OSPF in IP Base License (Cisco 4500 switch)
Hi,
Can someone explain what is the purpose or meaning of "OSPF for Routed Access" in IP Base license for 4500 switch? I'll be installing 4500 switch for my distribution, and 6500 switch for my core. These two switches will use OSPF as their routing protocol. The 6500 comes with an IP Service license, while 4500 comes with IP Base license only. I am worried if I will have a problem implementing OSPF between the two since IP base states it has "OSPF for roued access", while IP services supports OSPFv2 and v3.
Please help...
thanks,
shawn
Shawn
OSPF for routed access is designed to allow you to extend L3 to your access layer. It supports one instance of OSPF and up to 200 routes. That said i have come across a thread on here where a person reports having many more routes so i'm not sure it is a hardwired limit but i would try and stay within that.
See this link for details -
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-4500-series-switches/product_bulletin_c25-553133.html
Edit - i should say i have not use it myself but from the document it seems pretty clear it is simply a normal OSPF setup but limited to how many routes you can have.
Jon
Similar Messages
-
Layer 2 trunk ports went down due to cisco 4500 core switch !!!
Hi Everyone,
My 2 Layer 2 2960 switchTrunk Ports went down due to cisco 4500 switch. It happening everytime . I rebbot the switch 4500 . then problem disappears but after sometime facing same issue.
Please help.My 2 Layer 2 2960 switchTrunk Ports went down due to cisco 4500 switch. It happening everytime . I rebbot the switch 4500 . then problem disappears but after sometime facing same issue.
Hmmmm ... You won't be able to determine anything if you won't provide any addition information. I mean what do you mean by "went down"? Did the port go into "error disable"?
If it went into error disable, console in both switches and post the output to the command "sh interface status err". -
Hi,
We are having Cisco 4500 switches running in VSS mode. Currently VSS links are connected on ports with capacity of 1 GB & we wanted to replace those ports with new 10 GB DAC cable.
We manage this switch remotely via SSH. If we disable VSS link or broke the VSS between 2 switches , is it still possible to access switches over SSH ?
or we need someone near to device for Console session ?
Thanks in advance.It depends on how the setup is.
If you have the devices access through the console server then you should be able to access the box.
Reason: When you bring down the VSL link the dua active condition triggered.
Switch 1 detects that switch 2 is now also active triggering dual active
condition thus switch 1 brings down all the local interfaces to avoid network
instability. Until VSL link restoration occurs, switch 1 is isolated from the
network;
Once the VSL link comes up, the role negotiation determines that switch 1
needs to come up in STAND_BY mode hence it reboots itself; finally, all
interface on switch 1 are brought on line and switch 1 assumes STAND_BY role.
HTH -
Cisco 4900 switch LAN base to IP base IOS upgrade
Hi,
I have purchased WS-C4900-SW-LIC= for upgrading 4900 switch from LAN base to IP base IOS.
I have not received any PAK or installable license file. Only license agreement is provided by CIsco.
While upgrading do I need to install license file on switch?
Regards,
AndyAnderson,
Contact the licensing team and request for an update using your PO/SO since you have not received the PAK.
Link: https://tools.cisco.com/SWIFT/LicensingUI/Home
Indeed we need to install the license file on the switch
First copy this license to the switch's flash memory using the copy command
and a TFTP server.
Note, while the dir bootflash: command now lists the file in the bootflash, it has
not yet been installed. The license install command must be used to install
the license.
Example:
4948# license install flash:license_name-ips
Please issue the following command and then reload the switch.
4948(config)#license boot level ipservices
4948(config)#end
4948L# wr
4948# reload
Haihua -
Hello to everyone
I having this kind of config and in my network were workig flawless but in the site installed is giving me trouble.
First my conection to the site is working so i can access from the internet to the ASA, but I cant do inter-vlan routing in the ASA.
I have activated those commands and nothing i cant not ping to my vlan2 interface from my inside: I do not have a router making the L3 routing only the ASA but it could let me pass traffic because the ASA is a L3 device. alsa this licence has no trunk.
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
Well I have do many things and nothing,
policy-map global_policy
class inspection_default
inspect icmp
not results, waiting for your comments.
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Botnet Traffic Filter : Disabled
ASA Version 8.2(5)
hostname ASA5505
enable password XXXXXXXXXXXXXX encrypted
passwd XXXX.XXXXXXXX encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address XX.XX.XX.174 255.255.255.248
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 10 interface
nat (inside) 10 10.0.0.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 XX.XX.XX.169 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 10.0.0.0 255.255.255.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username root password XXXXXXXXX encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:0c8a226f7c4a8d5a03e6fcd821893898
: endCisco ASA 5505 Base License - not inter-vlan-routing no internet access from inside interface
here the output from my pings
ping
Interface: inside
Target IP address: 10.0.0.1
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA5505# ping
Interface: outside
Target IP address: 66.XX.XX.174
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.XX.XX.174, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA5505# ping
Interface: inside
Target IP address: 66.XX.XX.174
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 66.XX.XX.174, timeout is 2 seconds:
Success rate is 0 percent (0/5)
ASA5505# ping
Interface: outside
Target IP address: 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
So inter-vlan routing is not wowrking after I have to use the followings commands to see if there any change but not results
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
policy-map global_policy
class inspection_default
inspect icmp
exit
exit
service-policy global_policy global
After all the thing i've done in CLI I logged into the ASDM and in the nat section i look that nat was not having destination.
global (outside) 10 interface
nat (inside) 10 10.0.0.0 255.255.255.0
so I decide to apply in this way
global (outside) 1 interface
nat (inside) 1 access-list inside_nat_outbound
and voila everything is working i was able to ping 4.2.2.2 to the outside, I think that the problem is with the public ip directly assigned to the ASA by iSP and not the private ip, because in my test enviorement was working perfectly and i was using 192.168.0.0 and 172.18.0.0 networks as the outside interface ip and everything was fine.
But thanks to all that help now have to start to apply security and acls configs. -
Hello
I am interested to know how the cisco ISE 1.2 base licences are consumed. As the cisco ise 1.2 user guide "The Base License is consumed whenever an authentication notification is received by Cisco ISE."
Based on the above statement i have following queries :-
Radius being the UDP based request, its only during the time endpoint is authenticated and authorized the base license is consumed and then its is released. Then how does cisco ISE tracks the concurrent endpoints connected to the network.
Thanks
Kumarthanks for the reply Tarik.
As I understand, you mean that a base license is consumed by every radius authentication request and then the license is free to be utilised again
Also would this means if Radius accounting is turned off, then concurrent sessions will not be tracked.
Thanks
Kumar -
Dear support taem, in cisco 4500 series switch i am getting error interface TenGigabitethernet 1/14 utlization threshold violated.current in traffic 705.228 (70.52 %) and out traffic 707.462 ( 70.75 %) whereas configured threshold is 30 %.
i have checked on switch but qos is there in configuration.
where i need to check if any restriction is there for incoming and outgoing traffic.
and what necassery troubleshooting i need to be done.This looks like a policy shaping.
-
Interface status on Cisco CAt 4500 switch as source-monitoring
Hi Guys,
I have assigned int gi3/45 on my Cisco 4500 CAT switch as the monitoring port as source and gi3/47 as the destination.
I see this:
GigabitEthernet3/45 is up, line protocol is down (monitoring)
but on the destination port both are up, interface up and line protocol up.
is this natural? I have executed the no shutdown on gi3/45 but it still says down!
is this normal? or there is a problem? i have monitoring on my edge switch CAT 3560 but both are saying UP/UP, shouldn't this be the same since both swithces are running Cisco IOS.
Please respond. I appreciate your input and thanks in advance.
Masoodthis interface (g 3/45) is the destination, it says so "monitoring", it normal for the "destination" or "monitoring" port to be up/down coz it's not sending or receiving traffic destined to it, only the mirrored packets from the source port. can you post the "show monitor session #"?
-
Hello Freinds,
I have two querries:-
1)
a) What would be the effect if one SUP is removed (out of two) from Cisco 4500/6500 series switch.
b) what is the result after removing both SUP from cisco 4500/6500 switch.
++++++++++++++++++++++++++++++++++++
2) PLease share the step wise process for upgrading IOS on 4500 switch (with 2 SUP card).http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a00801461ef.shtml
-
Ipbase to IP service License upgrade stack switches
All
switch part number # WS-C3750X-48P-S
current License Level: ipbase
switch currently connected as a stack with three switches
I am planning to install license to make existing switch IP base to full L3 functionality that is IP services , just to make sure that I need to install license in all the switches I think yes ??, also would like to check while upgrading licensee
I need to break the existing stack , install licenese reload and connect again stack ?? or without breaking stack copy lic each switch flash and load once , since it is production switch bit concern .
Regards
LernerIt seems that you should be able to download license to all the members and then from the master send command to make them boot with the new license. Don't forget to accept the EULA.
https://supportforums.cisco.com/message/3345903
Daniel Dib
CCIE #37149 -
Cisco 4500 Quad Supervisor Deployment
Hi Experts,
I'm installing 2nd supervisor in Cisco 4500 redundant chassis.
1st supervisor is working fine with Enterprise Services License but now i need to install 2nd (newly purchased supervisor) in the chassis.
Could someone please help me on how to deploy only one license on the chassis level and link the 2nd supervisor with the existing one's enterprise services license.
Cisco delivered paper base license PAK with the 2nd supervisor, so do i need to use that PAK for this new supervisor OR without doing it i can sync the new supervisor with the license of existing one.
Your usual support is required.
With Regards,
UmerDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I recall, all you need to do is install the 2nd sup with an Enterprise license, and insure SSO is configured. (I also recall, unless Enterprise license is already installed, 2nd sup installation "acts funny'; at least with sup7.) I.e. don't believe you need to muck about with license again.
Your subject title, though, has "Quad", so is this for VSS? -
ISE 1.2 Active Base License
We are using ISE 1.2 for authentication on wireless and have noticed that base licenses are being consumed and show as an active endpoint for devices that attempt to connect to the SSID. Is a license consumed for any type of radius authentication request, even if it is a failed request? Does this mean that repeated requests to connect to the wireless network assocaited with ISE will use an active license?
There are currently no active enpoints at the moment yet I see 31 active base licenses used.The Cisco ISE license is counted as follows:
•A Base or Advanced license is consumed based on the feature that is utilized.
•An endpoint with multiple network connections can consume more than one license per MAC address. For example, a laptop connected to wired and also to wireless at the same time. Licenses for VPN connections are based on the IP address.
•Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.
Once you reach the license count/limit, you will start getting an alarm messages. license traps and alarms are just informational and not enforced. While the alarm is generated when the soft limit of endpoints is crossed and there is not functional impact on the users. To avoid service disruption, Cisco ISE continues to provide services to endpoints that exceed license entitlement. However there are plans to implement a hard limit on this soon.
Regards,
Jatin Katyal
*Do rate helpful posts* -
Can I create a predictive AP layout in a MAP with Prime if I only bought a L-PI2X-BASE license?
Welcome to the discussions!
Sorry, can't help on the Vista front, but you might consider the Express as a first step and add the Extreme at a later time to replace the D-Link. The Express will be quick and easy to configure with a cable modem and if you are traveling, you can also use it to create a wireless network in your hotel room, providing ethernet jacks are available in the room.
Compatibility of the Apple stuff with other manufacturers, wireless wise is non-existent, so don't plan to use it to extend or broaden the wireless network created by the D-Link at home. Won't work.
You would have the option of creating a second wireless network at home with the Express if you plugged it into one of the ethernet ports on your D-Link router. The only change you would need to make in setup would be to switch Connection Sharing to Off (Bridge Mode) from the default setting of Share a single IP address. This would take less than a minute. -
Converting Eth port to FC port in a cisco 6001 switch
Hi,
Back to forum after a long time. I have one issue to discuss regarding cisco 6001 switch. We purchased a new 6001 switch. Want to convert some of the Ethernet ports out of total 48 to FC to join the switch into a existing fabric.
cisco Nexus 6001 Chassis ("Norcal 64 Supervisor") - This is what H/W version look like from show version command.
In the past, we have quite a few Cisco 5548UP switch and the way convert the Ethernet port into FC port is, by going to correct slot/module and then
(config)# slot 1
(config-slot)# port 41-48 type fc
Then "reload" willl complete the conversion. But in the new 6001 switch, it throws the following error when above command is typed. We have full license for the switch including FC_FEATURES_PKG
"ERROR: Module type doesn't support this CLI"
We are running firmware : 6.0(2)N2(2)
Any help in this regard will be helpful.
Thanks.I have this exact same error;
show ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
Software
BIOS: version 1.5.0
loader: version N/A
kickstart: version 7.0(5)N1(1)
system: version 7.0(5)N1(1)
Power Sequencer Firmware:
Module 1: version v4.0
Module 2: version v4.0
Fabric Power Sequencer Firmware: Module 1: version v4.0
Microcontroller Firmware: version v1.2.0.5
QSFP Microcontroller Firmware:
Module 2: v1.3.0.0
SFP Microcontroller Firmware:
Module 1: v1.1.0.0
BIOS compile time: 12/29/2012
kickstart image file is: bootflash:///n6000-uk9-kickstart.7.0.5.N1.1.bin
kickstart compile time: 10/29/2014 22:00:00 [10/30/2014 11:46:56]
system image file is: bootflash:///n6000-uk9.7.0.5.N1.1.bin
system compile time: 10/29/2014 22:00:00 [10/30/2014 11:47:58]
Hardware
cisco Nexus 6001 Chassis ("Nexus 64 Supervisor")
Intel(R) Xeon(R) CPU @ 2.00 with 8238120 kB of memory.
Processor Board ID FOC181506P3
Device name: xxxxxxxxxxxxxx
bootflash: 7823360 kB
Kernel uptime is 3 day(s), 17 hour(s), 25 minute(s), 49 second(s)
Last reset at 642096 usecs after Fri Feb 27 15:24:40 2015
Reason: Disruptive upgrade
System version: 6.0(2)N2(3)
Service:
plugin
Core Plugin, Ethernet Plugin, Fc Plugin
xxxxxx# conf t
Enter configuration commands, one per line. End with CNTL/Z.
xxxxxx(config)# slot 1
xxxxxx# port 47-48 type fc
ERROR: Module type doesn't support this CLI -
ACS 5.4 change base license
Hi all,
I was wondering if there is a way to actually change the base license in an ACS deployment. I know this isn't the recommended approach to accomplish what I wanted to do but I'd appreciate if someone could tell me how to do it if possible.
I need to add an ACS to a distributed deployment so instead of building the new ACS server from scratch, I decided it would have been a good idea to simply clone the machine and change the IP address. All was well until I tried to add it to the primary and I got an error saying that they have the same license file applied. When I go to the license section, there's no place for me to change the license.
The reason I didn't rebuild it from scratch is that the person I was working with no longer had the ISO and their Internet connection is very slow.
Does the acs reset-config command remove the license as well or just the policies, etc? Maybe I could do a config backup and reset it, then load the new policies?
Regards,
XavierHere are the steps for upgarding/replacing ACS Base license. Please follow the same.
You can upgrade the base server license.
Step 1 Select System Administration > Configuration > Licensing > Base Server License.
The Base Server License page appears with a description of the ACS deployment configuration and a list of the available deployment licenses. See Types of Licenses for a list of deployment licenses.
Step 2 Select a license, then click Upgrade.
The Base Server License Edit page appears.
Step 3 Complete the fields as described in Table 18-31:
Table 18-31 Base Server License Edit Page
Option Description
ACS Instance License Configuration
Version
Displays the current version of the ACS software.
ACS Instance
Displays the name of the ACS instance, either primary or secondary.
License Type
Specifies the license type.
Use this link to obtain a valid License File
Directs you to Cisco.com to purchase a valid license file from a Cisco representative.
License Location
License File
Click Browse to navigate to the directory that contains the license file and select it.
For more information you can go to the below link
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/admin_config.html#wp1053145
Maybe you are looking for
-
How to attach an URL to a CJ20N document ?
Hello ! I have succeeded in attach an URL to Purchase Order (ME21N) through this little BAPI I made : FUNCTION ZBAPI_PO_INSERT_URL. ""Interface locale : *" IMPORTING *" VALUE(W_URL) TYPE SOLISTI1-LINE *" VALUE(W_TITRE) TYPE SODOCCHGI1-OBJ_
-
LoadDB problem: no version found for the database
HEllo, I try to use the loadDB directive with an existing pool and wlst offline but I always receive the error "No version found for the database". I tried to create a pool with the console and use it as loading pool but that didn't worked. I saw in
-
Put email in wrong box help please!
I have accidently put my new email in the alternate email box, so i deleted it and put it in the correct box for all apple email to go to that one and now it wont let me use it as my apple i.d email address because i put it in the wrong box even thou
-
No matter what color selection I make on my HP ZR2240W monitor (Warm, Standard, Cool) it always reverts to RGB Custom at startup. Anyone know why that is? thanks saintmaur
-
Can you help me with this? Process: Adobe InDesign CS5.5 [3199] Path: /Applications/Adobe InDesign CS5.5/Adobe InDesign CS5.5.app/Contents/MacOS/Adobe InDesign CS5.5 Identifier: com.adobe.InDesign Version: 7.5.3.333 (7