Cisco 3850 support BFD ?

Similar Messages

• Cisco 3850 SSID qos

  Hello all)
  I have the task to configure QoS for SSID. I have 1602E points and 4 SSIDs per point. I want to priorities one of them. APs are connected to cisco 3850. Please help me how can I do it?

  Bandwidth and Priority Management at SSID Level
  The next step is to take care of the QoS policy at the SSID level. This step applies to both the Catalyst 3850 switch and to the 5760 controller. This configuration assumes that voice and video traffic is identified through the use of class-map and access-lists and is tagged properly. However, some incoming traffic that is not targeted by the access-list may not display its QoS marking. In that case, you can decide if this traffic should be marked with a default value or left untagged. The same logic goes for traffic already marked but not targeted by the class-maps. Use the default copy statement in a table-map in order to ensure that unmarked traffic is left unmarked and that tagged traffic keeps the tag and it not remarked.
  Refer the link for the Complete Configuration : www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/116479-configure-qos-00.html#anc15

• Unable to change boot file on Cisco 3850

  I was working on a Cisco 3850 24 port switch today and I read that it doesn't use the normal "boot system flash:XYZ.bin" but instead it's something like this:
  "software install file flash:XYZ.bin new"
  That changes the install package or something which makes it boot in the newly selected package which contains the new IOS.  Anyway, when i put in that command I get something about "Failed to ...." or something.  I'm sorry but I'm at home now and I don't have the device with me and it just occured to me to post this on the forum for possible help.  Either way, it's specifically says "Failed..." as the first word which is not what it should normally say.
  I used these directions:
  http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps12686/deployment_guide_c07-727067.html#wp9000169
  I am in Install mode.  Can anyone help me figure out why this is happening before my outage window on Sunday night?  I've downloaded the new version of the IOS from Cisco.com and verified it is currently located in the flash of this device. 
  Thanks for any help you can provide!

  Joshua,
  Plesae find quick guide on upgrading and booting, see below as a reference.
  Recovering from a 3850 boot failure.
  There are multiple reasons a 3850 may fail to boot correctly including a corrupt boot image, a corrupt packages.conf file, missing files, etc.  Below are a few different possible recovery methods to try.  I will also explain the two possible mode options, Install and bundle and why you might want to use one or the other.
  Install vs. Bundle Mode
  There are a few difference in the two modes, I would recommend reading over the config guide for more in-depth details. The recommended mode during operation is INSTALL mode because it allows for more features and requires fewer resources when booting.
  ++Install Mode
  This is the out-of-the-box mode that your switch will be in.  INSTALL mode uses a package provisioning file named packages.conf to boot the switch.
  If you happen to be in bundle mode upon boot, you can simply boot your switch in install mode by booting the software package provisioning file that resides in flash. If packages.conf doesn�t exist in flash, you need to expand the bundle into the flash file system by running
  Switch# software expand file flash: cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin to flash:
  Once this completes, you will have all the needed files in flash. You can then change the boot statement to boot to packages.conf
  Switch#Config t
  Switch(config)# no boot system
  Switch(config): boot system switch all flash:packages.conf  (do not modify this file, unless necessary)
  Switch#write memory
  The provisioning file contains a list of software packages to boot, mount, and run. The ISO file system in each installed package is mounted to the root file system directly from flash.
  NOTE **Auto-upgrade is disabled, by default. (once in install mode - execute the following command in global config: software auto-upgrade enable )
  NOTE **Auto-upgrade includes an auto-copy process and an auto-extract process.
  ++Bundle Mode
  As noted previously, bundle mode consumes more memory than booting in install mode because the packages are extracted from the bundle and copied to the RAM.  If you decide to convert to bundle mode, you will first need to download the .bin file from CCO if you don�t already have it in flash.  Once in flash, you can simply change your boot statement to point to the (.bin) file:
  Switch#Config t
  Switch(config)# no boot system
  Switch(config): boot system switch all flash: cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  Switch#write memory
  The provisioning file contained in a bundle is used to decide which packages to boot, mount, and run. Packages are extracted from the bundle and copied to RAM.
  NOTE **Auto install and smart install functionality is not supported in bundle boot mode.
  Recovery Methods
  USB
  The 3850 has a USB port on the front that can be used for both console access and also the ability to utilize a flash drive for image backup and recovery.
  If you happen to be stuck at the switch: prompt with a corrupt image or .conf file, you can easily boot to a file stored on the USB drive.
  1. Verify that the flashdrive is recognized and the .bin file exists
  switch: dir usbflash0:
  Directory of usbflash0:/
  74  -rw-  223734376  cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  2. Boot to the USB image
  switch: boot usbflash0:cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  Corrupt packages.conf
  I�ve seen instances in which packages.conf continually calls files that no longer exist in flash.  You can boot to an image from ROMMON just fine, however upon reload it will call packages.conf again and fail to boot.  If this happens, I recommend backing up the existing packages.conf file by renaming it or deleting all together.  NOTE: The previous step is mandatory as the next step will fail if a .conf file already exists.  You can then run an BUNDLE extract which will create a new packages.conf file.
  1. Once booted up (in BUNDLE mode) verify the files in flash
  Switch#dir flash:
  Directory of flash:/
  15500  -rwx        1243   Aug 1 2013 07:04:02 +00:00  packages.conf
  2. Copy or rename the existing packages.conf file
  Switch#cp flash:packages.conf flash:packages.conf.badop flash:packages.conf flash:packages.conf.bad
  Destination filename [packages.conf.bad]?
  Copy in progress...C
  1243 bytes copied in 0.140 secs (8879 bytes/sec)
  Switch#dir flash:
  Directory of flash:/
  15500  -rwx        1243   Aug 1 2013 07:04:02 +00:00  packages.conf
  15502  -rw-        1243   Aug 1 2013 11:53:51 +00:00  packages.conf.bad
  3. Delete packages.conf
  Switch#del flash:packages.conf
  Delete filename [packages.conf]?
  Delete flash:/packages.conf? [confirm]
  4. Expand BUNDLE to create new packages.conf
  Switch#software expand running switch 1 to flash:
  Preparing expand operation ...
  [1]: Expanding the running bundle
  [1]: Copying package files
  [1]: Package files copied
  [1]: Finished expanding the running bundle
  5. Verify boot
  Switch#show boot
  Switch 1
  Current Boot Variables:
  BOOT variable does not exist
  Boot Variables on next reload:
  BOOT variable = flash:packages.conf;
  Manual Boot = no
  Enable Break = no
  6. Reload Switch
  switch#reload
  Reload command is being issued on Active unit, this will reload the whole stack
  Proceed with reload? [confirm]
  Emergency Recovery
  If all else fails, the 3850 has a �trap door� method of recovering the system.  All you need is a terminal connected to the management port of the 3850 running a tftp server.  Download a valid image file from CCO and store it in the root of the tftp server.
  On the switch, you are most likely stuck at the switch: prompt.  If however you are in some sort of boot loop, you can use the �mode� button on the front of the switch to break the cycle.  Simply hold the button for roughly 10 seconds and the switch should react by breaking the cycle and stopping at a switch: prompt. The following steps will walk you through the recovery:
  1. Set the switch IP
  switch:  set IP_ADDR 192.0.2.123/255.255.255.0
  2. Set the default gateway
  switch: set DEFAULT_ROUTER 192.0.2.1
  3.Test connectivity by pinging terminal (that contains the tftp server)
  switch: ping 192.0.2.1
  ping 192.0.2.1 with 32 bytes of data ...
  Host 192.0.2.1 is alive.
  4. Verify that the emergency files exist in the switches file system
  switch: dir sda9:
  Directory of sda9:/
      2  drwx  1024       .
      2  drwx  1024       ..
     11  -rwx  18958824   cat3k_caa-recovery.bin
  36903936 bytes available (20866048 bytes used)
  5. Run the emergency install feature
  switch: emergency-install tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  The bootflash will be erased during install operation, continue (y/n)?Y
  Starting emergency recovery (tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin)...
  Reading full image into memory......................done
  Nova Bundle Image
  Kernel Address    : 0x6042f5d8
  Kernel Size       : 0x317ccc/3243212
  Initramfs Address : 0x607472a4
  Initramfs Size    : 0xdc6546/14443846
  Compression Format: .mzip
  Bootable image at @ ram:0x6042f5d8
  Bootable image segment 0 address range [0x81100000, 0x81b80000] is in range [0x80180000, 0x90000000].
  File "sda9:cat3k_caa-recovery.bin" uncompressed and installed, entry point: 0x811060f0
  Loading Linux kernel with entry point 0x811060f0 ...
  Bootloader: Done loading app on core_mask: 0xf
  ### Launching Linux Kernel (flags = 0x5)
  Initiating Emergency Installation of bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin
  Downloading bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin...
  Validating bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin...
  Installing bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin...
  Verifying bundle tftp://192.0.2.1/cat3k_caa-universalk9.SPA.03.02.02.SE.150-1.EX2.bin...
  Package cat3k_caa-base.SPA.03.02.02.SE.pkg is Digitally Signed
  Package cat3k_caa-drivers.SPA.03.02.02.SE.pkg is Digitally Signed
  Package cat3k_caa-infra.SPA.03.02.02.SE.pkg is Digitally Signed
  Package cat3k_caa-iosd-universalk9.SPA.150-1.EX2.pkg is Digitally Signed
  Package cat3k_caa-platform.SPA.03.02.02.SE.pkg is Digitally Signed
  Package cat3k_caa-wcm.SPA.10.0.111.0.pkg is Digitally Signed
  Preparing flash...
  Syncing device...
  Emergency Install successful... Rebooting
  Restarting system.
  Please let me know if you have any further questions.
  HTH
  Regards
  Inayath

• Cisco 3850 SSO and NSF failover time

  Dear Member,
  I m trying to setup a network with few second fail-over with Cisco 3850 stack, C3850 support SSO and NSF on OSPF.
  However, when the Master fails, Slave take up the role and re-learn routing information and around 10 sec to fail-over.
  May any brothers have this experience and 10 sec fail-over should be the normal behavior or can be enhance?
  Attach diagram for reference.
  Regards
  Russ

  Great, adding the following command and only have 1 ping loss with end to end.
  =========================
  Stack-mac persistent timer 0
  router ospf 1
  nsf cisco enforce global
  ========================

• CISCO 3850 PoE+ SWITCH

  Hi,
  I have a device which is a PoE device (IEEE802.3af). Can Cisco 3850 PoE+ (IEEE802.3at) support both data and power to Normal PoE (IEEE802.3af) devices.
  Please confirm.
  Thanks
  Amey

  Hi,
  See this:
  3850 PoE, PoE+, and Cisco UPOE Ports
  The PoE+ and Cisco Universal Power Over Ethernet (Cisco UPOE) ports use the same connectors as described in the "10/100/1000 Ethernet Ports" section.
  They provide:
  •PoE+ ports: Support for IEEE 802.3af-compliant powered devices (up to 15.4 W PoE per port) and support for IEEE 802.3at-compliant powered devices (up to 30 W PoE+ per port). The maximum total PoE power in a 1RU switch is 1800 W.
  •Cisco UPOE ports: Support for powered devices on all four Ethernet signal pairs (up to 60 W Cisco UPOE per port).
  •Support for Cisco-enhanced PoE.
  http://www.cisco.com/en/US/docs/switches/lan/catalyst3850/hardware/installation/guide/HIGOVERV.html#wp1351798
  Regards,

• Cisco 3850 WLC mac-filtering

  Hi:
  Cisco 3850 in WLC how to config mac-filtering
  thanks

  When you create a MAC address filter on WLCs, users are granted or       denied access to the WLAN network based on the MAC address of the client they       use.
  There are two types of MAC authentication that are supported on       WLCs:
  Local MAC authentication
  MAC authentication using a RADIUS           server
  With local MAC authentication, user MAC addresses are stored in a       database on the WLC. When a user tries to access the WLAN that is configured       for MAC filtering, the client MAC address is validated against the local       database on the WLC, and the client is granted access to the WLAN if the       authentication is successful.
  By default, the WLC local database supports up to 512 user entries.
  The local user database is limited to a maximum of 2048 entries. The       local database stores entries for these items:
  Local management users, which includes lobby           ambassadors
  Local network users, which includes guest users
  MAC filter entries
  Exclusion list entries
  Access point authorization list           entries
  Together, all of these types of users cannot exceed the configured       database size.
  To Know how to configure Mac filtering please go to the below link.
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008084f13b.shtml

• New Features: Cisco Technical Support Mobile App v3.6

  Cisco Technical Support Mobile App v3.6 - New Features:
  On Monday, May 12th, a new version of the Cisco Technical Support mobile application was released with the following new features:
  Aggregated Content For More Than Six Thousand Products
  Select from one of more than six thousand models to access aggregated support documentation, software downloads, and Cisco Support Community content within "Product Information". It is like having your own personal library in the palm of your hand.  
  Pocket Integration
  Send In-App content to your Pocket (Read-It-Later) account for easy, synchronized access across all your devices. As Darren Murph describes on BGR.com, you can further enhance your experience with IFTTT to automate content archival from your Pocket account to several other channels including Evernote, Instapaper, Dropbox, and Box.net. 
  For more Information
  Pocket: http://www.getpocket.com
  IFTTT: http://www.ifttt.com
  IFTTT Pocket Recipes: https://ifttt.com/recipes?channel=pocket#popular​
  Support Contract Expiration Reminders
  With your permission, event reminders can be added to your calendar 90 and 60 days prior to your support contracts expiring. Keeping your contracts up to date ensures non interrupted access to Cisco TAC. 
  And there's more…
  Users with active support contracts can view, update and create support cases, track and initiate RMA Returns, and research software bug information. Stay up to date with the latest offerings from Cisco through several Video, Podcasts and RSS Feeds.
  How to Download the App
  The app can be found by searching for "Cisco Technical Support"in either the iTunes or Google Play App Stores. Direct links to the app are provided below:
  iOS: https://itunes.apple.com/us/app/cisco-technical-support/id398104252?mt=8
  Android: https://play.google.com/store/apps/details?id=com.cisco.swtg_android&hl=en

  Hi Jessica,
  On the iOS mobile app, communities with sub-communities are identified by a blue arrow next to the community.  If you tap on the community name you will be taken to the community, if you tap on the blue arrow you will be taken to the sub-communities within that parent community.  For Android tapping on the arrow next to the community name will expand that community to show any sub-communities underneath it.  I hope this helps.
  Thanks,
  Kent

• Cisco Technical Support v3.7 - New Features

  Accurately Update Installed Location. The Cisco Tech Support mobile application—available for Apple or Android—provides smartphone and tablet access to critical Technical Services support such as support documentation, service request creation and update, serial number scan and lookup, and contract entitlement.
  Now we have enhanced this robust application with new features for Cisco Support Contract holders. It’s easier than ever to search for support cases, including by RMA number. Push notifications let your customers know when a TAC engineer is assigned to a case opened in the mobile app. Tap on the notification, and we'll launch the app and take you straight to your support case.  And, you can easily and accurately update device Installed base information with a click. Simply scan the Cisco product bar code using a mobile device’s camera and, at the prompt, use the GPS function of the mobile device to pinpoint the installed location of that device. Or, if preferred, input the address manually. As soon as the location information is verified and associated with your customer’s service contract, they’ll be sure to receive faster, more accurate service. And you and Cisco will have more complete and accurate customer information for service and renewals.
  Have you not tried the app before? The app is broken into two types of content - Entitled and Non-Entitled. If a user has an active support contract they can:
  View, Update (add notes and attach photos) and Create Cisco Support Cases. If you open a case through the app, we'll send you a push notification when a TAC Engineer has been assigned. Tap on the push notification, and we'll launch the app, and bring you straight to the case in question.
  View RMA Details tied to a support case
  Contact your assigned TAC Engineer, Field Engineer and On-Site Contact (later two for RMAs) directly by phone or email
  Look up entitlement info by serial number. A bar code scanner is provided to make it easier to capture the info
  View list of contracts you are associated with. Tap on the "calendar icon" to add a reminder in your calendar 90 & 60 days prior to the contract expiring (some partners have indicated this is a nice sales reminder)
  Access to a mobile version of Bug Search Tool
  Non Entitled users can:
  View Externalized TAC Authored Content (TAC Support Docs)
  Have access to aggregated support information (config guides, data sheets, installation instructions, etc), software downloads and community content specific to a model via "Product Information" then "Select a Product"
  Access to support related videos, podcasts (includes TAC Security Podcast) and RSS Feeds (includes several several nice security related feeds).
  Related Links:
  iOS Download Link: Cisco Technical Support on the App Store on iTunes
  Android Download Link: Cisco Technical Support - Android Apps on Google Play
  User Guide:  http://www.cisco.com/web/fw/tools/tsmap/UserGuide_iPhone.pdf
  More than happy to answer any questions you may have.
  Regards,
  Dave Dubé
  Product Manager
  Cisco Services

  thanks for bringing the Cisco support app.
  it works good and easy to use. thanks you Cisco and Team.
  Potha

• Cisco Technical Support Mobile App v3.10.1 - New Features

  We are pleased to announce the latest release of the Cisco Technical Support mobile app. 
  What's New in Version 3.10.1:
  • Mobile Push Notifications for Support Cases and generic PSIRT announcements
  • Opt-In to receive Support Case update notifications
  • Expanded "My Shortcuts" section includes bookmarked Bugs and Video Channels
  • Expanded access to Product Lookup - no longer blocked whether the device is not under contract or user lacks entitlement
  • Significant performance improvements loading case notes.  Horizontal swiping support to move directly from one note to the next
  Note: Tapping on a notification will launch the app, and take you to the content in question.
  (View Updated User Guide)
  Complete Feature List:
  Available Features for All Users:
  • Research Cisco products and services through mobile optimized content, videos and podcasts. 
  • Complete access to all our installation and configuration guides, data sheets, command reference guides and more for over 7,000 Cisco products. 
  • Access to over 1,700 troubleshooting guides covering 26 domains; written by TAC, for TAC, and freely available to all our customers.
  • PSIRT Mobile Push Notifications - Tap on the notification to launch the app and view details about the PSIRT
  • Control what notifications you receive from within "Settings"
  • Add bookmarks to your favorite Podcasts, RSS Feeds, and Video Channels for easy access from "My Shortcuts"
  • Integration with Pocket (Read-It-Later) service. Save content to your Pocket account for offline consumption across all of your enabled devices. Go to http://www.getpocket.com/ to learn more about setting up a Pocket account.
  Available Features for Cisco Support Contract Owners:
  Cisco Support Cases & RMAs:
  • View, Edit and Create Support Cases
  • Access to all case notes, attachments (txt, pdf, xls, ppt, doc, and image file types), and related bugs
  • Receive mobile push notifications when a TAC Engineer has been assigned to your case and when your case transitions to a Customer Pending state
  • Opt-In to receive mobile push notifications for any support case you are entitled to access
  • Direct contact (phone & email) with your assigned TAC Engineer, On-Site Contact, and Field Engineer
  • Add bookmarks to Support Cases for easy access from "My Shortcuts"
  • Single tap to request case updates, case closure, and reopen cases
  Cisco Support Contracts & Product Coverage Information: 
  • View basic contract information and set-expiration reminders prior to their expiration
  • Lookup product coverage details by serial number - An embedded bar code is available to make the process easier 
  • Ability to validate and update the current installation using your current location
  Bug Search Tool:
  • Research Cisco software bugs by product, iOS version, or any other keyword using a simplified search utility 
  • Bookmark software bugs for easy access from "My Shortcuts"
  Have questions or want to provide feedback? Send us an email at: [email protected]

  thanks for bringing the Cisco support app.
  it works good and easy to use. thanks you Cisco and Team.
  Potha

• Cisco 3850 Mobility Agent unable to connect clients

  Hi
  We are trying to use Cisco 3850 as Mobility agents with 5760. We can't seem to get the clients to authenticate to the radius server. We don't even see them appear in the radius logs.
  We have defined the radius server and the profile
  wlan Wireless 2 WAP
  aaa-override
  accounting-list Radius
  client vlan wireless
  security dot1x authentication-list Radius
  session-timeout 1800
  no shutdown
  radius server Primary
  address ipv4 x.x.x.x auth-port 1812 acct-port 1813
  timeout 5
  retransmit 2
  key 7 ........
  radius server Primary
  address ipv4 x.x.x.x port 1812 acct-port 1813
  timeout 5
  retransmit 2
  key 7 .........
  The client appears to connect to the AP but can't authenticate so gets kicked off
  If we do a test aaa group username password then it says that it's sucessful.
  In the debug we get 802.1X required but then it never seems to get any further.

  Alright, so I finally figured out the issue with this. I had a Mobility Anchor set on the guest WLAN and once I removed that all started working again.
  What is Mobility Anchor?
  A. Mobility Anchor, also referred to as Guest tunneling or Auto Anchor Mobility, is a feature where all the client traffic that belongs to a WLAN (Specially Guest WLAN) is tunneled to a predefined WLC or set of controllers that are configured as Anchor for that specific WLAN. This feature helps to restrict clients to a specific subnet and have more control over the user traffic. Refer to the Configuring Auto-Anchor Mobility section of Cisco Wireless LAN Controller Configuration Guide, Release 7.0 for more information on this feature.

• Cisco 3850 Switch and Windows 7 IP Conflicts

  Team,
  Last evening (Christmas eve) we setup a pair of Cisco 3850 with IP Base version 3.3.35SE (recommended) and 3.7.0E (very latest).
  We got these to replace a very old switch that had died. Attached to this network are windows 7 PC's with all the standard patches, service packs, etc.
  with standard port configs - no PC would work - and in fact on each screen we got the windows 7 IP Conflict pop up box.
  This seemed very odd to us, as we know these IP's are all static (no dhcp on this segment at all)
  we went with a very vanilla config on each port
  interface g1/0/1
  switchport host
  that is it - nothing special at all.
  well, after hours of research we found the 3850 has a problem where its "ip device tracking" (even though disabled, by way of NOT being enabled on any interface) will effect the windows 7 PC's ip address in use detection port start up phase!
  This is a very big problem. I am frankly SHOCKED Cisco would release a major switch that is going to not work when connected to the average network with windows 7 PC's.
  we tried 3+ hours of prescribed work-arounds found when researching this issue -
  ip device tracking probe delay 10 (global config)
  ip device tracking max 0 (disabed, on interface)
  finally,
  nmsp attach suppress (interface, however this appears to be a default command in all IOS-XE versions we tried, as the command did NOT show in the show run) . this effected many different nic card vendors (laptops, desktops) and nic card drivers levels from old to very recent.
  Finally,
  we compared a 3850 in another location to this one - and we never got HIT by this problem before because that 3850 only as TRUNK ports and no windows 7 hosts directly attached.
  Doing more research, I found out this also can effect vmware guests running windows SERVER.
  this is now a huge issue as we have a scheduled deployment of 3850's throughout our network which is going to be put on hold.
  the work-around I came up with which is not great is -
  Make ALL the "access" ports connected to PC TRUNK ports and leave the NATIVE vlan (untagged) as the vlan you want the PC's to be in
  interface g1/0/1
  switchport mode trunk
  switchport trunk native vlan 1
  this is NOT an acceptable workaround as this presents security issues even with
  switchport trunk allowed vlan 1, etc. as the only allowed vlan.
  Note: this issue manifested itself and windows 7 PC's were UNABLE to use the network. if you do "ipconfig /all | more" you would see
  192.168.0.140(duplicate) and the interface would actually use 169.254.0.239(duplicate) so the duplicate message appeared twice in the output.
  1) With and without an SVI interface on each 3850 for the vlan where the windows 7 machines had a duplicate
  2) when we had an SVI and the command ip device tracking probe use-svi (or whatever the hidden command is I forget now, but it took it)
  3) when we had aaa new-model configured - and not configured - thinking this was some artifact of having aaa turn on something like 802.1x port state
  4) when could confirm NO DHCP SNOOPING
  5) when we DID not use static IP's - and had the switch assign DHCP addresses - the Windows 7 PC's STILL had duplicates and didnt work for their "Just leased" ip's.
  6) when we could confirm ios-xe ip device tracking = disabled with show ip device tracking status, etc.
  This is a major problem for this 3850 and unless we get a definitive answer on why this is happening and how we can rectify we are going to have to return our 3850's and get HP Procurve's something I would rather avoid doing. There is NO REASON I can imagine other than older switches who's ports default to ROUTED ports (i.e.. no ip switchport) where a switch should not at least function as a bare switch with essentially a default configuration out of the box.
  Any ideas? I'm working well now with the ports ALL in trunking mode with vlan 1 native, but this is not a scalable workaround we can live with as we have security risks of a port not blocking certain vlans from going out ports to pc's, etc. that attackers could send tags on at that point, etc.
  thanks,
  Joe Brunner
  #19366

  thanks for replying - i'm not onsite (its a standalone network) - but here is what it is -
  Answers in line -
  This all stems from a switch replacement correct?
  yes a 10 year old Allied Telesyn switch was replaced that had no config - like a hub, just used for connectivity.
  Are these 3850's in a stack?
  >yes, tested all aspects of the stack many times.
  Does it have a managment ip address -If so, is it using the old switch ip address
  >old switch had no ip - i made a "management interface" on vlan 1 - BUT no ip on the built-in management interface on the switch.
  What are they connecting to? (a router/L3 switch/anohter switch- cisco-HP etc..)
  >various other devices - only 1 link back to a single 3750x stack. that switch is "hardened" so to speak to reveal or propagate very little by design.
  How are they connected( L3 interface/L2 trunk/access port)
  >all ports are left in trunk mode with vlan 1 as the active and untagged port. this was the workaround done to ever get the switch going. in "out of the box" or default mode as we initially wanted (no config) links to windows 7 PC's didnt work. links to linux or other devices non-windows did work!
  Are thse switches performing inter-vlan routing or just acting as host switches?
  >dumb flat network, no routing.
  Is ip routing enabled?
  >not unless enabled on 3850 by default. I didnt type "ip routing"
  Do you have multiple vlans in your network and if so ar ethe being propergated to these new switches?
  Your 7 pcs = are they just client pcs not servers?
  client PC's - no servers OS per say.
  can you confirm something like ICS isnt enabled (Internet connection sharing)  on any of them?
  >yes not enabled.
  Are the just using one NIC each?
  > one machine is dual homed - but we know where its "second nic" goes - to another cisco network which is NOT connected back to this one. we traced all our ports a few times thinking even perhaps some small hub was "reflecting" traffic back to us - like a blackbox. Strangest thing -
  default config out of the box - with ALL ports SHUTDOWN EXCEPT the single windows 7 facing port - the windows 7 machine STILL registered an IP CONFLICT when connected to the 3850 - even when it had NO SVI's!!! (i know mind numbing). if you disconnected the pc and connected it to an old cisco switch - it worked fine!!! wow.
  sh switch
  2 identical 3850's in working stack. power and network stacked. both at same version, etc - upgraded each time with "software install file flash:<long ios name>.bin
  tested all power and general 3850 stacking. saw no issues.
  sh int trunk
  >all ports are now trunks (hence the workaround used to get it up).
  has 20 trunks to PC's and some single connected switches (far away on fiber) - all allow only vlan 1 - no other vlans were created - very very simple network. vlan 1 is native
  sh vlan brief
  >just vlan 1 - no vlans created, checked this many times - had vlan 100 at one point - made sure it was gone over a period of hours.
  sh vtp status
  not setup - left complete default; no vtp domain set - connected to all switches in transparent model if a switch connection exists.
  sh cdp neighbours
  cant post (for god and country LOL) but there is one link back to our "core" so to speak - that switch is hardened not to allow any settings to slip over to new switches so hence no vtp, cdp is one to help troubleshooting.
  sh ip route
  just the L and C routes for the vlan 1 ip address 192.168.17.1/24
  no static routes
  no vlan interfaces other than int vlan 1
  no ip address on g0/0/0 -> the default 3850 management interface hard assigned to the 3850 VRF you cant remove.
  int g0/0/0
  ip vrf forwarding Switch_Mgmt
  i can get over there if you think of anything else key to show the group.
  thanks,
  Joe

• How can i configure hsrp in cisco 3850 switch please guide me

  how can i configure hsrp in cisco 3850 switch please guide me

  Hi Mauleshg,
  Please the below mention link to configure Hsrp hope this will help you.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/ip/configuration_guide/b_fhrp_3se_3850_cg/b_fhrp_3se_3850_cg_chapter_010.html
  Br.
  Mohseen Patel

• Emergency Responder and Cisco 3850 Switches

  I'm running Cisco ER V8.5, and recently installed new Cisco 3850 Switches. All the phones connected to the 3850 switches show a "unlocated" status. I've check the hardware compatibility Matrix for ER V8.5 and the 3850 is not on it.
  What are my options for locating these phones in ER and assigning them to an ERL. Manually defining the phones? Is there a patch or update to ER V8.5 that would make a 3850 compatible?

  I haven't used the 3850's with ER yet so can't speak to that specifically, but generally speaking you have more flexibility using location by subnets vs switches.  Scalability-wise, you can add way more subnets than switches.  There's more going on under the hood if you're locating by switches so the process overhead is greater.
  The only downside with using subnets is if you need to get more granular with your locations than your deployed subnets allow (ie a single voice subnet for an entire building but you need to define and assign locations at the floor level).  As long as you've been a little forward thinking on the route/switch side, you'll be fine.
  hope that helps,
  will

• Cisco 3850 Switch getting message %SPI_FC-3-HIGH_WMARK_REACHED

  Hi Team,
  We have one Cisco 3850 Switch installed at the Customer site and getting the message as below,
  Mar 28 10:57:11.578: %SPI_FC-3-HIGH_WMARK_REACHED: Number of messages in the queue for channel 9 has reached maximum.
  -Traceback= 1#830db5fd318976b0280defe233875463  :10000000+153F71C :10000000+B5E9B0 :10000000+B5EBA4 :10000000+3CC5CC :10000000+3CD0B4 :10000000+39AB00 :10000000+27CDD2C :10000000+7C7814 :10000000+27AC29C
  .Mar 28 10:58:31.585: %SPI_FC-3-HIGH_WMARK_REACHED: Number of messages in the queue for channel 9 has reached maximum.
  -Traceback= 1#830db5fd318976b0280defe233875463  :10000000+153F71C :10000000+B5E9B0 :10000000+B5EBA4 :10000000+3CC5CC :10000000+3CD0B4 :10000000+39AB00 :10000000+27CDD2C :10000000+7C7814 :10000000+27AC29C
   --More--         .Mar 28 10:59:51.586: %SPI_FC-3-HIGH_WMARK_REACHED: Number of messages in the queue for channel 9 has reached maximum.
  -Traceback= 1#830db5fd318976b0280defe233875463  :10000000+153F71C :10000000+B5E9B0 :10000000+B5EBA4 :10000000+3CC5CC :10000000+3CD0B4 :10000000+39AB00 :10000000+27CDD2C :10000000+7C7814 :10000000+27AC29C
  Please suggest the meaning of these messages and suggestion for resolution on the same.
  Attaching show version, show logging for this Switch.
  Regards
  Ashutosh

  Hi Akilhasan,
  The switch is hitting a bug which is currently under investigation. The latter implies there is no official workaround, but my suggestion would be that you consider reloading the switch outside of business hours (considering preventive measures i. e. back the configuration up, save changes, etc.). 
  The most stable version and recommended per Cisco is 03.03.03. There is newer 03.06.00 available, just released past June, so you may consider as well upgrading the IOS, of course under a properly carried out risk assessment, and you can roll back if something unexpected occurs. I would suggest doing so only if you have a solid knowledge of the customer's network and business needs.
  Hope this helps. 
  Kind regards,
  - Ed

• Cisco 3850 Redundant Power Supply Reporting Issue

  We have deployed several Cisco 3850's. Several are showing the following symptom
  ont2-tc3-es01#sh env power
  SW  PID                 Serial#     Status           Sys Pwr  PoE Pwr  Watts
  1A  PWR-C1-715WAC       DCB1702G0QU  OK              Good     Good     715
  1B  PWR-C1-715WAC       DCB1702G0G6  No Response     Good     Good     715
  Every single switch at this particular location has the same status on the B power supply. The problem was there on the previous code level (3.2.2) and we recently upgraded to 3.3.5 to resolve some SNMP bugs on the switches we also expected the latest Assurewave version to fix this issue also. So couple questions:
  1. Anyone else seeing this?
  2. Anyone found a fix for it?
                 Thanks!
                            Marty

  Hi Zabeel,
                     I did talk with TAC - per the engineer there are two bugs that cause the issue and one was fixed in 3.3.5 - so we upgraded all our 3850's to that code level. Unfortunately for us, that still didn't fix the issue. TAC suggested that it may be fixed in rev 3.7.0, but that has not officially been confirmed by Cisco's developers.
           We're waiting for the official "fix" before going through another round of switch upgrades.
          TAC did suggest reseating the power supply if you still have the issue after the upgrade to 3.3.5 - but that's not really an option for me since my switches are geographically spread out.
     HTH
               Marty