Configure VSS on cisco 4506-E With sup ws-x45-sup8-e

Hi There,
I want to configure VSS on 4506-E with sup card 8 (ws-x45-sup8-e). Currently 4506-E is having 3.3.0.x0 with ROM as 15.1(1r)sg1.
I am unable to configure VSS on this, i believe it is not support. Anyone help me on that.
Many Thanks

I believe VSS is not yet supported with IOS 3.3.X.  
There's a new IOS scheduled for release by the end of June 2014.  Not sure if VSS will be supported by then.

Similar Messages

  • VSS on cisco 4507R+E with sup8-E

    Hi folks,
    I need to configure VSS on cisco 4507R+E switch with SUP8-E,but the problem is that as per the latest relase notes VSS is not supported on sup8-E. 
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_32143-01.html
    Can someone advise me how to proceed?

    Hi,
    The links coming from cpe1 and cpe2 can be bundled and made layer3 port channel on VSS swirtch?
    No, the link can't be in a Porchannel as cpe-1 cpe-2 are 2 different devices. If cpe-1 and 2 were for example Cisco 3750 stacked, then yes, you could put both links in a Portchannel on the 3750s and also on 4500 (VSS).
    on VSS switch : 172.16.10.6/29 (port channel)
    cpe1: 172.16.10.2/29
    cpe2: 172.16.10.3/29
    HSRP virtual IP: 172.16.10.4/29
    All above statements are correct.
    Can you eloborate how I can use dot1q encapsulation for this scenario?
    Let assume cpe-1 and cpe-2 are Cisco 3845 routers. In this case, you can simply create a sub-interface an each device connecting to the VSS with dot1.q
    for example on cpe-1
    interface gi0/0
    interface gi0/0.10
    ip address 172.16.10.2/29
    encapsulation dot1q 10
    the same thing on cpe-2 except a different IP address.
    Now you create vlan 10 with dot1q encapsulation on the 4500 and add it to what ever interfaces that are connecting to the cpes with an ip address on th svi.
    or you can keep the 4500 (vss) as layer-2 with no IP and no svi.
    it that more clear now?
    Reza

  • CAT 4506-E with Sup 8-E Rebooting.

    I have a Cisco 4506-E switch with a Sup 8-E running 03.03.00.XO
    The switch will reboot itself every now & then, and when it comes up I see the following error:
    Last reload reason: Critical software exception
    I have attached the sh tech-support.
    Any ideas why this would happen ?

    In my honest opinion, if you are posted this solution here, you are smelling something is off.  I hate to be a bearer of bad news.  It is.  
    We went through the same exercise 2 years ago.  We wanted to upgrade our legacy 3750/3750G to 3750X and we found out that if we were to get a stack of four (or more ) 3750X, it is cheaper (much, much cheaper) to get a 4510R+E bundle (with Sup7E included) and associated line cards on top.  Just to note, the 3750X and 3850 have the same price.  The Sup7E and Sup8E have the same price.  
    Don't ask me why your consultant wanted you to get 3850.  I am refraining myself putting two theories in here.

  • Cisco 4500 Chessis Switch with sup 7l-e supports VSS for long distance upto 40 Km

    Hello Team,
    hope you will find this massage in good health and spirit.
    As per my understanding, Cisco 4507R+E with Sup-7L-E will supports VSS for long distance upto 40 Km, i have a scenario that there are two Data Centre of a Company at different graphical location (distance is 2 Km), both have separate network devices but distributed servers connectivity and all servers accessed from both location (some servers are placed in location 1 and some servers are at location 2), both location has separate ISPs link with segregation of internet connectivity (some users using internet from ISP-1 and other are using ISP-2), Core Switches of both location connected to each other via fiber (company fiber not ISP), at this moment Core Switches are configured with multi-group HSRP and next upgrade to VSS.
    My concern is if Virtual Switch link (VSL) goes down (which will configure on company fiber link) what is the behavior of Switches, both are in Master mode and working standalone or behavior are different, please confirm and suggest for better.
    Regards,
    Ammar Ud-Din

    does anyone reply me on this......

  • Cisco 4506 Switch Hanging

    I have got a 4506 switch with Sup V 10GE. This switch is in VTP domain, but in VTP transparent mode. I has got hanged twice, could anybody tell me the reason what could have happend.
    There was no configuration change been done to that switch.

    Hi Suresh,
    CSCsb61172 can be confirmed by looking at the output of "show platform hardware interface all".
    eg:
    CAT4510#show platform hardware interface all
    Global Hardware Gigaport State
    RxIpg : 6
    TxIpg : 264
    FreeListCount : 329 <<<-----
    Note that typical values of the free list count are between 20,000 and 64,000 depending on the traffic
    being switched. A count of 329 above is too low and indicates a memory leak.
    So if you see the number decreasing constantly, then you are running into this issue. The fix is in 12.2(25)EWA5, 12.2(31)SG, and higher.
    HTH,
    Bobby
    *Please rate helpful posts.

  • ASA , Cisco VPN client with RADIUS authentication

    Hi,
    I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
    All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
    Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
    Thank you.
    Kind regards,
    Alex

    Hi Alex,
    It is working as it should.
    You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
    thanks
    John

  • Cisco 4506 Sup Engine IV

    I have a cisco 4506 with supervisor Engine IV.Initially when i put the switch on the supervisor engine light turns orange.after some diagnosis i found out that one of the fans on the power supply wasnt functioning properly.when i remove this power supply and power the switch the sup engine turns green.However the ethernet interfaces and gigabit ethernet interfaces on the line card r down no traffic is being processed on the switch.what could be the problem.Is there a way u should configure the 4506 to process packets

    Hi Kwak,
    Oki now let us resolve it!!!
    Yes by default all the ports are into vlan 1 so it depends if you want to assign the ports into any other vlan you have to create vlan first. But ports will remain in down down state till the the time you connect any network device to it. Can you please confirm if you have connected any device like workstation or any other device to any port.
    All the ports remain in down down state if they are not active.
    Try to connect some device it should work
    Regards,
    Ankur

  • Cat-4506 with Sup II+ won't load new IOS

    I'm trying to upgrade the IOS on my 4506 SUP II+ (WS-X4013+) to 12.2(31)SG from 12.2(25)EWA5.
    Here are the boot commands and what is in bootflash: and the error during boot:
    boot system flash slot0:cat4500-ipbasek9-mz.122-31.SG.bin
    boot system flash slot0:cat4000-i9k91s-mz.122-25.EWA5.bin
    Configuration register is 0x2102
    ROC-SW4506-A#sh bootflash:
    -#- ED ----type---- --crc--- -seek-- nlen -length- ---------date/time--------- name
    1 .. image 8B6309F2 CACAA0 33 13027872 Dec 22 2005 04:24:19 -08:00 cat4000-i9k91s-mz.122-25.EWA5.bin
    2 .. image 3D38E47C 1824E28 33 12026632 Jun 2 2006 11:06:21 -07:00 cat4500-ipbasek9-mz.122-31.SG.bin
    ******** The system will autoboot now ********
    config-register = 0x2102
    Autobooting using BOOT variable specified file.....
    Current BOOT file is --- slot0:cat4500-ipbasek9-mz.122-31.SG.bin
    boot: can not load "slot0:cat4500-ipbasek9-mz.122-31.SG.bin"
    The switch will automatically reboot now...
    rommon 1 >
    It eventually booted to the older IOS. Is this not a good IOS for this switch?

    have you tried putting
    boot system bootflash:cat4500-ipbasek0-mz.122-31.SG.bin
    taking out the slot0:.
    This how I have my 4507 and 4503 configured.
    http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a00801461ef.shtml

  • Need help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 8.2(1)

    Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
    The following is the Layout:
    There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
    I have been able to configure  Client to Site IPSec VPN
    1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
    2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
    But I have not been able to make tradiotional Hairpinng model work in this scenario.
    I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
    Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
    LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
    running-conf  --- Working  normal Client to Site VPN without internet access/split tunnel
    ASA Version 8.2(1)
    hostname ciscoasa
    domain-name cisco.campus.com
    enable password xxxxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxxxxx encrypted
    names
    interface GigabitEthernet0/0
    nameif internet1-outside
    security-level 0
    ip address 1.1.1.1 255.255.255.240
    interface GigabitEthernet0/1
    nameif internet2-outside
    security-level 0
    ip address 2.2.2.2 255.255.255.224
    interface GigabitEthernet0/2
    nameif dmz-interface
    security-level 0
    ip address 10.0.1.1 255.255.255.0
    interface GigabitEthernet0/3
    nameif campus-lan
    security-level 0
    ip address 172.16.0.1 255.255.0.0
    interface Management0/0
    nameif CSC-MGMT
    security-level 100
    ip address 10.0.0.4 255.255.255.0
    boot system disk0:/asa821-k8.bin
    boot system disk0:/asa843-k8.bin
    ftp mode passive
    dns server-group DefaultDNS
    domain-name cisco.campus.com
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network cmps-lan
    object-group network csc-ip
    object-group network www-inside
    object-group network www-outside
    object-group service tcp-80
    object-group service udp-53
    object-group service https
    object-group service pop3
    object-group service smtp
    object-group service tcp80
    object-group service http-s
    object-group service pop3-110
    object-group service smtp25
    object-group service udp53
    object-group service ssh
    object-group service tcp-port
    object-group service udp-port
    object-group service ftp
    object-group service ftp-data
    object-group network csc1-ip
    object-group service all-tcp-udp
    access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
    access-list CSC-OUT extended permit ip host 10.0.0.5 any
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
    access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
    access-list CAMPUS-LAN extended permit ip any any
    access-list csc-acl remark scan web and mail traffic
    access-list csc-acl extended permit tcp any any eq smtp
    access-list csc-acl extended permit tcp any any eq pop3
    access-list csc-acl remark scan web and mail traffic
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
    access-list INTERNET2-IN extended permit ip any host 1.1.1.2
    access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
    access-list DNS-inspect extended permit tcp any any eq domain
    access-list DNS-inspect extended permit udp any any eq domain
    access-list capin extended permit ip host 172.16.1.234 any
    access-list capin extended permit ip host 172.16.1.52 any
    access-list capin extended permit ip any host 172.16.1.52
    access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
    access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
    access-list capout extended permit ip host 2.2.2.2 any
    access-list capout extended permit ip any host 2.2.2.2
    access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu internet1-outside 1500
    mtu internet2-outside 1500
    mtu dmz-interface 1500
    mtu campus-lan 1500
    mtu CSC-MGMT 1500
    ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
    ip verify reverse-path interface internet2-outside
    ip verify reverse-path interface dmz-interface
    ip verify reverse-path interface campus-lan
    ip verify reverse-path interface CSC-MGMT
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-621.bin
    no asdm history enable
    arp timeout 14400
    global (internet1-outside) 1 interface
    global (internet2-outside) 1 interface
    nat (campus-lan) 0 access-list campus-lan_nat0_outbound
    nat (campus-lan) 1 0.0.0.0 0.0.0.0
    nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
    static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
    access-group INTERNET2-IN in interface internet1-outside
    access-group INTERNET1-IN in interface internet2-outside
    access-group CAMPUS-LAN in interface campus-lan
    access-group CSC-OUT in interface CSC-MGMT
    route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
    route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication enable console LOCAL
    http server enable
    http 10.0.0.2 255.255.255.255 CSC-MGMT
    http 10.0.0.8 255.255.255.255 CSC-MGMT
    http 1.2.2.2 255.255.255.255 internet2-outside
    http 1.2.2.2 255.255.255.255 internet1-outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map internet2-outside_map interface internet2-outside
    crypto ca trustpoint _SmartCallHome_ServerCA
    crl configure
    crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
            a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as
      quit
    crypto isakmp enable internet2-outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash md5
    group 2
    lifetime 86400
    telnet 10.0.0.2 255.255.255.255 CSC-MGMT
    telnet 10.0.0.8 255.255.255.255 CSC-MGMT
    telnet timeout 5
    ssh 1.2.3.3 255.255.255.240 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet2-outside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy VPN_TG_1 internal
    group-policy VPN_TG_1 attributes
    vpn-tunnel-protocol IPSec
    username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
    username administrator password xxxxxxxxxxxxxx encrypted privilege 15
    username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
    username vpnuser1 attributes
    vpn-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 type remote-access
    tunnel-group VPN_TG_1 general-attributes
    address-pool vpnpool1
    default-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 ipsec-attributes
    pre-shared-key *
    class-map cmap-DNS
    match access-list DNS-inspect
    class-map csc-class
    match access-list csc-acl
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class csc-class
      csc fail-open
    class cmap-DNS
      inspect dns preset_dns_map
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
    : end
    Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
    Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
    That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted  against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
    I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
    Thanks & Regards
    maxs

    Hi Jouni,
    Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
    But my problem is not solved fully here.
    Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
    Here the packet tracer output for the traffic:
    packet-tracer output
    asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 3
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   172.16.0.0      255.255.0.0     campus-lan
    Phase: 4
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   192.168.150.1   255.255.255.255 internet2-outside
    Phase: 5
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group internnet1-in in interface internet2-outside
    access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
    Additional Information:
    Phase: 6
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 7
    Type: CP-PUNT
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: VPN
    Subtype: ipsec-tunnel-flow
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 9
    Type: NAT-EXEMPT
    Subtype: rpf-check
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 10
    Type: NAT
    Subtype:     
    Result: DROP
    Config:
    nat (internet2-outside) 1 192.168.150.0 255.255.255.0
      match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
        dynamic translation to pool 1 (No matching global)
        translate_hits = 14, untranslate_hits = 0
    Additional Information:
    Result:
    input-interface: internet2-outside
    input-status: up
    input-line-status: up
    output-interface: internet2-outside
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule
    The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
    dynamic nat
    asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
    Is it possible to access both
    1)LAN behind ASA
    2)INTERNET via HAIRPINNING  
    simultaneously via a single tunnel-group?
    If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
    Thanks & Regards
    Abhijit

  • What are the differences between Easy VSS and Traditional VSS on Catalyst 4500E with Sup 8E ?

    I would like to know which feature is different between Easy VSS and Traditional VSS.
    I know "Easy VSS is a new way of implementing VSS by using a single command" but I cannot find more information about it.
    Please help.
    Thank you.
    Nash

    Easy VSS is a simplified and automated way of configuring VSS for first time. Once a VSS is configured then it same as traditional VSS in functionality.
    There is no concept of layer 2 or layer 3 VSL link. VSL is the internal portchannel link and you cannot configure as layer 2 or layer 3 portchannel.
    Following is the link of Easy VSS steps.
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-6-0E/15-22E/configuration/guide/xe-360-config/vss.html#60764

  • Urgent-- could cisco uc320 work with dumb switch ? how to configure

    could cisco uc320 work with dumb poe switch, with its voice vlan alway in 100, I can't change it, and my phone can not find the pbx through the switch, if it can, how can I configure it.

    Hi Rex,
    If the switch is unmanaged the 802.1q (tagged) ethernet frames typically pass right through the switch as if the phone was directly connected to the UC320W.  In this case both voice VLAN works and data VLAN. I would guess that if a switch has PoE that it is a managed switch though.  If it is a managed switch you will need to configure ports, vlans, and possibly CDP passthrough.
    Chris

  • Configuration of Cisco WLC 2504 with Local LAN static IP and DHCP

    I want to configure Cisco WLC 2504 with Local LAN static IP and WLC 2504 with DHCP so that APs can be connect with controller.
    Currently i am using WLC 2504 with DHCP so can anyone suggest how to do that..

    Hi Sandeep
    The info is correct, if we're using code below 7.3.101.0.
    This issue is fixed via the below bug id.
    CSCto01390 Unable to ping AP's directly connected to a 2500 controller
    check the fix that is updated on 7.4, 7.5 RNE.
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn75.html
    Note
    Directly connected APs are supported only in Local mode.
    http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html
    For quick and easy deployment Access Points can be connected directly to 2504 Wireless LAN Controller via two PoE (Power over Ethernet) ports
    Thanks
    Saravanan

  • 6506, 6509 Chassis Exchange along with SUP 720-3B and SUP 2T-10G

    Hi friends,
    I have a situation which looks straight forward but since I have not done this before, I thought I should put this here to have some ideas and gottchas related suggestions to look for.
    Situation 1:
    Basically I have a situation where there is an existing 6506 chassis with SUP32-GE-3B. for some business reasons we have to replace that with a 6509 chassis with SUP720-3B keeping the configuration intact.
    Situation 2:
    In another situation, we need to replace an existing standalone chassis 6509 with SUP-2T-10G with a pair of 6506 with SUP-2T-10G on each running VSS. Is there any gottachas around this work?
    Also, while I was trying to boot the spare 6506 with SUP-2T card, it constantly went to monitor mode with the following error messages
    System Bootstrap, Version 12.2(50r)SYS3, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 2012 by cisco Systems, Inc.
    PYRAMID platform with 2097152 Kbytes of main memory
    rommon 1 >
    rommon 1 > boot
    PCMCIA bootdisk: device is not initialized
    open: read error...requested 0x4 bytes, got 0x0
    trouble reading device magic number
    boot: cannot open "bootdisk:"
    boot: cannot determine first file name on device "bootdisk:"
    rommon 2 >
    Any suggestions for this? It looks like the bootflash memory is missing from the SUP. I am not sure if this flash is usually onboard on this SUP or it should be like an external PCMCIA card. 
    Look forward for your help and suggestions.
    Thanks in advance.
    Regards,
    Mohit

    Hi SJ
    The 16-port 10 Gigabit Ethernet module is interoperable with all models of the Cisco Catalyst 6500 Series Virtual Switching Supervisor Engine 720 with 10 Gigabit Ethernet uplinks or Cisco Catalyst 6500 Series Supervisor Engine 720, including VS-S720-10G-3C, VS-S720-10G-3CXL, WS-Sup720, WS-Sup720-3B, and WS-Sup720-3BXL. When mixing DFCs in the same chassis, the chassis will operate in the mode of the lowest common denominator.
    see link below
    http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/product_bulletin_cisco_catalyst_6500_series_16port_10gigabit_ethernet_module.html 
    Regards,
    Yaseen

  • Configuring VSS on Catalyst 4500 Supervisor 8-E

    I am trying to configure VSS between two Catalyst 4510R+E chassis that are equipped with dual Supervisor 8e blades, all running enterprise services licenses. I have configured SSO and NSF on both chassis, but when I get to the step to configure the virtual switch domain, I'm unable to proceed any further. I'm only able to get the following output:
    Switch(config)#switch virtual ?
    % Unrecognized command
    According to the VSS setup documentation, I should be able to input switch virtual domain <#> at this point to configure the virtual domain for VSS.
    I'm guessing that the problem is the IOS version that the supervisor engines are running, which is 3.3.0XO. I know on the Supervisor 7-E blades, IOS version 3.4.0SG or higher is required to run VSS.
    Can anyone confirm whether or not 3.3.0XO supports VSS? Cisco's data sheet states that the 8-E supports VSS, but the release notes are rather vague:
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_29983-01.html
    If 3.3.0XO does not support VSS, can anyone confirm whether or not 3.4.0SG is supported on the Supervisor 8-E?

    IOS-XE 3.6.0 does support VSS on Sup8 - Please make sure to upgrade the rom before attempting to upgrade the sup.
     ROM version = 15.1(1r)SG4
     HTH
    Luke

  • IOS Upgrade Cisco 4506

    Hi all
    I have a Cisco 4506 with supervisor module II WS-X4013+, this one have the version IOS cat4000-i9s-mz.122-18.EW3.bin, but i want enable SSH So i need upgrade the IOS version, Can anyone help me with a suggestion of IOS for this equipment?
    Thank you.

    Below the info of each module, also this switch has been configured with OSPF
    sh bootflash:
    -#- ED ----type---- --crc--- -seek-- nlen -length- ---------date/time--------- name
    1   .. image        A5C615FB  A18334   29 10322612 May 17 2005 17:41:40 +00:00 cat4000-i9s-mz.122-18.EW3.bin
    sh module
    Chassis Type : WS-C4506
    Power consumed by backplane : 0 Watts
    Mod Ports Card Type                              Model              Serial No.
    ---+-----+--------------------------------------+------------------+-----------
     1     2  Supervisor II+ 1000BaseX (GBIC)     WS-X4013+                   JAE0921D09Q
     2    24  10/100/1000BaseT (RJ45)                WS-X4424-GB-RJ45   JAB06430AB1
     3    48  10/100/1000BaseT (RJ45)                WS-X4548-GB-RJ45   JAE0920CV75
     4     6  1000BaseX (GBIC)                              WS-X4306-GB             JAE074706LH
     5    24  10/100/1000BaseT (RJ45)                WS-X4424-GB-RJ45   JAB060705PM
     6    24  10/100/1000BaseT (RJ45)                WS-X4424-GB-RJ45   JAB0629052P
    thank you.

Maybe you are looking for

  • Will iCloud stream my music to my AppleTV2?

    I'm really excited about iCloud, iMatch, etc. One of the things I'm trying to get straight about the service is whether it's truly streaming my content or is it only syncing content between devices. As in, will iCloud dump all my mp3s to the hard dri

  • Same exact update runs fine in one db but causes ORA-00904 in another

    I have an update statement that runs fine in one db but causes "" error in another. The two databases table structures are the same. I checked for synonyms and reserved words on BASE and COMPANY_ID but did not come up with anything. The db where it i

  • Quick email set up question

    Hi All, I just got a Curve 8900 Tmobile new from ebay.  Seller said it was unlocked, but it's not.  I need to use it overseas and on ATT when in the US.  Problem is this...during set up, there is no email set up icon, and from what I think I've read,

  • New router = constant activity outgoing!

    I've replaced a DOA Microsoft G router, Installed a new NetGear N300 last week that generated repeated DoS Attack:STORMs and also hung occasionally - returned it - and got a Linksys E2000 today. Both the new routers were installed and exhibited somet

  • WAS 640 SR1  dispatcher running not server

    Any clue what is happening here? UNIX WAS 640 Dispatcher running but server not connected. Here is the server0 work log: stdout/stderr redirect node name   : server0 pid         : 21774 system name : P00 system nr.  : 00 started at  : Thu Jan 27 15:3