Monitoring Catalyst Switch (MIB issue)

Similar Messages

• Can we monitor Catalyst 500 series Switches?

  Dear All,
  I am having Catalyst 500 switches in my Networking Environment. I want to monitor those switches by using snmp. Please advise whether this can be done and what are the kinds of traps we can enable? Also please suggest some links or pdf's of this Cat500 series switches. 
  Also these switches are having the below iOS.
  12.2(25)FY
  12.2(25)SEG6
  Thanks,
  Ashis

  Hi Ashis,
  Please check this link to get more info about SNMP configuration.
  Krishna

• TCP delay on catalyst switch

  i experienced a TCP delay on catalyst 4506, avoid the problem when i replaced 4506's with dummy unmanaged switches.
  i used two PCs(PC 1 and PC 2) and two 4506 switches (S1 and S2)
  PC 1 is connected to S1 (fast ethernet port)
  PC 2 is connected to S2 (fast ethernet port)
  S1 is connected to S2 (SFP gigabit ethernet port)
  -I started continuous UDP,TCP,MULTICAST and PING from PC1 to PC2
  -I unplugged link between Switch 1 and Switch 2
  all communication stopped.
  -I plugged link between Switch 1 and Switch 2
  -UDP,MULTICAST and PING started immediately but TCP started with approximately 15 seconds delay. :-(
  I repeated same procedure with unmanaged dummy switches instead of 4506, there wasnt 15 seconds delay. TCP showed up in 1 second.
  How can I avoid TCP delay on catalyst switches? Probably some tuning with configuration would do the job?
  tx for helping

  hi gp and thank you very much for responding to this unusual problem.
  - switch ports to the PCs are configured as portfast.
  - switch ports between two catalyst switches are not configured (default)
  - i didnt use the 'switchport access' command since they are default layer 2 interfaces. would 'switchport access vlan 1' command make any difference?
  - i looked at the port status and confirmed connection is 100 mbps full duplex.
  unusual issue is; ping, udp, multicast shows up in a very short time after I re-plug the uplink. that proves all ports are in forwarding state. only TCP shows up with delay, which doesnt occur on 200 $ unmanaged switch??
  thanks in advance for any suggestions

• Dacl on ACS 5.1 and Catalyst switch 3560

  Dear all
  I have ACS 5.1 and Catalyst switch 3560 with version 12.2(53)SE. I configure a dacl on the ACS and I use it on authorization profile.
  This authrization profile is used on access policy.
  I tried the authentication but it doesn't work. I checked the ACS logs and I found that the user is authenicated successfuly but the dacl gives this error (The Access-Request for the requested dACL is missing a cisco-av-pair attribute with the value aaa:event=acl-download. The request is rejected)
  Steps:
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  11025  The Access-Request for the requested dACL is missing a cisco-av-pair attribute with the value aaa:event=acl-download. The request is rejected
  11003  Returned RADIUS Access-Reject
  DACL:
  deny ip host 1.2.3.4 1.2.3.0 0.0.0.255 log
  permit ip any any log
  Thanks on advance,

  Dear Tiago
  I applied the command "radius-server vsa send". Now I can see the dacl is applied but I can't see it on the switch and even the authentication is succueeded ont the ACS logs but it give me unauthoized on the switchport. You can see the logs( started with the username acstest and the access-list is applied but it doesn't work and you can see theat it goes for mab after eap timed out). I hope you can help on this issue.
  Dec 13,10 10:29:00.513 AM
  00-23-AE-7A-58-A6
  00-23-AE-7A-58-A6
  Default Network Access
  Lookup
  Dot1x-3560-Switch
  1.2.3.4
  FastEthernet0/5
  TESTACS
  22056 Subject not found in the applicable identity store(s).
  Dec 13,10 10:28:29.186 AM
  #ACSACL#-IP-Guest-4cfcc14d
  Dot1x-3560-Switch
  1.2.3.4
  TESTACS
  Dec 13,10 10:28:28.726 AM
  acstest
  00-23-AE-7A-58-A6
  Default Network Access
  PEAP (EAP-MSCHAPv2)
  Dot1x-3560-Switch
  1.2.3.4
  FastEthernet0/5
  TESTACS
  Thanks,

• My mac pro with dual monitors keep switching sides after reboot

  Hi all,
  I am having a really weird issues with my Mac Pro after I installed Mountain Lion. I have dual ACD Monitors.  Every time I reboot, the monitors switch sides.  In other words, the monitor that is in front of me with the dock would switch to the other monitor and vice versa after I reboot.  When I reboot again, it switches back again.  This is extremely annoying.  I have had to switch the inputs on the back of my computer every time.

  I hate to burst my own bubble here, but I recently added a 3rd monitor, and now I'm getting the same inconsistent monitor switching between my second and third monitors.
  Here's my set up:
  Mac Pro, OSX 10.8.2
  2x2.26 GHz Quad Core Intel Xeon
  16 GB RAM
  Three Dell ST2420L display monitors
  What seems to be happening now is that I get three identical 'color' display profiles. The first one seems to stay on the same monitor, but the second and third monitors now switch at random. I can't seem to get them to stay in any particular order.
  Any suggestions or new approaches for solving this would be greatly appreciated!

• Router "snmp-server contact" command for catalyst switches??

  From the router you can configure the "snmp-server contact <text>" command
  to set the system contact for SNMP. Is there any equivalent command for
  Catalyst switches? I know that there's a "set system contact" command for
  CatOS but i'm sure if it has something to do with SNMP.
  Thanks in advance.

  Yes, set system contact on switch is the same that on the router for the above command. Once you use this this command to enter the contact info, it can be polled via the SNMP MIB Object sysContact (.1.3.6.1.2.1.1.4) from RFC1213-MIB. Example, if I use 'set system contact foo', I see the following using the 'show system' output:
  System Name System Location System Contact CC
  foo
  Polling the above via the above MIB object on the switch:
  % snmpwalk .1.3.6.1.2.1.1.4
  system.sysContact.0 = foo
  Similarly, if you set the 'System Name' on the switch using the command 'set system name ', can be polled via sysName (.1.3.6.1.2.1.1.5) from RFC1213-MIB
  Lastly, 'set system location ', once set can be polled via sysLocation (.1.3.6.1.2.1.1.6) from RFC1213-MIB

• Catalyst Switch Uptime

  There is a site that I have just become responsible for and the first thing that I noticed is that some of the switches uptime is over 2years without a reboot. What is the longest your switch or router should go before it gets rebooted? Is there a white paper that explains the problems that can occur if you don't reboot, such as memory leak, vlan bleeding, etc.
  Thanks,

  John
  While there have been a few releases of Catalyst code that have problems like memory leaks, they are the exception to the rule. Unlike some other operating systems there is generally not a need for a periodic reboot to clear memory problems. In general the Catalyst code is not bothered very much with issues of memory leaks and other similar problems. And memory fragmentation is usually not much of a problem - in contrast to some other operating systems. So uptimes of 2 years are not rare and are generally not a cause for concern. In general I would not reboot a Catalyst switch until there is a demonstrated need for it.
  HTH
  Rick

• Cisco Catalyst switch

  Hi,
  Can I know the answer for the following questions?
  1. What is the maximum MAC-address entry per Catalyst switch?
  2. Is there specific interval that I need to wait before issuing snmp polling to the switch after the LAN port turned into “green”?

  1. Depends on the Switch/Supervisor you have. For example Sup1/2 in a CAT6500 can have upto 128k MAC addresses
  http://www.cisco.com/warp/public/765/tools/quickreference/catalyst6000supervisors.pdf
  4k Supervisors can have upto 32k
  http://www.cisco.com/warp/public/765/tools/quickreference/catalyst4000supervisors.pdf
  3750/3560 can have upto 12k
  http://www.cisco.com/warp/public/765/tools/quickreference/catalyst3x00.pdf
  2.I am not an SNMP expert but would not think there would be any network delay other then the poll interval delay.

• Intel MAC Compatibility with 3560/Other Catalyst Switches

  Some of our users recently reported problems with their new Intel based Macintosh computers when we upgraded from old Extreme Summits to Catalyst 3560 series switches. They report sluggish response from the network. We have checked the ports for negotiation issues and errors and do not find any. Suspect the Intel Mac; but wanted to find out if anyone else is experiencing the same or has suggestions. Thanks.

  Hello,
  to my understanding MAC issues should not be the cause of your issues. Either the Ethernet frame is standard compliant, then there should not be an issue with Catalyst switches and no port errors. Or the Ethernet frames or MAC in use is non standard then the switch would report an error.
  Network response times depend on many things and negotiation might be the first thing to check - as you did. I would still recommend fixed settings for port speed and especially duplex. Just to avoid also intermittend problems (f.e. between PC reboots).
  Have you also checked for MTU and TCP window size settings? What else did change when you upgraded to the 3560s? Did you also check Router and switch ports for duplex and speed settings?
  Hope this helps! Please rate all posts.
  regards, Martin

• The difference between VTP server and transparent mode on Catalyst Switch.

  Hello 
  I have a question about the difference between VTP server mode and VTP transparent mode on general catalyst switch.
  Basically VTP server mode can create and modify VLAN configuration but  actually there is not any VLAN configuration through running-config, is it true?  When I checked it on Cat3550, certainly there is not VLAN configuration on VTP server mode. But VTP transparent can create VLAN and configuration but does not synchronize with other switch VLAN status. I appreciate any related information and reason of the VTP server mode specification, thank you very much.
  [VTP Transparent mode]
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Transparent
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *omit
  vlan 99
   name TEST-VLAN
  [VTP Server mode]
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *no VLAN like above configuration on VTP transparent mode.
  Best Regards,
  Masanobu Hiyoshi

  Hi mhiyoshi,
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Transparent
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *omit
  vlan 99
   name TEST-VLAN
  The above out put indicates that Vlan is created and then mode changed to transparent. i.e why revision no is 0.
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *no VLAN like above configuration on VTP transparent mode.
  This indicates that vlan never created in server mode nor learnt from another switch as revision no is 0

• Garageband is not picking sound from builtin mic (rMBP). I recorded some tracks, now it is not working. All other apps can use the mic. Monitoring is switched ON at GB, it picks sound only some other app, eg. Skype, is used to access the mic.

  Garageband is not picking sound from builtin mic (rMBP).
  I recorded some tracks, now it is not working. I have checked GB Preferences, Audio/MIDI > Audio Input > Built In Microphone.
  All other apps can use the mic. Dictation, Skype etc. can use the mic!
  Monitoring is switched ON at GB, it picks sound only some other app, eg. Skype, is used to access the mic.
  Can any one help me, Please!
  Many thanks!

  I have foud the solution - rather stupid. The system setting for audio input was at 70%, increasing it to 100% solves the problem!

• The difference of the IEEE802.1x Auth between Cisco Routers and Catalyst switches

  Hello
  I am investigating the difference of the IEEE802.1x Auth between Routers and Switches.
  Basically dot1x auth is availlable on Catalyst Switches. however if I want to check to
  PortBased Multi-Auth , MAC address Auth and any certification Auth with this feature,
  Is it possible to integrate into Cisco Router such as Cisco 891F ?
  In my opinion Cisco891F is also available to use basic IEEE802.1x but if it compares with Catalyst switches such as Cat3560X
  I think there might be any unsupported feature on Cisco 891F.
  I appreciate any information. thank you very much in advance.
  Best Regards,
  Masanobu Hiyoshi

  Many time in interviews asked comaprison between cisco  routers and switches that i was answerless bcoz i dont have much knowledge about that.Can anyone provide me the compariosin sheet of the same.how are the cisco devices differ with each other how much Bandwidth each routres support and Etc...
  Ummmm ... The most common question I get is "what is the difference between a router and a switch".
  However, if you get a question like this, then my impression to this line of questioning are:
  1.  The candidate they are looking for has in-depth knowledge of routers and switches.  And I mean IN-DEPTH!;
  2.  They are not looking for a candidate.  They just want to stroke their ego.  There is not alot of people who can give you the "names and numbers" of routers and switches at a snap of a finger.  And if you do happen to know the answer, then and there, then expect a tougher follow-up question. 

• Can a Catalyst switch terminate a QinQ (double vlan tagged) connection on an SVI?

  Can a Catalyst switch terminate a QinQ connection on an SVI?  Is anything similar possible?
  I know I can pass through QinQ traffic through a switch at L2, but can I take it in at L2 with double tags and terminate it on a L3 SVI somehow?
  Im looking for a simple way of making a WAN lab environment.
  IE I want to do the equivalent of this on a Catalyst such as a 3560/3750:
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 101 second-dot1q 1
   ip vrf forwarding 100101
   ip address 1.1.1.1/24
  interface GigabitEthernet0/0.2
   encapsulation dot1Q 101 second-dot1q 2
   ip vrf forwarding 100102
   ip address 2.2.2.2/24
  thanks in advance.

  Can a Catalyst switch terminate a QinQ connection on an SVI?  Is anything similar possible?
  I know I can pass through QinQ traffic through a switch at L2, but can I take it in at L2 with double tags and terminate it on a L3 SVI somehow?
  Im looking for a simple way of making a WAN lab environment.
  IE I want to do the equivalent of this on a Catalyst such as a 3560/3750:
  interface GigabitEthernet0/0.1
   encapsulation dot1Q 101 second-dot1q 1
   ip vrf forwarding 100101
   ip address 1.1.1.1/24
  interface GigabitEthernet0/0.2
   encapsulation dot1Q 101 second-dot1q 2
   ip vrf forwarding 100102
   ip address 2.2.2.2/24
  thanks in advance.

• Differences between MSFC1 and MSFC2 in Catalyst switches

  Hi,
  Want to know the differences between MSFC1 and MSFC2 in Catalyst switches.

  Hi,
  There is not much difference between MSFC1 and MSFC2, the main difference is how the MSFCs send the hardware programming to the PFC. The MSFC1 uses MLS to program the hardware by using the first packet of the traffic. While the MSFC2 uses CEF-based MLS to program the PFC so that the supervisor can make the hardware switching of the packet. NOtice the difference if the MSFC1 needs to see the first packet while the MSFC2, in theory will not need to see a first packet as it uses the CEF routing table to program the PFC2. Now, the kicker, if MSFC2 in sup1A , all this CEF-based MLS is not used since it needs PFC2 to be able to do this. Sup1A does not come with PFC2 only Sup2 comes with PFC2. The MSFCs gives the Cat6K a L3 ability and it's important but the switching performance of the switch depends on the PFC.
  Here is a link on MSFC2 data sheet:
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheet09186a00800887fd.html
  Please rate helpful posts.

• I don't understand correlation between ACL and dACL. If dACL is downloaded to the Catalyst switch what is the status of the ACL

  Understanding  ISE and dACL.
   I don't understand correlation between ACL and dACL.
   If dACL is downloaded to the Catalyst switch what is the status of the ACL attached to physical port. Is dACL appended to the existing ACL? When I typed ‘sh ip access-list int fa0/1’ I can see only dACL for access domain and dACL for voice domain appended to the previous dACL and no ACL lines.
   Regards,
  Vice

  Hi,
  Downloadable ACLs (dACL) are applied from your RADIUS server based on authentication and authorization policies.  It overrides any standard interface ACL.
  Standard interface ACLs are in place to limit traffic on the port before 802.1x or MAB authentication.
  When an authenticated session terminates on the interface the standard ACL will be re-applied until the next authentication.