Cisco 3750v2 VS 3850

Similar Messages

• 3850 stackable with different License Levels?

  We will be decommissioning a 3750 that is uplinked to a 3850-48 port and will be connecting a 3850-24 port in full stack-wise and stack-power High availability mode………now it will have the same IOS but the License Level will be different….so my question is will the two switches become stackable with different License Levels?

  Based on the FAQ that is not supported:
  You find the FAQ on http://www.cisco.com/go/3850 -> FAQ
  Q. What are the license requirements for a Cisco Catalyst 3850 switch stack?
  A. In a Cisco Catalyst 3850 stack, all switches should be at the same image-based license (IP Services/IPBase/LAN Base) level. The active switch license level is considered as the reference, and the member switch licenses are compared against it. If there is a mismatch, the active switch with the syslog message “ license mismatch error” indicates that the stacking was unsuccessful.
  Q. How is a “ license mismatch error” fixed in a Cisco Catalyst 3850 stack?
  A. The license level of the mismatch stack member switch can be changed with the license right-to-use activate <license> all acceptEULA CLI command (entire stack should have the same wired license level) and reloaded from the active switch console. This will enable the member switch to join the stack successfully. The customer has to purchase a license before moving to a specific license level.

• MLS to MQC Conversion of srr-queueing bandwidth

  Hi,
  I am upgrading a Cisco 3750 to 3850 and running into issues with some MLS to MQC conversions. Would anyone know how I can convert these three command lines within an interface
  interface GigabitEthernetx/y/z
   srr-queue bandwidth share 1 70 25 5
   srr-queue bandwidth shape 3 0 0 0
   priority-queue out

  Hi,
  I am upgrading a Cisco 3750 to 3850 and running into issues with some MLS to MQC conversions. Would anyone know how I can convert these three command lines within an interface
  interface GigabitEthernetx/y/z
   srr-queue bandwidth share 1 70 25 5
   srr-queue bandwidth shape 3 0 0 0
   priority-queue out

• SFP+ to CX4

  Has anyone ever had to connect devices with SFP+ on one end and CX4 on the other? I am looking for suggestions of cables that are compatible with Cisco switches, the 3850 in particular. Any help would be appreciated, thanks.

  As long as both are SX tranceivers, yes.
  The tranceivers shouldn't be aware of what the other side is; it's akin to a HP made Copper port talking to a Cisco made Copper port over a piece of Cat 5.
  Where you run into issues are where you're trying to use the other vendor's tranciever in your gear.
  With fiber you need to make sure that you're matching like trancievers (SX/LX) on each side, as well as using appropriate fiber between (MM/SM), but this link will work fine.
  Right now you can't use any of the "Direct attach" CX1 cables between Cisco/HP, which is a pain- because those are so cheap. But the vendors are kind of in a staredown right now, so users are caught in the middle.

• VTP Pruning vs Allowing VLANs on Trunk ports

  We would like to know best approach to reduce VLAN traffic on our network. We are currently trunking all fiber ports 802.1q.
  We have about 73 VLANs across the network. We have done a lot of research and there seem to be a lot of theoretical answers but no one who uses it in practice.
  Here is our current configs for fiber ports between closets:
  Cisco WMH6509
  interface GigabitEthernet2/8
   description Fiber To STB Lab 3850
   switchport
   switchport trunk encapsulation dot1q
   switchport mode trunk
   no ip address
   no snmp trap link-status
  end
  Cisco STB Lab 3850
  interface GigabitEthernet1/1/1
   description Fiber To WMH6509
   switchport mode trunk
  end
  We are considering:
  VTP Pruning Enable
             or
   switchport
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 26,99,109,188
   switchport mode trunk
  Thanks,
  Tom

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of   the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  As I have some years (cough - decades) software development experience, I lean toward automation solutions, so, for example, I often prefer dynamic routing over static routing, and so likewise, I prefer VTP over manual configuration on multiple devices.
  However, VTP does have some "quirks".  For example, this year I ran into an issue where an edge switch had a new VLAN defined to a port which wasn't in use on a transit switch, so VTP auto pruning, pruned it off the transit's uplink trunk.  (I was a bit of a pain to find the cause as VTP doesn't prune right away - edge worked for a bit and then it stopped working.  One fix would have been to stop using VTP auto-pruning, across the whole VTP domain, but instead, configured VTP to not auto-prune the needed VLAN across the needed trunk.)
  So, as Paul notes, VTP auto pruning might be easier to get going, but be prepared for unexpected incidents (again, not saying you'll have any, just be prepared).  So, if you're prepared, I would go with VTP auto pruning, but if you want to "play safe", go with Paul's recommendation.

• Port channel issue

  Hello 
  I need help plz , i have 2X stacking Cisco core switch 3850 and access switches 2960X over the floors. I did the configuration but port channel still down , kindly check the below config:-
  3850
  interface Port-channel1
   switchport mode trunk
  inter gi1/0/1
  switchport trunk allowed vlan 85,90,95
   switchport mode trunk
   channel-group 1 mode active
  inter gi1/0/2
  switchport trunk allowed vlan 85,90,95
   switchport mode trunk
   channel-group 1 mode active
  2960
  interface Port-channel1
   switchport mode trunk
  inter Tengi1/0/1
  switchport trunk allowed vlan 85,90,95
   switchport mode trunk
   channel-group 1 mode active
  inter Tengi2/0/1
  switchport trunk allowed vlan 85,90,95
   switchport mode trunk
   channel-group 1 mode active
  The goal that i have access switch should connect to my two core switches using two uplinks and i need to merge the uplinks speed.
  Any idea

  Hello
  Kindly find the below 
  Core_switch#show etherchannel summary
  Number of channel-groups in use: 6
  Number of aggregators:           6
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  3      Po3(SD)         LACP      Gi1/0/5(I)  Gi2/0/5(I)
  ACCESS_Floor_3#show etherchannel summary
  Number of channel-groups in use: 1
  Number of aggregators:           1
  Group  Port-channel  Protocol    Ports
  ------+-------------+-----------+-----------------------------------------------
  3      Po3(SD)         LACP      Te1/0/1(D)  Te2/0/1(D)
  I need to connect my stack switches which located on 1st floor to core switch using two uplinks one uplink teng1/0/1 to 1st core port 1/0/5 in stack and other uplink 2/0/1 to 2nd core on the stack port. 2/0/5.
  thanks

• Access Points: 2602 vs. 2702?

  Hi,
  We are working with an end user who wants to install a controler-based wireless infrastructure in their facility.  At present they plan to use Intermec CK71 mobile computers that support the 802.11 a/b/g/n standards but no "ac" .  In addition to the CK71s, our customer would like to use laptops, notebooks and IPad tablets as wireless clients.. 
  The total number of RF devices is estimated to be around 80 which will be distributed throughout the facility and not clustered.  Our site survey (done with a 2602e AP) indicated 16 APs will be needed to achieve the desired coverage. As far as the load on the APs, it will be fairly light.  There will be some Internet browsing and some HTML based screens that will collect data for their WMS and ERP systems.  At present there is no discussion about including any wireless IP phones, doing video streaming, or moving CAD drawings, etc. over the  wireless network.
  So here is the question:  Should we go with the 2702e AP over the 2602e?  We've installed many 2602s and have always had good success. So far however, we have not installed any 2700 series APs. 
  While looking at the literature for both APs it appears the 2700s are more focused on the "ac" radio standard and are designed for use with higher densities of clients.  The 2600s look more geared to 2.4 Ghz b/g/n radios and will give us more range and might even save on client battery use.
  So since this customer has not said anything about using "ac" radio clients, we are leaning more to sticking with the 2600s. We also mapped coverage using a 2602 as well. That said, we don't want to dead end the customer, especially since the ac radios will now start showing up in client devices.
  Any advice or knowledge that can be shared on this subject would be greatly appreciated.
  Thanks
  **This whip antenna is the one we use with the 2602e, will it also work with the 2702e?  P/N AIR-ANT2524DB-R  

  While looking at the literature for both APs it appears the 2700s are more focused on the "ac" ra
  dio standard and are designed for use with higher densities of clients.
  2600 can operate with just plain 15.4w PoE while 2700 requires 20.0w PoE (recommended).  Although you can operate the 2700 at 15.4w PoE 802.11ac will not be able to run at this power.  
  Now if you look at the 2700, this is the first AP which comes with a dual data port (one PoE and one not).  Currently, WLC firmware does NOT support etherchannel of these two ports.  So if you need to do cabling work and you are going to deploy 2700, then you need to look into putting, at a minimum of, two data outlets per AP2700.  
  Having two data ports, in some cases, is a lot cheaper than deploying Cisco's 3650/3850/Sup8E switches.  
  If I had my way, I'd be deploying 2700 because you have no idea how long Cisco will support the old APs (like the 1260, 3500, 3600 and 2600).

• [Cisco ISE 1.2 with 3850 - Trunk AP] Problem with MAB

  Hi everyone,
  After reading some documentation about using MAB in a trunk port with the 3850 I would like to know if someone has implemented ISE policies with a 3850 interface in trunk mode. My problem is that when I try using MAB in a trunk port the mac address of the AP it´s no visible in the "show mac address interface" and because of that the AP is not authenticated in ISE. The thing is that if I use a 2960 everything goes smoothly with no problems!
  Let me show you what I have,
  interface GigabitEthernet1/0/3
   description AP
   switchport trunk native vlan 999
   switchport mode trunk
   trust device cisco-phone
   authentication event fail action next-method
   authentication host-mode multi-host
   authentication order mab dot1x
   authentication priority dot1x mab
   authentication port-control auto
   mab
   snmp trap mac-notification change added
   snmp trap mac-notification change removed
   dot1x pae authenticator
   dot1x max-req 4
   auto qos voip cisco-phone
   service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
   service-policy output AutoQos-4.0-Output-Policy
  ############################################# switch model - 3850 ##################################################
  SW1#sh mac address-table interface GigabitEthernet1/0/3
            Mac Address Table
  Vlan    Mac Address       Type        Ports
  SW1#sh dot1x interface Gi1/0/3
  Dot1x Info for GigabitEthernet1/0/3
  PAE                       = AUTHENTICATOR
  QuietPeriod               = 60
  ServerTimeout             = 0
  SuppTimeout               = 30
  ReAuthMax                 = 2
  MaxReq                    = 4
  TxPeriod                  = 30
  Switch Ports Model              SW Version        SW Image              Mode
  *    1 56    WS-C3850-48P       03.03.03SE        cat3k_caa-universalk9 INSTALL
  ############################################# Different switch model - 2960 ##################################################
  interface GigabitEthernet1/0/1
   description AP
   switchport trunk native vlan 999
   switchport mode trunk
   srr-queue bandwidth share 1 30 35 5
   priority-queue out
   authentication event fail action next-method
   authentication host-mode multi-host
   authentication order mab dot1x
   authentication priority dot1x mab
   authentication port-control auto
   mab
   snmp trap mac-notification change added
   snmp trap mac-notification change removed
   mls qos trust device cisco-phone
   mls qos trust cos
   dot1x pae authenticator
   dot1x max-req 4
   auto qos voip cisco-phone
   service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
   SW1#$cation sessions interface GigabitEthernet1/0/1
              Interface:  GigabitEthernet1/0/1
            MAC Address:  xxxx.xxxx.4a38
             IP Address:  172.18.1.170
              User-Name:  xx-xx-xx-xx-4A-38
                 Status:  Authz Success
                 Domain:  DATA
         Oper host mode:  multi-host
       Oper control dir:  both
          Authorized By:  Authentication Server
            Vlan Policy:  N/A
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  0A18129D000060E39DAE8A8A
        Acct Session ID:  0x0000725D
                 Handle:  0x0F00028C
  Runnable methods list:
         Method   State
         mab      Authc Success
         Switch Ports Model              SW Version            SW Image                                                                                             
       1 28    WS-C2960X-24PS-L   15.0(2)EX5            C2960X-UNIVERSALK9-M      
   SW2#sh dot1x interface Gi1/0/1
  Dot1x Info for GigabitEthernet1/0/1
  PAE                       = AUTHENTICATOR
  QuietPeriod               = 60
  ServerTimeout             = 0
  SuppTimeout               = 30
  ReAuthMax                 = 2
  MaxReq                    = 4
  TxPeriod                  = 30
  Am I doing something wrong?
  BR,

  I know what you mean and I agree with what you are saying :) Nonetheless, at the moment, the official stance from Cisco on this is that 802.1x is not supported on trunk ports. Now one can argue that MAB is different but I think we are just splitting hairs here :) 
  Like I said, I have gotten stuff to work before but always had some goofy things happening so in general I have stayed away from doing it. 
  Now in your situation, if your configuration is working fine on the 2960 but not on the 3850, then most likely the issue is with the XE code running on the 3850s. The XE code has been very problematic until recently so you are probably hitting some sort of a defect. As a result, I recommend that you upgrade the switch(es) to 3.3.5 or 3.6.1. Version 3.7.x is also out but it just came out 8 days ago so I would not recommend going to it. 
  Thank you for rating helpful posts!

• Cisco 3850 SSID qos

  Hello all)
  I have the task to configure QoS for SSID. I have 1602E points and 4 SSIDs per point. I want to priorities one of them. APs are connected to cisco 3850. Please help me how can I do it?

  Bandwidth and Priority Management at SSID Level
  The next step is to take care of the QoS policy at the SSID level. This step applies to both the Catalyst 3850 switch and to the 5760 controller. This configuration assumes that voice and video traffic is identified through the use of class-map and access-lists and is tagged properly. However, some incoming traffic that is not targeted by the access-list may not display its QoS marking. In that case, you can decide if this traffic should be marked with a default value or left untagged. The same logic goes for traffic already marked but not targeted by the class-maps. Use the default copy statement in a table-map in order to ensure that unmarked traffic is left unmarked and that tagged traffic keeps the tag and it not remarked.
  Refer the link for the Complete Configuration : www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116479-configure-qos-00.html#anc15

• Cisco 3850 Mobility Agent unable to connect clients

  Hi
  We are trying to use Cisco 3850 as Mobility agents with 5760. We can't seem to get the clients to authenticate to the radius server. We don't even see them appear in the radius logs.
  We have defined the radius server and the profile
  wlan Wireless 2 WAP
  aaa-override
  accounting-list Radius
  client vlan wireless
  security dot1x authentication-list Radius
  session-timeout 1800
  no shutdown
  radius server Primary
  address ipv4 x.x.x.x auth-port 1812 acct-port 1813
  timeout 5
  retransmit 2
  key 7 ........
  radius server Primary
  address ipv4 x.x.x.x port 1812 acct-port 1813
  timeout 5
  retransmit 2
  key 7 .........
  The client appears to connect to the AP but can't authenticate so gets kicked off
  If we do a test aaa group username password then it says that it's sucessful.
  In the debug we get 802.1X required but then it never seems to get any further.

  Alright, so I finally figured out the issue with this. I had a Mobility Anchor set on the guest WLAN and once I removed that all started working again.
  What is Mobility Anchor?
  A. Mobility Anchor, also referred to as Guest tunneling or Auto Anchor Mobility, is a feature where all the client traffic that belongs to a WLAN (Specially Guest WLAN) is tunneled to a predefined WLC or set of controllers that are configured as Anchor for that specific WLAN. This feature helps to restrict clients to a specific subnet and have more control over the user traffic. Refer to the Configuring Auto-Anchor Mobility section of Cisco Wireless LAN Controller Configuration Guide, Release 7.0 for more information on this feature.

• Cisco 3850 Switch and Windows 7 IP Conflicts

  Team,
  Last evening (Christmas eve) we setup a pair of Cisco 3850 with IP Base version 3.3.35SE (recommended) and 3.7.0E (very latest).
  We got these to replace a very old switch that had died. Attached to this network are windows 7 PC's with all the standard patches, service packs, etc.
  with standard port configs - no PC would work - and in fact on each screen we got the windows 7 IP Conflict pop up box.
  This seemed very odd to us, as we know these IP's are all static (no dhcp on this segment at all)
  we went with a very vanilla config on each port
  interface g1/0/1
  switchport host
  that is it - nothing special at all.
  well, after hours of research we found the 3850 has a problem where its "ip device tracking" (even though disabled, by way of NOT being enabled on any interface) will effect the windows 7 PC's ip address in use detection port start up phase!
  This is a very big problem. I am frankly SHOCKED Cisco would release a major switch that is going to not work when connected to the average network with windows 7 PC's.
  we tried 3+ hours of prescribed work-arounds found when researching this issue -
  ip device tracking probe delay 10 (global config)
  ip device tracking max 0 (disabed, on interface)
  finally,
  nmsp attach suppress (interface, however this appears to be a default command in all IOS-XE versions we tried, as the command did NOT show in the show run) . this effected many different nic card vendors (laptops, desktops) and nic card drivers levels from old to very recent.
  Finally,
  we compared a 3850 in another location to this one - and we never got HIT by this problem before because that 3850 only as TRUNK ports and no windows 7 hosts directly attached.
  Doing more research, I found out this also can effect vmware guests running windows SERVER.
  this is now a huge issue as we have a scheduled deployment of 3850's throughout our network which is going to be put on hold.
  the work-around I came up with which is not great is -
  Make ALL the "access" ports connected to PC TRUNK ports and leave the NATIVE vlan (untagged) as the vlan you want the PC's to be in
  interface g1/0/1
  switchport mode trunk
  switchport trunk native vlan 1
  this is NOT an acceptable workaround as this presents security issues even with
  switchport trunk allowed vlan 1, etc. as the only allowed vlan.
  Note: this issue manifested itself and windows 7 PC's were UNABLE to use the network. if you do "ipconfig /all | more" you would see
  192.168.0.140(duplicate) and the interface would actually use 169.254.0.239(duplicate) so the duplicate message appeared twice in the output.
  1) With and without an SVI interface on each 3850 for the vlan where the windows 7 machines had a duplicate
  2) when we had an SVI and the command ip device tracking probe use-svi (or whatever the hidden command is I forget now, but it took it)
  3) when we had aaa new-model configured - and not configured - thinking this was some artifact of having aaa turn on something like 802.1x port state
  4) when could confirm NO DHCP SNOOPING
  5) when we DID not use static IP's - and had the switch assign DHCP addresses - the Windows 7 PC's STILL had duplicates and didnt work for their "Just leased" ip's.
  6) when we could confirm ios-xe ip device tracking = disabled with show ip device tracking status, etc.
  This is a major problem for this 3850 and unless we get a definitive answer on why this is happening and how we can rectify we are going to have to return our 3850's and get HP Procurve's something I would rather avoid doing. There is NO REASON I can imagine other than older switches who's ports default to ROUTED ports (i.e.. no ip switchport) where a switch should not at least function as a bare switch with essentially a default configuration out of the box.
  Any ideas? I'm working well now with the ports ALL in trunking mode with vlan 1 native, but this is not a scalable workaround we can live with as we have security risks of a port not blocking certain vlans from going out ports to pc's, etc. that attackers could send tags on at that point, etc.
  thanks,
  Joe Brunner
  #19366

  thanks for replying - i'm not onsite (its a standalone network) - but here is what it is -
  Answers in line -
  This all stems from a switch replacement correct?
  yes a 10 year old Allied Telesyn switch was replaced that had no config - like a hub, just used for connectivity.
  Are these 3850's in a stack?
  >yes, tested all aspects of the stack many times.
  Does it have a managment ip address -If so, is it using the old switch ip address
  >old switch had no ip - i made a "management interface" on vlan 1 - BUT no ip on the built-in management interface on the switch.
  What are they connecting to? (a router/L3 switch/anohter switch- cisco-HP etc..)
  >various other devices - only 1 link back to a single 3750x stack. that switch is "hardened" so to speak to reveal or propagate very little by design.
  How are they connected( L3 interface/L2 trunk/access port)
  >all ports are left in trunk mode with vlan 1 as the active and untagged port. this was the workaround done to ever get the switch going. in "out of the box" or default mode as we initially wanted (no config) links to windows 7 PC's didnt work. links to linux or other devices non-windows did work!
  Are thse switches performing inter-vlan routing or just acting as host switches?
  >dumb flat network, no routing.
  Is ip routing enabled?
  >not unless enabled on 3850 by default. I didnt type "ip routing"
  Do you have multiple vlans in your network and if so ar ethe being propergated to these new switches?
  Your 7 pcs = are they just client pcs not servers?
  client PC's - no servers OS per say.
  can you confirm something like ICS isnt enabled (Internet connection sharing)  on any of them?
  >yes not enabled.
  Are the just using one NIC each?
  > one machine is dual homed - but we know where its "second nic" goes - to another cisco network which is NOT connected back to this one. we traced all our ports a few times thinking even perhaps some small hub was "reflecting" traffic back to us - like a blackbox. Strangest thing -
  default config out of the box - with ALL ports SHUTDOWN EXCEPT the single windows 7 facing port - the windows 7 machine STILL registered an IP CONFLICT when connected to the 3850 - even when it had NO SVI's!!! (i know mind numbing). if you disconnected the pc and connected it to an old cisco switch - it worked fine!!! wow.
  sh switch
  2 identical 3850's in working stack. power and network stacked. both at same version, etc - upgraded each time with "software install file flash:<long ios name>.bin
  tested all power and general 3850 stacking. saw no issues.
  sh int trunk
  >all ports are now trunks (hence the workaround used to get it up).
  has 20 trunks to PC's and some single connected switches (far away on fiber) - all allow only vlan 1 - no other vlans were created - very very simple network. vlan 1 is native
  sh vlan brief
  >just vlan 1 - no vlans created, checked this many times - had vlan 100 at one point - made sure it was gone over a period of hours.
  sh vtp status
  not setup - left complete default; no vtp domain set - connected to all switches in transparent model if a switch connection exists.
  sh cdp neighbours
  cant post (for god and country LOL) but there is one link back to our "core" so to speak - that switch is hardened not to allow any settings to slip over to new switches so hence no vtp, cdp is one to help troubleshooting.
  sh ip route
  just the L and C routes for the vlan 1 ip address 192.168.17.1/24
  no static routes
  no vlan interfaces other than int vlan 1
  no ip address on g0/0/0 -> the default 3850 management interface hard assigned to the 3850 VRF you cant remove.
  int g0/0/0
  ip vrf forwarding Switch_Mgmt
  i can get over there if you think of anything else key to show the group.
  thanks,
  Joe

• Alternative switch to Cisco Catalyst 3750v2-24FS and 3750-24FS

  I`m looking for an alternative to these two switches:                 
  1.  WS-C3750V2-24FS-S  Cisco Catalyst 3750V2-24FS Switch with 24 100FX SFP + 2 Gigabit Ethernet SFP Ports
  2. Cisco Catalyst 3750-24FS (WS-C3750-24FS-S 100BASE-FX)
  They are now EOL and not available.
  I have a campus style network and need to be able to connect multiple 100FX fibre switches back to a central switch. The 1st unit uses 100FX SFP modules and the second has in-built 100FX ports. I`m struggling to find anything from Cisco that will give me multiple (i.e 12+) 100FX ports.
  Could anyone please point me in the right direction?
  Many thanks,
  Paul

  Hi Paul ,
  Replacement for both switch is WS-C3650-48TS-S.
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/eos-eol-notice-c51-730227.html
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/end_of_life_c51-687707.html
  Regards
  Don't forget to rate helpful posts
  Sent from Cisco Technical Support iPhone App

• Cisco Catalyst 3850 as ntp master

  Hi All,
  I have 2 x Cisco Catalyst 3850 stacked together. What are your recommendations if I use the C3850 as a ntp master for all edge switches connected in my network? All edge switches must be authenticated if it needs NTP sychronization. But other than that, what are the downsides?
  For example,
  1. I heard that switches do not have an internal clock so is a poor device to be a centralized NTP master.
  2. I have also read that switches also have slow CPU processors that may lack the processing required.
  3. Its NTP sychronization will use external NTP servers which are resolved into IP addresses (e.g. pool.ntp.org). IP address can change. What other more reliable NTP sources are there?
  4. Any other thoughts and comments are most welcome.

  Firstly, DO NOT use the command "ntp master".  Cisco do not recommend using this commands because this will confuse the NTP propagation inside the network.  
  Next, all Cisco devices do not have a dedicated clock.  All appliances need to get SNTP/NTP time synch from somewhere.  This "somewhere" could either be a dedicated GPS-based NTP server and/or a time synch somewhere out in the internet.  
  You can also use the command "ntp update-calendar".  This new command allows appliances to take regular "snapshot" of the time and save it into the NVRAM.  In case there was a reboot or a power failure, the appliance's time is not too far away instead of waiting 5 to 10 minutes for SNTP/NTP to synch.

• 3850 - auto qos voip cisco-phone

  I am having an issue where it appears that the "auto qos voip cisco-phone" command is marking down my voice packets COS and DSCP values to 0.  Anyone else notice this?  I am connecting Cisco 7945 phone to the interfaces with this command applied to the interface.  I verified that the IP Phone is sending COS = 5 and DSCP = ef to the switchport.  I verified the packets inbound to the switchport and the packets outbound as they transit to the destination IP Phone's switchport.

  Hi joshua,
  What is the IOS-XE version you are running on your 3850 ?
  Post your switchport configuration (7945 phone connected)
  Here is 3.3 QoS config guide & I noticed it says something like below qouted. So make sure this trust device command is there & your port is configured for standard VoIP port connectivity.(like voice vlan, etc)
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/consolidated_guide/configuration_guide/b_consolidated_3850_3se_cg/b_consolidated_3850_3se_cg_chapter_01101000.html#reference_8A1C35AB2874498F90C4F5600301BE9D
  "The trust device device_type interface configuration command is only supported in an auto-QoS configuration, and not as a stand-alone command on the switch. When using the trust device device_type interface configuration command in an auto-QoS configuration, if the connected peer device is not a corresponding device (defined as a device matching your trust policy), both CoS and DSCP values are set to "0" and any input policy will not take effect"
  HTH
  Rasika
  ***** Pls rate all useful responses ****

• Unable to change boot file on Cisco 3850

  I was working on a Cisco 3850 24 port switch today and I read that it doesn't use the normal "boot system flash:XYZ.bin" but instead it's something like this:
  "software install file flash:XYZ.bin new"
  That changes the install package or something which makes it boot in the newly selected package which contains the new IOS.  Anyway, when i put in that command I get something about "Failed to ...." or something.  I'm sorry but I'm at home now and I don't have the device with me and it just occured to me to post this on the forum for possible help.  Either way, it's specifically says "Failed..." as the first word which is not what it should normally say.
  I used these directions:
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/deployment_guide_c07-727067.html#wp9000169
  I am in Install mode.  Can anyone help me figure out why this is happening before my outage window on Sunday night?  I've downloaded the new version of the IOS from Cisco.com and verified it is currently located in the flash of this device. 
  Thanks for any help you can provide!

  Joshua,
  Plesae find quick guide on upgrading and booting, see below as a reference.
  Recovering from a 3850 boot failure.
  There are multiple reasons a 3850 may fail to boot correctly including a corrupt boot image, a corrupt packages.conf file, missing files, etc.  Below are a few different possible recovery methods to try.  I will also explain the two possible mode options, Install and bundle and why you might want to use one or the other.
  Install vs. Bundle Mode
  There are a few difference in the two modes, I would recommend reading over the config guide for more in-depth details. The recommended mode during operation is INSTALL mode because it allows for more features and requires fewer resources when booting.
  ++Install Mode
  This is the out-of-the-box mode that your switch will be in.  INSTALL mode uses a package provisioning file named packages.conf to boot the switch.
  If you happen to be in bundle mode upon boot, you can simply boot your switch in install mode by booting the software package provisioning file that resides in flash. If packages.conf doesn�t exist in flash, you need to expand the bundle into the flash file system by running
  Switch# software expand file flash: cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin to flash:
  Once this completes, you will have all the needed files in flash. You can then change the boot statement to boot to packages.conf
  Switch#Config t
  Switch(config)# no boot system
  Switch(config): boot system switch all flash:packages.conf  (do not modify this file, unless necessary)
  Switch#write memory
  The provisioning file contains a list of software packages to boot, mount, and run. The ISO file system in each installed package is mounted to the root file system directly from flash.
  NOTE **Auto-upgrade is disabled, by default. (once in install mode - execute the following command in global config: software auto-upgrade enable )
  NOTE **Auto-upgrade includes an auto-copy process and an auto-extract process.
  ++Bundle Mode
  As noted previously, bundle mode consumes more memory than booting in install mode because the packages are extracted from the bundle and copied to the RAM.  If you decide to convert to bundle mode, you will first need to download the .bin file from CCO if you don�t already have it in flash.  Once in flash, you can simply change your boot statement to point to the (.bin) file:
  Switch#Config t
  Switch(config)# no boot system
  Switch(config): boot system switch all flash: cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  Switch#write memory
  The provisioning file contained in a bundle is used to decide which packages to boot, mount, and run. Packages are extracted from the bundle and copied to RAM.
  NOTE **Auto install and smart install functionality is not supported in bundle boot mode.
  Recovery Methods
  USB
  The 3850 has a USB port on the front that can be used for both console access and also the ability to utilize a flash drive for image backup and recovery.
  If you happen to be stuck at the switch: prompt with a corrupt image or .conf file, you can easily boot to a file stored on the USB drive.
  1. Verify that the flashdrive is recognized and the .bin file exists
  switch: dir usbflash0:
  Directory of usbflash0:/
  74  -rw-  223734376  cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  2. Boot to the USB image
  switch: boot usbflash0:cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  Corrupt packages.conf
  I�ve seen instances in which packages.conf continually calls files that no longer exist in flash.  You can boot to an image from ROMMON just fine, however upon reload it will call packages.conf again and fail to boot.  If this happens, I recommend backing up the existing packages.conf file by renaming it or deleting all together.  NOTE: The previous step is mandatory as the next step will fail if a .conf file already exists.  You can then run an BUNDLE extract which will create a new packages.conf file.
  1. Once booted up (in BUNDLE mode) verify the files in flash
  Switch#dir flash:
  Directory of flash:/
  15500  -rwx        1243   Aug 1 2013 07:04:02 +00:00  packages.conf
  2. Copy or rename the existing packages.conf file
  Switch#cp flash:packages.conf flash:packages.conf.badop flash:packages.conf flash:packages.conf.bad
  Destination filename [packages.conf.bad]?
  Copy in progress...C
  1243 bytes copied in 0.140 secs (8879 bytes/sec)
  Switch#dir flash:
  Directory of flash:/
  15500  -rwx        1243   Aug 1 2013 07:04:02 +00:00  packages.conf
  15502  -rw-        1243   Aug 1 2013 11:53:51 +00:00  packages.conf.bad
  3. Delete packages.conf
  Switch#del flash:packages.conf
  Delete filename [packages.conf]?
  Delete flash:/packages.conf? [confirm]
  4. Expand BUNDLE to create new packages.conf
  Switch#software expand running switch 1 to flash:
  Preparing expand operation ...
  [1]: Expanding the running bundle
  [1]: Copying package files
  [1]: Package files copied
  [1]: Finished expanding the running bundle
  5. Verify boot
  Switch#show boot
  Switch 1
  Current Boot Variables:
  BOOT variable does not exist
  Boot Variables on next reload:
  BOOT variable = flash:packages.conf;
  Manual Boot = no
  Enable Break = no
  6. Reload Switch
  switch#reload
  Reload command is being issued on Active unit, this will reload the whole stack
  Proceed with reload? [confirm]
  Emergency Recovery
  If all else fails, the 3850 has a �trap door� method of recovering the system.  All you need is a terminal connected to the management port of the 3850 running a tftp server.  Download a valid image file from CCO and store it in the root of the tftp server.
  On the switch, you are most likely stuck at the switch: prompt.  If however you are in some sort of boot loop, you can use the �mode� button on the front of the switch to break the cycle.  Simply hold the button for roughly 10 seconds and the switch should react by breaking the cycle and stopping at a switch: prompt. The following steps will walk you through the recovery:
  1. Set the switch IP
  switch:  set IP_ADDR 192.0.2.123/255.255.255.0
  2. Set the default gateway
  switch: set DEFAULT_ROUTER 192.0.2.1
  3.Test connectivity by pinging terminal (that contains the tftp server)
  switch: ping 192.0.2.1
  ping 192.0.2.1 with 32 bytes of data ...
  Host 192.0.2.1 is alive.
  4. Verify that the emergency files exist in the switches file system
  switch: dir sda9:
  Directory of sda9:/
      2  drwx  1024       .
      2  drwx  1024       ..
     11  -rwx  18958824   cat3k_caa-recovery.bin
  36903936 bytes available (20866048 bytes used)
  5. Run the emergency install feature
  switch: emergency-install tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  The bootflash will be erased during install operation, continue (y/n)?Y
  Starting emergency recovery (tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin)...
  Reading full image into memory......................done
  Nova Bundle Image
  Kernel Address    : 0x6042f5d8
  Kernel Size       : 0x317ccc/3243212
  Initramfs Address : 0x607472a4
  Initramfs Size    : 0xdc6546/14443846
  Compression Format: .mzip
  Bootable image at @ ram:0x6042f5d8
  Bootable image segment 0 address range [0x81100000, 0x81b80000] is in range [0x80180000, 0x90000000].
  File "sda9:cat3k_caa-recovery.bin" uncompressed and installed, entry point: 0x811060f0
  Loading Linux kernel with entry point 0x811060f0 ...
  Bootloader: Done loading app on core_mask: 0xf
  ### Launching Linux Kernel (flags = 0x5)
  Initiating Emergency Installation of bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  Downloading bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin...
  Validating bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin...
  Installing bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin...
  Verifying bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin...
  Package cat3k_caa-base.SPA.03.02.02.SE.pkg is Digitally Signed
  Package cat3k_caa-drivers.SPA.03.02.02.SE.pkg is Digitally Signed
  Package cat3k_caa-infra.SPA.03.02.02.SE.pkg is Digitally Signed
  Package cat3k_caa-iosd-universalk9.SPA.150-1.EX2.pkg is Digitally Signed
  Package cat3k_caa-platform.SPA.03.02.02.SE.pkg is Digitally Signed
  Package cat3k_caa-wcm.SPA.10.0.111.0.pkg is Digitally Signed
  Preparing flash...
  Syncing device...
  Emergency Install successful... Rebooting
  Restarting system.
  Please let me know if you have any further questions.
  HTH
  Regards
  Inayath