failed to establish SSH connection to 10.192.18.10 - Cause: Authentication failed on device 3 times.
Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.
But when I do mangement station to Device it gives me following results:
Interface Found: 10.192.18.10
Status: UP
Test Results
UDP Failed
sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 64 protocol: udp port: 7
TCP Failed
sent: 0 recvd: 0 min: 0 max: 0 avg: 0 timeout: 0 size: 0 protocol: tcp port: 7
HTTP Failed
sent: 0 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 33 protocol: http port: 80
TFTP Failed
sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 size: 25 protocol: tftp port: 69
SNMPRv2c(Read) Okay
sent: 5 recvd: 5 min: 0 max: 0 avg: 0 timeout: 2 min_size: 1472 protocol: snmpv3_get port: 0
SNMPWv2c(Write) Failed
sent: 5 recvd: 0 min: 0 max: 0 avg: 0 timeout: 2 min_size: 1472 protocol: snmpv3_set port: 0
SSHv2 Failed
TELNET Okay
Waiting for your reply.
Samir -
Cisco 877W router and external ADSL modem
Cisco 877W router and external ADSL modem
In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname xxxxxxxxxxxxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 4096 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius sdm-vpn-server-group-2
aaa group server radius rad_eap
server 192.168.253.1 auth-port 1812 acct-port 1813
server 192.168.253.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_2 local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2834265337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834265337
revocation-check none
rsakeypair TP-self-signed-2834265337
crypto pki certificate chain TP-self-signed-2834265337
certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
dot11 syslog
dot11 ssid GuestAP
vlan 101
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 113B162712001F4A2D2B25
dot11 ssid LanAP
vlan 100
authentication open eap eap_methods
authentication network-eap eap_methods
authentication key-management wpa
mbssid guest-mode
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.252.1 192.168.252.8
ip dhcp excluded-address 192.168.252.15 192.168.252.254
ip dhcp pool sdm-pool1
import all
network 192.168.252.0 255.255.255.0
domain-name XXX.Local
dns-server xxx.xxx.xxx.xxx
default-router 192.168.252.254
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name XXX.Local
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip reflexive-list timeout 120
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username administrator privilege 15 secret 5 £££££££££££££££££££££
class-map type inspect match-any IN_to_OUT_CLASS
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any OUT_to_IN_CLASS
match protocol https
match protocol smtp extended
class-map type inspect match-any DMZ_to_IN_CLASS
match protocol http
match protocol https
match protocol smtp extended
policy-map type inspect DMZ_to_IN_POL
class type inspect DMZ_to_IN_CLASS
inspect
class class-default
drop log
policy-map type inspect IN_to_OUT_POL
class type inspect IN_to_OUT_CLASS
inspect
class class-default
drop log
policy-map type inspect OUT_to_IN_POL
class type inspect OUT_to_IN_CLASS
inspect
class class-default
drop log
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect OUT_to_IN_POL
zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_IN source DMZ destination INSIDE
service-policy type inspect DMZ_to_IN_POL
bridge irb
interface Loopback0
no ip address
interface Null0
no ip unreachables
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
description Outside Interface (PPPoE)
interface FastEthernet1
description Inside Interface
switchport access vlan 10
interface FastEthernet2
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
encryption vlan 100 mode ciphers aes-ccm tkip
encryption vlan 101 mode ciphers aes-ccm tkip
ssid GuestAP
ssid LanAP
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.100
description LanAP
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!interface Dot11Radio0.101
! description GuestAP
! encapsulation dot1Q 101
! no ip route-cache
! no cdp enable
! bridge-group 1
! bridge-group 1 subscriber-loop-control
! bridge-group 1 spanning-disabled
! bridge-group 1 block-unknown-source
! no bridge-group 1 source-learning
! no bridge-group 1 unicast-flooding
interface Vlan1
description $ES_LAN$
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 1
interface Vlan10
no ip address
ip virtual-reassembly
bridge-group 10
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security OUTSIDE
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXX
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
interface Dialer0
no ip address
interface BVI10
description Inside Interface
ip address 192.168.253.254 255.255.255.0
ip access-group 101 in
ip helper-address 192.168.253.1
ip nat inside
ip virtual-reassembly
zone-member security INSIDE
interface BVI1
description DMZ Interface
ip address 192.168.252.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security DMZ
ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
ip access-list extended DMZ_to_IN_POL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended Inside_Clients_NAT
remark SDM_ACL Category=2
permit ip 192.168.253.0 0.0.0.255 any
logging 192.168.253.10
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.253.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.253.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
access-list 101 deny tcp any host 192.168.253.254 eq telnet
access-list 101 deny tcp any host 192.168.253.254 eq 22
access-list 101 deny tcp any host 192.168.253.254 eq www
access-list 101 deny tcp any host 192.168.253.254 eq 443
access-list 101 deny tcp any host 192.168.253.254 eq cmd
access-list 101 deny udp any host 192.168.253.254 eq snmp
access-list 101 permit ip any any
access-list 199 permit ip any host 10.1.1.1
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner login C Border Router
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
length 0
transport input telnet ssh
scheduler max-task-time 5000
scheduler interval 500
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
sntp server xxx.xxx.xxx.xxx
endHi Jody,
Apologies delay in replying. I have done the following:
Made two of the FE ports vlan1,BVI1 (for LAN traffic)
Left one port as VLAN10 as the pppoe client conected to the externalmodem
Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
I have DHCP configured to serve the DMZ addresses.
This all works for LAN clients and also works for a client attachedto that physical DMZ port.
When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
I cannot add another VLAN due to the 2 vlan limit in this image.
Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
Think I am about to give upon this.
Regards, -
Is my right Ethernet Port Broken?
05Apr2014
I bought a new Mac Pro with all the features. There are two Ethernet ports on the bottom of the periferal ports.
I am able to connect with an Airport Extreme (Generation 3) wiht the left port. The connection does not work on the right ethernet port.
Is the right ethernet port broken? I only had the computer for a few weeks.
Also, I can not see the Airport Extreme (Gen 3, March 2009) when I use the Airport Utility. Is that model of Airport Extreme compatible wiht the new late 2013 Mac Pros?
I prior to getting the new Mac Pro, I had a 2007 Imac connected to a mac laptop. I had both computers connected to the Airport Extreme using ethernet cables.
Now I use the Imac connected wirelessly to the Airport Extreme and the same laptop plus the mac pro are connected using ethernet cable. However, I can connect the Imac and laptop like before, but I can not connect any computer wiht the Mac Pro.
I also installed McAfee Internet Security sotware which maybe causing my connection problems.
I configured the network years ago and forgot how to connect computers together.
Does the right side ethernet port need to be repaired? Is the Airport Uthility software compataible with new Mac Pro?
I'd appreciate any help wth these issues.
chhenden06Apr2014
RE: The two ethernet ports:
I only need one port. It is connected to an Airport Extreme (which has a laptop connected with an ethernet cable).
The port on the right is closer to the Airport Extreme, but it does not work. This is meerly a frustration that a port to a brand new machine (Mac Pro).
I get the internet. I have a cable modem connected via ethernet cable to the Airport Extreme. I have a Imac connected by WYFI and the laptop and Mac Pro conneced to two of the ethernet ports of the Airport Extreme.
My next goal is to network the three computers, which I used to be able to do. I have a Airport Dock, connected to a DVD player and two Tivo boxes. I lost the connctivity of the Airport Dock, so my Tivoes are not working right.
Yesterday was a frustrating day! I am certainly not a trained network manager. I don't know what I did to loose the connections and I compleltly forgotten how to get the connectivity back.
Thank you for your help! I want my brand new Mac Pro to work perfectly! I forgot how furstraiting it was years ago to confiigure computers.
Regards,
chhenden -
Cisco Prime Collaboration and SIP Codes
I am trying to position Cisco Prime Collaboration with a Cisco CUBE router and the client wants to know if Prime will be able to do the following:
1) Scan, index and alert on configurable SIP 4xx, 5xx, 6xx
2) Look at acive inbound/outbound callsHello Varda,
It seems as the 1040 sensors are not finding the TFTP server. The TFTP server list should not contain the ipaddress with values 32 or 92 in their octets,
1. The 1040 needs to learn of the TFTP by DHCP option 150.
2. Please make sure that it is set on your DHCP server.
3. To confirm that the 1040 sensor is receiving the TFTP IP open a web browser and type http:// and see if the TFTP address field is showing the IP.
4. If it is then you might also need to restart the TFTP service on the CUCM so that the 1040 can download the cnf and image files.
Attached is the userguide for 1040. Go through it and this should be able to resolve your issue.
This is a other method to check the sensor is fine
Fist step install download winagents tftp server ,
enter a Service Monitor Server Configuration / sensor1040 and in TFTP server enter ip address(winagents tftpserver) and go to SETUP
in setup put you ip address in PRIMARY SERVICE MONITOR and push OK you look the server write file in (TFTP server )
Next STEP
Go to MANAGEMENT and add new sensor you need mac address remember second port in sensor is span port you can make a sencond file in the tftp server
Next STEP
go to service monitor server and copy file *.img CSCOpx/
Next STEP
Search you dhcp server switch option 150 in put your ip address tftp server when sensor power off and power on the sensor search tftp server and search files to autoconfig and register to service monitor when test is ok
its time to upload change winagent tftp server to callmanager tftp server
Hope this helps
Thanks & Regards,
Venkitesh -
Problems with A/V chat, Cisco 2600 routers and more...
Don't really know where to start...
First some error messages:
2005-11-17 12:38:03 +0300: AA AA did not respond.
Tried to send UDP SIP-«invite» to the following IP-addresses and ports:
172.XX.X.X:1118
2005-11-17 13:33:37 +0300: AA AA svarte ikke.
Tried to send UDP SIP-«invite» to the following IP-addresses and ports:
172.XX.X.X:1308
2005-11-18 08:25:22 +0300: BB BB did not respond.
Tried to send UDP SIP-«invite» to the following IP-addresses and ports:
66.XXX.XXX.XXX:61437, 192.168.100.3:5060
I live in rural Tanzania and are trying to help out the local ISP to get AIM/iChat to work properly.
I've made a picture to illustrate the system, found at:
http://homepage.mac.com/nummelin/musoma/PhotoAlbum34.html
I can text chat without any problem.
Cases:
1.) I've had luck in calling up user CC CC within the local ISP using iChat but he failes to call me up. (Not sure if he was succesful in turning off his MAC's firewall.)
2.) The PC (AA AA) in Fig. 1 (found at the link above) have had some success in connecting to me with AV using the AIM client. He's getting the status that we're connected and he can see his picture but my picture is not showing at his end and I just get the message that he didn't respond.
3.) With BB BB I have had no luck with anything except with text messages and file transfers. (Which also seem to be working as it should with all clients.)
4.) Connecting with home (Europe) and the US haven't been a problem, but I've noticed somtimes that I can't invite but the other way around works.
Sumary: Using iChat/AIM A/V within my ISP's net is not working, A/V with users outside of my ISP is working.
Settings:
The Firewall setting of my router can be seen at fig. 2 (same link as earlier.)
All Firewalls have been turned off on all computers (except CC CC where I don't know the status.) when trying to connect with AV.
So, is the problem the cisco routers...?
If so, how to change/check the settings/open up the correct ports?
My ISP have pretty good knowledge of Linux and are of course working with the Cisco router but is not very experienced with it.
The ISP is using NAT, must admit I don't really get what that is.
Anyone experienced Cisco users around here?
Any tips/hints here will be much appritiated.
I'm just a geek who likes how's, why's and because's...
Kwa heri na asante sana!Used a little different setup today. You can see it here . (Fig.3)
I did some experimenting using Trillian and AIM on the PC with the following results:
iChat-Trillian
Mac-> Pc Video Chat yes
Pc->Mac Video Chat no
Mac->Pc Tlf. Yes
Pc->Mac Tlf. No
Mac-> Pc File transf. Yes
Pc->Mac File tranesf. Yes
Mac->Pc Direct connect yes
Pc->Mac Direct connect kind of...the picture never shows, just the path on the client it was sent from, like c:/desktop/mysecrets/microcraft.jpg
iChat-AIM
Mac-> Pc Video Chat An unknown error occurred
Pc->Mac Video Chat Yes {AOL} is shown
Mac->Pc Tlf. n/a
Pc->Mac Tlf. n/a
Mac-> Pc File transf. yes
Pc->Mac File transf. yes
Mac->Pc Direct connect yes
Pc->Mac Direct connect yes
Trillian is behaving in a similar way from my experiences with other macs. I'll have to try that too of course. What's strange here is how different the PC clients are working. I've also tried switching the IP's on the machines with the exact same results. Is the software the actual problem? I'll just have to get that other mac to find out...arghh, too tired right now Zzzzzzzzz.....
If the service to me is NATed? Yes
and the rest... Well the ISP is convinced that it is the Cisco routers, but having their mail server hacked they are (still) busy figuring that out... -
Errors with VI after down converting from 2009 to 8.x and porting from Windows to Linux
Hi All,
I'm pretty new to Labview so I've been trying to learn along the way. I've been tasked with porting a .VI that my supervisor developed on Windows to a Linux machine. The ultimate goal would be to build an executable that would be able to run on Linux based VMEs. The .VI was developed on Labview 2009 and the Linux machine has Labview 8.2. From what I understand I would need to downconvert the .VI in 2009 to be compatible with 8.2, then from there I would compile the .VI on 8.2 in Linux and create the executable.
After having downconverted the .VI I tried to run the .VI to see if the program still worked/if any parts were broken. Unfortunately, it seems like after having downconverted and porting to Linux the program is unable to communicate over TCP/IP with the module that the program was designed to work with. My supervisor ran the debugging application where it showed the progress of the data as it travelled along the block diagram and it seems to break at the TCP write blocks.
The error that I've recieved was Error 56 at TCP Read in WriteThenReadRegister.vi->E_LINAC_BPM_REV.1.0.vi
Possible reasons: labview: the network operation exceeded the user-specified or system time limit.
We've tested the connection outside of Labview and the Linux VME can definitely communicate with the module in xterm.
Can anyone point me in the right direction to start trouble shooting this?
When I performed the downconvert operation I recieved a bunch of warnings that stated:
C:\BPM_Labview_Files\My_LabVIEW\New folder\E_LINAC_BPM_Rev.1.0 Folder\E_LINAC_BPM_Rev.1.0.vi (E_LINAC_BPM_Rev.1.0.vi)
The object "Increment" does not support output configuration in the previous version.
The object "Divide" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
The object "Divide" does not support output configuration in the previous version.
The object "Divide" does not support output configuration in the previous version.
The object "Multiply" does not support output configuration in the previous version.
The object "Divide" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
The object "Divide" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
The object "Divide" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
The object "Divide" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
The object "Divide" does not support output configuration in the previous version.
The object "Boolean Array To Number" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
The object "Multiply" does not support output configuration in the previous version.
The object "Boolean Array To Number" does not support output configuration in the previous version.
The object "Boolean Array To Number" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
The object "Increment" does not support output configuration in the previous version.
C:\BPM_Labview_Files\My_LabVIEW\New folder\E_LINAC_BPM_Rev.1.0 Folder\PowerScan.vi (PowerScan.vi)
The object "Multiply" does not support output configuration in the previous version.
The object "Multiply" does not support output configuration in the previous version.
The object "Multiply" does not support output configuration in the previous version.
The object "Multiply" does not support output configuration in the previous version.
The object "Subtract" does not support output configuration in the previous version.
Thanks in advance,
Jason.I guess I should also post the .VIs in case someone could give some insight as to what's breaking.
Again, I need to downconvert this from 2009 to 8.2 to run on a linux machine.
In the mean time I'll be playing around with the "save as previous version" and the tool kit options.
Thanks again in advance.
Jason.
Attachments:
E_LINAC BPM 2009.zip 266 KB -
Cisco Sensor 1040 and Cisco Prime Collaboration Assurance 9.0
Hey Guys,
We have setup Cisco Prime CA and trying to hook a Sensor onto it. The sensor is searching for a few.cnf files over tftp. Where can i find these files ?
PS: if this is the wrong place please tell me where to post this.
Thanks
Varadarajan.RHello Varda,
It seems as the 1040 sensors are not finding the TFTP server. The TFTP server list should not contain the ipaddress with values 32 or 92 in their octets,
1. The 1040 needs to learn of the TFTP by DHCP option 150.
2. Please make sure that it is set on your DHCP server.
3. To confirm that the 1040 sensor is receiving the TFTP IP open a web browser and type http:// and see if the TFTP address field is showing the IP.
4. If it is then you might also need to restart the TFTP service on the CUCM so that the 1040 can download the cnf and image files.
Attached is the userguide for 1040. Go through it and this should be able to resolve your issue.
This is a other method to check the sensor is fine
Fist step install download winagents tftp server ,
enter a Service Monitor Server Configuration / sensor1040 and in TFTP server enter ip address(winagents tftpserver) and go to SETUP
in setup put you ip address in PRIMARY SERVICE MONITOR and push OK you look the server write file in (TFTP server )
Next STEP
Go to MANAGEMENT and add new sensor you need mac address remember second port in sensor is span port you can make a sencond file in the tftp server
Next STEP
go to service monitor server and copy file *.img CSCOpx/
Next STEP
Search you dhcp server switch option 150 in put your ip address tftp server when sensor power off and power on the sensor search tftp server and search files to autoconfig and register to service monitor when test is ok
its time to upload change winagent tftp server to callmanager tftp server
Hope this helps
Thanks & Regards,
Venkitesh -
Connection to partner HOST:PORT Broken
Hi Experts,
When I am working with screen painter If I open screen painter layout its not opening properly(Its opening in alpha numeric mode) and shows Connection to partner HOST:PORT broken. If I open in my colleagues system with my user id its working fine.How to resolve this problem.try restart your system and see. It could be temporary network bottleneck.
Regards,
Vincent -
Best way to connect 2 Cisco 3750 PoE 24-port Switches
Hello. I have 2 Cisco 3750 PoE 24-port switches in a small office environment. Right now I have a trunk configured off my ASA 5505 to switch 1, and then just an access port configured on a port (switch 1) and an access port configured on a port (switch 2) to connect them together. These switches also have 2 GB SFP ports but they are not being used in this configuration.
I was curious to know if anyone had any better recommend configurations for connecting these 2 switches together? I'm not sure if this particular model can be stacked?What are the exact model numbers (should be written on a sticker)?
You will know if they can be stacked as you will see the 2x stack ports on the back of each switch :)
If they can then that is probably the way to go unless you want to keep them as separate switches for some reason.
If you want them separate, I would connect them via a Trunk link at least so you can have the same Vlans on both.
Thanks
Maybe you are looking for
-
Loop plays in the loop browser but not on the track
Hi, I've been having this problem for a while and reinstalling the whole program doesn't help either. I am running Logic Pro 8.02 and when I click on the loop such as "RnB beat 01" in the loop browser, it plays fine but when I drag it into the track
-
Read a property in the set-property tag
How i can read a custom property defined in struts-config by adding <set-property property="customproperty" value="CustomValue"/> ?? I want to put some extra info about every action in the struts-config.xml and then read it from the action or actionM
-
How can i limit the user to enter only A to Z and space in JFormattedText
dear i want to use JFormatedTextField in two manners 1.Limit the no of charecters.means in a text field only 20 charecters r allowed. 2.and also check the enterd charecter must be a to z and space not other chareters r allowed. 3.same for numbers mea
-
Lost sound when convert Quicktime video to ipod video
Hi, when I use iTune to conveert a video file from quicktime (or others) to ipod/iphone video file I lost the sound! I'll appreciate any help! Thanks!
-
I need to display a month-by-month record of several indicators. The data is entered in daily, and I need to do basic things like average, sum, compare to target, etc. I've got a couple of views that simplify the data down to an organization, a date,