Monitoring Cisco Catalyst 4506
Hello
I am looking Cisco SNMP MIB or some Nagios plugin that allow to monitoring PoE status on Cisco Catalyst 4506 modules and check Led indicator status simmilar I can do it by coomand "show enviroment "
Module 2 Status Led Color : Green PoE Led Color: Orange
Module 3 Status Led Color : Green PoE Led Color : Green
Thank you very much
Hi jon.marshall,
Thanks for you reply. I'll explain how the traffic flows:
1. Client boot up workstation
2. After booting up, client obtain IP addressing through DHCP service from a remote DHCP server using gateway of VLAN210 (172.18.212.1)
3. IP addressing issued to client (for e.g 172.18.212.128) and open web browser (HTTP) using a proxy (proxy.skynet.gov) with a DNS setting of skynet.gov.
4. Next hop is a Juniper Enforcer (a.k.a firewall) with IP address 172.18.221.234 (Enforcer 1 - Master) and 172.18.221.235 (Enforcer 2 - Backup) which have a policy rule stating that the client range of 172.18.212.0 to 172.18.212.255 wanting to contact the proxy (proxy.skynet.gov), the next hop would be the Juniper UAC Host checker (with IP address of 172.18.223.254).
Note: There are 2x physical Junpier Enforcer and only 1x Juniper Host Checker
5. Juniper UAC Host Checker checks client workstation to ensure that minimum requirements are met before allowing client to go to internet
6. Once clients pass the Juniper UAC Host Checker, traffic to the internet is then allowed.
7. Clients surf the internet.
8. End
To answer your questions:
i. The UAC is not on the same subnet however, all routing is done on the Cisco Catalyst 4506 and the UAC and VLAN are all on the 4506 too.
ii. I'm not sure if the Juniper UAC is the one that makes all Http request of VLAN210 (172.18.212.0 to 172.18.212.255) or it will let the client make its on Http request after it passes the host checker.
iii. Yes. I have 2x Cisco Catalyst 4506 and they are connected to each other through HSRP
iv. The proxy (proxy.skynet.gov) is configured on the clients browser.
Note: Is the DNS name of the proxy server, NOT the IP address of the proxy server.
I hope the above provided information is sufficient for you reference to provide me the actual syntax for my requirement. Thanks.
Cheers!!!
Similar Messages
-
Cisco catalyst 4506-e boot error
Rommon signature verification PASSED for golden image
Rommon signature verification PASSED for primary image
FPGA signature verification PASSED for primary image
* Welcome to Rom Monitor for WS-X45-SUP7-E System. *
* Copyright (c) 2008-2011 by Cisco Systems, Inc. *
* All rights reserved. *
Primary Rom Monitor Version 15.0(1r)SG5
CPU Rev: 2.2, Board Rev: 10, Board Type: 101, CPLD Moka Rev: 7.0x3718.0xb565
Chassis: WS-C4506-E
Got Mac Address: c0:67:af:40:24:c2
MAC Address : c0-67-af-40-24-c2
IP Address : 14.18.2.234
Netmask : 255.255.255.0
Gateway : 14.18.2.21
TftpServer : Not set.
Peer supervisor not detected or is not running IOS
Supervisor uplinks and all linecards have been reset
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
******** The system will autoboot now ********
config-register = 0x2101
Autobooting using the first file from bootflash.....
loading image
Checking digital signature
bootflash:/cat4500e-universal.SPA.03.05.02.E.152-1.E2.bin: Digitally Signed Release Software with key version A
Rommon reg: 0x00004F80
Reset2Reg: 0x00000F00
Image load status: 0x00000000
Snowtrooper 155 controller 0x044DDBD2..0x04688FA7 Size:0x0041DCD4 Program Done!
[ 57.324367] pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01)
Starting System Services
Calculating module dependencies ...
Loading rtc-ds1307
RTNETLINK answers: Invalid argument
No Mountpoints DefinedNov 13 09:35:24 %IOSXE-3-PLATFORM: process sshd[4211]: error: Bind to port 22 on :: failed: Address already in use.
diagsk10-post version 5.1.4.0
prod: WS-X45-SUP7-E part: 73-14393-02 serial: CAT1837L75P
Power-on-self-test for Module 1: WS-X45-SUP7-E
CPU Subsystem Tests ...
seeprom: Pass
Traffic: L3 Loopback ...
Test Results: Pass
Traffic: L2 Loopback ...
post timeout
A Critical job [post] exited abnormally! Reloading the supervisor
Killed by signal [TERM]
Loading virtuclock as vuclock
Loading gsbu64atomic as gdb64atomic
Loading isp1362_hcd_k10
/dev/fd/13: line 273: /sys/devices/system/edac/mc/edac_mc_log_ce: No such file or directory
Starting IOS Services
AIPC Module Loaded...
cat4k-watchdog[6250]: Watchdog daemon initialized on 2 CPU(s)
cat4k-watchdog[6250]: Watchdog daemon started.
Dumping all the logs to /root/reload.20141113..Please be patient
All logs dumped
sysmgr: <<%SYSMGR-2-SERVICE_CRASHED>> Service "System Manager (parser)" (PID 6820) hasn't caught signal 15 (no core).
/bin/kill: 8178: No such process
/bin/kill: 8179: No such process
/bin/kill: 8197: No such process
/bin/kill: 8198: No such process
/etc/rc6.d/S01reboot: line 198: umount_cisco_filesystems: command not found
Please stand by while rebooting the system...
[ 266.041680] Restarting system.
Rommon signature verification PASSED for golden image
Rommon signature verification PASSED for primary image
FPGA signature verification PASSED for primary image
* Welcome to Rom Monitor for WS-X45-SUP7-E System. *
* Copyright (c) 2008-2011 by Cisco Systems, Inc. *
* All rights reserved. *
Primary Rom Monitor Version 15.0(1r)SG5
CPU Rev: 2.2, Board Rev: 10, Board Type: 101, CPLD Moka Rev: 7.0x3718.0xb565
Chassis: WS-C4506-E
Got Mac Address: c0:67:af:40:24:c2
MAC Address : c0-67-af-40-24-c2
IP Address : 14.18.2.234
Netmask : 255.255.255.0
Gateway : 14.18.2.21
TftpServer : Not set.
Peer supervisor not detected or is not running IOS
Supervisor uplinks and all linecards have been reset
***** The system will autoboot in 5 seconds *****
Type control-C to prevent autobooting.
******** The system will autoboot now ********
config-register = 0x2101
Autobooting using the first file from bootflash.....
loading image
Version: cat4500e-universal.SPA.03.05.02.E.152-1.E2.bin
Any help PLZconfig-register = 0x2101
Autobooting using the first file from bootflash.....
You need to provide more information. What are you trying to do? How many IOS file(s) do you have in the bootflash?
sysmgr: <<%SYSMGR-2-SERVICE_CRASHED>> Service "System Manager (parser)" (PID 6820) hasn't caught signal 15 (no core).
Break into the auto-boot process and post the output to the command "dir bootflash:". -
Catalyst 4506 and Modules in Pwr Over state
Hello,
First of all, my excuses for my bad english.
I am experiencing a problem with a Cisco Catalyst 4506.
The switch is filled with 48 port PoE blades (WS-X4248-RJ45V).
The error we receive is:
Sept 5 15:40:12: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Sept 5 16:37:04: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Sept 5 16:37:04: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
According to the Cisco website:
Explanation
This message indicates that the measured PoE is at least 50 w higher than the configured value. The switch has either misconfigured PoE or an unauthorized powered device that is connected to the switch and is drawing a lot of PoE.
Out put for the commands sh power details and sh module all are attached.
The switch has no PoE devices on the specific blade.
Atleast not that we know.
Does any one know some other solution?
Thanks in advance.
Martijn GroenleerWell, blade six went offline on the first row of the log i posted earlier.
The problem is, the log doesn't mention in the message which module went offline.
About the 'efficiency' i noticed this also, what could be causing this? Power supplies are already replaced. PoE is on default settings currently.
A full log related to these power over warnings:
Aug 30 23:27:00: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Aug 30 23:39:34: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Aug 30 23:39:34: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
Sep 3 08:45:46: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Sep 3 08:57:49: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Sep 3 08:57:49: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
Sep 4 01:53:04: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Sep 4 02:23:16: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Sep 4 02:23:16: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
Sep 4 16:10:58: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Sep 4 17:20:23: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Sep 4 17:20:23: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
Sep 4 17:58:14: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Sep 4 18:09:37: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Sep 4 18:09:37: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
Sep 4 19:13:15: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Sep 4 19:56:11: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Sep 4 19:56:11: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
Sep 5 09:02:16: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Sep 5 09:10:46: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Sep 5 09:10:46: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
Sep 5 15:40:12: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
Sep 5 16:37:04: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
Sep 5 16:37:04: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online -
Monitoring for Cisco UCS/Cisco Catalyst/EMC VNX/VMware environment
hi
I am not sure whether this is the right place for this post, but I am giving it a shot anyway.
I am looking for a monitoring solution for a Cisco UCS/Cisco Catalyst/EMC VNX/VMware environment and I cannot seem to find 1 product that does it all.
Do any of you Guys have experience with a such product?
thanks...I have used PRTG for Cisco Routers/Switch, Vmware and with Cisco UCS. As for the storage part I'm not sure.
I recommend prtg because its user friendly and web based management.
Please Rate. -
MIB Extension - Cisco Catalyst 2960 -
Hi everyone,
I would like to monitor a cisco catalyst 2960 provided with IOS v15. I accessed mib files and I found that many component are disabled or have no entry in it (check attachment).
So my question is : Can I extend the mib to support more OIDs ? and if so, I'll be glad if you give a tutorial or example !
Thank you so much.
Best regards,Your ipRouteTable and EGP MIBs are disabled because the 2960 is a layer-2 switch only, so it does not have any ip routing or EGP. The MIBs will be disabled for features your switch does not support.
Kevin Dorrell
Luxembourg -
Cisco catalyst 2690 switch vlanTable
Hi,
I have a cisco catalyst 2690 switch.
I want monitoring IP, MAC, and Port Address.
I use this docu: http://docstore.mik.ua/orelly/perl/sysadmin/ch10_03.htm
This works great:
htvtef7-nagios:/ # snmptranslate -On BRIDGE-MIB:dot1dTpFdbTable
.1.3.6.1.2.1.17.4.3
snmpwalk -c tef7snmp@761 -v 2c 10.76.1.7 .1.3.6.1.2.1.17.4.3
htvtef7-nagios:/ # snmptranslate -On BRIDGE-MIB:dot1dBasePortTable
.1.3.6.1.2.1.17.1.4
snmpwalk -c tef7snmp@761 -v 2c 10.76.1.7 .1.3.6.1.2.1.17.1.4
htvtef7-nagios:/ # snmptranslate -On CISCO-STACK-MIB:vlanTable
.1.3.6.1.4.1.9.5.1.9.2
But I get a error:
htvtef7-nagios:/ # snmpwalk -c tef7snmp -v 2c 10.76.1.7 .1.3.6.1.4.1.9.5.1.9.2
SNMPv2-SMI::enterprises.9.5.1.9.2 = No Such Object available on this agent at this OID
Switch config:
snmp-server community testament RO
snmp-server community tef7snmp RO
snmp-server location XYZ
snmp-server contact MR.XYZ
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps cpu threshold
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps envmon
snmp-server enable traps mac-notification
snmp-server enable traps copy-config
snmp-server enable traps config
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server host XXX.XXX.XXX.XXX public
snmp-server host YYY.YYY.YYY.YYY tef7snmp
What did I do wrong?
THX!/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Normál táblázat";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
Thx for the replay!
I use on the switch c2960-lanbasek9-mz.122-25.SEE3.bin (IOS),
the Cisco Feature Navigator say, this IOS support the CISCO-STACK-MIB:
http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=0&PlatformSel=0&fsSel=0&IMAGE_NAME=c2960-lanbasek9-mz.122-25.SEE3.bin&SUBMIT2=Submit&IMAGE_ID=816103
In show snmp mib I could not find the vlanTable. See the attachment.
I du not understand! -
Hi..
I have been trying to configure wccp on catalyst 4506 switches running VSS but unable to complete setup config. I need your help in configuring wccp.
i want ports www/https to be redirected to proxy server. And want to enable wccp on vlan interface. Pls help me in configuring it. Also any config example will be really helpful and appreciated.Your switch is crashing due to multibit ECC errors. Upgrade your ROMMON to 12.1(20r)EW2. You might want to also upgrade IOS to 12.2(18)EW4
http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCed25996
You can download it from
http://www.cisco.com/kobayashi/sw-center/lan/cat4000.shtml -
Cisco WS-4506-E Switch with Supervisor II (EOL, EOS)
Hello,
I have a Distribution/Access Switch Cisco WS-4506-E Switch with Supervisor II (EOL, EOS). when are the exact EOL/EOS dates and can only upgrade the supervisor engine to Supervisor 8?
ThanksEoS/EoL: Cisco Catalyst 4003 Chassis, Supervisor Engine I & III
-
Hi,
My existing 4006 chassis is using Supervisor III (WS-X4014).
I have another 4506 chassis using Supervisor IV (WS-X4515) and a Netflow Services Card (WS-F4531) build on top of it.
I need Netflow Services Card in 4006, so can I just replace the Supervisor IV (WS-X4515) used in cisco 4006? Is it compatible with 4006?
Any suggestion?
Thanks,
HowYeehi HowYee,
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/product_data_sheet0900aecd8035cf2b.html
according to that document, it is not possible if you want to put supIV to 4006 chassis
Chassis and Line-Card Support
You can deploy the supervisor engine IV in single-chassis nonredundant mode in the Cisco Catalyst 4503, 4503-E, 4506, and 4506-E chassis. You can also deploy it in single-chassis redundant mode as an option in the Cisco Catalyst 4507R chassis (slots 1 and 2 only) and Cisco Catalyst 4507R-E/4507R+E chassis (slots 3 and 4).
The supervisor engine IV is compatible with the classic Cisco Catalyst 4500 and the E-series Cisco Catalyst 4500 Line Cards. Table 1 gives performance information for the Cisco Catalyst 4500 Series Supervisor Engine IV.
regards, -
I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"Thank you, but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.
So what type of transceiver should I use to connect LC/APC patch cord to cisco switches? Is there another type or SFP+ still can be used? -
Cisco Catalyst 2955 Causes Some Devices to "Die" During Boot
I posted this question in the LAN section of the forums, but I realize this is probably the proper forum for my question.
I have recently purchased a Cisco Catalyst model WS-2955C-12 switch. During POST (boot), the console reports that the switch undergoes what is known as a "FRONT-END LOOPBACK TEST". During this test the 14 port lights on the device light up amber for a moment, connectivity is lost, and after a second or two the lights go off and connectivity returns. We've found that the moment the lights go off at the end of this test, if we have a specific device (with a specific ethernet chip) directly connected to the switch the ethernet chip is adversely affected by this test - the device "goes dark" and is not capable of communicating with anything (including other switches, routers, etc...) until it is power-cycled. What exactly does this FRONT-END LOOPBACK TEST do (I know it's for validating the ports for hardware defects), and what does it send across the wire that could be causing my ethernet chip onboard the device to go bonkers?
Thanks!
-DannyThe ethernet chip on the device (the device is a National Instruments product) is an STMicro STE10/100E, and I'm fairly confident I now know what's happening but I don't know why.
When my ethernet chip is in Autonegotiate mode, the "FRONT-END LOOPBACK TEST" performed by the catalyst does something where, at the conclusion of the test, the ethernet chip goes into an autonegotiation state and never comes back out of it. I'm thinking the "FRONT-END LOOPBACK TEST" is sending something across the wire that's confusing this specific ethernet chip; I've tried 3 Intel parts and also a Broadcom part and they rode it out in autonegotiation mode just fine. If I put the STE chip into a manually-configured mode the "FRONT-END LOOPBACK TEST" doesn't cause it to "go dark".
So, my question is really what does the FRONT-END LOOPBACK TEST do? Does it perform a remote loopback test (the STE10/100E doesn't support loopback tests)?
-Danny -
Ask the Expert: Layer 2 Security on Cisco Catalyst Platforms
With Wilson Bonilla
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about about issues in designing, planning, and implementing Layer 2 security in your LAN network with expert Wilson Bonilla.
Wilson will cover topics that network engineers face daily such as Spanning Tree Protocol security, private VLANs, IP source guard, protected ports, dynamic ARP inspection, virtual LAN access-control lists (VLAN ACLs), and Dynamic Host Configuration Protocol (DHCP) snooping over Cisco Catalyst platforms. With the fast growth of networks, Layer 2 security is even more critical in the LAN to help your network become more reliable, efficient, and secure. Wilson will answer your questions about LAN networks with Cisco Catalyst switches.
Wilson Bonilla is a technical networking trainer at the Learning and Development Department for Cisco Technical Assistance Center located in Costa Rica. Before joining the Training Department, he worked for the Cisco TAC as a customer support engineer focused on LAN Switching for more than two years. While working on LAN switching, Wilson also had roles such as technical leader and trainer, adding to his area of expertise in Cisco Catalyst Layer 2 switching. He has CCNP routing and switching certification and is currently studying to achieve his CCNA certification in data center.
Remember to use the rating system to let Wilson know if you've received an adequate response.
Because of the volume expected during this event, Wilson might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity, LAN, Switching and Routing, shortly after the event. This event lasts through November, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.Hello NetNavi.
Check the post above about MacSec for more information and let me know if you need further clarification, if so I will do my best,
In regards to best practices there is a Cisco document; it describes deployments and best practices in every scenario; Supplicants, authenticator, authentication services and other configurations. Please check it out:
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.html
In regards to Private VLANS:
What is a Private Vlan?
A private Vlan is a way to isolate hosts within the same Vlan or broadcast domain. So even when you might have devices sharing the same broadcast domain they can be isolated, this isolated is configured based on sub-domains also most often called primary and secondary Vlans.
What is a primary Vlan?
The primary Vlan is representation of the private Vlan, a primary Vlan has one or more secondary Vlans, a switch uses the primary Vlan to present traffic from the secondary Vlans to its neighboring devices.
What is a secondary Vlan?
A secondary Vlan is a sub-domain of the primary Vlan. We could say that the secondary Vlans belongs to the primary. The must be associated to a primary Vlan. There are two types of secondary vlans: Isolated and Community secondary Vlans.
What does it happen to host within a secondary isolated Vlan?
Host within the isolated vlan; can’t communicate to neither other host in the same isoalted vlan nor host in a community vlan.
What does it happen to host within the secondary community Vlan?
Host within the community Vlan can communicate with other host assigned to the same community vlan, but they can’t talk to host in other community vlans.
What are the benefits of implementing private Vlans?
Scalability: The most common scenario is a service provider. Imagine all customers of a service provider connected through DSL, cable modem… it’s very likely that all customers belong to the same broadcast domain, however if that’s the case why is it that I can’t use my neighbor’s printer, or maybe why is it that I can’t access the files he has store in his computer, (security) we are in the same broadcast shouldn’t I be able to at least ping his ip address?. Well that’s because the ISP must guarantee some type of security for their customers, and because put every single customer that they have in a single Vlan is not scalable they use private Vlans.
Examples:
ISP use private vlans to protect from security bridges, Private vlans and isolated Vlans are used to protect personal information for example from one customer to another.
DMZ; Many implementations utilizes private vlans in a DMZ to limt or minimize that risk of a compromised server.
I would like to share this documentation with you for further information and configuration guidelines
http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml#hw
This document explains what Cisco Catalyst switches support Private Vlans.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
Let me know if you have further questions.
Regards
Wilson B. -
Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
ipv6 dhcp database disk0://DHCPV6-DB
ipv6 dhcp pool VLAN206IPV6
prefix-delegation pool VLAN206IPV6-POOL
dns-server 2620:B700:0:1001::53
domain-name global.bio.com
ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
interface Vlan206
description *** IPv6 Subnet ***
ip address 10.2.104.2 255.255.255.0
ipv6 address 2620:B700:0:12C7::2/64
ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
ipv6 nd managed-config-flag
ipv6 dhcp server VLAN206IPV6
standby version 2
standby 0 ip 10.2.104.1
standby 0 preempt
standby 6 ipv6 2620:B700:0:12C7::1/64
standby 6 preempt
I'm getting a result from my debug as follows:
Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
Apr 10 16:28:03.861 PDT: src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
Apr 10 16:28:03.861 PDT: dst FF02::1:2
Apr 10 16:28:03.861 PDT: type SOLICIT(1), xid 8277025
Apr 10 16:28:03.861 PDT: option ELAPSED-TIME(8), len 2
Apr 10 16:28:03.861 PDT: elapsed-time 101
Apr 10 16:28:03.861 PDT: option CLIENTID(1), len 14
Apr 10 16:28:03.861 PDT: 00010001195FD895F01FAF10689E
Apr 10 16:28:03.861 PDT: option IA-NA(3), len 12
Apr 10 16:28:03.861 PDT: IAID 0x0FF01FAF, T1 0, T2 0
Apr 10 16:28:03.861 PDT: option UNKNOWN(39), len 32
Apr 10 16:28:03.861 PDT: option VENDOR-CLASS(16), len 14
Apr 10 16:28:03.861 PDT: option ORO(6), len 8
Apr 10 16:28:03.861 PDT: DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
Apr 10 16:28:03.861 PDT: src FE80::21D:E6FF:FEE4:4400
Apr 10 16:28:03.861 PDT: dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
Apr 10 16:28:03.861 PDT: type ADVERTISE(2), xid 8277025
Apr 10 16:28:03.861 PDT: option SERVERID(2), len 10
Apr 10 16:28:03.865 PDT: 00030001001DE6E44400
Apr 10 16:28:03.865 PDT: option CLIENTID(1), len 14
Apr 10 16:28:03.865 PDT: 00010001195FD895F01FAF10689E
Apr 10 16:28:03.865 PDT: option STATUS-CODE(13), len 15
Apr 10 16:28:03.865 PDT: status code NOADDRS-AVAIL(2)
Apr 10 16:28:03.865 PDT: status message: NOADDRS-AVAILHello,
maybe hitting the following bug.
Pv6 Address Assignment Support for IPv6 DHCP Server
CSCse81385
Hope this helps -
Alternative switch to Cisco Catalyst 3750v2-24FS and 3750-24FS
I`m looking for an alternative to these two switches:
1. WS-C3750V2-24FS-S Cisco Catalyst 3750V2-24FS Switch with 24 100FX SFP + 2 Gigabit Ethernet SFP Ports
2. Cisco Catalyst 3750-24FS (WS-C3750-24FS-S 100BASE-FX)
They are now EOL and not available.
I have a campus style network and need to be able to connect multiple 100FX fibre switches back to a central switch. The 1st unit uses 100FX SFP modules and the second has in-built 100FX ports. I`m struggling to find anything from Cisco that will give me multiple (i.e 12+) 100FX ports.
Could anyone please point me in the right direction?
Many thanks,
PaulHi Paul ,
Replacement for both switch is WS-C3650-48TS-S.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/eos-eol-notice-c51-730227.html
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/end_of_life_c51-687707.html
Regards
Don't forget to rate helpful posts
Sent from Cisco Technical Support iPhone App -
Cisco Catalyst 3850 as ntp master
Hi All,
I have 2 x Cisco Catalyst 3850 stacked together. What are your recommendations if I use the C3850 as a ntp master for all edge switches connected in my network? All edge switches must be authenticated if it needs NTP sychronization. But other than that, what are the downsides?
For example,
1. I heard that switches do not have an internal clock so is a poor device to be a centralized NTP master.
2. I have also read that switches also have slow CPU processors that may lack the processing required.
3. Its NTP sychronization will use external NTP servers which are resolved into IP addresses (e.g. pool.ntp.org). IP address can change. What other more reliable NTP sources are there?
4. Any other thoughts and comments are most welcome.Firstly, DO NOT use the command "ntp master". Cisco do not recommend using this commands because this will confuse the NTP propagation inside the network.
Next, all Cisco devices do not have a dedicated clock. All appliances need to get SNTP/NTP time synch from somewhere. This "somewhere" could either be a dedicated GPS-based NTP server and/or a time synch somewhere out in the internet.
You can also use the command "ntp update-calendar". This new command allows appliances to take regular "snapshot" of the time and save it into the NVRAM. In case there was a reboot or a power failure, the appliance's time is not too far away instead of waiting 5 to 10 minutes for SNTP/NTP to synch.
Maybe you are looking for
-
Boa tarde! No bloco I050 - plano de contas, o SPED Contábil irá trazer o plano de contas completo, tenha havido lançamento na conta ou não? Este entendimento está correto? Se eu gerar o SPED Contábil para 2008, com range de datas de 2008, uma conta c
-
How can recover files from a HD with damaged "permissions"
I had a second HD drive installed on my macbook pro with my iPhoto library and other files stored and, for my own stupid reasons, which had not been backed up for over 3 months. It was actually the original Toshiba boot drive that came with the machi
-
Easy question about JScrollPane issue
The problem is I do not understand why it is not possible, or what I am doing wrong to not be able to initialize a JScrollPane with a variable and call it later, real easy to see in the code below. NOTE! I CAN use scrollbars, but only without initial
-
Need JDeveloper Exact Version for 11.5.9
Hi All, I would like to develop the new pages by using OA Framework. To develop the page in 11.5.9 version what is the exact compatible JDeveloper version? See below for my OAInfo details.... OA Framework Version --> 5.7.H.V6 MDS Version --> 9.0.3.6.
-
Expand items on a material document
The system allows to post 100 items per material document and after that it create a new document. How can we have the system to allow more than 100 items per material document? Is there any configuration/developement?