Monitoring Cisco Catalyst 4506

Hello
I am looking Cisco SNMP MIB or some Nagios plugin that allow to monitoring PoE status on Cisco Catalyst 4506 modules and check Led indicator status  simmilar I can do it by coomand "show enviroment "
Module 2 Status Led Color : Green    PoE Led Color: Orange
Module 3 Status Led Color : Green    PoE Led Color : Green
Thank you very much

Hi jon.marshall,
Thanks for you reply. I'll explain how the traffic flows:
1. Client boot up workstation
2. After booting up, client obtain IP addressing through DHCP service from a remote DHCP server using gateway of VLAN210 (172.18.212.1)
3. IP addressing issued to client (for e.g 172.18.212.128) and open web browser (HTTP) using a proxy (proxy.skynet.gov) with a DNS setting of skynet.gov.
4. Next hop is a Juniper Enforcer (a.k.a firewall) with IP address 172.18.221.234 (Enforcer 1 - Master) and 172.18.221.235 (Enforcer 2 - Backup) which have a policy rule stating that the client range of 172.18.212.0 to 172.18.212.255 wanting to contact the proxy (proxy.skynet.gov), the next hop would be the Juniper UAC Host checker (with IP address of 172.18.223.254).
Note: There are 2x physical Junpier Enforcer and only 1x Juniper Host Checker
5. Juniper UAC Host Checker checks client workstation to ensure that minimum requirements are met before allowing client to go to internet
6. Once clients pass the Juniper UAC Host Checker, traffic to the internet is then allowed.
7. Clients surf the internet.
8. End
To answer your questions:
i. The UAC is not on the same subnet however, all routing is done on the Cisco Catalyst 4506 and the UAC and VLAN are all on the 4506 too.
ii. I'm not sure if the Juniper UAC is the one that makes all Http request of VLAN210 (172.18.212.0 to 172.18.212.255) or it will let the client make its on Http request after it passes the host checker.
iii. Yes. I have 2x Cisco Catalyst 4506 and they are connected to each other through HSRP
iv. The proxy (proxy.skynet.gov) is configured on the clients browser.
Note: Is the DNS name of the proxy server, NOT the IP address of the proxy server.
I hope the above provided information is sufficient for you reference to provide me the actual syntax for my requirement. Thanks.
Cheers!!!

Similar Messages

  • Cisco catalyst 4506-e boot error

    Rommon signature verification PASSED for golden image
    Rommon signature verification PASSED for primary image
    FPGA signature verification PASSED for primary image
     * Welcome to Rom Monitor for   WS-X45-SUP7-E System.       *
     * Copyright (c) 2008-2011 by Cisco Systems, Inc.           *
     * All rights reserved.                                     *
     Primary Rom Monitor Version 15.0(1r)SG5
     CPU Rev: 2.2, Board Rev: 10, Board Type: 101, CPLD Moka Rev: 7.0x3718.0xb565
     Chassis: WS-C4506-E
    Got Mac Address: c0:67:af:40:24:c2
     MAC Address  : c0-67-af-40-24-c2
     IP Address   : 14.18.2.234
     Netmask      : 255.255.255.0
     Gateway      : 14.18.2.21
     TftpServer   : Not set.
     Peer supervisor not detected or is not running IOS
     Supervisor uplinks and all linecards have been reset
     ***** The system will autoboot in 5 seconds *****
     Type control-C to prevent autobooting.
     ******** The system will autoboot now ********
     config-register = 0x2101
     Autobooting using the first file from bootflash.....
    loading image
    Checking digital signature
    bootflash:/cat4500e-universal.SPA.03.05.02.E.152-1.E2.bin: Digitally Signed Release Software with key version A
    Rommon reg: 0x00004F80
    Reset2Reg: 0x00000F00
    Image load status: 0x00000000
    Snowtrooper 155 controller 0x044DDBD2..0x04688FA7 Size:0x0041DCD4 Program Done!
    [   57.324367] pci 0000:00:00.0: ignoring class b20 (doesn't match header type 01)
    Starting System Services
    Calculating module dependencies ...
    Loading rtc-ds1307
    RTNETLINK answers: Invalid argument
    No Mountpoints DefinedNov 13 09:35:24 %IOSXE-3-PLATFORM: process sshd[4211]: error: Bind to port 22 on :: failed: Address already in use.
    diagsk10-post version 5.1.4.0
    prod: WS-X45-SUP7-E part: 73-14393-02 serial: CAT1837L75P
    Power-on-self-test for Module 1: WS-X45-SUP7-E
    CPU Subsystem Tests ...
     seeprom: Pass
    Traffic: L3 Loopback ...
     Test Results: Pass
    Traffic: L2 Loopback ...
    post timeout
    A Critical job [post] exited abnormally! Reloading the supervisor
    Killed by signal [TERM]
    Loading virtuclock as vuclock
    Loading gsbu64atomic as gdb64atomic
    Loading isp1362_hcd_k10
    /dev/fd/13: line 273: /sys/devices/system/edac/mc/edac_mc_log_ce: No such file or directory
    Starting IOS Services
    AIPC Module Loaded...
    cat4k-watchdog[6250]: Watchdog daemon initialized on 2 CPU(s)
    cat4k-watchdog[6250]: Watchdog daemon started.
    Dumping all the logs to /root/reload.20141113..Please be patient
    All logs dumped
    sysmgr: <<%SYSMGR-2-SERVICE_CRASHED>> Service "System Manager (parser)" (PID 6820) hasn't caught signal 15 (no core).
    /bin/kill: 8178: No such process
    /bin/kill: 8179: No such process
    /bin/kill: 8197: No such process
    /bin/kill: 8198: No such process
    /etc/rc6.d/S01reboot: line 198: umount_cisco_filesystems: command not found
    Please stand by while rebooting the system...
    [  266.041680] Restarting system.
    Rommon signature verification PASSED for golden image
    Rommon signature verification PASSED for primary image
    FPGA signature verification PASSED for primary image
     * Welcome to Rom Monitor for   WS-X45-SUP7-E System.       *
     * Copyright (c) 2008-2011 by Cisco Systems, Inc.           *
     * All rights reserved.                                     *
     Primary Rom Monitor Version 15.0(1r)SG5
     CPU Rev: 2.2, Board Rev: 10, Board Type: 101, CPLD Moka Rev: 7.0x3718.0xb565
     Chassis: WS-C4506-E
    Got Mac Address: c0:67:af:40:24:c2
     MAC Address  : c0-67-af-40-24-c2
     IP Address   : 14.18.2.234
     Netmask      : 255.255.255.0
     Gateway      : 14.18.2.21
     TftpServer   : Not set.
     Peer supervisor not detected or is not running IOS
     Supervisor uplinks and all linecards have been reset
     ***** The system will autoboot in 5 seconds *****
     Type control-C to prevent autobooting.
     ******** The system will autoboot now ********
     config-register = 0x2101
     Autobooting using the first file from bootflash.....
    loading image
    Version: cat4500e-universal.SPA.03.05.02.E.152-1.E2.bin
    Any help PLZ

    config-register = 0x2101
    Autobooting using the first file from bootflash.....
    You need to provide more information.  What are you trying to do?  How many IOS file(s) do you have in the bootflash? 
    sysmgr: <<%SYSMGR-2-SERVICE_CRASHED>> Service "System Manager (parser)" (PID 6820) hasn't caught signal 15 (no core).
    Break into the auto-boot process and post the output to the command "dir bootflash:".

  • Catalyst 4506 and Modules in Pwr Over state

    Hello,
    First of all, my excuses for my bad english.
    I am experiencing a problem with a Cisco Catalyst 4506.
    The switch is filled with 48 port PoE blades (WS-X4248-RJ45V).
    The error we receive is:
    Sept 5 15:40:12: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Sept 5 16:37:04: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Sept 5 16:37:04: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
    According to the Cisco website:
    Explanation
    This message indicates that the measured PoE is at least 50 w higher than the configured value. The switch has either misconfigured PoE or an unauthorized powered device that is connected to the switch and is drawing a lot of PoE.
    Out put for the commands sh power details and sh module all are attached.
    The switch has no PoE devices on the specific blade.
    Atleast not that we know.
    Does any one know some other solution?
    Thanks in advance.
    Martijn Groenleer

    Well, blade six went offline on the first row of the log i posted earlier.
    The problem is, the log doesn't mention in the message which module went offline.
    About the 'efficiency' i noticed this also, what could be causing this? Power supplies are already replaced. PoE is on default settings currently.
    A full log related to these power over warnings:
    Aug 30 23:27:00: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Aug 30 23:39:34: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Aug 30 23:39:34: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
    Sep 3 08:45:46: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Sep 3 08:57:49: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Sep 3 08:57:49: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
    Sep 4 01:53:04: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Sep 4 02:23:16: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Sep 4 02:23:16: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
    Sep 4 16:10:58: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Sep 4 17:20:23: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Sep 4 17:20:23: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
    Sep 4 17:58:14: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Sep 4 18:09:37: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Sep 4 18:09:37: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
    Sep 4 19:13:15: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Sep 4 19:56:11: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Sep 4 19:56:11: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
    Sep 5 09:02:16: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Sep 5 09:10:46: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Sep 5 09:10:46: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online
    Sep 5 15:40:12: %C4K_IOSMODPORTMAN-4-INLINEPOWEROVERWARNING: Inline power exceeds threshold: Module status changed to 'Pwr Over'
    Sep 5 16:37:04: %C4K_IOSMODPORTMAN-6-INLINEPOWEROK: Inline power within limits: Module status changed to 'Ok'
    Sep 5 16:37:04: %C4K_IOSMODPORTMAN-6-MODULEONLINE: Module 6 (WS-X4248-RJ45V S/N: JAB080609GN Hw: 2.0) is online

  • Monitoring for Cisco UCS/Cisco Catalyst/EMC VNX/VMware environment

    hi
    I am not sure whether this is the right place for this post, but I am giving it a shot anyway.
    I am looking for a monitoring solution for a Cisco UCS/Cisco Catalyst/EMC VNX/VMware environment and I cannot seem to find 1 product that does it all.
    Do any of you Guys have experience with a such product?
    thanks...

    I have used PRTG for Cisco Routers/Switch, Vmware  and with Cisco UCS. As for the storage part I'm not sure.
    I recommend prtg because its user friendly and web based management.
    Please Rate.

  • MIB Extension - Cisco Catalyst 2960 -

    Hi everyone, 
    I would like to monitor a cisco catalyst 2960 provided with IOS v15. I accessed mib files and I found that many component are disabled or have no entry in it (check attachment).
    So my question is : Can I extend the mib to support more OIDs ? and if so, I'll be glad if you give a tutorial or example !
    Thank you so much.
    Best regards,

    Your ipRouteTable and EGP MIBs are disabled because the 2960 is a layer-2 switch only, so it does not have any ip routing or EGP.  The MIBs will be disabled for features your switch does not support.
    Kevin Dorrell
    Luxembourg

  • Cisco catalyst 2690 switch vlanTable

    Hi,
    I have a cisco catalyst 2690 switch.
    I want monitoring IP, MAC, and Port Address.
    I use this docu: http://docstore.mik.ua/orelly/perl/sysadmin/ch10_03.htm
    This works great:
    htvtef7-nagios:/ # snmptranslate -On BRIDGE-MIB:dot1dTpFdbTable
    .1.3.6.1.2.1.17.4.3
    snmpwalk -c tef7snmp@761 -v 2c 10.76.1.7 .1.3.6.1.2.1.17.4.3
    htvtef7-nagios:/ # snmptranslate -On BRIDGE-MIB:dot1dBasePortTable
    .1.3.6.1.2.1.17.1.4
    snmpwalk -c tef7snmp@761 -v 2c 10.76.1.7 .1.3.6.1.2.1.17.1.4
    htvtef7-nagios:/ # snmptranslate -On CISCO-STACK-MIB:vlanTable
    .1.3.6.1.4.1.9.5.1.9.2
    But I get a error:
    htvtef7-nagios:/ # snmpwalk -c tef7snmp -v 2c 10.76.1.7 .1.3.6.1.4.1.9.5.1.9.2
    SNMPv2-SMI::enterprises.9.5.1.9.2 = No Such Object available on this agent at this OID
    Switch config:
    snmp-server community testament RO
    snmp-server community tef7snmp RO
    snmp-server location XYZ
    snmp-server contact MR.XYZ
    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    snmp-server enable traps tty
    snmp-server enable traps cluster
    snmp-server enable traps entity
    snmp-server enable traps cpu threshold
    snmp-server enable traps vtp
    snmp-server enable traps vlancreate
    snmp-server enable traps vlandelete
    snmp-server enable traps flash insertion removal
    snmp-server enable traps port-security
    snmp-server enable traps envmon
    snmp-server enable traps mac-notification
    snmp-server enable traps copy-config
    snmp-server enable traps config
    snmp-server enable traps bridge newroot topologychange
    snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
    snmp-server enable traps syslog
    snmp-server enable traps vlan-membership
    snmp-server host XXX.XXX.XXX.XXX public
    snmp-server host YYY.YYY.YYY.YYY  tef7snmp
    What did I do wrong?
    THX!

    /* Style Definitions */
    table.MsoNormalTable
    {mso-style-name:"Normál táblázat";
    mso-tstyle-rowband-size:0;
    mso-tstyle-colband-size:0;
    mso-style-noshow:yes;
    mso-style-parent:"";
    mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
    mso-para-margin:0cm;
    mso-para-margin-bottom:.0001pt;
    mso-pagination:widow-orphan;
    font-size:10.0pt;
    font-family:"Times New Roman";
    mso-ansi-language:#0400;
    mso-fareast-language:#0400;
    mso-bidi-language:#0400;}
    Thx for the replay!
    I use on the switch c2960-lanbasek9-mz.122-25.SEE3.bin (IOS),
    the Cisco Feature Navigator say, this IOS support the CISCO-STACK-MIB:
    http://tools.cisco.com/ITDIT/MIBS/MainServlet?ReleaseSel=0&PlatformSel=0&fsSel=0&IMAGE_NAME=c2960-lanbasek9-mz.122-25.SEE3.bin&SUBMIT2=Submit&IMAGE_ID=816103
    In show snmp mib I could not find the vlanTable. See the attachment.
    I du not understand!

  • Wccp catalyst 4506

    Hi..
    I have been trying to configure wccp on catalyst 4506 switches running VSS but unable to complete setup config. I need your help in configuring wccp.
    i want ports www/https to be redirected to proxy server. And want to enable wccp on vlan interface. Pls help me in configuring it. Also any config example will be really helpful and appreciated.

    Your switch is crashing due to multibit ECC errors. Upgrade your ROMMON to 12.1(20r)EW2. You might want to also upgrade IOS to 12.2(18)EW4
    http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCed25996
    You can download it from
    http://www.cisco.com/kobayashi/sw-center/lan/cat4000.shtml

  • Cisco WS-4506-E Switch with Supervisor II (EOL, EOS)

    Hello,
    I have a Distribution/Access Switch Cisco WS-4506-E Switch with Supervisor II (EOL, EOS). when are the exact EOL/EOS dates and can only upgrade the supervisor engine to Supervisor 8?
    Thanks

    EoS/EoL:  Cisco Catalyst 4003 Chassis, Supervisor Engine I & III

  • Cisco 4006 & 4506 sup engine

    Hi,
    My existing 4006 chassis is using Supervisor III (WS-X4014).
    I have another 4506 chassis using Supervisor IV (WS-X4515) and a Netflow Services Card (WS-F4531) build on top of it.
    I need Netflow Services Card in 4006, so can I just replace the Supervisor IV (WS-X4515) used in cisco 4006? Is it compatible with 4006?
    Any suggestion?
    Thanks,
    HowYee

    hi HowYee,
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps4324/product_data_sheet0900aecd8035cf2b.html
    according to that document, it is not possible if you want to put supIV to 4006 chassis
    Chassis and Line-Card Support
    You  can deploy the supervisor engine IV in single-chassis nonredundant mode  in the Cisco Catalyst 4503, 4503-E, 4506, and 4506-E chassis. You can  also deploy it in single-chassis redundant mode as an option in the  Cisco Catalyst 4507R chassis (slots 1 and 2 only) and Cisco Catalyst  4507R-E/4507R+E chassis (slots 3 and 4).
    The  supervisor engine IV is compatible with the classic Cisco Catalyst 4500  and the E-series Cisco Catalyst 4500 Line Cards. Table 1 gives  performance information for the Cisco Catalyst 4500 Series Supervisor  Engine IV.
    regards,

  • Connection of LC/APC fiber patch cords to Cisco Catalyst 6500 $ Cisco Access 3750 Switches

    I have an LC/APC fiber patch cord infrastructure and I want to connect it to Cisco Catalyst 6500 & Cisco Access 3750 Switches. what type of transceiver should be used?
    I read a note on Cisco website stating the following for Cisco SFP+ transceivers:
    Note: "Only connections with patch cords with PC or UPC connectors are supported. Patch cords with APC connectors are not supported. All cables and cable assemblies used must be compliant with the standards specified in the standards section"

    Thank you,  but my question is that I have a single mode fiber patch cord with LC/APC connector while cisco stating a note that only use LC/PC or LC/UPC type of connectors with SFP+ transceiver.  
    So what type of transceiver should I use to connect LC/APC patch cord to cisco switches?  Is there another type or SFP+ still can be used? 

  • Cisco Catalyst 2955 Causes Some Devices to "Die" During Boot

    I posted this question in the LAN section of the forums, but I realize this is probably the proper forum for my question.
    I have recently purchased a Cisco Catalyst model WS-2955C-12 switch. During POST (boot), the console reports that the switch undergoes what is known as a "FRONT-END LOOPBACK TEST". During this test the 14 port lights on the device light up amber for a moment, connectivity is lost, and after a second or two the lights go off and connectivity returns. We've found that the moment the lights go off at the end of this test, if we have a specific device (with a specific ethernet chip) directly connected to the switch the ethernet chip is adversely affected by this test - the device "goes dark" and is not capable of communicating with anything (including other switches, routers, etc...) until it is power-cycled. What exactly does this FRONT-END LOOPBACK TEST do (I know it's for validating the ports for hardware defects), and what does it send across the wire that could be causing my ethernet chip onboard the device to go bonkers?
    Thanks!
    -Danny

    The ethernet chip on the device (the device is a National Instruments product) is an STMicro STE10/100E, and I'm fairly confident I now know what's happening but I don't know why.
    When my ethernet chip is in Autonegotiate mode, the "FRONT-END LOOPBACK TEST" performed by the catalyst does something where, at the conclusion of the test, the ethernet chip goes into an autonegotiation state and never comes back out of it. I'm thinking the "FRONT-END LOOPBACK TEST" is sending something across the wire that's confusing this specific ethernet chip; I've tried 3 Intel parts and also a Broadcom part and they rode it out in autonegotiation mode just fine. If I put the STE chip into a manually-configured mode the "FRONT-END LOOPBACK TEST" doesn't cause it to "go dark".
    So, my question is really what does the FRONT-END LOOPBACK TEST do? Does it perform a remote loopback test (the STE10/100E doesn't support loopback tests)?
    -Danny

  • Ask the Expert: Layer 2 Security on Cisco Catalyst Platforms

    With Wilson Bonilla
    Welcome to the Cisco Support Community Ask the Expert conversation.  This  is an opportunity to learn and ask questions about about issues in designing, planning, and implementing Layer 2 security in your LAN network with expert Wilson Bonilla. 
    Wilson will cover topics that network engineers face daily such as Spanning Tree Protocol security, private VLANs, IP source guard, protected ports, dynamic ARP inspection, virtual LAN access-control lists (VLAN ACLs), and Dynamic Host Configuration Protocol (DHCP) snooping over Cisco Catalyst platforms.  With the fast growth of networks, Layer 2 security is even more critical in the LAN to help your network become more reliable, efficient, and secure. Wilson will answer your questions about LAN networks with Cisco Catalyst switches.  
    Wilson Bonilla is a technical networking trainer at the Learning and Development Department for Cisco Technical Assistance Center located in Costa Rica. Before joining the Training Department, he worked for the Cisco TAC as a customer support engineer focused on LAN Switching for more than two years. While working on LAN switching, Wilson also had roles such as technical leader and trainer, adding to his area of expertise in Cisco Catalyst Layer 2 switching. He has CCNP routing and switching certification and is currently studying to achieve his CCNA certification in data center.
    Remember to use the rating system to let Wilson know if you've received an adequate response. 
    Because of the volume expected during this event, Wilson might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure community, subcommunity, LAN, Switching and Routing, shortly after the event. This event lasts through November, 2013. Visit this forum often to view responses to your questions and those of other Cisco Support Community members.

    Hello NetNavi.
    Check the post above about MacSec for more information and let me know if you need further clarification, if so I will do my best,
    In regards to best practices there is a Cisco document; it describes deployments and best practices in every scenario; Supplicants, authenticator, authentication services and other configurations. Please check it out:
    http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6638/deploy_guide_c17-663760.html
    In regards to Private VLANS:
    What is a Private Vlan?
    A private Vlan is a way to isolate hosts within the same Vlan or broadcast domain. So even when you might have devices sharing the same broadcast domain they can be isolated, this isolated is configured based on sub-domains also most often called primary and secondary Vlans.
    What is a primary Vlan?
    The primary Vlan is representation of the private Vlan, a primary Vlan has one or more secondary Vlans, a switch uses the primary Vlan to present traffic from the secondary Vlans to its neighboring devices.
    What is a secondary Vlan?
    A secondary Vlan is a sub-domain of the primary Vlan. We could say that the secondary Vlans belongs to the primary. The must be associated to a primary Vlan. There are two types of secondary vlans: Isolated and Community secondary Vlans.
    What does it happen to host within a secondary isolated Vlan?
    Host within the isolated vlan; can’t communicate to neither other host in the same isoalted vlan nor host in a community vlan.
    What does it happen to host within the secondary community Vlan?
    Host within the community Vlan can communicate with other host assigned to the same community vlan, but they can’t talk to host in other community vlans.
    What are the benefits of implementing private Vlans?
    Scalability: The most common scenario is a service provider. Imagine all customers of a service provider connected through DSL, cable modem… it’s very likely that all customers belong to the same broadcast domain, however if that’s the case why is it that I can’t use my neighbor’s printer, or maybe why is it that I can’t access the files he has store in his computer, (security) we are in the same broadcast shouldn’t I be able to at least ping his ip address?. Well that’s because the ISP must guarantee some type of security for their customers, and because put every single customer that they have in a single Vlan is not scalable they use private Vlans.
    Examples:
    ISP use private vlans to protect from security bridges, Private vlans and isolated Vlans are used to protect personal information for example from one customer to another.
    DMZ; Many implementations utilizes private vlans in a DMZ to limt or minimize that risk of a compromised server.
    I would like to share this documentation with you for further information and configuration guidelines
    http://www.cisco.com/en/US/tech/tk389/tk814/technologies_configuration_example09186a008017acad.shtml#hw
    This document explains what Cisco Catalyst switches support Private Vlans. 
    http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml
    Let me know if you have further questions.
    Regards
    Wilson B.

  • Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOA

    Can anyone help figure out why the Catalyst 6509 is not able to assign an IPv6 address? Thank you.
    Cisco Catalyst 6500 version 12.2(33)SXI13 configured as DHCP server for a VLAN responds to Windows 7 client with status code NOADDRS-AVAIL(2). My configuration on the 6500 for the DHCPv6 server is:
    ipv6 dhcp database disk0://DHCPV6-DB
    ipv6 dhcp pool VLAN206IPV6
     prefix-delegation pool VLAN206IPV6-POOL
     dns-server 2620:B700:0:1001::53
     domain-name global.bio.com
    ipv6 local pool VLAN206IPV6-POOL 2620:B700:0:12C7::/65 65
    interface Vlan206
     description *** IPv6 Subnet ***  
     ip address 10.2.104.2 255.255.255.0
     ipv6 address 2620:B700:0:12C7::2/64
     ipv6 nd prefix 2620:B700:0:12C7::/64 14400 14400 no-autoconfig
     ipv6 nd managed-config-flag
     ipv6 dhcp server VLAN206IPV6
     standby version 2
     standby 0 ip 10.2.104.1
     standby 0 preempt
     standby 6 ipv6 2620:B700:0:12C7::1/64
     standby 6 preempt
    I'm getting a result from my debug as follows:
    Apr 10 16:28:02.873 PDT: %LINK-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
    Apr 10 16:28:02.873 PDT: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/2, changed state to up
    Apr 10 16:28:02.877 PDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/2, changed state to up
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: Received SOLICIT from FE80::5D5E:7EBD:CDBF:2519 on Vlan206
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
    Apr 10 16:28:03.861 PDT:   src FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
    Apr 10 16:28:03.861 PDT:   dst FF02::1:2
    Apr 10 16:28:03.861 PDT:   type SOLICIT(1), xid 8277025
    Apr 10 16:28:03.861 PDT:   option ELAPSED-TIME(8), len 2
    Apr 10 16:28:03.861 PDT:     elapsed-time 101
    Apr 10 16:28:03.861 PDT:   option CLIENTID(1), len 14
    Apr 10 16:28:03.861 PDT:     00010001195FD895F01FAF10689E
    Apr 10 16:28:03.861 PDT:   option IA-NA(3), len 12
    Apr 10 16:28:03.861 PDT:     IAID 0x0FF01FAF, T1 0, T2 0
    Apr 10 16:28:03.861 PDT:   option UNKNOWN(39), len 32
    Apr 10 16:28:03.861 PDT:   option VENDOR-CLASS(16), len 14
    Apr 10 16:28:03.861 PDT:   option ORO(6), len 8
    Apr 10 16:28:03.861 PDT:     DOMAIN-LIST,DNS-SERVERS,VENDOR-OPTS,UNKNOWN
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: Option IA-NA(3) is not supported yet
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: Sending ADVERTISE to FE80::5D5E:7EBD:CDBF:2519 on Vlan206
    Apr 10 16:28:03.861 PDT: IPv6 DHCP: detailed packet contents
    Apr 10 16:28:03.861 PDT:   src FE80::21D:E6FF:FEE4:4400
    Apr 10 16:28:03.861 PDT:   dst FE80::5D5E:7EBD:CDBF:2519 (Vlan206)
    Apr 10 16:28:03.861 PDT:   type ADVERTISE(2), xid 8277025
    Apr 10 16:28:03.861 PDT:   option SERVERID(2), len 10
    Apr 10 16:28:03.865 PDT:     00030001001DE6E44400
    Apr 10 16:28:03.865 PDT:   option CLIENTID(1), len 14
    Apr 10 16:28:03.865 PDT:     00010001195FD895F01FAF10689E
    Apr 10 16:28:03.865 PDT:   option STATUS-CODE(13), len 15
    Apr 10 16:28:03.865 PDT:     status code NOADDRS-AVAIL(2)
    Apr 10 16:28:03.865 PDT:     status message: NOADDRS-AVAIL

    Hello,
    maybe hitting the following bug.
    Pv6 Address Assignment Support for IPv6 DHCP Server
    CSCse81385
    Hope this helps

  • Alternative switch to Cisco Catalyst 3750v2-24FS and 3750-24FS

    I`m looking for an alternative to these two switches:                 
    1.  WS-C3750V2-24FS-S  Cisco Catalyst 3750V2-24FS Switch with 24 100FX SFP + 2 Gigabit Ethernet SFP Ports
    2. Cisco Catalyst 3750-24FS (WS-C3750-24FS-S 100BASE-FX)
    They are now EOL and not available.
    I have a campus style network and need to be able to connect multiple 100FX fibre switches back to a central switch. The 1st unit uses 100FX SFP modules and the second has in-built 100FX ports. I`m struggling to find anything from Cisco that will give me multiple (i.e 12+) 100FX ports.
    Could anyone please point me in the right direction?
    Many thanks,
    Paul

    Hi Paul ,
    Replacement for both switch is WS-C3650-48TS-S.
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/eos-eol-notice-c51-730227.html
    http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5023/end_of_life_c51-687707.html
    Regards
    Don't forget to rate helpful posts
    Sent from Cisco Technical Support iPhone App

  • Cisco Catalyst 3850 as ntp master

    Hi All,
    I have 2 x Cisco Catalyst 3850 stacked together. What are your recommendations if I use the C3850 as a ntp master for all edge switches connected in my network? All edge switches must be authenticated if it needs NTP sychronization. But other than that, what are the downsides?
    For example,
    1. I heard that switches do not have an internal clock so is a poor device to be a centralized NTP master.
    2. I have also read that switches also have slow CPU processors that may lack the processing required.
    3. Its NTP sychronization will use external NTP servers which are resolved into IP addresses (e.g. pool.ntp.org). IP address can change. What other more reliable NTP sources are there?
    4. Any other thoughts and comments are most welcome.

    Firstly, DO NOT use the command "ntp master".  Cisco do not recommend using this commands because this will confuse the NTP propagation inside the network.  
    Next, all Cisco devices do not have a dedicated clock.  All appliances need to get SNTP/NTP time synch from somewhere.  This "somewhere" could either be a dedicated GPS-based NTP server and/or a time synch somewhere out in the internet.  
    You can also use the command "ntp update-calendar".  This new command allows appliances to take regular "snapshot" of the time and save it into the NVRAM.  In case there was a reboot or a power failure, the appliance's time is not too far away instead of waiting 5 to 10 minutes for SNTP/NTP to synch.

Maybe you are looking for

  • SPED Contábil - bloco I050

    Boa tarde! No bloco I050 - plano de contas, o SPED Contábil irá trazer o plano de contas completo, tenha havido lançamento na conta ou não? Este entendimento está correto? Se eu gerar o SPED Contábil para 2008, com range de datas de 2008, uma conta c

  • How can recover files from a HD with damaged "permissions"

    I had a second HD drive installed on my macbook pro with my iPhoto library and other files stored and, for my own stupid reasons, which had not been backed up for over 3 months. It was actually the original Toshiba boot drive that came with the machi

  • Easy question about JScrollPane issue

    The problem is I do not understand why it is not possible, or what I am doing wrong to not be able to initialize a JScrollPane with a variable and call it later, real easy to see in the code below. NOTE! I CAN use scrollbars, but only without initial

  • Need JDeveloper Exact Version for 11.5.9

    Hi All, I would like to develop the new pages by using OA Framework. To develop the page in 11.5.9 version what is the exact compatible JDeveloper version? See below for my OAInfo details.... OA Framework Version --> 5.7.H.V6 MDS Version --> 9.0.3.6.

  • Expand items on a material document

    The system allows to post 100 items per material document and after that it create a new document. How can we have the system to allow more than 100 items per material document? Is there any configuration/developement?