Nexus5k - LACP towards HP blades switch(and nortel blade switch)

Similar Messages

• HSRP between 2 access switches and 2 core switches

  Hi I am looking for running HSRP between 2 access switches and 2 core switches for client PC and Server network’s next-hop redundancy as per attached setup.
  As you can see I have used one /29 network for connecting CORE & ACCESS switches & configure Interface VLAN10 (Layer 3 SVI) with shown IPs and standby IP (VIP).G0/1 on Access Switches & G2/1 on Core Switches are access ports for VLAN10.
  There is a L2 Trunk interconnecting Core-Main/Backup & as well as Access-Main/Backup Switches allowing VLAN10 to allow VLAN10’s HSRP packets to pass through (apart from other HSRP instances).
  Below are the HRSP & Trunk configuration on Core and Access Switches please have a look and suggest if they are correct in term of HSRP implementation, as I can see on both side HSRP master & standby status are fine as desired, but I can’t ping VIP of ACCESS Switch from CORE switch, but the VIP of CORE switch I can ping from ACCESS switch.
  Access-Main
  interface GigabitEthernet0/1
   description ***Connected to CR-SW-01 PORT G2/1***
   switchport access vlan 10
   switchport mode access
   load-interval 30
  interface GigabitEthernet0/2
   description ***Connected to AC-SW-01 & AC-SW-02 for HRSP***
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10,40
   switchport mode trunk
   load-interval 30
  interface Vlan10
   description ***Connected to CR-SW-01 PORT G2/1***
   ip address 10.10.11.1 255.255.255.248
   standby 1 ip 10.10.11.2
   standby 1 timers msec 200 msec 750
   standby 1 preempt delay minimum 180
   standby 1 authentication accvlan10
  Access-Backup
  interface GigabitEthernet0/1
   description ***Connected to CR-SW-02 PORT G2/1***
   switchport access vlan 10
   switchport mode access
   load-interval 30
  interface GigabitEthernet0/2
   description ***Connected to AC-SW-01 & AC-SW-02 for HRSP***
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10,40
   switchport mode trunk
   load-interval 30
  interface Vlan10
   description ***Connected to CR-SW-02 PORT G2/1***
   ip address 10.10.11.3 255.255.255.248
   standby 1 ip 10.10.11.2
   standby 1 priority 10
   standby 1 timers msec 200 msec 750
   standby 1 preempt delay minimum 180
   standby 1 authentication accvlan10
  Core-Main
  interface GigabitEthernet2/1
   description ***Connected to AC-SW-01 PORT G0/1***
   switchport access vlan 10
   switchport mode access
   load-interval 30
  interface GigabitEthernet2/2
   description ***Connected to CR-SW-01 & CR-SW-02 for HRSP***
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10,20
   switchport mode trunk
   load-interval 30
  interface Vlan10
   description ***Connected to AC-SW-01 PORT G0/1***
   ip address 10.10.11.4 255.255.255.248
   standby 1 ip 10.10.11.5
   standby 1 timers msec 200 msec 750
   standby 1 preempt delay minimum 180
   standby 1 authentication crvlan10
  Core-Backup
  interface GigabitEthernet2/1
   description ***Connected to AC-SW-02 PORT G0/1***
   switchport access vlan 10
   switchport mode access
   load-interval 30
  interface GigabitEthernet2/2
   description ***Connected to CR-SW-01 & CR-SW-02 for HRSP***
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 10,20
   switchport mode trunk
   load-interval 30
  interface Vlan10
   description ***Connected to AC-SW-02 PORT G0/1***
   ip address 10.10.11.6 255.255.255.248
   standby 1 ip 10.10.11.5
   standby 1 priority 10
   standby 1 timers msec 200 msec 750
   standby 1 preempt delay minimum 180
   standby 1 authentication crvlan10

  Hi Rick thanks once again, so I am assuming I should use to configure as below and still one /29 subnet I can use to connect these Switches with the above static routings.
  Access Switch-Main
  interface Vlan10
   description ***Connected to CR-SW-01 PORT G2/1***
   ip address 10.10.11.1 255.255.255.248
   standby 2 ip 10.10.11.2
   standby 2 timers msec 200 msec 750
   standby 2 preempt delay minimum 180
   standby 2 authentication accvlan10
  ip route 192.168.20.0 255.255.255.0 10.10.11.5
  Access Switch-Backup
  interface Vlan10
   description ***Connected to CR-SW-02 PORT G2/1***
   ip address 10.10.11.3 255.255.255.248
   standby 2 ip 10.10.11.2
   standby 2 priority 10
   standby 2 timers msec 200 msec 750
   standby 2 preempt delay minimum 180
   standby 2 authentication accvlan10
  ip route 192.168.20.0 255.255.255.0 10.10.11.5
  Core Switch -Main
  interface Vlan10
   description ***Connected to AC-SW-01 PORT G0/1***
   ip address 10.10.11.4 255.255.255.248
   standby 1 ip 10.10.11.5
   standby 1 timers msec 200 msec 750
   standby 1 preempt delay minimum 180
   standby 1 authentication crvlan10
  ip route 192.168.40.0 255.255.255.0 10.10.11.2
  Core Switch -Backup
  interface Vlan10
   description ***Connected to AC-SW-02 PORT G0/1***
   ip address 10.10.11.6 255.255.255.248
   standby 1 ip 10.10.11.5
   standby 1 priority 10
   standby 1 timers msec 200 msec 750
   standby 1 preempt delay minimum 180
   standby 1 authentication crvlan10
  ip route 192.168.40.0 255.255.255.0 10.10.11.2

• Centrally Switched and Flex Local Switched WLAN - same SSID

  Hi All
  I am currently working on a WLAN migration from lightweight to autonomous and would like advice on whether the following scenario is possible.
  We've deployed an 8500HA pair at the customer's central HQ with the plan that SSIDs at the central HQ will centrally switch with SSIDs at branch sites locally switching.  AP and Flex groups have been configured for the HQ and branch sites.  There is a legacy SSID at HQ that will need to break out locally so a flex group is required for HQ.
  My original plan was to do this with one WLAN Profile per SSID, configured to locally switch.  The HQ AP group will map WLAN to the relevant IP interface with the SSID omitted from the HQ Flex Group so that the SSID will centrally switch.  The branch AP groups will be configured with the SSIDs required for branch and Flex groups will be configured to break out the SSIDs  into the relevant local VLAN.
  My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
  Configured as above a client debug gives the below which seems to suggest that it isn't possible, unless I've configured something incorrectly...
  *apfMsConnTask_5: Oct 03 15:48:51.012: c0:18:85:48:c0:5d Central switch is FALSE
  My alternative option is to create a second WLAN profile for each SSID with the same SSID name but centrally switched and then apply that accordingly in the AP groups.
  If someone can verify the above I'd be very grateful.
  Many thanks in advance
  Mark

  Hi Mark
  My question is, is it possible for an SSID to be configured as locally switched for branches but also centrally switched for HQ, by configuring it in the HQ AP Group but omitting it from the HQ Flex group?
  When you configure an SSID for local switching, it is only applicable if AP in Flexconnnect mode. So as long as your HQ APs are in Local mode then all those users traffic will be central switch for the given SSID. At branch those AP are in Flex mode, they will locally switched.
  Pls do not forget to rate our responses if that is useful to you
  HTH
  Rasika

• Differences between VMware virtual switches and HyperV virtual switches

  Hello,
  I've deployed an OpenVpn infrastructure (configured in bridging mode) within a VMmare ESX4 environment.
  The scenario is this:
  A remote client connects to the OpenVpn server (VM1), VM1 also owns an interface where traffic passes in tagged mode complaint to vlan 8021q, VM2 owns a interface on the vlan10. VM1 can ping VM2 without any problem (supposing vlan 10 traffic), but the remote
  client cannot ping VM2.
  The scenario works perfectly in a physical environment (without any virtual machine).
  The scenario is like this:
  Analizing traffic with Wireshark on the VM2 I've noticed that an ARP request leaves from the remote client MAC to the destination host interface of VM2 (broadcast ARP request).
  The host VM2 sends an ARP reply directly to the MAC address of the remote client.
  This last packet doesn't pass the vSwitch, so it isn't received by the remote client and the ping fails.
  This occurs because the VMware ESX vSwitch only knows all the MACs of virtual machines within the ESX environment, it doesn't learn MAC addresses like a physical real switch and it discards packets sent to unknown unicast MAC addresses (broadcast traffic instead
  is passed). Within the VMware infrastructure this is solvable only by using of the Promiscuos mode feature of the virtual switch port.
  I would like to ask if HyperV virtual switches work like VMware ESX virtual switches. So in Hyper-V virtual switches do learn mac addresses actually like a physical switch?

  This last packet doesn't pass the vSwitch, so it isn't received by the remote client and the ping fails. This occurs because the VMware ESX vSwitch only knows all the MACs of virtual machines within the ESX environment, it doesn't learn MAC addresses
  like a physical real switch and it discards packets sent to unknown unicast MAC addresses (broadcast traffic instead is passed). Within the VMware infrastructure this is solvable only by using of the Promiscuos mode feature of the virtual switch port.
  Thank you; I did the same in Wireshark and noticed the ARP reply was not being received by my VMware guest Hyper-V host, so I did an Internet search and found this document at the top of the list. For other people that came here because their VMware guest
  Hyper-V lab server's SCVMM 2012 SP1 logical switch virtual network adapter combination could not ping other VMware guests; In addition to "Accept" for your VMware vSwitch (described above), you will need to change your VM Network VLAN ID to "All".

• Problems with uVerse DVR connected to a network switch and 1x3 HDMI switch

  So that I can connect multiple devices (Apple TV & BluRay player), I've connected my uVerse DVR to a network switch with IP Quality of Service function.  Is it known whether or not this will cause problems?  I am having problems, but see next question for probable cause. I have also connected my HD TV to a 1x3 HDMI switch output, with inputs from the uVerse DVR, Apple TV, & BluRay player.  This clearly has caused problems because the DVR goes through the power on sequence almost everytime the TV is turned on, I have intermittent problems with the HDMI switch displaying video on the TV, and on several occassions, shows scheduled for recording haven't recorded at all or only partially recorded.

  I've been having problems with this for months especially with the GigaPower rollout and broke down and decided to resort to some network engineering tactics versus calling out AT&T Techs. The Techs are good at their job but they are only knowledgeable about the hardware aspect but are dumb founded on this one and it's not their job to know.  To the point of using a switch next to the DVR and this counts truly for all set top boxes via Ethernet they need to be physically seperated wires. Well, unless you want to pay someone to put an extra Ethernet drop next to each wired set-top box or DVR this isn't feasible so options are deal with it or spend $20 more dollars on a switch that supports 802.1q trunking which makes two 'virtual' independent ethernet cables over one line.  If you can do it great otherwise this takes a higher than average knowledge of basic networking.   A basic setup would be: + Get two switches - Netgear GS108T or GS108E I've found does the job well. + Enable 802.1q advanced VLANs+ Make two additional vlans 2 and 3 (1 is the native VLAN)+ Mark a port as tagged 'T' for the trunk port to the other switch for VLANS 1,2,3 (I used port 8)+ Assign VLAN 2 and mark as untagged for ports 2-7 - this is for data traffic+ Assign VLAN 3 and mark as untagged for port 8 only - this is for video multi-cast traffic+ ***DISABLE*** MULTI-CAST IGMP SNOPING otherwise IPTV won't work. On the back of the Uvserse router, take an Ethernet wire and plug into port 8 and take an Ethernet cable and plug into port 7.  This does not create a loop though sounds like it, we've created two unique layer 2 networks.  Now configure the second Netgear switch (or switch of your choosing...) the same exact way but plug your DVR into port '8' and all your data stuff XBox, whatever... into ports 2-7. Whalla, you've eliminating multi-cast flooding and DVR traffic is independent.  Ever since I started doing this I increased the speed throughput from 10 MB/s or to never working to a full reliable gigabit speed or respectibly whatever UVerse service you get.    

• App switcher and dock not switching spaces for application

  The app switcher occassionally stops switching spaces to bring up the application. When this happens clicking on the dock icon doesn't work to switch spaces either. A logout and log back in are needed for the functionality to return.

  Because my dock's already too full with apps that are even more frequently used. Using the app switcher became part of my workflow long ago, and I'm sorry to lose it.

• Configuring and Troubleshooting Virtual Switching System (VSS)

  With Anand Ganesan
  Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about how to monitor, configure, and troubleshoot the Virtual Switching System (VSS) in Cisco Catalyst 6500 Series Switches with expert Anand Ganesan.
  VSS is network system virtualization technology that pools multiple Cisco Catalyst 6500 Series Switches into one virtual switch, increasing operational efficiency, boosting nonstop communications, and scaling system bandwidth capacity to 1.4 Tbps. At the initial phase, a VSS will allow two physical Cisco Catalyst 6500 Series Switches to operate as a single logical virtual switch called a virtual switching system 1440 (VSS1440). 
  For more information, visit:  www.cisco.com/en/US/prod/collateral/switches/ps5718/ps9336/prod_qas0900aecd806ed74b.html
  The VSS simplifies network configuration and operation by reducing the number of Layer 3 routing neighbors and by providing a loop-free Layer 2 topology.
  Anand Ganesan is a customer support engineer in the High-Touch Technical Service team at Cisco specializing in switching protocols. He has been supporting major service providers and enterprise customers in switching and all other switching technologies for more than two years with Cisco. He has a total of eight years of experience in the IT industry. He holds a bachelor of engineering degree from Bharathiyar University, Coimbatore.
  Remember to use the rating system to let Anand know if you have received an adequate response. 
  Because of the volume expected during this event, Anand might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure subcommunity, LAN Switching & Routing shortly after the event. This event lasts through September 6, 2013. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Okay..they are two different /30 networks.
  my BFD interfaces are GigabitEthernet1/3/48 and GigabitEthernet2/3/48 and they work fine.
  interface GigabitEthernet1/3/48
  description Switch 1 BFD Interface
  no switchport
  ip address 10.48.0.17 255.255.255.252
  bfd interval 100 min_rx 100 multiplier 3
  end
  interface GigabitEthernet2/3/48
  description Switch 2 BFD Interface
  no switchport
  ip address 10.48.0.21 255.255.255.252
  bfd interval 100 min_rx 100 multiplier 3
  end
  switch virtual domain 1
  switch mode virtual
  switch 1 priority 110
  dual-active pair interface GigabitEthernet1/3/48 interface GigabitEthernet2/3/48 bfd
  show switch virtual dual-active bfd
  Bfd dual-active detection enabled: Yes
  Bfd dual-active interface pairs configured:
  interface-1 Gi1/3/48 interface-2 Gi2/3/48
  router eigrp 1
  network 10.0.0.0
  network 10.1.201.0 0.0.0.255
  network 10.48.0.12 0.0.0.3
  network 10.48.177.0 0.0.0.255
  network 97.0.0.0
  network 99.0.0.0
  network 100.0.0.0
  network 100.7.7.0 0.0.0.255
  network 192.34.145.0
  network 192.168.15.0
  show ip ei in
  EIGRP-IPv4 Interfaces for AS(1)
                         Xmit Queue   Mean   Pacing Time   Multicast   Pending
  Interface       Peers Un/Reliable SRTT   Un/Reliable   Flow Timer   Routes
  Gi1/2/40           1       0/0         1       0/1           50           0
  Gi1/2/41           0       0/0         0       0/1           0           0
  Vl1               1       0/0         1       0/1           50           0
  Vl7               0       0/0         0       0/1           0           0
  Vl13               0       0/0         0       0/1           0           0
  Vl15               0       0/0         0       0/1           0           0
  Vl21               0       0/0         0       0/1           0           0
  Vl25               0       0/0         0       0/1            0           0
  Vl26               0       0/0         0       0/1           0           0
  Vl134             0       0/0         0       0/1           0           0
  Vl135             0       0/0         0       0/1           0           0
  Vl140             0       0/0         0       0/1           0           0
  Vl300             0       0/0         0       0/1           0           0
  Vl400             0       0/0         0       0/1           0           0
  Vl199             0       0/0         0       0/1           0           0
  Vl6               0       0/0         0       0/1           0           0
  Vl20               0       0/0         0       0/1           0           0
  Vl24               0        0/0         0       0/1           0           0
  Vl30               0       0/0         0       0/1           0           0
  Vl31               0       0/0         0       0/1           0           0
  Vl37               0       0/0         0       0/1           0           0
  Vl2               0       0/0         0       0/1           0           0
  Gi1/3/48           0       0/0         0       0/1           0           0
  Gi2/3/48           0       0/0         0       0/1           0           0
  Vl17               0       0/0         0       0/1           0           0
  Gi2/6/40           0       0/0         0       0/1           0           0
  Gi2/6/41           0       0/0         0       0/1           0           0
  Gi2/1/45           1        0/0         1       0/1           50           0
  Gi1/1/33           1       0/0         1       0/1           50           0
  My questions revolve around the same point.
  Are there any significance in running eigrp or any other routing protocol over this BFD link?
  Is the Dual active scenario detected by BFD or BFD notifies a routing protocol like eigrp and in turn dual active is detected?
  Should I suppress the eigrp HELLOs on these interfaces to get rid of the log message?
  Regards
  Vinayak

• Flexconnect AP - dynamic VLAN and local/central switched via radius possible?

  Hello at all,
  is it possible to tell a flexconnect ap if the client at a single ssid should get local switched or central switched and if central switched, which vlan it should use?
  All I got so far was either central switched with dynamic vlan assignment or local switched with static vlan (because it falls back to the default static vlan configured at the ap if the radius assigned vlan doesn't exist), but I need a flexconnect ap that puts client a into the local switched vlan a and client b to the central switched vlan b, both in the same ssid. Is there a radius attribute to tell a flexconnect ap how to handle this while non flexconnect aps ignore it?
  To be more detailed:
  At the central location all APs are running in local-mode, radius assigns different vlans to the clients (different departments), lets say client a = vlan 100, client b = vlan 200 and this works fine. At the remote locations the APs are running in flexconnect-mode with default vlan 10 so that the authenticated clients can break out locally and use the local infrastructure for printing and file storage. At this locations radius also says client a = vlan 100, but client a should be forwarded to local vlan 10 (which already works because there is no vlan 100 configured at the ap so the default static configuration with vlan 10 is used), while client b should stay at vlan 200 and should be central switched to the controller because it isn't allowed to access the local infrastructure. How could this be done? Creating another ssid isn't a valid option.
  Thank you,
  Christian

  Hi Christian.
  This is what 7.3 mobility design document tells about "FlexConnect VLAN Based Central Switching" which is listed in above slide.
  "From release 7.3 onwards, traffic from FlexConnect APs can be switched centrally or locally depending on the presence of a VLAN on a FlexConnect AP.
  In controller software release 7.2, AAA override of VLAN (Dynamic VLAN assignment) for locally-switched WLANs puts wireless clients on the VLAN provided by the AAA server. If the VLAN provided by the AAA server is not present at the AP, the client is put on a WLAN mapped VLAN on that AP and traffic switches locally on that VLAN. Further, prior to release 7.3, traffic for a particular WLAN from FlexConnect APs can be switched Centrally or Locally depending on the WLAN configuration."
  FlexConnect VLAN Central Switching Summary
  Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in connected mode are as follows:
  •If the VLAN is returned as one of the AAA attributes and that VLAN is not present in the FlexConnect AP database, traffic will switch centrally and the client is assigned this VLAN/Interface returned from the AAA server provided that the VLAN exists on the WLC.
  •If the VLAN is returned as one of the AAA attributes and that VLAN is not present in the FlexConnect AP database, traffic will switch centrally. If that VLAN is also not present on the WLC, the client will be assigned a VLAN/Interface mapped to a WLAN on the WLC.
  •If the VLAN is returned as one of the AAA attributes and that VLAN is present in the FlexConnect AP database, traffic will switch locally.
  •If the VLAN is not returned from the AAA server, the client is assigned a WLAN mapped VLAN on that FlexConnect AP and traffic is switched locally.
  Traffic flow on WLANs configured for Local Switching when FlexConnect APs are in standalone mode are as follows:
  •If the VLAN returned by the AAA server is not present in the FlexConnect AP database, the client will be put on a default VLAN (that is, a WLAN mapped VLAN on a FlexConnect AP). When the AP connects back, this client is de-authenticated and will switch traffic centrally.
  •If the VLAN returned by the AAA server is present in the FlexConnect AP database, the client is placed into a returned VLAN and traffic will switch locally.
  •If the VLAN is not returned from the AAA server, the client is assigned a WLAN mapped VLAN on that FlexConnect AP and traffic will switch locally.
  Enjoy your weekend & I am sure you will be able to get this working.
  HTH
  Rasika
  *** Pls rate all useful responses ****

• PoE switch and Compact Fieldpoint

  Hello all... Is it possible to connect my Compact Field Point Controller to a PoE switch (Power over Ethernet Switch)??? This is because some other devices on the same subnet require PoE (IP cameras) and I wanted to know if this can cause some sort of problem with my Cfp... Should I connect the Compact Fieldpoint to a regular switch and connect that switch to the PoE switch??
  Let me know any suggestions...
  Thanks a million in advance,

  Hi Jaime!
  Currently there are only certain products that support the PoE standard, unfortunately the cFP family is not one of them. The best you can do is connect your cFP to a switch and then to the PoE switch like you said and check if that works. Here is the document where the PoE and NI products are described:
  http://zone.ni.com/devzone/cda/tut/p/id/9847
  Hope this helps!
  Have a great day!!!

• Etherchannel or Aggregated ports between switch and AIX server

  I have a problem with the configuration of an etherchannel or port aggregation between an 4507 Catalyst switch and a server running AIX 5.2 maintenance level 4. The two ports on the switch are on the same blade.
  I tried configuring etherchannel with the command
  config-if# channel-group XX mode on
  and I tried configuring 802.3ad with the command
  config-if# channel-group XX mode activ
  but in both cases, as soon as I configured the second port, connection went down (I monitored with pings).
  On the AIX, I tried configuring modes "round-robin" and "802.3ad" with both switch configurations, but the result was the same.
  Does anyone has experience with this kind of configuration?
  thanks,
  Antoine

  Hi amaitre
  Could you setting  the etherchannel with the AIX Server?
  I configured in my switch 4510 with a AIX, but the 2 ports with channel-group keep in suspend. This is the configuration
  interface Port-channel2
  description ## LACP AIX ##
  switchport
  switchport access vlan 100
  load-interval 30
  interface GigabitEthernet4/20
  description  ## LACP AIX ##
  switchport access vlan 100
  channel-protocol lacp
  channel-group 2 mode active
  spanning-tree portfast
  interface GigabitEthernet4/21
  description ## LACP AIX ##
  switchport access vlan 100
  channel-protocol lacp
  channel-group 2 mode active
  spanning-tree portfast
  This configuration works with a server Dell with windows 2008.
  The schema is 1 switch 4510 with etherchannel to AIX.
  Thanks!

• RADIUS and CHECKPOINT and NORTEL

  I have installed the NMAS modules from Border Manager 3.8 onto a Netware 6 SP3 box. I installed per TID 10078616 and can authenicate from my W2K workstation fine.
  I am now trying to authenicate from a Nortel switch and a VPN from a checkpoint firewall. So far I have installed all of the login methods and I still get an unknown RADIUS client on the RADIUS server, when loging in from the Nortel switch. I have not tried to authenicate from the checkpoint firewall yet.
  Does anyone have pointers as to the configuration to use the RADIUS server with Nortel or Checkpoint or a pointer to a technical description of the various login methods?
  John

  John,
  I have a very similar problem with our 3com switches, can you give me more
  details of what you did to get it working?
  Thanks a lot,
  Matt Hudson
  (CNE6.5)
  "John Curran" <[email protected]> wrote in message
  news:[email protected]...
  > Thank you very much, Jordack. The instructions were clear and concise.
  >
  > We go the Checkpoint firewall to authenicate VPN's with the RADIUS server.
  >
  > Also, I got the information from Nortel to allow authenication. I had to
  > set up the Radius server to allow Service-Type Administrative and
  > Service-Type NAS-Prompt. Then I had to go into each user and set up
  > one of the service types.
  >
  > Thanks for your help.
  >
  > John
  >
  >
  > >>> Jordack<[email protected]> 01/26 9:36 AM >>>
  > I uploaded a quick draft guide. It should help.
  >
  > http://www.thiscorner.com/guides/cp-radius.pdf
  >
  > Jordack
  >
  > "John Curran" <[email protected]> wrote in message
  > news:[email protected]...
  > > Thanks for the input. I will get that book.
  > >
  > > With the Nortel switch it is curious. I had forgotten to add the switch
  > > to the client list. When I did, the radius server accepts the
  > > authenication and sends an accpt message, but the Nortel switch says
  > > access denied. I put a Sniffer on the link and the accept message looks
  > > just like any other accept message (follows RFC 2865). I have a feeling
  > > Nortel does not follow RFC 2865 or does not like the authenication ID
  for
  > > some reason. I guess I will have to work more with Nortel to resolve
  that
  > > one.
  > >
  > > John
  > >
  > >
  > >>>> Jordack<[email protected]> 01/26 7:53 AM >>>
  > > Sorry about not responding, I saw your post and meant to dig up my
  notes
  > > and respond.
  > >
  > > I don't know much about the Nortel stuff.
  > >
  > > Make sure you have added the IP address of your Nortel and Checkpoint
  box
  > > to
  > > the 'Clients' page of the 'Radius:Dial access System". The DAS will
  only
  > > except connections from known clients. From the sounds of it that might
  > > be
  > > the issue.
  > >
  > > For the CheckPoint Setup stuff there is a few things you will need to do
  > > on
  > > the Checkpoint Box.
  > >
  > > I used this book http://www.syngress.com/catalog/chapter.cfm?pid=25903
  and
  > > Everything worked.
  > >
  > > I was working on a small guide for CheckPoint radius but got pulled to
  > > other
  > > things. If I get it finished Ill post it
  > >
  > >
  > > "John Curran" <[email protected]> wrote in message
  > > news:[email protected]...
  > >>I have installed the NMAS modules from Border Manager 3.8 onto a Netware
  6
  > >>SP3 box. I installed per TID 10078616 and can authenicate from my W2K
  > >>workstation fine.
  > >>
  > >> I am now trying to authenicate from a Nortel switch and a VPN from a
  > >> checkpoint firewall. So far I have installed all of the login methods
  > >> and
  > >> I still get an unknown RADIUS client on the RADIUS server, when loging
  in
  > >> from the Nortel switch. I have not tried to authenicate from the
  > >> checkpoint firewall yet.
  > >>
  > >> Does anyone have pointers as to the configuration to use the RADIUS
  > >> server
  > >> with Nortel or Checkpoint or a pointer to a technical description of
  the
  > >> various login methods?
  > >>
  > >> John
  > >>
  > >
  > >
  > >
  > >
  >
  >
  >
  >

• Help me to choose Right Core switches and Edge switches as per my Spec

  Dear All
  Please help me to choose Core and Edge switches and all required hard ware and software. 
  the spec details as per below 
  Core Switches
  1. High performance, highly scalable core switch to provide multi-10GE connectivity to various segments in the network.
  2. Switch should have redundant switch fabric and routing engines or management / supervisor modules
  3.should have separate control and forwarding planes
  4.Each switch should have redundant power supplies in N+N or N+1 fashion
  5. Must allow for two spare slots once services, management, processing modules and line cards populated
  6. Easy to manage firmware- i.e. single code type enterprise/service provider) or train, and robust operating system
  7. Supports for the VRRP, NSR, GRES, BFD, STP, MSTP, RSTP, VSTP, LACP redundancy protocols
  8. Hot plugging and removal 
  9. The switch should have native switching architecture with up to sufficient performance such that the loss of one switching fabric should not lead to degraded performance
  10. Switch should support switching at least 400Mpps
  11. Switch should be able to support 40 10Gig line rate ports in a fully redundant configuration 
  12. Chassis that can scale to 700 Gbps
  13. The proposed Backbone switch should support, but not be limited to the following Layer 3 features:
  Static ip routing
  Routing information protocol (RIP) and RIP2
  Open shortest path first (OSPF)
  IGMP v1, v2 and v3
  IGMP Snooping 
  IP multicast routing protocol 
  14. The switch should support the following features at a minimum:
  Spanning Tree 802.1D, 802.1S, 802.1W
  GVRP
  802.1x single and multi-supplicant: VLAN and ACL assignment
  Dynamic ARP Inspection (DAI), DHCP snooping, IP Source gurard
  LLDP, LLDP-MED
  802.3X, 802.3ad
  Redundant Trunk Group (RTG)
  IGMP snooping 
  Unicast static, OSPF v1/v2, RIP v1/v2
  Multicast IGMPv1/v2, PIM
  Graceful Route Engine Switchover 

  I have gone through your document and I am surprised to see MORE information in the document than what you've posted.  I am so mildly suspicious about the authenticity of the document and spreadsheet you've attached.  
  So far, based on this document, the client wants a chassis that can support up to 700 Gbps backplane.  The only candidate, other than a full-blown Nexus solution, is the 6807-X.  
  Next, the document also states dual supervisor card with two spare slots.  Good luck trying to get that much empty space on a 6807-X.  This means 6509E.  You can't use a 6513E because of line-card-to-slot limitation.  
  If you look under the heading "Edge Switching", the first sentence already makes references to 6800ia switch.
  There's also a reference stating that the product should have a 100 Gbps backplane.  You can take the 6509E chassis out of the equation.  
  So you see, I am suspicious about the authenticity of the document.  I agree with mali's and devil's recommendation that if you are serious, you would be engaging Cisco SE/AM in your region.  There are only three reasons, that I can think of, why you've posted this here.  One of them is the intended purpose of this document (and the audience).

• Home use KVM switch for Ultra60 , Blade 100& Intel Boxes

  I have go a Ultra 60, a Blade100 and some Intel boxes at home. Tired of connecting and disconnecting the monitors and keep my desk full of mouses and keyboards. Any one know which type of KVM switch is suitable capable for these boxes and does not cost much? Thanks for your suggestion!

  Hello,
  <i>... Ultra 60 not easily support I still want to know if there is some option to support the Blade 100 in the KVM as well.</i>
  The Ultra 60 and other systems with the single Mini-DIN connector for the keyboard with the mouse attached require a converter to be able to attach a PS/2-keyboard and -mouse. The keyboards are available for different countries with different layouts (mappings). There are DIP-switches at the keyboard, the settings are read by the system to detect the mapping of the keyboard. There are additional function keys (Help, Stop, ..., Compose, Power On/Off, ...).
  A PS/2 keyboard lacks these switches and the additonal function keys. These features must be emulated by the adapter/emulator.
  You can attach a PC USB keyboard (and mouse) to Suns with USB keyboard port, but these keyboards still lack the addtional function keys and the capability to "tell" the system the national mapping. If the system can't detect the locale, a standard mapping (US) is used.
  The keyboard mapping can be forced when the operating system has been loaded. Review the posting by J.Keil on the Sun OS Forum about using a non-self-identifying keyboard.
  <b>Finnish KB on Fujitsu-Siemens Sparc </b>
  I hope this helps other people when they use the search function ...
  Michael

• Nic teaming and hyper-v switches

  I come from the ESX world but I am slowly falling in love with the simplicity of Hyper-v. I have a stack of dell c2100's I have been experimenting with. each have 2 1gb connections  teamed to a cisco switch. when testing bandwidth with a file copy I
  get around 240MBps. however if I add a hyper-v switch I max out at 90Mbps. worse than no teaming at all (112Mbps). 
  team is with integrated broadcom nics, LACP and I can confirm I get full bandwidth between 2 2012 r2 machines until adding a hyper-v switch. removing the switch lets me transfer at full bandwidth but then I cant use Hyper-v guests.
  my goal will eventually be to add dual port 10gb cards to 5 of the C2100's and run them in a cluster to host all my VM's in HA. I don't want to waist my money on the switch and nics until I can get what i have working correctly.
  HDD speed is also not the issue as each has 12 3tb WD re4 drives with 2 Intel 250GB ssd as cache. they easily hold 3000MBps sustained.

  http://itproctology.blogspot.com/2008/05/hyper-v-tcpoffloading-poor-network.html
  http://itproctology.blogspot.com/2011/03/tcp-checksum-offload-is-not-equal-to.html
  Brian Ehlert
  http://ITProctology.blogspot.com
  Learn. Apply. Repeat.
  Disclaimer: Attempting change is of your own free will.

• Dot1q Trunk between Catalyst 6500 and HP Blade Enclosures

  We have a requirement to configure trunks to a 6500 and HP GbE2 interconnect switch in a blade enclosure.
  The interconnect switches and the 6500 are connected as in the attachment.
  The configuration was done using the documentation provided by HP for connecting these trunks to the 6500, but there seems to be some problem with STP.
  All the network remains stable for a time and then falls over, traffic counts on the trunk interfaces shoots up to crazy values.
  The access layer (consisting of 2950s) hanging off the 6500 also falls over and the interfaces on the trunks become err-disabled. This happens eventhough we are not trunking the 102-108 vlans that are trunked to the HP switches to these switches.
  We need to run dot1q trunks to the HP blade switches, because of the requirement to have the servers within the blade enclosure in different VLANS. The vlans were configured as per the document provided by HP and the server ports assigned accordingly.
  Has anyone managed to configure etherchannel trunks (dot1q) to HP blade switches? Any guidelines and findings will help

  Forgot the attachment....