Native vlan on 3750 switch

Is it possible to configure AAA and EAPFAST on a 3750G switch to use a vlan other than vlan1 for management/native vlan?  We are working with RADIUS on Server 2008.

Hi John,
Yes, you can do that.
On 3750 you can take a look at the feature called 802.1x Authentication with VLAN Assignment:
http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/sw8021x.html#wp1289244.
Basically, you define on the RADIUS server what VLAN each User (or User Group) you want to assign, then when the user connects the PC to the port, it authenticates and the RADIUS server returns the required attributes for VLAN assignament to the switch. The switch interprets them and changes the switchport to the configured VLAN.
The switch will be a simple man-in-the middle during authentication and only processes the RADIUS Reject (if authe fails) or RADIUS Accept (if authe passes).
The authentication methods like EAP-FAST must be agreed between the RADIUS server (AAA Server) and the PC (AAA supplicant).
If you want to authenticate users based on certificates you have to use either EAP-FAST, EAP-TLS or EAP-TTLS.
The most widely spread (which comes by default on WinXP machines) authentication method is PEAP which uses MS-CHAP (username/password) to authenticate users.
HTH,
Tiago
If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Similar Messages

  • Native VLan on acess switch

    I've 7 accesss switches from which one switch is connected to 2nd switch with RJ 45 Trunk and other switches cascaded with eachother.
    My question is ,Is native vlan necessary on all access switches, if yes than ?
    Overview:SW1-Trunkport Fa0/1 to SW2-Fa0/13.
    SW2-SW3-SW4-SW5-SW6-SW7(Cascading).
    SW4-Connected to core switch Trunk port.
    Encapsulation type is dotlq and the cascaded switches are in half duplex but the switch that has the RJ45 trunk connectivity with 2nd switch is in Auto duplex and the connectivity for core switch is also in Auto duplex from one of access switch.
    Is that affecting speed?

    Thank you for that.
    Last thing I want to know that , can i remove Native Vlans from the uplink and gb ports ,
    Is that Necessary to keep in Native Vlan?
    If no than why?
    interface GigabitEthernet0/1
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 100******
    switchport mode trunk
    interface GigabitEthernet0/2
    description *** Cascaded to...***
    duplex half
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 100****(Can I remove, if no use?)
    switchport mode trunk

  • Native Vlan Mismatch on Switch LD connected to

    I am running 3 switches each with the same 3 vlans. I also have 2 local directors in failover mode. The primary has interfaces connected to switch one and the secondary has interfaces to switch two. Trunking is disabled on all device ports but enabled on a dedicated fiber connection between the 2 switches
    The first vlan is vlan 1 for management
    The second is vlan 2 for the gateway side of the local directors
    The third is vlan 3 for the server side of the local directors
    On the primary switch I am logging CDP messages telling me i have a native vlan mismatch on the 2 local director ports. The secondary switch I dont get these messages.
    Any ideas what is going on here and why? Thanks, Art.

    You mention above " but trunking is enabled on a dedicated fiber connection between the two switches", therefore trunking is enabled.
    Because trunked ports need to be assigned to the same native vlan, I would do a "show trunk" and verify that the port used for trunking on each switch, are assigned to the same native vlan, I've seen the mismatch if the are not. That command above is if your switch is using CatalystOS, otherwise, use this command for NativeOS - sh int fast 0/1 switchport and look for the "trunking native mode vlan" number. They must match on each side. To correct the problem, do set vlan 1 4/10 to assign port 4/10 to vlan 1 which, is your management vlan which I assume you've choosen to be your native vlan.
    Hope this helps.

  • Native VLAN on Cisco Switches

    I have a question regarding the default native  vlan, I have a cisco based environment and I set vlan XXX on a native on  trunk links, I also running Multiple Spanning Tree on my switches &  create instances for vlan segregation.
    My question is here could I put vlan 1 (default) in any of instance or not?
    Thanks & Regards,

    With MST, it is not running per VLAN spanning tree, it sends all BPDUs via instance 0 which is called the CIST. These frames are sent untagged via the native VLAN. Normally this is VLAN 1 but if you change it to another VLAN then the BPDUs are sent untagged on that native VLAN.
    Regarding if to use instance 0 or not, it is often recommended to create as many instances as you need to create the desired topology (usually two) and put your VLANs in those instances. It's a good pratice to map all your VLANs straight away because changing the instance to VLAN mapping makes the MST region become multi region until they all have the same instance to VLAN mapping.
    I would keep all VLANs out of instance 0 but it's definitely possible to have VLANs mapped in instance 0 as well.
    Daniel Dib
    CCIE #37149
    Please rate helpful posts.

  • Native VLAN on wired switch and wireless AP

    On our 3560g switch we have g0/15 set up as a trunk to connect our wireless AP.
    Port Mode Encapsulation Status Native vlan
    Gi0/15 on 802.1q trunking 35
    Port Vlans allowed on trunk
    Gi0/15 1-4094
    Port Vlans allowed and active in management domain
    Gi0/15 1,10-14,18,20,22,30,35
    Port Vlans in spanning tree forwarding state and not pruned
    Gi0/15 1,10-14,18,20,22,30,35
    On my AP I have the native VLAN as 1.
    From my reading I found that the AP and the switch port should have the same Native vlan on both ends of the trunk. Well my access point will not work unless the AP trunk is on 1 and the switch is on 35. Any ideas?

    dot11 ssid guestwifi
    vlan 20
    authentication open eap eap_methods
    authentication network-eap eap_methods
    authentication key-management wpa
    dot11 ssid nwifi
    vlan 35
    authentication open eap eap_methods
    authentication network-eap eap_methods
    authentication key-management wpa
    guest-mode
    dot11 arp-cache optional
    c
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers aes-ccm tkip
    encryption vlan 35 mode ciphers aes-ccm tkip
    encryption vlan 1 mode ciphers aes-ccm tkip
    encryption vlan 20 mode ciphers aes-ccm tkip
    ssid guestwifi
    ssid raydonwifi
    mbssid
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    channel 2462
    station-role root
    no dot11 extension aironet
    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface Dot11Radio0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    bridge-group 20 block-unknown-source
    no bridge-group 20 source-learning
    no bridge-group 20 unicast-flooding
    bridge-group 20 spanning-disabled
    interface Dot11Radio0.35
    encapsulation dot1Q 35
    no ip route-cache
    bridge-group 35
    bridge-group 35 block-unknown-source
    no bridge-group 35 source-learning
    no bridge-group 35 unicast-flooding
    bridge-group 35 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    encryption mode ciphers tkip
    speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
    channel 5200
    station-role root bridge
    antenna receive right
    antenna transmit right
    bridge-group 1
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    interface FastEthernet0.20
    encapsulation dot1Q 20
    no ip route-cache
    bridge-group 20
    bridge-group 20 spanning-disabled
    interface FastEthernet0.35
    encapsulation dot1Q 35
    no ip route-cache
    bridge-group 35
    bridge-group 35 spanning-disabled
    interface BVI1
    ip address 192.168.35.12 255.255.255.0
    no ip route-cache
    ip default-gateway 192.168.35.1
    no ip http server
    ip http authentication aaa
    ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    ip radius source-interface BVI1
    access-list 111 permit tcp any any neq telnet
    snmp-server community home RO
    snmp-server enable traps tty
    control-plane
    bridge 1 route ip
    line con 0
    access-class 111 in
    transport preferred all
    transport output all
    line vty 0 4
    access-class 111 in
    transport preferred all
    transport input all
    transport output all
    line vty 5 15
    access-class 111 in
    transport preferred all
    transport input all
    transport output all
    end

  • VLAN on 3750 switch

    I am trying to create a SVI on a catalyst 3750 switch but when I do a show int vlan , it indicates the line protocol is down.What could ve the problem and how do I get it up?
    Here is my config:
    Switch#vlan database
    Switch(vlan)#vlan 700 name Management
    Switch(vlan)#exit
    Switch#conf t
    Switch(config)#int vlan 700
    Switch(config-if)#ip address 172.16.1.1 255.255.255.0
    Switch(config-if)# no shut
    Switch(config-if)#^z
    What did I do wrong and whatz the way forward ?

    Hi Friend,
    It will remain in line down state till the time you ceate any active port for that vlan.
    Suppose you craete SVI for vlan 700 you have to assign any physical port to that vlan or else create a trunk port and allow that vlan on that trunl and the line protocl will come up.
    So in short any SVI should have a physical port assignment or there should be an active trunk for that vlan.
    HTH, if yes please rate the post.
    Ankur

  • Migration of users in different vlans of 3750 Switches

    I have 30 switches of access (3750). I require To migrate 1200 users connected to this switches of vlan 1 (172.23.8.0 /22) to vlan 2 (172.23.52.0 /22). They changed in server DHCP the rank 172.23.8.0 /22 to 172.23.52.0 /22. ¿In this case the only solution is to change the ports of switches of vlan 1 to vlan 2?. Can i configure 2 vlans in the ports of switches 3750?. What you recommend to make this migration in the efficient form?

    well you could use the command interface range fastehternet 0/1 - 48 (change the command according to your ports) and then execute the switchport access vlan 2 command.
    Like this all the ports will be changed in one shot. When to do it.....well during a weekend.
    The biggest problem is see is that the workstations have to get a new IP address from DHCP after the migration so i suggest that you put the lease expiration to one day. Like this all the workstations will ask for a new ip address every day and after the change to vlan 2 they will ask an ip and everybody will have connectivity and it should be transparent for the user than.
    FYI A switch port can always only belong to a single vlan or it has to be a trunk port to support multiple vlans what is not recommended in your situation.
    Yves
    rate this post if it helped
    Yves

  • How one Switch identify the Native vlan mismatch

    Dear All,
    I am using two cisco L2 switches. Both are connected by a trunk link. Unfortunately I configured different native vlan between two switches. Suddenly I got an error that native vlan mismatch. When I changed the configuration Now it's working fine. My question is that how one switch identify that native vlan mismatch(either by Bpdu, cdp or packet). Please mention which of the following used by switch to identify native Vlan mismatch.
    Regards,
    Sanjib

    Sanjib, Karsten,
    It's CDP.
    Yes, and STP as well if you run a trunk between the two switches. PVST+ and RPVST+ BPDUs have a TLV in their trailer that carries the VLAN number for which the BPDU was originated. If the BPDU is received in a different VLAN (caused by a native VLAN mismatch), the receiving switch will be able to detect it.
    Wireshark 1.12.x will be capable of displaying this TLV field in captured PVST+ and RPVST+ BPDUs. Until 1.12.x is released, you may want to try daily builds from:
    http://www.wireshark.org/download/automated/
    They already incorporate the enhancement.
    Best regards,
    Peter

  • Fabric interconnect and Native Vlan

    Hi
    I just want to ask a simple question
    is there any precautions with native vlan between the Switched infrastructure and the Fabric interconnect ?! 
    I mean can I use any vlan as a native vlan ex.999 "anything but not 1" ?! 

    As a security best practice on trunks carrying multiple VLANs you should not allow the native vlan on the line.  When you have a single VLAN going to a device, an end node for example, the port should be configured as an access port with a single data VLAN, and potentially a voice vlan if that will be used.  
    For example, our N5Ks have a trunk to each of our UCS interconnects.  We set the native VLAN on the n5k side to 999. 999 is not in the allowed list for the trunk then, so the native VLAN never makes it to the ucs.  On the ucs then, any server that can handle VLANs (esxi for example) we send only tagged VLANs -- no VLAN is marked native, thus accomplishing the same thing as we did for the n5k to FI link.
    It is recommended to not leave your native VLAN as 1 as best practice.  It's less of a concern if the native VLAN isn't in the allowed list, but to avoid mis configuration issues you should set it to another VLAN. 

  • SPT Inconsistent Native Vlan

    Hi,
    I cant figure out why this is showing on switches.
    Core switch brc-k25-1 is using Native Vlan 1
    Access switch c2-k25-5 is using Native Vlan 1
    I get the following error message on the access switch:
    Jun 27 08:57:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
    Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
    Jun 27 08:57:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
    Jun 27 08:57:40: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
    Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
    Jun 27 08:57:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
    Jun 27 08:57:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
    Because of the error, I cannot login to the access switch using the native Vlan IP Address.
    brc-k25-1 config:
    interface GigabitEthernet3/2
     description c2-k25-5
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 1,146,171
     switchport mode trunk
     logging event link-status
     logging event trunk-status
     qos trust dscp
     tx-queue 1
       bandwidth percent 69
     tx-queue 2
       bandwidth percent 1
     tx-queue 3
       bandwidth percent 15
       priority high
     tx-queue 4
       bandwidth percent 15
    end
    brc-k25-1#sh interfaces gigabitEthernet 3/2 switchport
    Name: Gi3/2
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk associations: none
    Administrative private-vlan trunk mappings: none
    Operational private-vlan: none
    Trunking VLANs Enabled: 1,146,171
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    interface Vlan1
     ip address 172.27.40.254 255.255.255.02
     ip access-group vlan1out out
    ==================================================
    c2-k25-5 config:
    c2-k25-5#sh cdp ne
    Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                      S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                      D - Remote, C - CVTA, M - Two-port Mac Relay
    Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
    brc-k25-1        Gig 1/0/49        138             R S I  WS-C4506  Gig 3/2
    interface GigabitEthernet1/0/49
     description brc-k25-5
     switchport trunk allowed vlan 1,146,171
     switchport mode trunk
    interface Vlan1
     ip address 172.27.40.18 255.255.255.0
    interface Vlan146
     ip address 172.31.146.1 255.255.255.0
    c2-k25-5#sh interfaces gigabitEthernet 1/0/49 switchport
    Name: Gi1/0/49
    Switchport: Enabled
    Administrative Mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: On
    Access Mode VLAN: 1 (default)
    Trunking Native Mode VLAN: 1 (default)
    Administrative Native VLAN tagging: enabled
    Voice VLAN: none
    Administrative private-vlan host-association: none
    Administrative private-vlan mapping: none
    Administrative private-vlan trunk native VLAN: none
    Administrative private-vlan trunk Native VLAN tagging: enabled
    Administrative private-vlan trunk encapsulation: dot1q
    Administrative private-vlan trunk normal VLANs: none
    Administrative private-vlan trunk associations: none
    Administrative private-vlan trunk mappings: none
    Operational private-vlan: none
    Trunking VLANs Enabled: 1,146,171
    Pruning VLANs Enabled: 2-1001
    Capture Mode Disabled
    Capture VLANs Allowed: ALL
    Protected: false
    Unknown unicast blocked: disabled
    Unknown multicast blocked: disabled
    Appliance trust: none

    Thanks for the replies.
    I did remove the ACL from the VLAN1 but nothing change. Also the allowed VLAN1 was not included in the trunk allowed before, same result as now.
    Jun 30 09:06:40: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 171 on GigabitEthernet1/0/49 VLAN1.
    Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_PEER: Blocking GigabitEthernet1/0/49 on VLAN0171. Inconsistent peer vlan.
    Jun 30 09:06:40: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet1/0/49 on VLAN0001. Inconsistent local vlan.
    Jun 30 09:06:41: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
    Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0171. Port consistency restored.
    Jun 30 09:06:55: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet1/0/49 on VLAN0001. Port consistency restored.
    Jun 30 09:06:56: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
    We have multiple switches attached to the brc-k25-1 and only 2 switches are affected using VLAN1 management. I had to create another VLAN ID so that I can use that IP Address to SSH. Very weird problem.

  • Native Vlan Missmatch message

    Hi All,
    I am connecting 2950 switch port to 6505 switch port, both ports are in trunking mode and allowing only one vlan on the both.
    On 6505 switch I set as follows:-
    enable> set trunk 2/23 700
    enable> set trunk 2/23 nonegotiate dot1q.
    On 2950 I set it as follows:
    (conf)int f0/23
    switchport mode trunk
    switchport trunk Native vlan 700
    switchport nonegotiate.
    when I issue the show logging, I noticed the (Native Vlan missmatch).
    when I chang the switch port config on 2950 to the following it doesn't work:-
    int f0/23
    switchport mode trunk
    switchport trunk allowed vlan 700
    switchport nonegotiate
    when I did the above, the traffic is discarded and subnets 0n the Core 6505 couldn't access subnets on their remote locations.
    Could any body tell me the reason of that, and why I am getting Native Message? as well as why it works only if I set 2950 swith port to (trunk Native vlan ,,,, or ,,,, access mode).
    thanks...

    Hi Friend,
    On cat6k though you have configured it as trunk and allowed only vlan 700 but still the native vlan is 1 by default.
    And you have configured on 2950 native vlan as 700.
    So what I will suggest you is to change the native vlan on cat6k switch also to vlan 700
    How you can do this on catos is
    set vlan 700 2/23
    Now what this will do is on cat6k it will make vlan 700 as native on trunk and you can keep the conig on 2950 same
    (conf)int f0/23
    switchport mode trunk
    switchport trunk Native vlan 700
    switchport nonegotiate.
    or if you just waan a get rid of the error message and keep the config as it was earlier you can also disable CDP on the interface level.
    HTH, if yes please rate the post.
    Ankur

  • Is this considered NATIVE VLAN?

    Greetings All I know that the Native VLAN in a switch is VLAN 1
    Since my access points needs a native vlan to perform multiple SSID and VLANS etc. If the ACcess pont is sitting on VLAN 20 with an ip address assinged to it from that vlan does that mean VLAN 20 is native?? Sorry for the ignorant question but I am trying to do multiple ssid etc

    Hey Pete,
    Have a read of this good doc, here is an excerpt;
    The routers and switches that make up the physical infrastructure of a network are managed in a different method than the client PCs that attach to that physical infrastructure. The VLAN these router and switch interfaces are members of is called the Native VLAN (by default, VLAN 1). Client PCs are members of a different VLAN, just as IP telephones are members of yet another VLAN. The administrative interface of the access point or bridge (interface BVI1) are considered and numbered a part of the Native VLAN regardless of what VLANs or SSIDs pass through that wireless device.The switchport config might look like this;
    switchport mode trunk
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 1
    switchport trunk allowed vlan 1,10,30
    Where vlan 1 is Native and vlan 10 and 30 will be associated with SSID's.
    When you use an IEEE 802.1Q trunk port, all frames are tagged except those on the VLAN configured as the "native VLAN" for the port. Frames on the native VLAN are always transmitted untagged and are normally received untagged. Therefore, when an AP is connected to the switchport, the native VLAN configured on the AP must match the native VLAN configured on the switchport.
    Note: If there is a mismatch in the native VLANs, the frames are dropped.
    This scenario is better explained with an example. If the native VLAN on the switchport is configured as VLAN 12 and on the AP, the native VLAN is configured as VLAN 1, then when the AP sends a frame on its native VLAN to the switch, the switch considers the frame as belonging to VLAN 12 since the frames from the native VLAN of the AP are untagged. This causes confusion in the network and results in connectivity problems. The same happens when the switchport forwards a frame from its native VLAN to the AP.
    From this good doc;
    Using VLANs with Cisco Aironet Wireless Equipment
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanap
    Hope this helps!
    Rob
    Please remember to rate helpful posts.........

  • LAN Switches cannot be accessed by Telnet, SSH or console in native vlan

    Hi to all of you:
    I do have a question about tagging the native vlan.
    In our network we do have about 90 L2 and L3 switches, 2950 the oldest, 2960, 2960S, 3560 PoE, 3750 and 4503E, and we are running VTP, and 43 vlans within the entire network.
    our Native VLAN is still vlan 1, and there are many corporative applications running in this vlan.
    We have upgraded the IOS for the switches to the latest IOS version about 6 months ago, and after that we started to have issues on the switches, related to accessing the switch, either by telnet, ssh, or even console. However, the switch is still working fine, I mean, doing all bridging and switching traffic.
    I have to reset or reload (power cycle) if I want to access the switch.
    I have read that having the native vlan can be a problem.
    Could you please let me know if you have gone through this problem?
    Thanks in advance for your help.
    Javier F. Berthin H.

    Hi Karhtick:
    I guess you have the best answer, you suggested the memory command and I am attaching you as result.
    Next step should be to downgrade the IOS?, because we did the upgrade just in order to have the latest IOS published by Cisco.
    If you need the config please let me know, for complementary comments.
    Thanks for your help.
    Javier
    Core_Toldos#
    Core_Toldos#
    Core_Toldos#sh processes memory sorted
    Processor Pool Total:   57114592 Used:   42061488 Free:   15053104
          I/O Pool Total:   12582912 Used:    9397428 Free:    3185484
    Driver te Pool Total:    1048576 Used:         40 Free:    1048536
    PID TTY  Allocated      Freed    Holding    Getbufs    Retbufs Process
       0   0   56706116   14325484   38372056          0          0 *Init*
    197   0    4506712    2363500    1463652          0          0 Auth Manager
       0   0          0          0    1443720          0          0 *MallocLite*
       0   0  577244636  370831296     916016   12457311    3203234 *Dead*
    236   0     532808      46152     507068          0          0 IP ARP Adjacency
    303   0    1335768     890528     450448          0          0 ADJ resolve proc
    230   0   27640244      15996     378344      10152          0 CDP Protocol
      77   0     368260   14413456     377820          0          0 EEM ED ND
    102   0     385848        232     362236          0          0 HLFM address lea
    404   0    3397428    3069392     334928          0          0 hulc running con
    192   0     307492      21604     294808          0          0 HL2MCM
    193   0     356552      70624     294744          0          0 HL2MCM
    357   0     265100          0     275260     100548          0 EEM ED Syslog
    365   0  126849404   86726456     255248          0          0 EEM Server
      87   0     569060     274864     244984          0          0 Stack Mgr Notifi
    203   0     753032     492440     164316          0          0 DTP Protocol
    201   0     737920     526656     159424          0          0 802.1x switch
      13   0  505129716  504972016     156620          0          0 ARP Input
    Core_Toldos#

  • Does the dot1q native VLAN need to be defined on the switch?

    I understand the issues with using VLAN 1 as the native VLAN on a dot1q trunk. I follow best practices and change the native VLAN to a VLAN that does not carry any other traffic (switchport trunk native vlan x). I usually go a step further and do not define the VLAN in the switch configuration. This way if traffic bleeds into the native VLAN because it is untagged then it cannot go anywhere.   So if I use VLAN 999 as the native VLAN, I do not create VLAN 999 on the switch.   I’m curious if anyone else does this or if there are any thoughts on whether this is a good or bad practice? 

    If you are tagging your native VLAN but do not have that VLAN in the vlan database - it makes no difference if the VLAN exists or not in my opinion. All the vlans on your trunks would be tagged anyway.
    It seems like a clever idea, but not sure if it provides any benefit.

  • Wireless AP native vlan and switch trunk

    Hi,
    I am unable to ping my ap, i think it is due to the multiple vlan issues, can provide some advise, my config for the ap and switch is as below
    AP Config
    version 15.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    hostname hostname
    logging rate-limit console 9
    enable secret 5 $1$ZxN/$eYOf/ngj7vVixlj.wjG2G0
    no aaa new-model
    ip cef
    dot11 syslog
    dot11 ssid Personal
       vlan 2
       authentication open
       authentication key-management wpa version 2
       guest-mode
       wpa-psk ascii 7 070E26451F5A17113741595D
    crypto pki token default removal timeout 0
    username Cisco password 7 1531021F0725
    bridge irb
    interface Dot11Radio0
    no ip address
    encryption vlan 2 mode ciphers aes-ccm tkip
    ssid Personal
    antenna gain 0
    stbc
    beamform ofdm
    station-role root
    no dot11 extension aironet
    interface Dot11Radio0.2
    encapsulation dot1Q 2
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 spanning-disabled
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    interface Dot11Radio0.100
    encapsulation dot1Q 100 native
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    interface Dot11Radio1
    no ip address
    encryption vlan 2 mode ciphers aes-ccm tkip
    ssid Personal
    antenna gain 0
    no dfs band block
    stbc
    beamform ofdm
    channel dfs
    station-role root
    interface Dot11Radio1.2
    encapsulation dot1Q 2
    bridge-group 2
    bridge-group 2 subscriber-loop-control
    bridge-group 2 spanning-disabled
    bridge-group 2 block-unknown-source
    no bridge-group 2 source-learning
    no bridge-group 2 unicast-flooding
    interface Dot11Radio1.100
    encapsulation dot1Q 100 native
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    interface GigabitEthernet0
    no ip address
    duplex auto
    speed auto
    interface GigabitEthernet0.2
    encapsulation dot1Q 2
    bridge-group 2
    bridge-group 2 spanning-disabled
    no bridge-group 2 source-learning
    interface GigabitEthernet0.100
    encapsulation dot1Q 100 native
    bridge-group 1
    bridge-group 1 spanning-disabled
    no bridge-group 1 source-learning
    interface BVI1
    ip address 192.168.1.100 255.255.255.0
    ip default-gateway 192.168.1.1
    ip forward-protocol nd
    ip http server
    no ip http secure-server
    ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
    bridge 1 route ip
    line con 0
    line vty 0 4
    password 7 01181101521F
    login
    transport input all
    end
    Switch Port config
    interface FastEthernet1/0/10
    switchport trunk native vlan 100
    switchport mode trunk

    I will re-check the routing again but could it be some bridging issues ?
    interface GigabitEthernet0
    no ip address
    duplex auto
    speed auto
    **** unable to put up this command on the giga port
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    I try to put this command on the gigaethernet port but it does not allow me, could this be the bridging  issue ?

Maybe you are looking for

  • I cannot update apps, failed as a result that it says it is Brazilian and I'm in South Africa, please help.

    I can't update applications as I am being notified that it is Brazilian and not in South Africa. I am in South Africa. How does one change it to South Africa. I have so many updates but can't update. Please help!!!

  • Profit Centre and Plant

    Hi, What is the link between Profit Centre and a Plant on SAP? Where are they maintained? Please advise, Thanks, Themba

  • Adding Full Screen Function Within Browswer

    We are nearing completion of a video project that on our web site we have several quicktime movies that I need to play full screen when they click on the movie link. I can do this within quicktime and also if I type in a URL from within Quicktime, bu

  • Help During Installation

    Hi all, I am a first time user of APEX and tried to install it with ORACLE 10.2. I have followed the steps during installation a: create the two tablespaces (user and files) for apex to use. b. run apexins.sql however i get this error: wwv_flow_api.c

  • Problem in working with HttpURLConnection ..

    Hi I am working on HttpURLConnection class. But my problem is i want to make persistent connection for further request to the same http URL. According to java doc HttpURLConnection uses persistent connection. But practically it doesn't looks like.. i