Configure VSS on cisco 4506-E With sup ws-x45-sup8-e
Hi There,
I want to configure VSS on 4506-E with sup card 8 (ws-x45-sup8-e). Currently 4506-E is having 3.3.0.x0 with ROM as 15.1(1r)sg1.
I am unable to configure VSS on this, i believe it is not support. Anyone help me on that.
Many Thanks
I believe VSS is not yet supported with IOS 3.3.X.
There's a new IOS scheduled for release by the end of June 2014. Not sure if VSS will be supported by then.
Similar Messages
-
VSS on cisco 4507R+E with sup8-E
Hi folks,
I need to configure VSS on cisco 4507R+E switch with SUP8-E,but the problem is that as per the latest relase notes VSS is not supported on sup8-E.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_32143-01.html
Can someone advise me how to proceed?Hi,
The links coming from cpe1 and cpe2 can be bundled and made layer3 port channel on VSS swirtch?
No, the link can't be in a Porchannel as cpe-1 cpe-2 are 2 different devices. If cpe-1 and 2 were for example Cisco 3750 stacked, then yes, you could put both links in a Portchannel on the 3750s and also on 4500 (VSS).
on VSS switch : 172.16.10.6/29 (port channel)
cpe1: 172.16.10.2/29
cpe2: 172.16.10.3/29
HSRP virtual IP: 172.16.10.4/29
All above statements are correct.
Can you eloborate how I can use dot1q encapsulation for this scenario?
Let assume cpe-1 and cpe-2 are Cisco 3845 routers. In this case, you can simply create a sub-interface an each device connecting to the VSS with dot1.q
for example on cpe-1
interface gi0/0
interface gi0/0.10
ip address 172.16.10.2/29
encapsulation dot1q 10
the same thing on cpe-2 except a different IP address.
Now you create vlan 10 with dot1q encapsulation on the 4500 and add it to what ever interfaces that are connecting to the cpes with an ip address on th svi.
or you can keep the 4500 (vss) as layer-2 with no IP and no svi.
it that more clear now?
Reza -
CAT 4506-E with Sup 8-E Rebooting.
I have a Cisco 4506-E switch with a Sup 8-E running 03.03.00.XO
The switch will reboot itself every now & then, and when it comes up I see the following error:
Last reload reason: Critical software exception
I have attached the sh tech-support.
Any ideas why this would happen ?In my honest opinion, if you are posted this solution here, you are smelling something is off. I hate to be a bearer of bad news. It is.
We went through the same exercise 2 years ago. We wanted to upgrade our legacy 3750/3750G to 3750X and we found out that if we were to get a stack of four (or more ) 3750X, it is cheaper (much, much cheaper) to get a 4510R+E bundle (with Sup7E included) and associated line cards on top. Just to note, the 3750X and 3850 have the same price. The Sup7E and Sup8E have the same price.
Don't ask me why your consultant wanted you to get 3850. I am refraining myself putting two theories in here. -
Cisco 4500 Chessis Switch with sup 7l-e supports VSS for long distance upto 40 Km
Hello Team,
hope you will find this massage in good health and spirit.
As per my understanding, Cisco 4507R+E with Sup-7L-E will supports VSS for long distance upto 40 Km, i have a scenario that there are two Data Centre of a Company at different graphical location (distance is 2 Km), both have separate network devices but distributed servers connectivity and all servers accessed from both location (some servers are placed in location 1 and some servers are at location 2), both location has separate ISPs link with segregation of internet connectivity (some users using internet from ISP-1 and other are using ISP-2), Core Switches of both location connected to each other via fiber (company fiber not ISP), at this moment Core Switches are configured with multi-group HSRP and next upgrade to VSS.
My concern is if Virtual Switch link (VSL) goes down (which will configure on company fiber link) what is the behavior of Switches, both are in Master mode and working standalone or behavior are different, please confirm and suggest for better.
Regards,
Ammar Ud-Dindoes anyone reply me on this......
-
I have got a 4506 switch with Sup V 10GE. This switch is in VTP domain, but in VTP transparent mode. I has got hanged twice, could anybody tell me the reason what could have happend.
There was no configuration change been done to that switch.Hi Suresh,
CSCsb61172 can be confirmed by looking at the output of "show platform hardware interface all".
eg:
CAT4510#show platform hardware interface all
Global Hardware Gigaport State
RxIpg : 6
TxIpg : 264
FreeListCount : 329 <<<-----
Note that typical values of the free list count are between 20,000 and 64,000 depending on the traffic
being switched. A count of 329 above is too low and indicates a memory leak.
So if you see the number decreasing constantly, then you are running into this issue. The fix is in 12.2(25)EWA5, 12.2(31)SG, and higher.
HTH,
Bobby
*Please rate helpful posts. -
ASA , Cisco VPN client with RADIUS authentication
Hi,
I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
Thank you.
Kind regards,
AlexHi Alex,
It is working as it should.
You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
thanks
John -
I have a cisco 4506 with supervisor Engine IV.Initially when i put the switch on the supervisor engine light turns orange.after some diagnosis i found out that one of the fans on the power supply wasnt functioning properly.when i remove this power supply and power the switch the sup engine turns green.However the ethernet interfaces and gigabit ethernet interfaces on the line card r down no traffic is being processed on the switch.what could be the problem.Is there a way u should configure the 4506 to process packets
Hi Kwak,
Oki now let us resolve it!!!
Yes by default all the ports are into vlan 1 so it depends if you want to assign the ports into any other vlan you have to create vlan first. But ports will remain in down down state till the the time you connect any network device to it. Can you please confirm if you have connected any device like workstation or any other device to any port.
All the ports remain in down down state if they are not active.
Try to connect some device it should work
Regards,
Ankur -
Cat-4506 with Sup II+ won't load new IOS
I'm trying to upgrade the IOS on my 4506 SUP II+ (WS-X4013+) to 12.2(31)SG from 12.2(25)EWA5.
Here are the boot commands and what is in bootflash: and the error during boot:
boot system flash slot0:cat4500-ipbasek9-mz.122-31.SG.bin
boot system flash slot0:cat4000-i9k91s-mz.122-25.EWA5.bin
Configuration register is 0x2102
ROC-SW4506-A#sh bootflash:
-#- ED ----type---- --crc--- -seek-- nlen -length- ---------date/time--------- name
1 .. image 8B6309F2 CACAA0 33 13027872 Dec 22 2005 04:24:19 -08:00 cat4000-i9k91s-mz.122-25.EWA5.bin
2 .. image 3D38E47C 1824E28 33 12026632 Jun 2 2006 11:06:21 -07:00 cat4500-ipbasek9-mz.122-31.SG.bin
******** The system will autoboot now ********
config-register = 0x2102
Autobooting using BOOT variable specified file.....
Current BOOT file is --- slot0:cat4500-ipbasek9-mz.122-31.SG.bin
boot: can not load "slot0:cat4500-ipbasek9-mz.122-31.SG.bin"
The switch will automatically reboot now...
rommon 1 >
It eventually booted to the older IOS. Is this not a good IOS for this switch?have you tried putting
boot system bootflash:cat4500-ipbasek0-mz.122-31.SG.bin
taking out the slot0:.
This how I have my 4507 and 4503 configured.
http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a00801461ef.shtml -
Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
The following is the Layout:
There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
I have been able to configure Client to Site IPSec VPN
1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
But I have not been able to make tradiotional Hairpinng model work in this scenario.
I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
running-conf --- Working normal Client to Site VPN without internet access/split tunnel
ASA Version 8.2(1)
hostname ciscoasa
domain-name cisco.campus.com
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
interface GigabitEthernet0/0
nameif internet1-outside
security-level 0
ip address 1.1.1.1 255.255.255.240
interface GigabitEthernet0/1
nameif internet2-outside
security-level 0
ip address 2.2.2.2 255.255.255.224
interface GigabitEthernet0/2
nameif dmz-interface
security-level 0
ip address 10.0.1.1 255.255.255.0
interface GigabitEthernet0/3
nameif campus-lan
security-level 0
ip address 172.16.0.1 255.255.0.0
interface Management0/0
nameif CSC-MGMT
security-level 100
ip address 10.0.0.4 255.255.255.0
boot system disk0:/asa821-k8.bin
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.campus.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network cmps-lan
object-group network csc-ip
object-group network www-inside
object-group network www-outside
object-group service tcp-80
object-group service udp-53
object-group service https
object-group service pop3
object-group service smtp
object-group service tcp80
object-group service http-s
object-group service pop3-110
object-group service smtp25
object-group service udp53
object-group service ssh
object-group service tcp-port
object-group service udp-port
object-group service ftp
object-group service ftp-data
object-group network csc1-ip
object-group service all-tcp-udp
access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
access-list CSC-OUT extended permit ip host 10.0.0.5 any
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
access-list CAMPUS-LAN extended permit ip any any
access-list csc-acl remark scan web and mail traffic
access-list csc-acl extended permit tcp any any eq smtp
access-list csc-acl extended permit tcp any any eq pop3
access-list csc-acl remark scan web and mail traffic
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
access-list INTERNET2-IN extended permit ip any host 1.1.1.2
access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list DNS-inspect extended permit tcp any any eq domain
access-list DNS-inspect extended permit udp any any eq domain
access-list capin extended permit ip host 172.16.1.234 any
access-list capin extended permit ip host 172.16.1.52 any
access-list capin extended permit ip any host 172.16.1.52
access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
access-list capout extended permit ip host 2.2.2.2 any
access-list capout extended permit ip any host 2.2.2.2
access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu internet1-outside 1500
mtu internet2-outside 1500
mtu dmz-interface 1500
mtu campus-lan 1500
mtu CSC-MGMT 1500
ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
ip verify reverse-path interface internet2-outside
ip verify reverse-path interface dmz-interface
ip verify reverse-path interface campus-lan
ip verify reverse-path interface CSC-MGMT
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (internet1-outside) 1 interface
global (internet2-outside) 1 interface
nat (campus-lan) 0 access-list campus-lan_nat0_outbound
nat (campus-lan) 1 0.0.0.0 0.0.0.0
nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
access-group INTERNET2-IN in interface internet1-outside
access-group INTERNET1-IN in interface internet2-outside
access-group CAMPUS-LAN in interface campus-lan
access-group CSC-OUT in interface CSC-MGMT
route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.2 255.255.255.255 CSC-MGMT
http 10.0.0.8 255.255.255.255 CSC-MGMT
http 1.2.2.2 255.255.255.255 internet2-outside
http 1.2.2.2 255.255.255.255 internet1-outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map internet2-outside_map interface internet2-outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as
quit
crypto isakmp enable internet2-outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
telnet 10.0.0.2 255.255.255.255 CSC-MGMT
telnet 10.0.0.8 255.255.255.255 CSC-MGMT
telnet timeout 5
ssh 1.2.3.3 255.255.255.240 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet2-outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy VPN_TG_1 internal
group-policy VPN_TG_1 attributes
vpn-tunnel-protocol IPSec
username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
username administrator password xxxxxxxxxxxxxx encrypted privilege 15
username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
username vpnuser1 attributes
vpn-group-policy VPN_TG_1
tunnel-group VPN_TG_1 type remote-access
tunnel-group VPN_TG_1 general-attributes
address-pool vpnpool1
default-group-policy VPN_TG_1
tunnel-group VPN_TG_1 ipsec-attributes
pre-shared-key *
class-map cmap-DNS
match access-list DNS-inspect
class-map csc-class
match access-list csc-acl
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class csc-class
csc fail-open
class cmap-DNS
inspect dns preset_dns_map
service-policy global_policy global
prompt hostname context
Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
: end
Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
Thanks & Regards
maxsHi Jouni,
Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
But my problem is not solved fully here.
Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
Here the packet tracer output for the traffic:
packet-tracer output
asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.0.0 campus-lan
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.150.1 255.255.255.255 internet2-outside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group internnet1-in in interface internet2-outside
access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype:
Result: DROP
Config:
nat (internet2-outside) 1 192.168.150.0 255.255.255.0
match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Result:
input-interface: internet2-outside
input-status: up
input-line-status: up
output-interface: internet2-outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
dynamic nat
asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
Is it possible to access both
1)LAN behind ASA
2)INTERNET via HAIRPINNING
simultaneously via a single tunnel-group?
If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
Thanks & Regards
Abhijit -
What are the differences between Easy VSS and Traditional VSS on Catalyst 4500E with Sup 8E ?
I would like to know which feature is different between Easy VSS and Traditional VSS.
I know "Easy VSS is a new way of implementing VSS by using a single command" but I cannot find more information about it.
Please help.
Thank you.
NashEasy VSS is a simplified and automated way of configuring VSS for first time. Once a VSS is configured then it same as traditional VSS in functionality.
There is no concept of layer 2 or layer 3 VSL link. VSL is the internal portchannel link and you cannot configure as layer 2 or layer 3 portchannel.
Following is the link of Easy VSS steps.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-6-0E/15-22E/configuration/guide/xe-360-config/vss.html#60764 -
Urgent-- could cisco uc320 work with dumb switch ? how to configure
could cisco uc320 work with dumb poe switch, with its voice vlan alway in 100, I can't change it, and my phone can not find the pbx through the switch, if it can, how can I configure it.
Hi Rex,
If the switch is unmanaged the 802.1q (tagged) ethernet frames typically pass right through the switch as if the phone was directly connected to the UC320W. In this case both voice VLAN works and data VLAN. I would guess that if a switch has PoE that it is a managed switch though. If it is a managed switch you will need to configure ports, vlans, and possibly CDP passthrough.
Chris -
Configuration of Cisco WLC 2504 with Local LAN static IP and DHCP
I want to configure Cisco WLC 2504 with Local LAN static IP and WLC 2504 with DHCP so that APs can be connect with controller.
Currently i am using WLC 2504 with DHCP so can anyone suggest how to do that..Hi Sandeep
The info is correct, if we're using code below 7.3.101.0.
This issue is fixed via the below bug id.
CSCto01390 Unable to ping AP's directly connected to a 2500 controller
check the fix that is updated on 7.4, 7.5 RNE.
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn75.html
Note
Directly connected APs are supported only in Local mode.
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
For quick and easy deployment Access Points can be connected directly to 2504 Wireless LAN Controller via two PoE (Power over Ethernet) ports
Thanks
Saravanan -
6506, 6509 Chassis Exchange along with SUP 720-3B and SUP 2T-10G
Hi friends,
I have a situation which looks straight forward but since I have not done this before, I thought I should put this here to have some ideas and gottchas related suggestions to look for.
Situation 1:
Basically I have a situation where there is an existing 6506 chassis with SUP32-GE-3B. for some business reasons we have to replace that with a 6509 chassis with SUP720-3B keeping the configuration intact.
Situation 2:
In another situation, we need to replace an existing standalone chassis 6509 with SUP-2T-10G with a pair of 6506 with SUP-2T-10G on each running VSS. Is there any gottachas around this work?
Also, while I was trying to boot the spare 6506 with SUP-2T card, it constantly went to monitor mode with the following error messages
System Bootstrap, Version 12.2(50r)SYS3, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2012 by cisco Systems, Inc.
PYRAMID platform with 2097152 Kbytes of main memory
rommon 1 >
rommon 1 > boot
PCMCIA bootdisk: device is not initialized
open: read error...requested 0x4 bytes, got 0x0
trouble reading device magic number
boot: cannot open "bootdisk:"
boot: cannot determine first file name on device "bootdisk:"
rommon 2 >
Any suggestions for this? It looks like the bootflash memory is missing from the SUP. I am not sure if this flash is usually onboard on this SUP or it should be like an external PCMCIA card.
Look forward for your help and suggestions.
Thanks in advance.
Regards,
MohitHi SJ
The 16-port 10 Gigabit Ethernet module is interoperable with all models of the Cisco Catalyst 6500 Series Virtual Switching Supervisor Engine 720 with 10 Gigabit Ethernet uplinks or Cisco Catalyst 6500 Series Supervisor Engine 720, including VS-S720-10G-3C, VS-S720-10G-3CXL, WS-Sup720, WS-Sup720-3B, and WS-Sup720-3BXL. When mixing DFCs in the same chassis, the chassis will operate in the mode of the lowest common denominator.
see link below
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/product_bulletin_cisco_catalyst_6500_series_16port_10gigabit_ethernet_module.html
Regards,
Yaseen -
Configuring VSS on Catalyst 4500 Supervisor 8-E
I am trying to configure VSS between two Catalyst 4510R+E chassis that are equipped with dual Supervisor 8e blades, all running enterprise services licenses. I have configured SSO and NSF on both chassis, but when I get to the step to configure the virtual switch domain, I'm unable to proceed any further. I'm only able to get the following output:
Switch(config)#switch virtual ?
% Unrecognized command
According to the VSS setup documentation, I should be able to input switch virtual domain <#> at this point to configure the virtual domain for VSS.
I'm guessing that the problem is the IOS version that the supervisor engines are running, which is 3.3.0XO. I know on the Supervisor 7-E blades, IOS version 3.4.0SG or higher is required to run VSS.
Can anyone confirm whether or not 3.3.0XO supports VSS? Cisco's data sheet states that the 8-E supports VSS, but the release notes are rather vague:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_29983-01.html
If 3.3.0XO does not support VSS, can anyone confirm whether or not 3.4.0SG is supported on the Supervisor 8-E?IOS-XE 3.6.0 does support VSS on Sup8 - Please make sure to upgrade the rom before attempting to upgrade the sup.
ROM version = 15.1(1r)SG4
HTH
Luke -
Hi all
I have a Cisco 4506 with supervisor module II WS-X4013+, this one have the version IOS cat4000-i9s-mz.122-18.EW3.bin, but i want enable SSH So i need upgrade the IOS version, Can anyone help me with a suggestion of IOS for this equipment?
Thank you.Below the info of each module, also this switch has been configured with OSPF
sh bootflash:
-#- ED ----type---- --crc--- -seek-- nlen -length- ---------date/time--------- name
1 .. image A5C615FB A18334 29 10322612 May 17 2005 17:41:40 +00:00 cat4000-i9s-mz.122-18.EW3.bin
sh module
Chassis Type : WS-C4506
Power consumed by backplane : 0 Watts
Mod Ports Card Type Model Serial No.
---+-----+--------------------------------------+------------------+-----------
1 2 Supervisor II+ 1000BaseX (GBIC) WS-X4013+ JAE0921D09Q
2 24 10/100/1000BaseT (RJ45) WS-X4424-GB-RJ45 JAB06430AB1
3 48 10/100/1000BaseT (RJ45) WS-X4548-GB-RJ45 JAE0920CV75
4 6 1000BaseX (GBIC) WS-X4306-GB JAE074706LH
5 24 10/100/1000BaseT (RJ45) WS-X4424-GB-RJ45 JAB060705PM
6 24 10/100/1000BaseT (RJ45) WS-X4424-GB-RJ45 JAB0629052P
thank you.
Maybe you are looking for
-
Will iCloud stream my music to my AppleTV2?
I'm really excited about iCloud, iMatch, etc. One of the things I'm trying to get straight about the service is whether it's truly streaming my content or is it only syncing content between devices. As in, will iCloud dump all my mp3s to the hard dri
-
Same exact update runs fine in one db but causes ORA-00904 in another
I have an update statement that runs fine in one db but causes "" error in another. The two databases table structures are the same. I checked for synonyms and reserved words on BASE and COMPANY_ID but did not come up with anything. The db where it i
-
Hi All, I just got a Curve 8900 Tmobile new from ebay. Seller said it was unlocked, but it's not. I need to use it overseas and on ATT when in the US. Problem is this...during set up, there is no email set up icon, and from what I think I've read,
-
New router = constant activity outgoing!
I've replaced a DOA Microsoft G router, Installed a new NetGear N300 last week that generated repeated DoS Attack:STORMs and also hung occasionally - returned it - and got a Linksys E2000 today. Both the new routers were installed and exhibited somet
-
WAS 640 SR1 dispatcher running not server
Any clue what is happening here? UNIX WAS 640 Dispatcher running but server not connected. Here is the server0 work log: stdout/stderr redirect node name : server0 pid : 21774 system name : P00 system nr. : 00 started at : Thu Jan 27 15:3