Cisco Catalyst Blade Switch 3020

Information about the Cisco Catalyst Blade Switch 3020
Does it support  TCP SYN Flooding Attacks Mitigations Techniques
As per the Request for Comments: 4987 

Most of the common DOS attack mitigation strategies (good overview here) are configurable on the CBS 3020. There's no "one step lockdown" like the autosecure feature on routers but the configuration guide covers all of the details on setting the individual mechanisms (DHCP Snooping, DAI, IP source guard, etc.) you may wish to employ.

Similar Messages

  • "Cisco Catalyst Blade Switch 3020 for HP" Best Practices

    Hi all,
    Here we use this blade switch cluster for the Data Center server farm. Here we noticed some network traffic delay. when I monitor the up link I can see there is not much traffic in the link. So doubt about the traffic delay. If anyone can help me on this it would be great...
    Thanks in Progress.....
    Chandana

    Here in the "blade switch for HP" a request processing application is running in a server. when we use the same type server stand alone with a separate switch it processes 80,000 requests per 4 hours. But when this blade server in the blade switch it only processes near 6,000 requests per 4 hours.
    That what I mean like "Network delay"...
    That is what I cannot understand.
    I have attached the current configuration of the blade switch so you can go through it.
    Is there any best practices specific to that type of blade switch that should enable?
    Thanks for your help
    regards
    Chandana

  • Catalyst Blade Switches 3020 For HP Blade Chassis

    I was trying to access Catalyst Blade Switch 3020 through serial port to reset the lost password. This Switch is plug-in to HP c7000 Chassis. I followed the instruction from Cisco documentation for this password re-set process as follows.
    { Step 1 Connect a terminal or PC with terminal-emulation software to the switch console port.
    Step 2 Set the line speed on the emulation software to 9600 baud.
    Step 3 Push the release latch on the front of the switch to the open position.
    Step 4 Pull the switch partially out of the module bay until the power disconnects, and then push it in again. The switch restarts when it reseats in the server chassis. The switch performs POST after power is applied.
    Step 5 Push the release latch on the front of the switch to the closed position.
    Step 6 Within 15 seconds, press the Mode button while the System LED is still flashing green. Continue pressing the Mode button until the System LED turns briefly amber and then solid green; then release the Mode button.
    ------- Step 6 did not work. System LED neither flashing nor in Solid state. I can not connect through Serial port any more! Any help.....

    Here in the "blade switch for HP" a request processing application is running in a server. when we use the same type server stand alone with a separate switch it processes 80,000 requests per 4 hours. But when this blade server in the blade switch it only processes near 6,000 requests per 4 hours.
    That what I mean like "Network delay"...
    That is what I cannot understand.
    I have attached the current configuration of the blade switch so you can go through it.
    Is there any best practices specific to that type of blade switch that should enable?
    Thanks for your help
    regards
    Chandana

  • STP LED status with Cisco Catalyst Blade Switch 3130

    Hi,
    The usual status LED of a STP Blocked interface is orange. With this Switch (3130), the LED is green while the RSTP status port is Alternate Blocked. Is this normal ? Is there any documentation about RSTP LED status ?

    G'day,
    I think you have the wrong forum! :)
    cheers

  • Cisco catalyst 2690 switch vlanTable

    Hi,
    I have a cisco catalyst 2690 switch.
    I want monitoring IP, MAC, and Port Address.
    I use this docu: http://docstore.mik.ua/orelly/perl/sysadmin/ch10_03.htm
    This works great:
    htvtef7-nagios:/ # snmptranslate -On BRIDGE-MIB:dot1dTpFdbTable
    .1.3.6.1.2.1.17.4.3
    snmpwalk -c tef7snmp@761 -v 2c 10.76.1.7 .1.3.6.1.2.1.17.4.3
    htvtef7-nagios:/ # snmptranslate -On BRIDGE-MIB:dot1dBasePortTable
    .1.3.6.1.2.1.17.1.4
    snmpwalk -c tef7snmp@761 -v 2c 10.76.1.7 .1.3.6.1.2.1.17.1.4
    htvtef7-nagios:/ # snmptranslate -On CISCO-STACK-MIB:vlanTable
    .1.3.6.1.4.1.9.5.1.9.2
    But I get a error:
    htvtef7-nagios:/ # snmpwalk -c tef7snmp -v 2c 10.76.1.7 .1.3.6.1.4.1.9.5.1.9.2
    SNMPv2-SMI::enterprises.9.5.1.9.2 = No Such Object available on this agent at this OID
    Switch config:
    snmp-server community testament RO
    snmp-server community tef7snmp RO
    snmp-server location XYZ
    snmp-server contact MR.XYZ
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps tty
    snmp-server enable traps cluster
    snmp-server enable traps entity
    snmp-server enable traps cpu threshold
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps flash insertion removal
    snmp-server enable traps port-security
    snmp-server enable traps envmon
    snmp-server enable traps mac-notification
    snmp-server enable traps copy-config
    snmp-server enable traps config
    snmp-server enable traps bridge newroot topologychange
    snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
    snmp-server enable traps syslog
    snmp-server enable traps vlan-membership
    snmp-server host XXX.XXX.XXX.XXX public
    snmp-server host YYY.YYY.YYY.YYY  tef7snmp
    What did I do wrong?
    THX!

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Normál táblázat";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman";
    mso-ansi-language:#0400;
    mso-fareast-language:#0400;
    mso-bidi-language:#0400;}
    Thx for the replay!
    I use on the switch c2960-lanbasek9-mz.122-25.SEE3.bin (IOS),
    the Cisco Feature Navigator say, this IOS support the CISCO-STACK-MIB:
    http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=0&PlatformSel=0&fsSel=0&IMAGE_NAME=c2960-lanbasek9-mz.122-25.SEE3.bin&SUBMIT2=Submit&IMAGE_ID=816103
    In show snmp mib I could not find the vlanTable. See the attachment.
    I du not understand!

  • Newbie: trunk between 6500 and Blade Switch 3020

    Hi,
    Beeing newbie , I need advice to setup trunk between my 2 switches.
    I would like to use 4 ports as TRUNK
    On the 6500 , this is what I have done :
    set port channel 5/37-40 61
    set trunk 5/37 auto isl 1-1005,1025-4094
    set trunk 5/38 auto isl 1-1005,1025-4094
    set trunk 5/39 auto isl 1-1005,1025-4094
    set trunk 5/40 auto isl 1-1005,1025-4094
    On the Blade Switch 3020 I have done :
    interface GigabitEthernet0/17
    switchport trunk encapsulation isl
    switchport mode trunk
    shutdown
    channel-group 1 mode on
    interface GigabitEthernet0/18
    switchport trunk encapsulation isl
    switchport mode trunk
    shutdown
    channel-group 1 mode on
    interface GigabitEthernet0/19
    switchport trunk encapsulation isl
    switchport mode trunk
    shutdown
    channel-group 1 mode on
    interface GigabitEthernet0/20
    switchport trunk encapsulation isl
    switchport mode trunk
    shutdown
    channel-group 1 mode on
    Will that work ?
    Could you tell me if I have to put the trunk port on the same VLAN ?
    Many thanks in advance for your help.
    regards
    David

    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    hostname Lux-bl-sw1
    enable secret xxx
    no aaa new-model
    ip subnet-zero
    no file verify auto
    spanning-tree mode pvst
    spanning-tree extend system-id
    vlan internal allocation policy ascending
    interface Port-channel1
    interface FastEthernet0
    no ip address
    no ip route-cache
    interface GigabitEthernet0/1
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/2
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/3
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/4
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/5
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/6
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/7
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/8
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/9
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/10
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/11
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/12
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/13
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/14
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/15
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/16
    switchport access vlan 181
    speed 1000
    spanning-tree portfast
    interface GigabitEthernet0/17
    interface GigabitEthernet0/18
    interface GigabitEthernet0/19
    interface GigabitEthernet0/20
    interface GigabitEthernet0/21
    interface GigabitEthernet0/22
    interface GigabitEthernet0/23
    interface GigabitEthernet0/24
    interface Vlan1
    no ip address
    no ip route-cache
    interface Vlan181
    ip address xxx.xx.x.xxx 255.255.0.0
    no ip route-cache
    ip default-gateway xxx.xx.x.xx
    ip http server
    control-plane
    line con 0
    line vty 0 4
    password fsv14m
    login
    line vty 5 15
    password fsv14m
    login
    end
    Port Name Status Vlan Duplex Speed Type
    Gi0/1 connected 181 full 1000 1000BaseX
    Gi0/2 connected 181 full 1000 1000BaseX
    Gi0/17 connected trunk a-full a-1000 10/100/1000BaseTX
    Gi0/18 connected trunk a-full a-1000 10/100/1000BaseTX
    Gi0/19 notconnect 1 auto auto Not Present
    Gi0/20 notconnect 1 auto auto Not Present
    Gi0/21 connected trunk a-full a-1000 10/100/1000BaseTX
    Gi0/22 notconnect 1 auto auto 10/100/1000BaseTX
    Gi0/23 connected trunk a-full a-1000 10/100/1000BaseTX
    Gi0/24 notconnect 1 auto auto 10/100/1000BaseTX
    Po1 notconnect 1 auto auto
    Fa0 connected routed full a-100 10/100BaseTX
    We saw that all the ports on the gig switch are set to be trunk by default.
    trunk works
    I need to investigate how to setup a ether channel trunk ( to have a 4 gig trunk instead of 4*1 gig )

  • How many Cisco Catalyst 3850 switches can make up a Cisco StackPower stack?

    I know the number of Cisco 3850 switches for stacking is 9, so, if I make up a Cisco StackPower stack, MAX is 9, too?

     Hi, emma, only 4 switches can become part of the same Cisco StackPower stack in a ring topology.
    For the Cisco 3850 switches stack number,there are two types:
    Up to 9 Cisco Catalyst 3850 switches can be stacked together to build single logical StackWise-480 switch since Cisco IOS XE Release 3.3.0SE. Prior to Cisco IOS XE Release3.3.0SE, up to 4 Cisco Catalyst 3850 switches could be stacked together.

  • Cisco Catalyst 3850 switches

     How many Cisco Catalyst 3850 switches can stack into a single logical entity?

     Hi, emma, only 4 switches can become part of the same Cisco StackPower stack in a ring topology.
    For the Cisco 3850 switches stack number,there are two types:
    Up to 9 Cisco Catalyst 3850 switches can be stacked together to build single logical StackWise-480 switch since Cisco IOS XE Release 3.3.0SE. Prior to Cisco IOS XE Release3.3.0SE, up to 4 Cisco Catalyst 3850 switches could be stacked together.

  • DHCP on Cisco Catalyst 2950 Switch

    Hello
    I need to configure my cisco catalyst 2950 series switch in order to act as DHCP server for devices connected to its ports.
    Please say me, how to do that ?
    Thank you
    Narek

    Please find the sample DHCP configuration for one of the VLANs.
    Interface Vlan1
    description Cisco DHCP
    ip address 10.10.2.1 255.255.255.0
    ip dhcp pool cisco
    network 10.10.2.0 255.255.255.0
    default-router 10.10.2.1
    domain-name mydomain.com
    dns-server 10.10.2.10
    netbios-name-server 10.10.2.15
    lease 7
    A 24 hour lease is the default if left out and the netbios-name-server is WINS in the Windows world.
    If you want to use DHCP server for other VLANs as well create similar DHCP pools and assign the DG to the corresponding VLAN interface IP.
    HTH, rate if it does
    Narayan

  • Two forwarding root ports on cisco 3120 blade switch.

    Hi,
    <br />
    <br />After upgrading blade switch 3120 to 12.2(46)SE, I could see two root ports in which both are forwarding.
    <br />
    <br />Te1/0/1 Root FWD 2000 128.27 P2p
    <br />Te2/0/1 Root FWD 2000 128.81 P2p
    <br />
    <br />Where as STP should've kept the other root port as blocked state and named it has Alternate port.
    <br />Also started seeing Mac flap messages.
    <br />As soon as IOS was downgraded to 12.2(40)EX3, Problem was solved, even messages were stoped.
    <br />Seems to be bug, but couldn't get any.
    <br />

    Hi Rob,
    I have faced this issue with many enclosures so far and the only option left here is, you need to reboot the enclosure.
    This is an issue with the IOS code and you have to open a case with HP to get the appropriate IOS ver. Probably 15.0 code has this issue resolved and I haven't seen this issue further after the Upgrade.
    Thanks,
    Sagar

  • Cisco Catalyst 4000 Switch Console

    I have a dumb Question what type of connection is this console connection?  I thought this switch used a RJ45 + Serial so I plugged into the ethernet jack next console console not noticing its just a regular 10 base-t could this be used to console into this switch?  I have attached an image below.

    I have a dumb Question what type of connection is this console
    connection?  I thought this switch used a RJ45 + Serial so I plugged
    into the ethernet jack next console console not noticing its just a
    regular 10 base-t could this be used to console into this switch?  I
    have attached an image below.
    Hi,
    A console connection is a  service that provides access to the system console of a computing device via networking technologies.
    Check out the below link for console connection using PC on cisco devices.
    http://www-tss.cisco.com/eservice/compass/common/tasks/task_console_port_connect.htm
    Hope to Help !!
    Ganesh.H
    Remember to rate the helpful post

  • Cisco catalyst 3850 switch won't take command: "switchport mode trunk encapsulation dot 1q"

    Hi all,
        I'am working on this switch's configuration. when I typed "switchport mode trunk encapsulation dot 1q", I got an error " invavid input". I'm guessing that this model already set encapsulation type to dot 1q, and that's why the switch won't take it, right? 
       Please help!

    According to the documents it supports both.
    You are however using the wrong command, it should be -
    "switchport trunk encapsulation dot1q"
    ie. no "mode" keyword.
    If it doesn't take that then do a "sh int <x> capabilities" and it should show you which encapsulation methods are supported.
    Jon

  • IGMP Snooping configuration for Multicasting on Cisco Catalyst 3020

    IGMP Snooping configuration for Multicasting on Cisco Catalyst 3020
    Hi Guru,
    Our switch model is "Cisco Catalyst Blade Switch 3020 for HP"
    We are building HA (High Availability) Databases infrastructure.
    Currently, there are two nodes(hosts- servers) and two above switch for HA.
    Oracle said we need to turn off the IGMP Snooping in order to use the multicasting for their interconnect communication.
    So my question is:
    Q1> Is there any way to use Multicasting without turning off IGMP Snooping on Switch side?
    Q2> If 'yes', how can we configure the switch for Multicasting ?
    Oracle uses 230.0.1.0 & 224.0.0.251 IPs with 42000 range port for Multicasting communication.
    Please shed some light on it

    May I request if you avoid making multiple posts of the same issue?  This will only confuse people (including you). 

  • Stacking with Cisco Blade Switches

    Hi,
    We have a HP p-class Blade System with two Cisco Gigabit Ethernet Switch Modules (Cisco IOS Release 12.2(25)SE) for every enclosure. My question is how I can stack the two blade switches (in the same enclosure) so that every HP blade server to be connected with the two switches in the active/standby state? In other words, can and how I make a port-channel which includes ports from the two switches?
    Unfortunately I couldn't found any documentation for the purpose.

    Hi,
    With the CGESM switches you have you cannot use 802.3ad teaming against the two blade switches. This is possible with the Cisco 3120 blade switches for HP c-class.
    Now, in your case, you can use standard Active/Standby NIC teaming, where the active NIC of each server connects to one switch and the standby NIC connects to the other switch. Should a blade switch completely fail, all of the servers with their active NIC connected to the failed switch should see the link go down and switch over to the standby NIC on the second switch. This should work very well.
    One problem that can happen however is that the blade switch itself does not completely fail. Instead maybe the blade switch uplink fails, or the upstream switch it is connected to fails. In this situation the server NIC does not experience a failure and continues to send traffic to the blade switch that does not have anywhere to send the traffic, a black hole. This is perhaps the problem you are seeing?
    The fortunate thing is that Cisco has a solution to this problem called Trunk Failover with Link State Tracking. What this allows you to do is to tell the blade switch that if it experiences a failure on its uplinks that it should also bring down the links to the servers as well. This will cause the servers to see a failure on their active NIC and perform a switchover to the second blade switch.
    I looked up your switch and found that your 12.2(25)SE1 code does not support this feature. You will need to upgrade to 12.2(25)SEE4 and you will be able to configure this on your switches.
    Here is a link to see how this configuration works:
    http://www.cisco.com/en/US/docs/switches/blades/3020/software/release/12.2_25_sef1/configuration/guide/swethchl.html#wp1346176
    Hope this helps.
    If so please rate my posts.
    Thanks,
    Brad

  • Using Catalyst 3550 Switch with Linksys Home Router and Cable Internet

    I've about pulled what little hair I have out of my head on this one, and need some configuration help.
    I have a Cisco Catalyst 3550 switch with five Windows 7 desktops, an Avaya PBX and five Avaya IP phones attached.  All of these devices are on a 192.168.0.0/24 subnet, and are communicating properly.  I will refer to this as network # 1. I also have SEPARATE network, we'll call network # 2, using AT&T ADSL service and a Netgear 4-port/wireless router/ADSL modem combo device, which is functioning properly with a couple of other Windows 7 desktops over its own wired Ethernet network, using DHCP, and also on a 192.168.0.0/24 subnet.  I thought it would be a simple integration, just plugging one of the 3550's ports to one of the DSL router's ports, in order to give the five Windows 7 desktop computers on network # 1 internet access via the DSL modem. Guess I was wrong.  When I connect the two switches together, although I get a good connectivity (green lights on both ports) and am able to ping the DSL router's gateway address (192.168.0.252) from network # 1's computers, the computers on network # 1 cannot access the internet. Also, the working computers on network # 2 lose their internet access as long as the two switches are connected together. I am not a Cisco guru, but there's got to be a way to make this scenario work.  Can someone provide me with a 3550 configuration that will allow me to extend my internet service from network # 2 on the DSL router to my 3550 switch and their computers?  Here's what I am looking for:
    INTERNET ---> ADSL MODEM ---> NETGEAR ROUTER ---> CISCO 3550 SWITCH ---> NETWORK DEVICES WITH INTERNET ACCESS

    The Netgear router is probably what's doing the natting. Is the 3550 configured for routing or is it straight L2? If you have the 3550 configured as L3, then it's going to be easy to do what you want. Just add a static route on the Netgear to point the subnet that it doesn't know about to the 3550. For example, if the Netgear is addressed at 192.168.1.1 and the Cisco 3550 is addressed at 192.168.1.2, but it also knows about the 192.168.0.0/24 (separate vlan), then you would put a static route on your Netgear for 192.168.0.0/24 to go to 192.168.1.2.
    The way that I would do it is to create a separate vlan on the 3550 and assign an address to it. Once you do that, make the port that the other switch connects to an access port of that vlan. (It would need to be on the same subnet as the existing equipment.) All of your devices would use it as a default gateway and then you would do the rest as above. You could also use RIP between the Netgear and Cisco if you can't do static routing.
    HTH,
    John

Maybe you are looking for