Cisco Catalyst 3550-12T

hi,
internal AC power supply of cisco Catalyst 3550-12T has been failed and rps led blinking.we want to replace this internal power supply.What is the part number of it? and is there any document or web site to learn part numbers of cisco devices..Thks.

I don't think you can replace the power supply in 3550 switch. It is on the motherboard. You may need to replace the whole switch. Check out the link below
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00800a7af7.shtml#ac_power

Similar Messages

Password reset on a Cisco Catalyst 3550 series

We have a Cisco Catalyst 3550 series, and we don't have the password to gain access to the switch through a web browser. My question is if I reset the password using Hyper-terminal, does changing the password affect any vlan or fiber optic settings that I should know about. Or does resetting the password changes our switch to factory settings?

Hi,
The password recovery procedure for your switch is described in this document:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html
If you follow the instructions in the document exactly, you will retain the original configuration - you just rename the configuration file so that it is not loaded when the switch boots up. However, you will still be able to display it after the switch boots up using the more flash:config.old . Eventually, you can even load it into running-config using copy flash:config.old running-config command. At that point, the old passwords will be brought back but because you already are in the privileged EXEC mode, you can change them and save the updated configuration.
VLANs should not be affected as long as you do not delete the vlan.dat file located in FLASH. Fiber optic ports should not be affected as long as you are using original Cisco GBICs. If you're using 3rd party GBICs, it may be necessary to enter the service unsupported-transceiver hidden command in the global configuration mode before they get recognized.
Good luck!
Best regards,
Peter

Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet

I've about pulled what little hair I have out of my head on this one, and need some configuration help.
I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached. All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly. I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet. I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong. When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work. Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers? Here's what I am looking for:
INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESS

The Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
HTH,
John

Cisco 3550-12T IP address

Can i set IP address in Cisco 3550-12T in any one of the Gigabit Interface, being a layer 3 switch, it is possible, but when i entered the ip address 192.168.1.1 255.255.255.252 in gigabitEthernet 0/1 i get a message IP addresses may not be configured on L2 links why is that so? I enabled IP Routing & tried without enabling also, but still i get the same message. Thanks in advance.

Hi Anand,
Though it is a layer 3 switch but default behaviour of ports are layer 2.
To make it layer 3 you have to first give "no switchport" command.
int gig0/1
no switchport
ip address
HTH
Ankur

Replacement for 3550 12T

Our 'backbone' switch is an older 3550 12T. Our network has just under 100 users with fairly light traffic. I'm looking to replace this older switch but am not that familiar with Cisco's whole product line. Recommendations?

Lots of choices, 3560, 3750, 3850
Have a look at the data sheets:
3560 and 3750X series:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3750-x-series-switches/data_sheet_c78-584733.html
Newer 3850 series:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/data_sheet_c78-720918.html
If you just need one switch with light traffic, the 3560 is a good choice.
HTH

Catalyst 3550: Loading IOS via TFTP from ROMmon?

Hi everybody,
I need to load an IOS from ROMmon-mode to a Catalyst 3550.
Of cause I could do that via xmodem but I thought it should also be possible via TFTP.
What I did:
switch: IP_ADDRESS=192.168.1.1
switch: IP_SUBNET_MASK=255.255.255.0
switch: TFTP_SERVER=192.168.1.2
switch: TFTP_FILE=c3550-ipservicesk9-mz.122-35.SE5.bin
switch: DEFAULT_GATEWAY=192.168.1.1
switch: set
BOOT=tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin
DEFAULT_GATEWAY=192.168.1.1
IP_ADDRESS=192.168.1.1
IP_SUBNET_MASK=255.255.255.0
MAC_ADDR=00:0F:90:7F:B1:00
MODEL_NUM=WS-C3550-48-SMI
MODEL_REVISION_NUM=L0
MOTHERBOARD_ASSEMBLY_NUM=73-5701-09
MOTHERBOARD_REVISION_NUM=A0
MOTHERBOARD_SERIAL_NUM=CAT08130PUT
POWER_SUPPLY_PART_NUM=34-0967-02
POWER_SUPPLY_SERIAL_NUM=DTH08094HH7
SYSTEM_SERIAL_NUM=CAT0813Z29A
TFTP_FILE=c3550-ipservicesk9-mz.122-35.SE5.bin
TFTP_SERVER=192.168.1.2
switch: boot tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin
Loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"...tftp://192.168.1.2/c35 50-ipservicesk9-mz.122-35.SE5.bin: permission denied
Error loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"
Interrupt within 5 seconds to abort boot process.
Boot process failed...
switch: boot
Loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"...tftp://192.168.1.2/c35 50-ipservicesk9-mz.122-35.SE5.bin: permission denied
Error loading "tftp://192.168.1.2/c3550-ipservicesk9-mz.122-35.SE5.bin"
Interrupt within 5 seconds to abort boot process.
Boot process failed...
Am I doing something wrong or is it generally impossible to load an IOS via TFTP to a 3550?
Thanks in advance
Rolf

I am pretty sure you can't boot from a TFTP server with the Catalyst 3550 (or any of the other standalone access switches - 2950, 3550, 3560 3750 etc). If you want to recover one you need to recover it using XModem via the console:
http://www.cisco.com/en/US/products/hw/switches/ps628/products_tech_note09186a0080169696.shtml
I used to think you had to do this at 9600-baud, however you can increase the baudrate and it only takes 10-20 minutes (I couldn't get 115200 to work but 57600 worked OK and took about 20-minutes).
You need to remember to put the baud rate back to 9600 when the image is back on as it gets stored in NVRAM and reboots etc are at the stored speed (i.e. changing it after it has booted under the line con 0 doesn't get saved to NVRAM).
HTH
Andy

Need help - Catalyst 3550 on CCM4.1 Voip

Guys.
We had a Catalyst 3550 switch fail last week, and the guy who really knows this system has left the company.
The switch has a non-free molecules error, which i believe is terminal.
I've sourced a replacement switch and need help configuring it.
I copied the running config from it's sister switch (there are only 2 switches on this ccm), however, the sister switch is a 3560.
I changed the I.P address and switch name before uploading it to the 3550 on the off chance it might just work.
Show run on the 3550 shows that it might be configured, but when i connected it, it took the gateway down.
I'm really up the creek at the moment unless i can get someone to either look at it, find an old config or get this guy back in for a few hours.
Any advice would be greatly received.
Looking at show run, i see two refernces to VLAN's
interface Vlan1
ip address 170.205.238.3 255.255.255.0
interface Vlan10
ip address 10.10.0.254 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 170.205.238.1
no ip http server
The I.P address 170.205.238.1 is alien to me.. i don't know what this is. However, what i do know is that i never changed this. This IP address is the same in the 3560.
Could this cause an issue ?. I'm not aware of anything on a 170.X.X.X subnet, this could have been some legacy from the previous owners of the building.
The first 3 ports in the switch are connected to the publisher, subscriber and gateway router.
Does it matter which port is connected to which component. ?
I believe that i can't be too far away from configuring this, but without any help, i'm a bit stuck.
LEE-SW-CC_VOIP-01#show run
Building configuration...
Current configuration : 6147 bytes
version 12.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LEE-SW-CC_VOIP-01
enable secret 5 $1$2BRP$UtiYkRMAsp7roykkfRDo3/
username cisco privilege 15 secret 5 $1$mh3w$w8H5ygAfDUOBdiE2UftB8.
ip subnet-zero
ip routing
vtp domain LEE
vtp mode transparent
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan 10
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/6
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/7
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/8
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/9
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/10
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/11
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/12
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/13
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/14
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/15
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/16
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/17
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/18
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/19
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/20
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/21
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/22
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/23
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface FastEthernet0/24
switchport mode access
switchport voice vlan 10
no ip address
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
mls qos trust cos
udld port aggressive
auto qos voip trust
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
mls qos trust cos
udld port aggressive
auto qos voip trust
priority-queue out
interface Vlan1
ip address 170.205.238.3 255.255.255.0
interface Vlan10
ip address 10.10.0.254 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 170.205.238.1
no ip http server
logging trap debugging
line con 0
exec-timeout 0 0
privilege level 15
login local
line vty 0 4
privilege level 15
login local
length 0
line vty 5 15
privilege level 15
login local
length 0
end
LEE-SW-CC_VOIP-01#

Always wanting to learn more, I re-instated the test config and ran those commands.
LEE-SW-CC_VOIP-01#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
LEE-SW-CC_VOIP-01#show ip int brief
Interface IP-Address OK? Method Status Prot
ocol
Vlan1 170.205.238.2 YES NVRAM up down
Vlan10 10.10.0.254 YES NVRAM up down
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset down down
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down
FastEthernet0/19 unassigned YES unset down down
FastEthernet0/20 unassigned YES unset down down
FastEthernet0/21 unassigned YES unset down down
FastEthernet0/22 unassigned YES unset down down
FastEthernet0/23 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset down down
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
LEE-SW-CC_VOIP-01#

Bandwidth rate-limiting on 3550-12T, G and 48 switches

Hi folks,
I'd like to nail-down the raw bandwidth on my switchports to divide a 9Mbit/s uplink between two client groups of 6 & 3Mbits/s respectively ("ring-fencing"). IOS is currently 12.1(14)EA1a and doesn't offer "rate-limit" on the interface in cfg mode. So: (a) can it be easily done on this platform with an IOS u/g? or (b) do I need new hardware?. I note that the 3750's don't support this command in hardware (yet?).
Any help will be appreciated.
Regards,
Andy.

Hello Andy,
You should be able to restrict the bandwidth by per port and or per port/ per vlan on the Catalyst 3550. You are correct there is no rate-limit command on the Catalyst. This is a legacy command used restrict traffic rates. Routers and switches have now implemented this policing feature using the police command. There is a possibility you can gain further feature enhancments with IOS upgrades, but you should also be able to achieve your end result with your current IOS release.
I point you to the following two Cisco documents for the details:
Config Guide:
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/3550scg/swqos.htm
and
Tech Note:
http://www.cisco.com/en/US/partner/products/hw/switches/ps646/products_tech_note09186a00800feff5.shtml#monitor
I hope this helps to answer your question.
Regards,
Bill

Catalyst 3550-48 unable to boot

Hi,
I have a catalyst 3550-48 switch which is running the ios image c3550-ipbase-mz.122-25.SEB4.bin. the problem is now its not booting, it directly goes to rommon mode from there if I issue the command boot flash:c3550-ipbase-mz.122-25.SEB4.bin it gives me the error message like loading ...... c3550-ipbase-mz.122-25.SEB4.bin .....magic number mismatch:bad mzip file
please help me to resolve the issue

Hi Friend,
Seems to be a corrupt image. The best solution will be to xmodem the same image again.
Download the same image again from cisco.com and xmodem to the switch.
Have a look at this xmodem procedure
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration_guide_chapter09186a0080320001.html
HTH, if yes please rate the post.
Ankur

Catalyst 3550 Strong Cryptographic Software

What do you lose/gain using Catalyst 3550 Strong Cryptographic Software for features. Are there any authentication features/services not available in the non-crypto image. Need to answer this for a HIPAA review.

I have used Cisco's Software Advisor to look for differences in the crypto and non-crypto images. For several releases the Advisor does not list any differences. I did find a release 12.1EA1 where it did list differences. As far as authentication services there were no differences listed. It did list support for SSH in the crypto image which is not in the non-crypto image. So depending on how broad your definition of services is there may be a difference that you might care about.
HTH
Rick

Catalyst 3550 stack and etherchannel

I wonder if it is possiable to organize gigabit etherchannel from stack of two catalyst 3550 to server. The problem is to connect server's 2-port NIC to both switches, not just one, and have loadbalancing over 2 links while staying connected in case one of the switches goes down. If not, is it possiable with 3750 switches.

Hi,
This is not possible on 3550's as they do not use true stacking feature on that and moreover both the switches have different configs and they do not get Sync. I think it is possible in case of 3750's, though havnt tried myself.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12119ea1/3750scg/swethchl.htm#1033981
regards,
-amit singh

Connection of LC/APC fiber patch cords to Cisco Catalyst 6500 $ Cisco Access 3750 Switches

I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"

Thank you, but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.
So what type of transceiver should I use to connect LC/APC patch cord to cisco switches? Is there another type or SFP+ still can be used?

Cisco Catalyst 2955 Causes Some Devices to "Die" During Boot

I posted this question in the LAN section of the forums, but I realize this is probably the proper forum for my question.
I have recently purchased a Cisco Catalyst model WS-2955C-12 switch. During POST (boot), the console reports that the switch undergoes what is known as a "FRONT-END LOOPBACK TEST". During this test the 14 port lights on the device light up amber for a moment, connectivity is lost, and after a second or two the lights go off and connectivity returns. We've found that the moment the lights go off at the end of this test, if we have a specific device (with a specific ethernet chip) directly connected to the switch the ethernet chip is adversely affected by this test - the device "goes dark" and is not capable of communicating with anything (including other switches, routers, etc...) until it is power-cycled. What exactly does this FRONT-END LOOPBACK TEST do (I know it's for validating the ports for hardware defects), and what does it send across the wire that could be causing my ethernet chip onboard the device to go bonkers?
Thanks!
-Danny

The ethernet chip on the device (the device is a National Instruments product) is an STMicro STE10/100E, and I'm fairly confident I now know what's happening but I don't know why.
When my ethernet chip is in Autonegotiate mode, the "FRONT-END LOOPBACK TEST" performed by the catalyst does something where, at the conclusion of the test, the ethernet chip goes into an autonegotiation state and never comes back out of it. I'm thinking the "FRONT-END LOOPBACK TEST" is sending something across the wire that's confusing this specific ethernet chip; I've tried 3 Intel parts and also a Broadcom part and they rode it out in autonegotiation mode just fine. If I put the STE chip into a manually-configured mode the "FRONT-END LOOPBACK TEST" doesn't cause it to "go dark".
So, my question is really what does the FRONT-END LOOPBACK TEST do? Does it perform a remote loopback test (the STE10/100E doesn't support loopback tests)?
-Danny

Ask the Expert: Layer 2 Security on Cisco Catalyst Platforms

With Wilson Bonilla
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about about issues in designing, planning, and implementing Layer 2 security in your LAN network with expert Wilson Bonilla.
Wilson will cover topics that network engineers face daily such as Spanning Tree Protocol security, private VLANs, IP source guard, protected ports, dynamic ARP inspection, virtual LAN access-control lists (VLAN ACLs), and Dynamic Host Configuration Protocol (DHCP) snooping over Cisco Catalyst platforms. With the fast growth of networks, Layer 2 security is even more critical in the LAN to help your network become more reliable, efficient, and secure. Wilson will answer your questions about LAN networks with Cisco Catalyst switches.
Wilson Bonilla is a technical networking trainer at the Learning and Development Department for Cisco Technical Assistance Center located in Costa Rica. Before joining the Training Department, he worked for the Cisco TAC as a customer support engineer focused on LAN Switching for more than two years. While working on LAN switching, Wilson also had roles such as technical leader and trainer, adding to his area of expertise in Cisco Catalyst Layer 2 switching. He has CCNP routing and switching certification and is currently studying to achieve his CCNA certification in data center.
Remember to use the rating system to let Wilson know if you've received an adequate response.
Because of the volume expected during this event, Wilson might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity, LAN, Switching and Routing, shortly after the event. This event lasts through November, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

Hello NetNavi.
Check the post above about MacSec for more information and let me know if you need further clarification, if so I will do my best,
In regards to best practices there is a Cisco document; it describes deployments and best practices in every scenario; Supplicants, authenticator, authentication services and other configurations. Please check it out:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.html
In regards to Private VLANS:
What is a Private Vlan?
A private Vlan is a way to isolate hosts within the same Vlan or broadcast domain. So even when you might have devices sharing the same broadcast domain they can be isolated, this isolated is configured based on sub-domains also most often called primary and secondary Vlans.
What is a primary Vlan?
The primary Vlan is representation of the private Vlan, a primary Vlan has one or more secondary Vlans, a switch uses the primary Vlan to present traffic from the secondary Vlans to its neighboring devices.
What is a secondary Vlan?
A secondary Vlan is a sub-domain of the primary Vlan. We could say that the secondary Vlans belongs to the primary. The must be associated to a primary Vlan. There are two types of secondary vlans: Isolated and Community secondary Vlans.
What does it happen to host within a secondary isolated Vlan?
Host within the isolated vlan; can’t communicate to neither other host in the same isoalted vlan nor host in a community vlan.
What does it happen to host within the secondary community Vlan?
Host within the community Vlan can communicate with other host assigned to the same community vlan, but they can’t talk to host in other community vlans.
What are the benefits of implementing private Vlans?
Scalability: The most common scenario is a service provider. Imagine all customers of a service provider connected through DSL, cable modem… it’s very likely that all customers belong to the same broadcast domain, however if that’s the case why is it that I can’t use my neighbor’s printer, or maybe why is it that I can’t access the files he has store in his computer, (security) we are in the same broadcast shouldn’t I be able to at least ping his ip address?. Well that’s because the ISP must guarantee some type of security for their customers, and because put every single customer that they have in a single Vlan is not scalable they use private Vlans.
Examples:
ISP use private vlans to protect from security bridges, Private vlans and isolated Vlans are used to protect personal information for example from one customer to another.
DMZ; Many implementations utilizes private vlans in a DMZ to limt or minimize that risk of a compromised server.
I would like to share this documentation with you for further information and configuration guidelines
http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml#hw
This document explains what Cisco Catalyst switches support Private Vlans.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
Let me know if you have further questions.
Regards
Wilson B.

Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOA

Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
ipv6 dhcp database disk0://DHCPV6-DB
ipv6 dhcp pool VLAN206IPV6
prefix-delegation pool VLAN206IPV6-POOL
dns-server 2620:B700:0:1001::53
domain-name global.bio.com
ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
interface Vlan206
description *** IPv6 Subnet ***
ip address 10.2.104.2 255.255.255.0
ipv6 address 2620:B700:0:12C7::2/64
ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server VLAN206IPV6
standby version 2
standby 0 ip 10.2.104.1
standby 0 preempt
standby 6 ipv6 2620:B700:0:12C7::1/64
standby 6 preempt
I'm getting a result from my debug as follows:
Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
Apr 10 16:28:03.861 PDT: src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
Apr 10 16:28:03.861 PDT: dst FF02::1:2
Apr 10 16:28:03.861 PDT: type SOLICIT(1), xid 8277025
Apr 10 16:28:03.861 PDT: option ELAPSED-TIME(8), len 2
Apr 10 16:28:03.861 PDT: elapsed-time 101
Apr 10 16:28:03.861 PDT: option CLIENTID(1), len 14
Apr 10 16:28:03.861 PDT: 00010001195FD895F01FAF10689E
Apr 10 16:28:03.861 PDT: option IA-NA(3), len 12
Apr 10 16:28:03.861 PDT: IAID 0x0FF01FAF, T1 0, T2 0
Apr 10 16:28:03.861 PDT: option UNKNOWN(39), len 32
Apr 10 16:28:03.861 PDT: option VENDOR-CLASS(16), len 14
Apr 10 16:28:03.861 PDT: option ORO(6), len 8
Apr 10 16:28:03.861 PDT: DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
Apr 10 16:28:03.861 PDT: src FE80::21D:E6FF:FEE4:4400
Apr 10 16:28:03.861 PDT: dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
Apr 10 16:28:03.861 PDT: type ADVERTISE(2), xid 8277025
Apr 10 16:28:03.861 PDT: option SERVERID(2), len 10
Apr 10 16:28:03.865 PDT: 00030001001DE6E44400
Apr 10 16:28:03.865 PDT: option CLIENTID(1), len 14
Apr 10 16:28:03.865 PDT: 00010001195FD895F01FAF10689E
Apr 10 16:28:03.865 PDT: option STATUS-CODE(13), len 15
Apr 10 16:28:03.865 PDT: status code NOADDRS-AVAIL(2)
Apr 10 16:28:03.865 PDT: status message: NOADDRS-AVAIL

Hello,
maybe hitting the following bug.
Pv6 Address Assignment Support for IPv6 DHCP Server
CSCse81385
Hope this helps

Cisco Catalyst 3550-12T

Similar Messages

Maybe you are looking for