OSPF in IP Base License (Cisco 4500 switch)

Similar Messages

• Layer 2 trunk ports went down due to cisco 4500 core switch !!!

  Hi Everyone,
  My 2 Layer 2 2960 switchTrunk Ports went down due to cisco 4500 switch. It happening everytime . I rebbot the switch 4500 . then problem disappears but after sometime facing same issue.
  Please help.

  My 2 Layer 2 2960 switchTrunk Ports went down due to cisco 4500 switch. It happening everytime . I rebbot the switch 4500 . then problem disappears but after sometime facing same issue.
  Hmmmm ... You won't be able to determine anything if you won't provide any addition information.  I mean what do you mean by "went down"?  Did the port go into "error disable"? 
  If it went into error disable, console in both switches and post the output to the command "sh interface status err".

• Cisco 4500 VSS link issue

  Hi,
  We are having Cisco 4500 switches running in VSS mode. Currently VSS links are connected on ports with capacity of 1 GB & we wanted to replace those ports with new 10 GB DAC cable.
  We manage this switch remotely via SSH. If we disable VSS link or broke the VSS between 2 switches , is it still possible to access  switches over SSH ?
  or we need someone near to device for Console session ?
  Thanks in advance.

  It depends on how the setup is.
  If you have the devices access through the  console server then you should be able to access the box.
  Reason: When you bring down the VSL link the dua active condition triggered. 
  Switch 1 detects that switch 2 is now also active triggering dual active 
  condition thus switch 1 brings down all the local interfaces to avoid network 
  instability. Until VSL link restoration occurs, switch 1 is isolated from the 
  network; 
   Once the VSL link comes up, the role negotiation determines that switch 1 
  needs to come up in STAND_BY mode hence it reboots itself; finally, all 
  interface on switch 1 are brought on line and switch 1 assumes STAND_BY role.
  HTH

• Cisco 4900 switch LAN base to IP base IOS upgrade

  Hi,
  I have purchased WS-C4900-SW-LIC= for upgrading 4900 switch from LAN base to IP base IOS.
  I have not received any PAK or installable license file. Only license agreement is provided by CIsco.
  While upgrading do I need to install license file on switch?
  Regards,
  Andy

  Anderson,
  Contact the licensing team and request for an update using your PO/SO since you have not received the PAK.
  Link:  https://tools.cisco.com/SWIFT/LicensingUI/Home
  Indeed we need to install the license file on the switch
  First copy this license to the switch's flash memory using the copy command
  and a TFTP server.
  Note, while the dir bootflash: command now lists the file in the bootflash, it has
  not yet been installed. The license install command must be used to install
  the license.
  Example:
  4948# license install flash:license_name-ips
  Please issue the following command and then reload the switch.
  4948(config)#license boot  level ipservices
  4948(config)#end
  4948L# wr
  4948# reload
  Haihua

• Cisco ASA 5505 - Base License

  Hello to everyone
  I having this kind of config and in my network were workig flawless but in the site installed is giving me trouble.
  First my conection to the site is working so i can access from the internet to the ASA, but I cant do inter-vlan routing in the ASA.
  I have activated those commands and nothing i cant not ping to my vlan2 interface from my inside: I do not have a router making the L3 routing only the ASA but it could let me pass traffic because the ASA is a L3 device. alsa this licence has no trunk.
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  Well I have do many things and nothing,
  policy-map global_policy
  class inspection_default
  inspect icmp
  not results, waiting for your comments.
  Licensed features for this platform:
  Maximum Physical Interfaces    : 8
  VLANs                          : 3, DMZ Restricted
  Inside Hosts                   : 10
  Failover                       : Disabled
  VPN-DES                        : Enabled
  VPN-3DES-AES                   : Enabled
  SSL VPN Peers                  : 2
  Total VPN Peers                : 10
  Dual ISPs                      : Disabled
  VLAN Trunk Ports               : 0
  Botnet Traffic Filter          : Disabled
  ASA Version 8.2(5)
  hostname ASA5505
  enable password XXXXXXXXXXXXXX encrypted
  passwd XXXX.XXXXXXXX encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.0.0.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address XX.XX.XX.174 255.255.255.248
  ftp mode passive
  pager lines 24
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 10 interface
  nat (inside) 10 10.0.0.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 XX.XX.XX.169 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  aaa authentication http console LOCAL
  http server enable
  http 0.0.0.0 0.0.0.0 outside
  http 10.0.0.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh 10.0.0.0 255.255.255.0 inside
  ssh 0.0.0.0 0.0.0.0 outside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username root password XXXXXXXXX encrypted privilege 15
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:0c8a226f7c4a8d5a03e6fcd821893898
  : end

  Cisco ASA 5505 Base License - not inter-vlan-routing no internet access from inside interface
  here the output from my pings
  ping
  Interface: inside
  Target IP address: 10.0.0.1
  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
  ASA5505# ping
  Interface: outside
  Target IP address: 66.XX.XX.174
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 66.XX.XX.174, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
  ASA5505# ping
  Interface: inside
  Target IP address: 66.XX.XX.174
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 66.XX.XX.174, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  ASA5505# ping
  Interface: outside
  Target IP address: 10.0.0.1
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
  Success rate is 0 percent (0/5)
  So inter-vlan routing is not wowrking after I have to use the followings commands to see if there any change but not results
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  policy-map global_policy
  class inspection_default
  inspect icmp
  exit
  exit
  service-policy global_policy global
  After all the thing i've done in CLI I logged into the ASDM and in the nat section i look that nat was not having destination.
  global (outside) 10 interface
  nat (inside) 10 10.0.0.0 255.255.255.0
  so I decide to apply in this way
  global (outside) 1 interface
  nat (inside) 1 access-list inside_nat_outbound
  and voila everything is working i was able to ping 4.2.2.2 to the outside, I think that the problem is with the public ip directly assigned to  the ASA by iSP and not the private ip, because in my test enviorement was working perfectly and i was using 192.168.0.0 and 172.18.0.0 networks as the outside interface ip and everything was fine.
  But thanks to all that help now have to start to apply security and acls configs.

• How Cisco ISE 1.2 Base licenses are consumed and tracks concurrent endpoint connected to network

  Hello
  I am interested to know how the cisco ISE 1.2 base licences are consumed. As the cisco ise 1.2 user guide "The Base License is consumed whenever an authentication notification is received by Cisco ISE."
  Based on the above statement i have following queries :-
  Radius being the UDP based request, its only during the time endpoint is authenticated and authorized the base license is consumed and then its is released. Then how does cisco ISE tracks the concurrent endpoints connected to the network.
  Thanks
  Kumar

  thanks for the reply Tarik.
  As I understand, you mean that a base license is consumed by every radius authentication request and then the license is free to be utilised again
  Also would this means if Radius accounting is turned off, then concurrent sessions will not be tracked.
  Thanks
  Kumar

• Cisco 4500 series switch

  Dear support taem, in cisco 4500 series switch i am getting error interface TenGigabitethernet 1/14 utlization threshold violated.current in traffic 705.228 (70.52 %) and out traffic 707.462 ( 70.75 %) whereas configured threshold is 30 %.
  i have checked on switch but qos is there in configuration.
  where i need to check if any restriction is there for incoming and outgoing traffic.
  and what necassery troubleshooting i need to be done.

  This looks like a policy shaping.

• Interface status on Cisco CAt 4500 switch as source-monitoring

  Hi Guys,
  I have assigned int gi3/45 on my Cisco 4500 CAT switch as the monitoring port as source and gi3/47 as the destination.
  I see this:
  GigabitEthernet3/45 is up, line protocol is down (monitoring)
  but on the destination port both are up, interface up and line protocol up.
  is this natural? I have executed the no shutdown on gi3/45 but it still says down!
  is this normal? or there is a problem? i have monitoring on my edge switch CAT 3560 but both are saying UP/UP, shouldn't this be the same since both swithces are running Cisco IOS.
  Please respond. I appreciate your input and thanks in advance.
  Masood

  this interface (g 3/45) is the destination, it says so "monitoring", it normal for the "destination" or "monitoring" port to be up/down coz it's not sending or receiving traffic destined to it, only the mirrored packets from the source port. can you post the "show monitor session #"?

• Cisco 4500/6500 switch

  Hello Freinds,
  I have two querries:-
  1)
  a) What would be the effect if one SUP is removed (out of two) from Cisco 4500/6500 series switch.
  b) what is the result after removing both SUP from cisco 4500/6500 switch.
  ++++++++++++++++++++++++++++++++++++
  2) PLease share the step wise process for upgrading IOS on 4500 switch (with 2 SUP card).

  http://www.cisco.com/en/US/products/hw/switches/ps663/products_configuration_example09186a00801461ef.shtml

• Ipbase to IP service License upgrade stack switches

  All
  switch part number # WS-C3750X-48P-S
  current License Level:  ipbase
  switch currently connected as a stack with three switches
  I am planning to install license to make existing switch IP base to   full L3 functionality that is IP services , just to make sure that I need to install license  in all the switches I think yes ??, also would like to check while upgrading licensee
  I need to break the existing stack , install licenese reload and connect again stack ?? or without breaking stack copy lic each switch flash and load once , since it is production switch bit concern .
  Regards
  Lerner

  It seems that you should be able to download license to all the members and then from the master send command to make them boot with the new license. Don't forget to accept the EULA.
  https://supportforums.cisco.com/message/3345903
  Daniel Dib
  CCIE #37149

• Cisco 4500 Quad Supervisor Deployment

  Hi Experts,
  I'm installing 2nd supervisor in Cisco 4500 redundant chassis.
  1st supervisor is working fine with Enterprise Services License but now i need to install 2nd (newly purchased supervisor) in the chassis.
  Could someone please help me on how to deploy only one license on the chassis level and link the 2nd supervisor with the existing one's enterprise services license. 
  Cisco delivered paper base license PAK with the 2nd supervisor, so do i need to use that PAK for this new supervisor OR without doing it i can sync the new supervisor with the license of existing one. 
  Your usual support is required.
  With Regards,
  Umer

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  I recall, all you need to do is install the 2nd sup with an Enterprise license, and insure SSO is configured.  (I also recall, unless Enterprise license is already installed, 2nd sup installation "acts funny'; at least with sup7.)  I.e. don't believe you need to muck about with license again.
  Your subject title, though, has "Quad", so is this for VSS?

• ISE 1.2 Active Base License

  We are using ISE 1.2 for authentication on wireless and have noticed that base licenses are being consumed and show as an active endpoint for devices that attempt to connect to the SSID.  Is a license consumed for any type of radius authentication request, even if it is a failed request?  Does this mean that repeated requests to connect  to the wireless network assocaited with ISE will use an active license?
  There are currently no active enpoints at the moment yet I see 31 active base licenses used.

  The Cisco ISE license is counted as follows:
  •A Base or Advanced license is consumed based on the feature that is utilized.
  •An endpoint with multiple network connections can consume more than one license per MAC address. For example, a laptop connected to wired and also to wireless at the same time. Licenses for VPN connections are based on the IP address.
  •Licenses are counted against concurrent, active sessions. An active session is one for which a RADIUS Accounting Start is received but RADIUS Accounting Stop has not yet been received.
  Once you reach the license count/limit, you will start getting an alarm messages. license traps and alarms are just informational and not enforced. While the alarm is generated when the soft limit of endpoints is crossed and there is not functional impact on the users. To avoid service disruption, Cisco ISE continues to provide services to endpoints that exceed license entitlement. However there are plans to implement a hard limit on this soon.
  Regards,
  Jatin Katyal
  *Do rate helpful posts*

• Can I create a predictive AP layout in a MAP with Prime if I only bought a L-PI2X-BASE license?

  Can I create a predictive AP layout in a MAP with Prime if I only bought a L-PI2X-BASE license?

  Welcome to the discussions!
  Sorry, can't help on the Vista front, but you might consider the Express as a first step and add the Extreme at a later time to replace the D-Link. The Express will be quick and easy to configure with a cable modem and if you are traveling, you can also use it to create a wireless network in your hotel room, providing ethernet jacks are available in the room.
  Compatibility of the Apple stuff with other manufacturers, wireless wise is non-existent, so don't plan to use it to extend or broaden the wireless network created by the D-Link at home. Won't work.
  You would have the option of creating a second wireless network at home with the Express if you plugged it into one of the ethernet ports on your D-Link router. The only change you would need to make in setup would be to switch Connection Sharing to Off (Bridge Mode) from the default setting of Share a single IP address. This would take less than a minute.

• Converting Eth port to FC port in a cisco 6001 switch

  Hi,
  Back to forum after a long time. I have one issue to discuss regarding cisco 6001 switch. We purchased a new 6001 switch. Want to convert some of the Ethernet ports out of total 48 to FC to join the switch into a existing fabric.
  cisco Nexus 6001 Chassis ("Norcal 64 Supervisor")  - This is what H/W version look like from show version command.
  In the past, we have quite a few Cisco 5548UP switch and the way convert the Ethernet port into FC port is, by going to correct slot/module and then
  (config)# slot 1
  (config-slot)# port 41-48 type fc
  Then "reload" willl complete the conversion. But in the new 6001 switch, it throws the following error when above command is typed. We have full license for the switch including  FC_FEATURES_PKG
  "ERROR: Module type doesn't support this CLI"
  We are running firmware : 6.0(2)N2(2)
  Any help in this regard will be helpful.
  Thanks.

  I have this exact same error;
   show ver
  Cisco Nexus Operating System (NX-OS) Software
  TAC support: http://www.cisco.com/tac
  Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
  Copyright (c) 2002-2014, Cisco Systems, Inc. All rights reserved.
  The copyrights to certain works contained herein are owned by
  other third parties and are used and distributed under license.
  Some parts of this software are covered under the GNU Public
  License. A copy of the license is available at
  http://www.gnu.org/licenses/gpl.html.
  Software
    BIOS:      version 1.5.0
    loader:    version N/A
    kickstart: version 7.0(5)N1(1)
    system:    version 7.0(5)N1(1)
    Power Sequencer Firmware:
               Module 1: version v4.0
               Module 2: version v4.0
    Fabric Power Sequencer Firmware: Module 1: version v4.0
    Microcontroller Firmware:        version v1.2.0.5
    QSFP Microcontroller Firmware:
               Module 2: v1.3.0.0
    SFP Microcontroller Firmware:
               Module 1: v1.1.0.0
    BIOS compile time:       12/29/2012
    kickstart image file is: bootflash:///n6000-uk9-kickstart.7.0.5.N1.1.bin
    kickstart compile time:  10/29/2014 22:00:00 [10/30/2014 11:46:56]
    system image file is:    bootflash:///n6000-uk9.7.0.5.N1.1.bin
    system compile time:     10/29/2014 22:00:00 [10/30/2014 11:47:58]
  Hardware
    cisco Nexus 6001 Chassis ("Nexus 64 Supervisor")
    Intel(R) Xeon(R) CPU  @ 2.00 with 8238120 kB of memory.
    Processor Board ID FOC181506P3
    Device name: xxxxxxxxxxxxxx
    bootflash:    7823360 kB
  Kernel uptime is 3 day(s), 17 hour(s), 25 minute(s), 49 second(s)
  Last reset at 642096 usecs after  Fri Feb 27 15:24:40 2015
    Reason: Disruptive upgrade
    System version: 6.0(2)N2(3)
    Service:
  plugin
    Core Plugin, Ethernet Plugin, Fc Plugin
  xxxxxx# conf t
  Enter configuration commands, one per line.  End with CNTL/Z.
  xxxxxx(config)# slot 1
  xxxxxx# port 47-48 type fc
  ERROR: Module type doesn't support this CLI

• ACS 5.4 change base license

  Hi all,
  I was wondering if there is a way to actually change the base license in an ACS deployment. I know this isn't the recommended approach to accomplish what I wanted to do but I'd appreciate if someone could tell me how to do it if possible.
  I need to add an ACS to a distributed deployment so instead of building the new ACS server from scratch, I decided it would have been a good idea to simply clone the machine and change the IP address. All was well until I tried to add it to the primary and I got an error saying that they have the same license file applied. When I go to the license section, there's no place for me to change the license.
  The reason I didn't rebuild it from scratch is that the person I was working with no longer had the ISO and their Internet connection is very slow.
  Does the acs reset-config command remove the license as well or just the policies, etc? Maybe I could do a config backup and reset it, then load the new policies?
  Regards,
  Xavier

  Here are the steps for upgarding/replacing ACS Base license. Please follow the same.
  You can upgrade the base server license.
  Step 1 Select System Administration > Configuration > Licensing > Base Server License.
  The Base Server License page appears with a description of the ACS  deployment configuration and a list of the available deployment  licenses. See Types of Licenses for a list of deployment licenses.
  Step 2 Select a license, then click Upgrade.
  The Base Server License Edit page appears.
  Step 3 Complete the fields as described in Table 18-31:
  Table 18-31     Base Server License Edit Page   
  Option Description
  ACS Instance License Configuration
  Version
  Displays the current version of the ACS software.
  ACS Instance
  Displays the name of the ACS instance, either primary or secondary.
  License Type
  Specifies the license type.
  Use this link to obtain a valid License File
  Directs you to Cisco.com to purchase a valid license file from a Cisco representative.
  License Location
  License File
  Click Browse to navigate to the directory that contains the license file and select it.
  For more information you can go to the below link
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/admin_config.html#wp1053145