Cisco 3750X Switch, Observing change in Running & Startup Config
Hi,
I have a cisco catalyst 3750X switch running with c3750e-universalk9-mz.152-1.E1.bin, where I'm able to see the running configuration & Startup configuration on the device is not in Sync even after saving configuration to the NVRAM.
Startup Configuration is the one which is required for my network to work properly, but as I'm able to see running configuration is adding some of the configuration which is not actually required in the template. Can anyone help me to get this issue addressed.
Configuration attached.
Can you try this command:
Switch#copy startup-config running-config
And then check if you are still face the same issue?
HTH
Regards
Inayath
Similar Messages
-
Cisco 3750x switch. Turning off a port at night
Hi everyone,
I have a question regarding power management for the Cisco 3750x Switches. Is it possible to power down switch ports
automatically at a specific time and if so how. I would like several Ports to be powered down between 2 and 3 o clock at night.
Can anyone tell me how i can realise this? (these switches have Energie Wise capabilities)
I hope to hear from you soon.
Thanks in advance!
Kind regards,
Wouter Platteeuwfew things to try:
Go to your email setup, go to the account in question, go to filters, Check the box that says "do not forward messages to the device" Set this back to the default if this doesn't work.
Something else: try using the blackberry firewall
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB23877
I think this will block all email though, but you can take a look at the options.
Please click the Thumbs Up icon if this comment has helped you!
If your issue is resolved, please click the solution button on the resolution!
Every BlackBerry should have BlackBerry Protect, get it now! | Follow me on Twitter | Bring Back BBM Music! -
Can IPV6 QOS support in Cisco 3750x switches
Hi
I have tried IPv6 qos using class map in Catalyst 3750 switches but the platform is not support.
Can anyone configured the IPV6 qos in Cisco 3750-X switches. Does it support?
Cisco 3750 config
policy-map up
class bwtest-up
police 2048000 128000 exceed-action drop
policy-map down
class bwtest-down
police 512000 128000 exceed-action drop
trust dscp
class-map match-all bwtest-up
match access-group name bwup
class-map match-all bwtest-down
match access-group name bwdown
ipv6 access-list bwup
permit ipv6 2402:xxxx:x:x::/64
ipv6 access-list bwdown
permit ipv6 any 2402:xxxx:x:x::/64
L3(config)#int g1/0/4
L3(config-if)#service-policy input up
QoS: class(bwtest-up) IPv6 class not supported on interface GigabitEthernet1/0/4 ( error)
Please help!interface GigabitEthernet1/0/4
description ##Test LAN-IPV##
no switchport
bandwidth 2048
no ip address
load-interval 30
speed 100
duplex full
ipv6 address 2402:xxxx:x:x::1/64
ipv6 enable
ipv6 ospf 200 area 0
end
switch sw version
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE9, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2014 by Cisco Systems, Inc.
Compiled Mon 03-Mar-14 22:45 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02F00000
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
Cherry uptime is 6 days, 7 hours, 23 minutes
System returned to ROM by power-on
System restarted at 07:04:50 IST Thu Mar 19 2015
System image file is "flash:/c3750-ipservicesk9-mz.122-55.SE9.bin" -
How to configure multiple cisco 3750x switches
Hi All,
we recently bought 25 x 3750-48PS switches and need to roll them out with similar IOS and configuration.
I normally get a console to the switch from my laptop and do one by one.
is there a better way or software which can speed up the process ?
Thanks
QlRead this: ZeroTouch SmartInstall
If configured properly you can load the correct configuration & load the correct IOS in 20 minutes. The entire pile in 20 minutes! -
CISCO 3750X stacking for 5 switches , only 4 switches are coming in stack
Dear All,
I have 5 cisco 3750X switches ,but only 4 switches coming up 5 switches i am unable to see .
Connection for the switch :Please find the attached snapshot for the stack data connection .
Also find the snapshot for the stack power connection .
Please provide your assistance and support to overcome this issue .Dear Marvin,
Thanks for your reply.
is my connection provided in attachment for data stack are ok .
i login to Switch # 5 through console
following is the result :--
switch: ?
? -- Present list of available commands
arp -- Show arp table or arp-resolve an address
boot -- Load and boot an executable image
cat -- Concatenate (type) file(s)
copy -- Copy a file
delete -- Delete file(s)
dir -- List files in directories
flash_init -- Initialize flash filesystem(s)
format -- Format a filesystem
fsck -- Check filesystem consistency
help -- Present list of available commands
memory -- Present memory heap utilization information
mgmt_clr -- clear management port statistics
mgmt_init -- initialize management port
mgmt_show -- show management port statistics
mkdir -- Create dir(s)
more -- Concatenate (display) file(s)
ping -- Send ICMP ECHO_REQUEST packets to a network host
rename -- Rename a file
reset -- Reset the system
rmdir -- Delete empty dir(s)
set -- Set or display environment variables
set_bs -- Set attributes on a boot sector filesystem
set_param -- Set system parameters in flash
sleep -- Pause (sleep) for a specified number of seconds
type -- Concatenate (type) file(s)
unset -- Unset one or more environment variables
version -- Display boot loader version
switch: version
C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(58r)SE, RELEASE SOFTWARE (fc1)
Compiled Tue 26-Apr-11 06:59 by abhakat
switch: boot
Loading "flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin"...flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin: no such file or directory
Error loading "flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin"
Interrupt within 5 seconds to abort boot process.
Boot process failed...
switch:
All other 4 switches i can see in stack but not these switches and also the status light for this switches is blinking green please provide your assistance . -
Enabling ssh with a startup config or similar?
Hello,
Im am currently testing the new features of IOS 12.2 55 SE1 called "Smart Install".
I got it working even though it still has many issues but that's probably because it is a very new functionality.
Anyways, we are using it currently in a lab-environment to test the "zero-touch" replacement of defective Switches. In that case the Director of the SI Network knows what config the defective Switch has saved last.
It then uses that exact config to deploy to the replaced switch as a startup config.
For Security Reasons we have the command "transport input ssh" on all lines enabled. (Makes sense if you want to shut out telnet).
Now, when the new Switch receives the IOS Update (which is also delievered in Smart Install) and therefore reboots, it now uses our startup config.
With the above mentioned command "transport input ssh" on the lines, we have no way of connecting to the newly replaced switch.
"Crypto keys cannot be generated on startup" is the message I see on the Serial-Console output.
Has anyone got an idea how we could work around this?
Is there a way to tell a switch he has to generate an rsa certificate to enable ssh without "touching" it?
I know that with the command "transport input all" this issue would not be an issue, but that is not an option for a possible productive Release. Since we are using a config of a switch that was running productively, the running config cannot allow telnet to be used..
I have asked Google, used this forum's search functionality and found nothing. I am absolutely sure though, that this is an issue many Cisco Users have to work with, so I was suprised not to find anything.
Details of our lab:
Director Switch: C3560 with IOS 12.2 55 SE1
Client Switch (to be replaced): C2960 IOS 12.2 55 SE1
Both have the crypto-image installed.Hello Richard,
Thanks for your answer.
Smart Install gets the config to the new switch by telnet. Since a factory-new Switch can do telnet, the initial config comes from the director. It connects to the switch over a non-standard telnet port and issues the copy command to get the startup config from the tftp server. After that it does the same with the IOS. We can't really do anything because every interaction with the new switch stops the smartinstall process.
In your desscribed solution (I will test it later this week) it could be a working solution for deploying new switches.
In my Scenario however there currently seems to be no way to enable ssh when the startup config is the last known configuration from the switch that died, beacuse this startup config we cannot manually edit (it would defeat the purpose of this feature), since it is backed up by the director and the logic of deciding wheter or not this config is to be used runs on the director.
I am in contact with "our guys" from cisco, and they are trying to get feedback from the developer team of this feature. I will keep testing new releases for this issue and will report any progress. -
Unable to hard code the ports of cisco 3750x series switch
hello,
I have tried with hardcode to 1000 7 Full on the ports which are connected to another switch.
After changing the port to auto from one side of the switch port came up. Is there any solution to make port up when both sides are hard coded to 1000 & full duplex.
Simple Words:
Switch 1 --> Switch 2 --> Hard coded to 1000 & Full --> Down.
Switch 1 --> Switch 2 --> Auto on one end to Switch 1 --> Up.
Switch model:
Switch 1 Cisco 3750x (Gi Switch)
Switch 2 Cisco 3750 (Gi Switch)
Regards,
Ezra.Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Yes, it's possible without a straight through cable, enable auto/auto both sides. Otherwise you'll need a cross-over cable.
BTW, if your standard is hard coding copper gig ports, for speed and duplex, you might consider bringing your standard up to date. Copper gig standard went much further in how auto/auto is supposed to work. By disabling auto/auto, I believe, you're also disabling some error monitoring too. Generally, all the major players, e.g. Cisco, would recommend auto/auto for copper gig Ethernet. -
Cisco 3750x 24 port poe switch single port is faulty.
what i can do if my cisco 3750x 24 port poe switch single port is faulty ????
Duplicate posts.
Go here: http://supportforums.cisco.com/discussion/12187366/cisco-3750x-24-port-poe-switch-failure -
Cisco 3750x 24 port poe switch failure
what is the chance of cisco 3750x 24 port poe switch failure? is backup necessary for this ? please answer me in details.
If you have a Cisco switch with, at least, one faulty port you RMA the appliance.
There is nothing more detailed than that. -
Packet loss when pinging from/to a cisco 3560e switch
I see Packet loss when pinging from/to a cisco 3560e switch. CPU utilization is normal.
Switches are running with IOS c3560e-universalk9-mz.122-35.SE5.bin.
Packet loss is observed for all the devices irrespective of directly connected or remote devices.
If i do self pinging, there are no packet loss.
I don't see any error on interface.
Can anyone please help me in resolving this issue.TCB Local Address Foreign Address (state)
03737C48 10.47.0.229.60053 10.41.81.55.49 CLOSEWAIT
039ACDC4 10.47.0.229.61929 10.41.35.250.49 CLOSEWAIT
03B316C0 10.47.0.229.27544 10.41.81.55.49 CLOSEWAIT
038228F0 10.47.0.229.16506 10.41.35.250.49 CLOSEWAIT
039C3D04 10.47.0.229.15207 10.41.81.55.49 CLOSEWAIT
039A9BD0 10.47.0.229.52983 10.41.81.55.49 CLOSEWAIT
0394152C 10.47.0.229.22425 161.61.35.250.49 CLOSEWAIT
037D811C 10.47.0.229.21117 10.41.81.55.49 CLOSEWAIT
039C12BC 10.47.0.229.37437 10.41.81.55.49 CLOSEWAIT
03933B84 10.47.0.229.34085 161.61.35.250.49 TIMEWAIT
03B32340 10.47.0.229.45729 10.41.81.55.49 CLOSEWAIT
038247D0 10.47.0.229.32816 10.41.81.55.49 CLOSEWAIT
039A92D8 10.47.0.229.38680 161.61.35.250.49 CLOSEWAIT
037370F0 10.47.0.229.13212 10.41.81.55.49 CLOSEWAIT
037D85F0 10.47.0.229.38728 10.41.81.55.49 CLOSEWAIT
03B2B284 10.47.0.229.23428 10.41.81.55.49 CLOSEWAIT
03B2ADB0 10.47.0.229.56836 10.41.81.55.49 CLOSEWAIT
0394BFF0 10.47.0.229.23257 161.61.35.250.49 CLOSEWAIT
036604DC 10.47.0.229.44437 10.41.81.55.49 CLOSEWAIT
0394C700 10.47.0.229.22 192.37.184.211.61639 ESTAB
039B9A68 10.47.0.229.20543 10.41.81.55.49 CLOSEWAIT
03739B28 10.47.0.229.15392 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
0392EA48 10.47.0.229.13862 10.41.81.55.49 CLOSEWAIT
0365E23C 10.47.0.229.27856 10.41.81.55.49 CLOSEWAIT
03817C0C 10.47.0.229.64929 10.41.81.55.49 CLOSEWAIT
039357C8 10.47.0.229.22088 10.41.81.55.49 CLOSEWAIT
037375C4 10.47.0.229.21832 10.41.81.55.49 CLOSEWAIT
039C20E8 10.47.0.229.18169 10.41.81.55.49 CLOSEWAIT
03716D08 10.47.0.229.61993 10.41.81.55.49 CLOSEWAIT
039A74E4 10.47.0.229.62948 10.41.81.55.49 CLOSEWAIT
03655480 10.47.0.229.14052 10.41.81.55.49 CLOSEWAIT
039407F0 10.47.0.229.49643 161.61.35.250.49 CLOSEWAIT
039A53AC 10.47.0.229.13233 10.41.81.55.49 CLOSEWAIT
03739FFC 10.47.0.229.16605 10.41.81.55.49 CLOSEWAIT
039B82B8 10.47.0.229.16458 10.41.35.250.49 CLOSEWAIT
039BEBA4 10.47.0.229.64377 10.41.81.55.49 CLOSEWAIT
03741980 10.47.0.229.13866 10.41.81.55.49 CLOSEWAIT
03B3ABF8 10.47.0.229.19365 10.41.81.55.49 CLOSEWAIT
039B5810 10.47.0.229.24768 10.41.81.55.49 CLOSEWAIT
03956E48 10.47.0.229.55980 161.61.35.250.49 CLOSEWAIT
03946820 10.47.0.229.65053 161.61.35.250.49 CLOSEWAIT
037DBE94 10.47.0.229.15283 10.41.81.55.49 CLOSEWAIT
039A4854 10.47.0.229.48562 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
03B33320 10.47.0.229.29803 10.41.81.55.49 CLOSEWAIT
03B3B79C 10.47.0.229.12142 10.41.81.55.49 CLOSEWAIT
03713C9C 10.47.0.229.63799 10.41.81.55.49 CLOSEWAIT
039BBECC 10.47.0.229.14763 10.41.81.55.49 CLOSEWAIT
03656E40 10.47.0.229.16357 10.41.81.55.49 CLOSEWAIT
0362A73C 10.47.0.229.62450 10.41.81.55.49 CLOSEWAIT
039B878C 10.47.0.229.64402 161.61.35.250.49 CLOSEWAIT
03826CFC 10.47.0.229.16108 10.41.81.55.49 CLOSEWAIT
03B2CA34 10.47.0.229.17634 10.41.81.55.49 CLOSEWAIT
03AD78D0 10.47.0.229.15249 161.61.35.250.49 CLOSEWAIT
03AD967C 10.47.0.229.20389 161.61.35.250.49 CLOSEWAIT
03B2C560 10.47.0.229.37079 10.41.81.55.49 CLOSEWAIT
039C5128 10.47.0.229.24711 10.41.81.55.49 CLOSEWAIT
03822F74 10.47.0.229.54866 10.41.81.55.49 CLOSEWAIT
0372C5FC 10.47.0.229.13298 10.41.81.55.49 CLOSEWAIT
0372D278 10.47.0.229.12407 10.41.81.55.49 CLOSEWAIT
039A33D0 10.47.0.229.36573 10.41.81.55.49 CLOSEWAIT
039BCEF8 10.47.0.229.53853 10.41.81.55.49 CLOSEWAIT
039C02D8 10.47.0.229.53725 10.41.81.55.49 CLOSEWAIT
039B5CE4 10.47.0.229.58027 10.41.81.55.49 CLOSEWAIT
0381866C 10.47.0.229.17100 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
039BB374 10.47.0.229.53148 10.41.81.55.49 CLOSEWAIT
03AD3634 10.47.0.229.19716 161.61.35.250.49 CLOSEWAIT
0362DAA4 10.47.0.229.19479 10.41.81.55.49 CLOSEWAIT
0365AE60 10.47.0.229.62209 10.41.81.55.49 CLOSEWAIT
0362D5D0 10.47.0.229.41327 10.41.81.55.49 CLOSEWAIT
037D7C48 10.47.0.229.58283 10.41.81.55.49 CLOSEWAIT
03955474 10.47.0.229.33810 161.61.35.250.49 CLOSEWAIT
0373B15C 10.47.0.229.23331 10.41.81.55.49 CLOSEWAIT
036628D0 10.47.0.229.46856 10.41.81.55.49 CLOSEWAIT
03819584 10.47.0.229.19861 10.41.81.55.49 CLOSEWAIT
0394D000 10.47.0.229.64732 10.41.35.250.49 CLOSEWAIT
0394B760 10.47.0.229.19967 161.61.35.250.49 CLOSEWAIT
039B6BD4 10.47.0.229.40096 10.41.81.55.49 CLOSEWAIT
03AD7150 10.47.0.229.65184 10.41.35.250.49 CLOSEWAIT
039BC3A0 10.47.0.229.64702 10.41.81.55.49 CLOSEWAIT
03B3A724 10.47.0.229.60399 10.41.81.55.49 CLOSEWAIT
037145E0 10.47.0.229.43951 10.41.81.55.49 CLOSEWAIT
03955EDC 10.47.0.229.29015 161.61.35.250.49 TIMEWAIT
0365FB34 10.47.0.229.13961 10.41.81.55.49 CLOSEWAIT
03828D54 10.47.0.229.12743 10.41.81.55.49 CLOSEWAIT
037DB40C 10.47.0.229.23708 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
039AF814 10.47.0.229.15100 10.41.81.55.49 CLOSEWAIT
0392E344 10.47.0.229.23399 10.41.35.250.49 CLOSEWAIT
0393DC3C 10.47.0.229.15393 161.61.35.250.49 CLOSEWAIT
03AD85D0 10.47.0.229.40932 161.61.35.250.49 TIMEWAIT
039574CC 10.47.0.229.25935 10.41.35.250.49 CLOSEWAIT
03738B74 10.47.0.229.58656 10.41.81.55.49 CLOSEWAIT
039AD91C 10.47.0.229.56760 10.41.81.55.49 CLOSEWAIT
03B3BC70 10.47.0.229.15058 10.41.81.55.49 CLOSEWAIT
03B2DC54 10.47.0.229.51131 161.61.35.250.49 CLOSEWAIT
03B393F0 10.47.0.229.11957 10.41.35.250.49 CLOSEWAIT
039B2610 10.47.0.229.33728 10.41.81.55.49 CLOSEWAIT
03B311EC 10.47.0.229.18047 10.41.81.55.49 CLOSEWAIT
039A8E04 10.47.0.229.52022 161.61.35.250.49 CLOSEWAIT
0365D460 10.47.0.229.12241 10.41.81.55.49 CLOSEWAIT
03B33E78 10.47.0.229.47640 10.41.81.55.49 CLOSEWAIT
0372C128 10.47.0.229.60323 10.41.81.55.49 CLOSEWAIT
03661CD8 10.47.0.229.39923 10.41.81.55.49 CLOSEWAIT
0393C73C 10.47.0.229.41864 10.41.35.250.49 CLOSEWAIT
03829584 10.47.0.229.56673 161.61.35.55.49 CLOSEWAIT
0362AC10 10.47.0.229.31952 10.41.81.55.49 CLOSEWAIT
039BF078 10.47.0.229.22636 10.41.81.55.49 CLOSEWAIT
TCB Local Address Foreign Address (state)
0365CF8C 10.47.0.229.14476 10.41.81.55.49 CLOSEWAIT
039B443C 10.47.0.229.59226 10.41.81.55.49 CLOSEWAIT
0393E794 10.47.0.229.56282 10.41.35.250.49 CLOSEWAIT
03657740 10.47.0.229.25769 10.41.81.55.49 CLOSEWAIT
03B2F6E8 10.47.0.229.19328 10.41.81.55.49 CLOSEWAIT
0373AC88 10.47.0.229.25766 10.41.81.55.49 CLOSEWAIT
039B213C 10.47.0.229.28882 10.41.81.55.49 CLOSEWAIT
039C07AC 10.47.0.229.38201 10.41.81.55.49 CLOSEWAIT
03AD8DD0 10.47.0.229.23002 10.41.35.250.49 CLOSEWAIT
03739048 10.47.0.229.29572 10.41.35.250.49 CLOSEWAIT
039BA464 10.47.0.229.32273 10.41.81.55.49 CLOSEWAIT
03B31E6C 10.47.0.229.32521 10.41.81.55.49 CLOSEWAIT
0365EBE0 10.47.0.229.41319 10.41.81.55.49 CLOSEWAIT
03938804 10.47.0.229.62841 10.41.35.250.49 CLOSEWAIT
039A1AF8 10.47.0.229.12758 10.41.81.55.49 CLOSEWAIT
039B7DE4 10.47.0.229.20921 10.41.81.55.49 CLOSEWAIT
036549F8 10.47.0.229.51903 10.41.81.55.49 CLOSEWAIT
03714CC8 10.47.0.229.45145 10.41.81.55.49 CLOSEWAIT
037425F8 10.47.0.229.56492 10.41.81.55.49 CLOSEWAIT
03B39D74 10.47.0.229.18174 10.41.81.55.49 CLOSEWAIT -
Cisco 3850 Switch and Windows 7 IP Conflicts
Team,
Last evening (Christmas eve) we setup a pair of Cisco 3850 with IP Base version 3.3.35SE (recommended) and 3.7.0E (very latest).
We got these to replace a very old switch that had died. Attached to this network are windows 7 PC's with all the standard patches, service packs, etc.
with standard port configs - no PC would work - and in fact on each screen we got the windows 7 IP Conflict pop up box.
This seemed very odd to us, as we know these IP's are all static (no dhcp on this segment at all)
we went with a very vanilla config on each port
interface g1/0/1
switchport host
that is it - nothing special at all.
well, after hours of research we found the 3850 has a problem where its "ip device tracking" (even though disabled, by way of NOT being enabled on any interface) will effect the windows 7 PC's ip address in use detection port start up phase!
This is a very big problem. I am frankly SHOCKED Cisco would release a major switch that is going to not work when connected to the average network with windows 7 PC's.
we tried 3+ hours of prescribed work-arounds found when researching this issue -
ip device tracking probe delay 10 (global config)
ip device tracking max 0 (disabed, on interface)
finally,
nmsp attach suppress (interface, however this appears to be a default command in all IOS-XE versions we tried, as the command did NOT show in the show run) . this effected many different nic card vendors (laptops, desktops) and nic card drivers levels from old to very recent.
Finally,
we compared a 3850 in another location to this one - and we never got HIT by this problem before because that 3850 only as TRUNK ports and no windows 7 hosts directly attached.
Doing more research, I found out this also can effect vmware guests running windows SERVER.
this is now a huge issue as we have a scheduled deployment of 3850's throughout our network which is going to be put on hold.
the work-around I came up with which is not great is -
Make ALL the "access" ports connected to PC TRUNK ports and leave the NATIVE vlan (untagged) as the vlan you want the PC's to be in
interface g1/0/1
switchport mode trunk
switchport trunk native vlan 1
this is NOT an acceptable workaround as this presents security issues even with
switchport trunk allowed vlan 1, etc. as the only allowed vlan.
Note: this issue manifested itself and windows 7 PC's were UNABLE to use the network. if you do "ipconfig /all | more" you would see
192.168.0.140(duplicate) and the interface would actually use 169.254.0.239(duplicate) so the duplicate message appeared twice in the output.
1) With and without an SVI interface on each 3850 for the vlan where the windows 7 machines had a duplicate
2) when we had an SVI and the command ip device tracking probe use-svi (or whatever the hidden command is I forget now, but it took it)
3) when we had aaa new-model configured - and not configured - thinking this was some artifact of having aaa turn on something like 802.1x port state
4) when could confirm NO DHCP SNOOPING
5) when we DID not use static IP's - and had the switch assign DHCP addresses - the Windows 7 PC's STILL had duplicates and didnt work for their "Just leased" ip's.
6) when we could confirm ios-xe ip device tracking = disabled with show ip device tracking status, etc.
This is a major problem for this 3850 and unless we get a definitive answer on why this is happening and how we can rectify we are going to have to return our 3850's and get HP Procurve's something I would rather avoid doing. There is NO REASON I can imagine other than older switches who's ports default to ROUTED ports (i.e.. no ip switchport) where a switch should not at least function as a bare switch with essentially a default configuration out of the box.
Any ideas? I'm working well now with the ports ALL in trunking mode with vlan 1 native, but this is not a scalable workaround we can live with as we have security risks of a port not blocking certain vlans from going out ports to pc's, etc. that attackers could send tags on at that point, etc.
thanks,
Joe Brunner
#19366thanks for replying - i'm not onsite (its a standalone network) - but here is what it is -
Answers in line -
This all stems from a switch replacement correct?
yes a 10 year old Allied Telesyn switch was replaced that had no config - like a hub, just used for connectivity.
Are these 3850's in a stack?
>yes, tested all aspects of the stack many times.
Does it have a managment ip address -If so, is it using the old switch ip address
>old switch had no ip - i made a "management interface" on vlan 1 - BUT no ip on the built-in management interface on the switch.
What are they connecting to? (a router/L3 switch/anohter switch- cisco-HP etc..)
>various other devices - only 1 link back to a single 3750x stack. that switch is "hardened" so to speak to reveal or propagate very little by design.
How are they connected( L3 interface/L2 trunk/access port)
>all ports are left in trunk mode with vlan 1 as the active and untagged port. this was the workaround done to ever get the switch going. in "out of the box" or default mode as we initially wanted (no config) links to windows 7 PC's didnt work. links to linux or other devices non-windows did work!
Are thse switches performing inter-vlan routing or just acting as host switches?
>dumb flat network, no routing.
Is ip routing enabled?
>not unless enabled on 3850 by default. I didnt type "ip routing"
Do you have multiple vlans in your network and if so ar ethe being propergated to these new switches?
Your 7 pcs = are they just client pcs not servers?
client PC's - no servers OS per say.
can you confirm something like ICS isnt enabled (Internet connection sharing) on any of them?
>yes not enabled.
Are the just using one NIC each?
> one machine is dual homed - but we know where its "second nic" goes - to another cisco network which is NOT connected back to this one. we traced all our ports a few times thinking even perhaps some small hub was "reflecting" traffic back to us - like a blackbox. Strangest thing -
default config out of the box - with ALL ports SHUTDOWN EXCEPT the single windows 7 facing port - the windows 7 machine STILL registered an IP CONFLICT when connected to the 3850 - even when it had NO SVI's!!! (i know mind numbing). if you disconnected the pc and connected it to an old cisco switch - it worked fine!!! wow.
sh switch
2 identical 3850's in working stack. power and network stacked. both at same version, etc - upgraded each time with "software install file flash:<long ios name>.bin
tested all power and general 3850 stacking. saw no issues.
sh int trunk
>all ports are now trunks (hence the workaround used to get it up).
has 20 trunks to PC's and some single connected switches (far away on fiber) - all allow only vlan 1 - no other vlans were created - very very simple network. vlan 1 is native
sh vlan brief
>just vlan 1 - no vlans created, checked this many times - had vlan 100 at one point - made sure it was gone over a period of hours.
sh vtp status
not setup - left complete default; no vtp domain set - connected to all switches in transparent model if a switch connection exists.
sh cdp neighbours
cant post (for god and country LOL) but there is one link back to our "core" so to speak - that switch is hardened not to allow any settings to slip over to new switches so hence no vtp, cdp is one to help troubleshooting.
sh ip route
just the L and C routes for the vlan 1 ip address 192.168.17.1/24
no static routes
no vlan interfaces other than int vlan 1
no ip address on g0/0/0 -> the default 3850 management interface hard assigned to the 3850 VRF you cant remove.
int g0/0/0
ip vrf forwarding Switch_Mgmt
i can get over there if you think of anything else key to show the group.
thanks,
Joe -
Trouble with Windows7 and Gigabit link on Cisco 3560X switch
Hello,
In my company, we are using Cisco IP Phones 7945G (with 2 gigabit network ports) and Cisco 3560X-48P (1GB ports) switches for our users.
Our client computers are running on Windows 7 SP1 (64bit - Enterprise edition) and are connected behind the IP Phone. We use a "Boradcom
Xtreme Gigabit" onboard network card on the computers. All ports (on the switch site and IP Phone side) and on the network card of the computer are configured in "auto negotiation". Duplex and speed are set to "auto".
We tried now to deploy a new engineering software and we are facing a very strange problem. This means that the engineer software fails to download some files from the server. We are using a flat network, all the servers and computers are on the same network segment with no firewall inbetween.
The firewall and Anti-virus on the computers are configured to allow all incoming/outing connections.
To troubleshoot, I tried to change all the network cables but I still get same result --> download fails.
I connected the client computer directly to the Cisco 3560X switch, without the IP Phone and I get the same result.
I installed a separate network card from INTEL (Intel PRO1000 PT) but I get the same result.
As last test, I have connected to same client computer directly to a Cisco 2960-8TC switch (100Mbit; auto negotiate) and here is working fine. The software successfully downloads all the files from the server.
If I connect the computer behind the Cisco 7945 IP Phone, set the speed and duplex of the PC-Port on the Cisco IP Phone 7945G to "100MBit/full duplex" is also working fine.
Is there any know issue with Windows7 and Gigabit network connections?
Do I need to set any Registry key on my Windows 7?
The firmware version of my Cisco 3560X-48P switch is 12.2(53)SE2; do I need to update it?
The firmware version of the IP Phone 7945G is 9.2.1.
Thanks in advanced for your help.
Marc HoffmannHello, Thanks for your answers. First of all, I have updated the firmware of my Cisco Catalyst 3560X-48P switch to the version 12.2(55)SE5. Unfortunately, this did not solve my problem. As second step, I ran an TDR test on my 3560X switch but I do not get any result. The "Pair status" always says "not completed". Even if I wait for 5 minutes, the status remains at "Not completed". Am I doing something wrong ? To do the TDR test, I use the commande "test cable-diagnostics tdr interface gigabitEthernet 0/XY". For your information, the port gigabitEthernet 0/XY is in a "Connected" status when I run the "show int status" command. Jeff, I think there is no issue on the server side, because if I connect my workstation on a 100MB switch (example Cisco Catalyst 2960-8TC-L) the application works absolutely fine. Also, if I run the application locally on the server, it works fine. As next step, I will connect the workstation directly on our backbone switch and try the same test. Is there perhaps any Registry key in our Windows7 which could cause this trouble? If you have any other ideas or options, please let me know. Thanks a lot, Marc Hoffmann
-
Apple wired Dot1X - on Cisco 2950 switches
Hi, I have an issue with Apple desktop computers running 10.7 and 10.8 MacOS.
The problem is that we have only 2950 switches and we are very limited with what we can do on them, so we wanted basic DOT1X user authentication and VLAN placement. Those two are working great, except when user logs off, Mac stops sending DOT1X and port becomes unauthenticated. We alleviated that issue by using guest-vlan for failed dot1x authentications, but now we have a problem that once user logs in, there is no session change on 2950 and it doesn’t even try to authenticate user until we bounce the port.
Is there any way to fix this, on Cisco switch or Mac computer? One of the things that crossed my mind is bouncing port on Mac PC using some kind of logon script?
Has anyone else had this issue and was able to solve it?
Thanks.Hello Align,
Cisco 2950 switch with 12.1(9) supports 802.1 x authentications. As you are saying that you already configured 802.1x authentication and its working fine. I think there is problem with your MAC OS configuration. Please follow the below link to configure 802.1x on Apple.
http://support.apple.com/kb/ht3326 -
AAA and Cisco MDS switches.........
have configured Cisco ACS 4.0 (TACACS) with Windows AD for all Cisco MDS switches and it is working fine. But local "admin" access to the Cisco MDS switches via telnet is not working. At the same time , if I create a user with "network-admin" role locally, that works but not the default admin user.
Could anyone help me in this regard.local. Below is the script I used to configure TACACS (Cisco ACS 4.0) on Cisco MDS switches.
config t
# Enable TACACS+
tacacs+ enable
tacacs-server host nnn.nnn.nnn.nnn key 0 xxxxxx
tacacs-server host mmm.mmm.mmm.mmm key 0 xxxxx
# Specify TACACS+ Server groups
aaa group server tacacs+ tacgrp
server nnn.nnn.nnn.nnn
server mmm.mmm.mmm.mmm
aaa authentication login default group tacgrp
aaa authentication login console local
# Enable TACACS+ Accounting
aaa accounting default group tacgrp local
end
copy running-config startup-config
Thanks
MOhan -
Cisco Prime 2.1: Not writing running config after template deployment
I have noticed that Prime is not writing the running config after CLI template deployments. I deployed a changeset to over 1100 devices the other night and noticed that the configs had not been written the startup config.
I did some testing today and am using the following CLI template:
#MODE_ENABLE
copy running-config startup-config
#MODE_END_ENABLE
All tests failed. I found the syntax for enable mode from the following link:
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/user/guide/prime_infra_ug/create_temps.html#31705
Any ideas on why it isn't writing the configs by default or how to force it through a template?I've got a little bit more information for you on this. If you were to login to a switch, enter enable mode and type "copy running-config startup-config" and press ENTER you'd see this:
Destination filename [startup-config]?
You'd then read the documentation and think to yourself "Self, I better use the following syntax in my CLI template"
#INTERACTIVE
copy running-config startup-config<IQ>Destination filename [startup-config]?<R>startup-config
#ENDS_INTERACTIVE
But in Cisco's world, I guess that just doesn't make any sense at all. Why use the actual interactive question when you can simply just use the first word (even though all of their examples show multi-word interactive questions). The correct syntax would then be:
#INTERACTIVE
copy running-config startup-config<IQ>Destination<R>startup-config
#ENDS_INTERACTIVE
#START_SARCASM
Duh! It's so obvious. Why in the world would one ever think anything other than that you would simply take the first word in the interactive question and just leave it at that. I feel so stupid
#ENDS_SARCASM
Maybe you are looking for
-
Hi Experts, This is an issue related to data loads from DSO to Cube. A request was loaded successfully to the DSO but was in yellow status in the Cube for a long time. I deleted the request and tried to reload it again from the DSO to Cube. Whi
-
I used to upload any picture to Fbook which was in my Iphoto. Now, I can only upload pictures from IPhoto which are a week old. I'm unable to upload any recent pics from Iphoto to FBook - like pics I uploaded to I photo today. They are in IPhoto,
-
Why firefox do not have javascript enabled by default???
do not understand why JS in not by default installed in firefox. :-(
-
I am trying to convert a slide show that is in a 4x3 aspect ratio to a custom 8x3 aspect ratio. I have changed the slide size from 1024x768 to 2048x768, and that works fine. However, I need to old 4x3 slide content to be on the left side; currently i
-
HI, we've different billing type for domestic ZF2 /Exports ZEX ETC DOMETIC no range is 80000 to 899999 Exports no range is 90000 to 999999 have maintained both these range & assigned in billing document type & in OBA7 FOR RV i've maintained range 800