ESW 520 IGMP Snooping
Hi all,
I have to deploy a full IP-TV solution and the IGMP snooping must be supported on the switch.
I know the the ESW 520 support this protocol but the full IP-TV solution will manage uo to 200 set up boxes, does this switch support all this traffic?
I also have another question, what exactly mean
"Combo SFP slots include one 10/100/1000BASE-T Ethernet port and 1 SFP-based Gigabit Ethernet slot for fiber, 1 port active at a time." ? Is when I use 1 port with LX sfp transcever the 3 other uplink ports will be inactive and I can't add another or trunk it with another switch?
Thx for the support.
BR
Hello Hakim,
I cannot answer your first question. I think that if you provide some more detail, such as how much traffic 200 "set up boxes" will generate, you may have a better chance of a response.
Regarding your second question, you can have two trunks using EITHER the two 10/100/1000BASE-T Ethernet ports OR the SFP-based Gigabit Ethernet slots for fiber OR one of each. Of the four ports you can only use two at a time because they are "shared".
Similar Messages
-
ESW 520 ARP Inspection Problem
Hello,
I have observed strange behavior on ESW 520 switches, with ARP Inspection operation. ARP inspection is configured with static ip to mac bindings, and it work.Problem is with logs, switch generates tons of ARP inspection logs, during network normal operation, but network endpoints are working well. These logs are same witch are generated during ARP poisoning in network. This operation was observed in older and new firmware.
Here is sample log:
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e9 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:5a:85:2e SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.18
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e1 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:03 SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.16
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:19:85:26 SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.15
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e1 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:03 SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.16
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e9 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:12:85:2e SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.18
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:11:85:26 SRC I
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.1
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e8 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:14:85:0c SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.14
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e3 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:3f SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.12
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e8 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:51:85:0c SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.14
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10
Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:57:85:26 SRC IP
0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.15
It seems switch dont like ARP request which are going to local network addresses., but in that vlan all host can communicate which each other.
Do you have any idea what can be the problem ?Hi ngtransge,
I will first come to say I do not know the answer. But, I will suspect the log entries are indicating a MAC address that arrived on the interface that did not recognize the IP or MAC address. If the MAC or IP is not found in the inspection list, it would revert to the DHCP snooping table if that is enabled.
I would suspect these entries are coming from an untrusted interface then goes through validation.
Can you show the trusted interfaces and the MAC bindings?
Are the MAC addresses on the log entry meaningful to you in any way?
Are those MAC addresses supposed to be going to a particular destination? Or conversely, are the MAC addresses supposed to be seen on an untrusted interface?
-Tom -
Ip igmp snooping querier on Nexus, what source IP address to use?
Am looking at a problem with servers in the same vlan across multiple switches that are unable to communicate using multicast. I have found that in the systen I'm to set up I need to apply the ip igmp snooping querier command, in the vlan, but it needs a source IP address.
Different documents make conflicting recommendations for this address, one suggests that any unused address will do, another suggests to use the IP address that is configured on the SVI for the vlan.
Which is correct?Eventually I had to ask Cisco TAC, the response was that any IP address within the subnet could be used. The recommendation was to allocate an unused address in the vlan subnet for this purpose, use the same address on multiple switches should resiliance be required.
-
Does the Catalyst 2960x-48TD support Cisco's IGMP Snooping MIB?
Does the Catalyst 2960x-48TD support Cisco's IGMP Snooping MIB? We have a number of switches from different vendors and have recently begun switching to Cisco's, however unlike the other brands I am unable to audit the IGMP Snooping settings via SNMP. It appears that while the switch supports IGMP Snooping it does not support the CISCO MIB for IGMP Snooping. Is this a known bug and is it fixed in any of the later releases?
Our company is purchasing and deploying C2960X-48TD's and I am tasked with updating our system audit softwareHi Sean,
Nov 21 15:40:42.390: %MCAST-SPSTBY-6-ETRACK_STATS_LIMIT_EXCEEDED: Number of entries in IGMP snooping explicit-tracking statistics has exceeded the maximum limit (32000)
The above log message is written because the number of explicit-tracking statistics entries is bounded to avoid monopolizing of system resources by IGMP/MLD snooping. The explicit-tracking statistics database maximum size is set to the same as that of explicit-tracking limit.
The statistics are split into two banks: permanent and volatile. The statistics entries will be stored permanently (volatile) until the permanent entries threshold is reached, after which the statistics will be stored temporarily up to the database maximum size. When the size of the database exceeds the permanent threshold, a group will be removed on receiving an IGMP/MLD leave. Groups can be removed whether they were installed above or below the permanent threshold. If the number of statistics entries grows beyond the maximum size of the database, then no statistics will be stored for any newly formed groups.
You can disable ip igmp snooping explicit-tracking by the following
1) Configure "no ip igmp snooping explicit-tracking"
2) Configure "ip igmp snooping limit track 0" on global.
3) After ET is disabled, please do a "clear ip igmp snooping statistics".
Here is a reference URL (please make sure you copy and paste the entire link to the browser):
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/snooigmp.html#wp1062242
HTH
Luke -
For having 3 settopboxes for iptv I have setup vlan 3 for iptv.
IGMP snooping is enabled for vlan 3 with the default settings and port 5 (incoming iptv) is enabled as IGMP Mrouter.
In the multicast forwarding table vlan 3 is set to filter unregistered.
This is working fine for a while but after 2 to 3 days the settopbox doesn't receive the iptv signal anymore and I have to restart the switch.
After the reset everything is working fine again for a few days and then the above repeats it self.
How can I solve this problem?
Sent from Cisco Technical Support iPad AppHi Alexandre, I think the only way to see what is happening is by generating a packet capture to see why when one of the connections leave, what is being sent or received by the other to cause the delay.
-Tom
Please mark answered for helpful posts -
ESW 520 802.1x MAB authentication problem
Hello,
I am having problem with 802.1x MAB authentication on ESW 520 switch, the authentication server is ACS 5.3.
The Authentication method on ESW is 802.1x & MAC, and Host Authentication mode is Multi Session. When i plug ip phone it never authenticate the phone, and on ACS I get following error message:
Radius authentication failed for USER: aa1effbb8fd4 MAC: aa-1E-FF-bb-8F-D4 AUTHTYPE: Radius authentication failed
RADIUS Status:Authentication failed : 11509 Access Service does not allow any EAP protocols
15004 Matched rule
15012 Selected Access Service - MAB
11507 Extracted EAP-Response/Identity
11509 Access Service does not allow any EAP protocols
11504 Prepared EAP-Failure
11003 Returned RADIUS Access-Reject
For that Access Service I have configured only Host Lookup.
The same ACS configuration is working perfectly on Catalyst 3560G switche.
It seems that ESW switch is not telling ACS that authentication is going to be by MAC address.
Do you have any idea what can be the problem.Are you hitting the same selection rule? Also is "mab eap" configured globally on the switch, or on the port itself?
Also can you post the port configuration and the show ver of the ESW?
Thanks,
Tarik Admani
*Please rate helpful posts* -
ESW 520 802.1x re authentication problem
Hello
I have problem with ESW 520, on 802.1x authentication. The problem is when host authenticates successfully it works about couple of minutes, after it truest too authenticate again but it lags. On network interface it shows notification that if Failed authentication. On ACS I see only one authentication attempt which is successful. This problem is happening on Win7 and Win XP. If I unplug and plug cable it authenticates successfully, but then about couple of minutes it again lags. Switch sees port as authenticated. On Win7 event viewer I have following error:
Reason: 0x70004
Reason Text: The network stopped answering authentication requests
Error Code: 0x0
If I connect same hosts on Catalyst 2960 switch, they work successfully.Hi ngtransge
There are tree possible explanations about why the authentications fails.
A)the network interface is shut down after failed computer authentication. You can see this on the switch as line protocol down for that port.
To verify the client has a domain certificate:
1. Click Start and click Run.
2. Type mmc, and then press ENTER.
3. On the File menu, click Add/Remove Snap-in.
4. Click Certificates, click Add, select Computer account, and then click Next.
5. Verify that Local computer: (the computer this console is running on) is selected, click Finish, and then click OK.
6. In the console tree, double-click Certificates (Local Computer), double-click Personal, and then click Certificates.
On a domain joined client, you should see a certificate here with Intended Purposes of Client Authentication. Make sure this certificate is not expired. If it is expired, you will need to regain connection to your CA to request a new one.
B) You should check your switch's configuration, perhaps a port or some ports could be blocked by an access-list and interrupt the re authentication.
C) If this two solutions don't work, you have to try to change the authentication method (PEAP-MSCHAPv2 or PEAP-EAP-TLS)
Greetings, Johnnatn Rodriguez Miranda -
Hello,
just to put this out there, I am a noob to the world of Cisco, just got my CCNA, and am now working as an intern.
Can you set esw 520 switches to use auto QoS? We are putting the 520's into an environment of more configurable catalyst switches, and they all use auto QoS. I am basically wondering how to get the QoS on the 520's to play nice with the auto qos on the nicer catalyst switches...
I have tried just using basic QoS, but that wont work, because when I use the port wizard, I use the macro "ip phone + desktop"
It insists on setting qos, but fails because voice-map does not exists. The only way I have found to get the macro to work, is to set QoS to advanced, and create a policy map called "voice-map" of course, after that the macro works, but then I am left with advanced QoS enabled, and hardly configured...how am I supposed to know how to configure it if the other switches ( catalyst series) are set to auto?
Im sorry for the seemingly dumb question, but I know next to nothing about QoS other than it is used to prioitize traffic based on data types.Hey cole, typically with theses switches the smartports will do the QOS with the port role, however you can manually create the QOS for the switch, by creating a ACL to identify the specific traffic comming through the switch port. Then Create a class map/ policy map/ and then bind it to the ports your wanting to setup QOS on.
-
RedHat Enterprise Cluster and Cisco IGMP Snooping/Querying
Has anyone else had any experience with IGMP Snooping/Querying and RedHat Enterprise Cluster?
We have been experiencing a large amount of problems with this functionality.
We are running IGMP Querying in our environment and we recently set up a second querier.
Here's the steps we took
Existing querier: 192.168.3.248
Everything was running fine.
Added a new querier on a different switch: 192.168.3.247
At this point, all of our RedHat Enterprise Clusters fenced themselves and needed to be restarted in order to restore
access. In order to restart the RedHat Enterprise Clusters, the physical servers must be rebooted.
Are there any known issues with RedHat Enterprise Clustering and Cisco Switches (3750
series)? I would expect the querier change to be seamless, but it does not seem that this
is the case.Hi,
In our organizaiton we have Red Hat Cluster with 2 cisco switch (Model: cisco WS-C2960S-24TD-L, Version: "flash:/ c2960s-universalk9-mz.122-55.SE3/c2960s-universalk9-mz.122-55.SE3.bin").
- We are using HP Chassis c7000 and Server is on the chassis. There are 2 service IC & Med. Each server has one service primary and other secondary running.
- The two cluster switches are connected each other with Ether channer trunk (1+1) link. Also these 2 switches are connected to our Mgmt switch for Server Admin access to HP Chassis via OA port. The Red Hat system has cluster lan (pri & sec) & OA lan (01 & 02 of HP chassis) connected to Cluster switches. The Mgmt VLAN is 501 - 172.31.10.0/24.
Problem:
When the CluserSW01 goes down the cluser shifted to CluseterSW02 with Cluser_Secondary_LAN and OA2. But when the ClusterSW01 switch comes again than the communication breaks and cluster don come up.
I was thinking this is either STP or IGMP, well sure though. As these are production systems hence we also couldn't do much more test as well.
If you have face any such issue or have experience with it or know what the problem might be... kindly share with me.
Thanks,
Adnan -
i've been reading these forums and noticed that lot of people have problems with configuring multicast. basicly, problems are flooding bandwidth, no querier, confusing pim router configuration ...
also, ive seen some promisses from tehnical stuff that next gen of linksys switches will have #ip igmp snooping querier, like cat ones have. so i'm interested if someone can give me the answer.
it is interesting question for many people who would cant afford expensive cat switches for such simple usage.
regards,
davidHi David,
You actually have a lot more options as seen in the GUI, so I though I would put as simple network together and run you through a validation.
But I am assuming you have the refreshed version of the SRW224G4P switch called the SRW224G4P-K9-NA .
If you have the old switch the following is not relevant to you.
I put together a simple network diagram showing my simple network topology used during my wee test;
I chose the RV042 as my Layer 3 router in this network.
It really was to provide DHCP services, but shortly after all devices had IP addresses, I removed the RV042, becauise I noticed it was sending out IP IGMP general queries. Something I didn;t want in the following test.
I was using a software based multicast tester, produced by the wonderful folk at Twisted Pair Solutions. This software can either send and/or receive multicasts of a defined group and responds appropriately to IGMP General queries. I will call this software MCT (Multicast test).
I had the MCT software on PC C. PC C is plugged into switch port 10 It is sending multicasts into the switch at a rate of about 10 multicast packets a second.
I had the MCT software on PC A. PC A is plugged into switch port 1. It is set to receiving and count multicasts from the switch
I had PC B plugged into switch port 2. PC B is checking switch statistics, but not try to receive multicasts from PC 3.
I had setup multicast snooping on VLAN 1 and querying according to the GUI screen capture below.
Note: I only had a single vlan on this switch.
In a composite of two screen captures below, you can see that IGMP querier status is enabled.
I took off the RV042 out of the network, because i noticed within a wireshark capture on PC A, that the RV042 was sending out group general queries. I wanted the switch to take over that role
I waited a few minutes, and displayed only igmp activity.
It can be clearly seen in the screen capture below;
SG300 series switch was sending out general queries (2 minutes) from source IP address 172.16.1.100.
It waited for the mcast router general query, but when none came, 60 seconds later sent out it's own general query. Fair enough, it had to assume a mcast router might be sending general queries every minute.
Switch statistics can be seen below, it showed;
that PC B on switch port G2 was not being flooded by multicasts, in other words snooping is working;
Port 10, PC C is sending in 2962 multicast packets to the switch.
Port 1, PC A is receiving 2900 multicast packets from the switch
port 2 , PC B is not part of the multicast group 234.55.66.77 and as such is not being flooded by multicasts.
ALL three PCs are windows based products, and certain multicasts emanate from these devices.
show interafce count
Port InUcastPkts InMcastPkts InBcastPkts InOctets
gi1 12 9 6 3493
gi2 247 237 6 43733
gi3 0 0 0 0
gi4 0 0 0 0
gi5 0 0 0 0
gi6 0 0 0 0
gi7 0 0 0 0
gi8 0 0 0 0
gi9 0 0 0 0
gi10 26 2962 3 850881
gi11 0 0 0 0
gi12 0 0 0 0
gi13 0 0 0 0
gi14 0 0 0 0
gi15 0 0 0 0
gi16 0 0 0 0
gi17 0 0 0 0
gi18 0 0 0 0
gi19 0 0 0 0
gi20 0 0 0 0
gi21 0 0 0 0
gi22 0 0 0 0
gi23 0 0 0 0
gi24 0 0 0 0
gi25 0 0 0 0
gi26 0 0 0 0
gi27 0 0 0 0
gi28 0 0 0 0
Port OutUcastPkts OutMcastPkts OutBcastPkts OutOctets
gi1 13 2900 9 839691
gi2 233 343 9 90453
gi3 0 0 0 0
gi4 0 0 0 0
gi5 0 0 0 0
gi6 0 0 0 0
gi7 0 0 0 0
gi8 0 0 0 0
gi9 0 0 0 0
gi10 24 343 12 47165
gi11 0 0 0 0
gi12 0 0 0 0
gi13 0 0 0 0
gi14 0 0 0 0
gi15 0 0 0 0
gi16 0 0 0 0
gi17 0 0 0 0
gi18 0 0 0 0
gi19 0 0 0 0
gi20 0 0 0 0
gi21 0 0 0 0
gi22 0 0 0 0
gi23 0 0 0 0
gi24 0 0 0 0
gi25 0 0 0 0
gi26 0 0 0 0
gi27 0 0 0 0
gi28 0 0 0 0
If I look at the multicast groups within the switch, it show that only two ports were involved in multicast group 234.55.66.77. This is the correct behaviour.
switch4cf17c#sh ip igmp snooping group
Vlan Group Source Include Ports Exclude Ports Comp.
Address Address Mode
1 234.55.66.77 * gi1,gi10 v2
1 239.255.255. * gi1-2,gi10 v2
250
Just to complete the posting, here is the CLI command (highlighted) to enable the querier functionality within the switch;
[Kswitch4cf17c#sh run
bridge multicast filtering
ip igmp snooping
ip igmp snooping vlan 1
ip igmp snooping vlan 1 querier
interface vlan 1
ip address 172.16.1.100 255.255.255.0
exit
interface vlan 1
no ip address dhcp
exit
hostname switch4cf17c
no passwords complexity enable
no snmp-server server
ip telnet server
Hope this helps you and others
regards Dave -
Hello to all!
I have come a cross one problem with hope someone can help me solve it or at least give some valuable ideas.
The problem is regarding IGMP snooping with Cisco 4948E swithes. By documentation it is said that IGMP snooping is turned on by default.
However, I was getting all multicast traffic on the port where there is only one receiver, tuned to only one multicast group.
I was able to solve to problem by turning igmp snooping querier option and now it is working ok.
However, I have to plug in a Cisco router (7200 series). In that case the router is the querier.
My problem is that the router is constantly getting all multicast traffic, causing the CPU time to increase and be crushed.
I have several multicast groups on the switch, but want only specific ones to be present on the port where router is connected.
I think IGMP snooping is not working on 4948E switches.
Did anybody else experience the same problem?
The router has PIM enabled and I have managed to solve the problem with access list being put in outside direction but this is not the neat solution.
How can I solve this problem? When I do show int command on the router I am getting all multicast traffic and I want to receive only specific ones with way too lower traffic amount.
Thank you very much!Hello to all!
I have come a cross one problem with hope someone can help me solve it or at least give some valuable ideas.
The problem is regarding IGMP snooping with Cisco 4948E swithes. By documentation it is said that IGMP snooping is turned on by default.
However, I was getting all multicast traffic on the port where there is only one receiver, tuned to only one multicast group.
I was able to solve to problem by turning igmp snooping querier option and now it is working ok.
However, I have to plug in a Cisco router (7200 series). In that case the router is the querier.
My problem is that the router is constantly getting all multicast traffic, causing the CPU time to increase and be crushed.
I have several multicast groups on the switch, but want only specific ones to be present on the port where router is connected.
I think IGMP snooping is not working on 4948E switches.
Did anybody else experience the same problem?
The router has PIM enabled and I have managed to solve the problem with access list being put in outside direction but this is not the neat solution.
How can I solve this problem? When I do show int command on the router I am getting all multicast traffic and I want to receive only specific ones with way too lower traffic amount.
Thank you very much! -
ESW-520-48 and Polycom IP phones
I am a managed switch n00b. Please forgive my lack of experience, but I think I have a relatively simple situation that I am just not totally clear on.
System configuration:
T1 from Cox => WAN Port of WRVS400N wireless Router
Port 1 of WRVS4400N to g1 of ESW-520-48 switch.
All Polycoms wired to switch ports (no desktop passthroughs)
All computer data on wireless
Switch is essentially default configuration out of box (sans static IP and gateway configuration to router)
Router set for high priority QoS for ports 5060-5080 (IP phones to remote hosted service)
There seems to be a large amount of bandwidth transferring between the WRVS4400N and the T1 (largest chunk aggregated as 802.1q or "wellfleet" according to Netprobe - screenshot attached). From what I understand, this is VLAN tagging. I am certain I may not be utilizing this correctly or at all.
Call quality is suffering due to bandwidth (or poor configuration)...it is a T1 after all.
Question is: What is the ideal configuration for the switch as I feel I have not utilized it at all here? The only components on the switch are the phones.
Any other comments welcome (even the flaming kind - I'll try to pick out the constructive bits).
Thanks in advance.
DanHello Dimawerks,
On the switch you can only really change the untagged vlan to be 4. The option you are looking for should be available on the AP. Ideally you are wanting the management of the AP to be on vlan 4. The best way to set this is on the AP to have it's management vlan changed to 4 and to then to tag it on the AP and switch or untag it on both. -
CSM Fault Tolerance and IGMP Snooping
For "connection redundancy" the redundancy guide says to turn off IGMP snooping.
Is there any way around this?
I need to have multicasting everywhere and I don't want to multicast all streams to every port on this switch.Most of the show statements are at the end of the attached file in an earlier post. The vservers details are at the end of this post.
I have an ARP entry for the VIP - 0001.64f9.1a64, but it does not respond to pings. I tried both the alias and the server vlan IP as the default gateway of the servers.
I took a trace and found that the VIP sends a TCP reset immediately after a request. I have tried versions 4.2.1 and 4.1.4 with the same result. I wonder if this could be a problem with the Sup720 with 12.2.17d IOS. I also tried the CSM in slots 2 and 3.
720Test2#sh mod csm 3 vserver detail
SOFTRICITY, type = SLB, state = OPERATIONAL, v_index = 10
virtual = 10.10.249.6/32:0 bidir, any, service = NONE, advertise = FALSE
idle = 3600, replicate csrp = none, vlan = ALL, pending = 30, layer 4
max parse len = 2000, persist rebalance = TRUE
ssl sticky offset = 0, length = 32
conns = 0, total conns = 1
Default policy:
server farm = SOFT1, backup =
sticky: timer = 0, subnet = 0.0.0.0, group id = 0
Policy Tot matches Client pkts Server pkts
(default) 1 1 0 -
Port suspended on Cisco ESW-520-24P
Hi experts,
I appreciate if anyone can help me with this. I just bought 4 units of Cisco ESW-520 24Ports switches. I did some testing and found out for PORTS 1 and 12 is in "Suspended" mode and thus not able to use.
This not happened to 1 but all 4 switches. Why is this so ? Can anyone guide me to disable the ports from going into "suspended" mode automatically ? I wouldn't want the ports to be in "Suspension" mode when it goes live and thus block the desktops from having internet access.
Thanks!Ok, I think I found out what the priblem is. It seems that from factory, the ports come locked. You have to go to Security>Traffic Control>Port Security and unlock each port. Click the EDIT tab on the port you want to edit. Then un-check the ENABLE TRAP> (apply). Un-check LOCK INTERFACE> (apply). Change LEARNING MODE to CLASSIC LOCK> (apply). That should do it, but you'll have to do that for every port you want unlocked. I'm not to sure if there is a way to unlock then all at once.
Daniel -
Multicast mac address isn't learned, igmp-snooping
I have PIM router which connects to the cat 2960 switch and also I have host which connects to another port on the same switch. Host was joined to the IGMP group 224.1.1.1. I see that the router generates igmp-query and the host respons. IGMP-snooping process sees that process and updates appropriate entries:
2960-5#sh ip igmp snooping mrouter
Vlan ports
15 Gi2/0/32(dynamic)
2960-5#sh ip igmp snooping groups
15 224.1.1.1 igmp v2 Gi2/0/32, Gi2/0/33
But when I command "sh mac address-table multicast" I see nothing:
2960#sh mac address-table multicast
Vlan Mac Address Type Ports
What is reason of this problem?There is the following statement from the "CCNP Practical Studies: Switching:
the process of populating the bridge table with multicast MAC addresses is based upon inspection of the destination MAC address, unlike unicast MAC addresses where the source MAC address of unicast frames is examined to generate bridge table entries.
And this book describes other parts of the mac learning process and says that after exchanging IGMP-message MAC-table must be populated by multicast mac-addresses. But later I found some Cisco and Jupiner documentation which says there is two way to perform multicast forwarding - MAC and IP. Default metod is IP multicast forwarding. When this metod is used multicast MAC-addresses isn't learnt and process of packet forwarding uses special forwarding cache which includes list of mapping IP and appropriate interfaces. It all means that this book isn't actual. All modern switchs perform multicast forwarding by IP metod and MAC-addresses don't populate CAM.
Maybe you are looking for
-
My nano generation 6 now stops playing music when the screen goes black
The nano recently started to do something weird. I have been using it for a couple years with no issues. Recently it will stop playing music as soon as the screen goes black (sleep). it never did this before. I have checked the settings, nothing
-
hey im wondering how to chat instant message style using my webcam and mic im new to the mac world any help would be great
-
iCal on my Macbook has always grayed the current date. iCal on my MacMini (both 10.5.8) never has until a few days ago but has since stopped. How can I get it to "shade" again?
-
How can i make my calender have that little 1 on the top.
You know when theres like missed call theres a little 1 or 2.. i saw in the 3g tutorial there was a little 1 on the top.. can you do this on a regular iphone not 3g.. and i have downloaded 2.0. Thanks
-
My account limited - no customer service - no answers!
Please someone reply to me! My account was limited because of suspected fraudulent activity, "a sign in near Tampa". I happen to be close to Tampa on holiday and I was indeed signing in. This happened July 14th, I do not have much time and need to ge