Power Over ethernet on Cisco switches - why??

I administer 3 servers (two g4 towers and one xserve attached to an XCraid) and 50 Macintosh workstations in an agency/production group within a fairly large company (2000+). Like most major companies the majority of the computer and servers are Windows based (specifically DELL) with CISCO switches.
I ran into a problem today where a switch was updated the "OS of the swithc" without my knowledge by our Infrastructure group. This resulted in a very high latency problem when pulling files from our Apple servers. After some digging we determined that the feature "Power Over Ethernet" had been disabled when they updated the switch's OS. Once we enabled PoE back on those ports, it was back to business.
My question here is, why does this feature have to be enabled? All DELL servers reconnected without a hitch. I hear PoE is only really resevered for VoiP devices and such. What is it with Apple servers that need this feature turned on?
Look forward to hear from you all.
Xserver, Xraid, G5, etc Mac OS X (10.4.6)

I can confirm that portfast makes a huge difference, as the autonegotiation between the switch and the client is performed inside of about 2 seconds, rather than the standard thrash-around period of about 40 seconds that some ethernet devices can use to determine line speed and simplex / duplex operation.
Turn on portfast on any switch ports that you don't plan on using for trunking / uplinking. When you do this, it tells the switch that there isn't a managed switch / router downstream, so it doesn't need to try to negotiate routing protocols and whatnot - it greatly speeds up the autonegotiation process.
Also, on some Cisco switches (We found it on a Cisco Catalyst 4006) if you lock the port to a specific operating speed / mode (e.g. 100Mbps / full duplex), the Mac doesn't like it nearly as much as if you leave it to autonegotiation. We were having the exact same issue the OP is seeing (limited bandwidth, massive CRC error count) until we put it back to auto and enabled portfast, and then we got the performance we expected, without recurrence of the issue.

Similar Messages

1300 Series Access Point/Bridge Power Injector - Using power over ethernet

Can I use power over ethernet to supply the Injector with power?

Hi Mikael,
Sorry, this will not work. Have a look at these specs;
1300 Series Power
Power
The access point/bridge receives inline power from the Cisco Aironet Power Injector (hereafter called the power injector). Dual-coax cables are used to provide Ethernet data and power from the power injector to the access point/bridge. The power injector is an external unit designed for operation in a sheltered environment, such as inside a building or vehicle. The power injector also functions as an Ethernet repeater by connecting to a Category 5 LAN backbone and using the dual-coax cable interface to the access point/bridge.
The power injector is available in two models:
Cisco Aironet Power Injector LR2 standard version (included with the access point/bridge)
48-VDC input power
Uses the 48-VDC power module (included with the access point/bridge)
Cisco Aironet Power Injector LR2T optional transportation version
12- to 40-VDC input power
Note The power injector and the power module must not be placed in an outdoor unprotected environment. The power module must not be placed in a building's environmental air space, such as above a suspended ceiling.
http://www.cisco.com/en/US/products/ps5861/products_installation_guide_chapter09186a008079b93b.html#wp1051840
Dual coaxial cable to run from the power injector to the 1300. See attached notes:
Cisco Aironet 1300 Series
Cisco Aironet 1300 Series Access Point/Bridge Power Injector
The Cisco Aironet 1300 Series Outdoor Access Point/Bridge Power Injector,converts the standard 10/100 BaseT Ethernet interface that is suitable for weather protected areas to a dual F-Type connector interface for coax cables that are more suitable for harsh outdoor environments. The Power Injector also provides power to the outdoor unit over the same cables with a power discover feature and surge protection. To support longer cable runs from your wireless network switch or router, the Power Injector LR is designed to accommodate up to a 100 meter coaxial cable run plus 100 meters of indoor cat5 cable?enabling total cable runs up to 200 meters. The Cisco Aironet 1300 Series Outdoor Access Point/Bridge ships with the Power Injector LR2 and an AC power supply.
From this link:
http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a008022551d.html
Cisco Aironet 1300 Series Outdoor Access Point/Bridge Hardware Installation Guide
Ethernet Ports
The access point/bridge dual-coax Ethernet ports consists of a pair of 75-ohm F-type connectors, linking the unit to your 100BASE-T Ethernet LAN through the power injector. The dual-coax cables are used to send and receive Ethernet data and to supply inline 48-VDC power from the power injector to the access point/bridge.
From this link:
http://www.cisco.com/en/US/products/ps5861/products_installation_guide_book09186a00804d3095.html
AIR-PWRINJ-BLR2
F-Type Connectors
Dual coaxial cable carries full-duplex Ethernet, DC power, and full-duplex console port (RS-232 connection)
From this link:
http://www.cisco.com/en/US/products/ps5861/products_data_sheet09186a00802252e1.html
Hope this helps!
Rob

Aironet 1100 / 802.3af Power Over Ethernet (POE) Support

I was under the impression that the Aironet 1100 supports 802.3af POE. I purchased a NetGear FS108P POE switch, however, when I plug in the 1100, it does not receive any power.
I have seen references in the documentation to a Cisco inline power injector and a Cisco Catalyst switch that can provide POE to the 1100 and maybe they will work, however, will the 1100 only work with those devices?? If so, it would seem that the 1100 really doesn't support the 802.3af standard and that Cisco's implementation of POE is proprietary.
Any input would be appreciated.
Thanks,
Michael

Hi Michael,
As you have discovered (unfortunately) is that the 1100 only supports Cisco Pre-standard PoE :( Have a look;
Single 802.11g radio offering 54 Mbps of capacity
2.4 GHz integrated diversity dipole antennas
Available in an autonomous version only
16 MB of memory with 8 MB of storage
Operating temperature range of 32 to 104?F (0 to 40?C)
**Inline power support (Cisco pre-standard)**
From this doc;
http://www.cisco.com/en/US/products/hw/wireless/ps4570/prod_brochure0900aecd8035a015.html
The good news is that either of the options you listed will work just fine. I would go for the power injector probably just for neatness sake.
POWERING OPTIONS
The Cisco Aironet 1100 Series can be powered either locally using the AC-DC power adapter, or over the Ethernet cable when coupled with a device capable of delivering in-line power, such as an in-line power-capable Cisco Catalyst? switch, Catalyst in-line power patch panel, or Cisco Aironet Power Injector.
The AC-DC power adapter is included with the access point and can also be ordered as a spare part. The Cisco Aironet Power Injector can either be configured to the order or can be ordered separately.
You can use either;
AIR-PWR-A= Cisco Aironet Power Supply-Input 110-240VAC, Output 48VDC, 380 mA-for 1100 and 1200 Series
AIR-PWRINJ3= Cisco Aironet Power Injector for the 1100 and 1200 Series Access Points
From this doc;
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_data_sheet0900aecd8045690f.html
Hope this helps! And good luck!
Rob
Please remember to rate helpful posts.....

How to get info over snmp on cisco switch whether native vlan on a port is tagged or not?

Hi!
I want to know which oid(s) should I query to know whether native vlan on trunk port on cisco switch is tagged or not?
I am querying the oid .1.3.6.1.4.1.9.9.46.1.6.3.0 (vlanTrunkPortsDot1qTag) on cisco 3560 (E Series) and I am getting global value. Also, this OID is showing as deprecated. So I query .1.3.6.1.4.1.9.9.246.1.6 (cltcDot1qAllTagged) and its subtree, but no value is returned.
Switch Version is
Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 12.2(50)SE2

Keep in mind that DHCP is a broadcast packet to start. So the AP can only listen in the subnet that it has an IP address for.
Now, for any other subnet you can use the AP for DHCP but you have to have an IP helper address on your L3 pointing back to the AP.
That being said, I wouldn't use the DHCP server on the AP as it is limited. You'd be better off using a Microsoft server or some other device that is designed for DHCP.
HTH,
Steve

Power over ethernet for AIR-BR1310G

Hello
i have AIR-BR1310G that came with its proper power injector AIR-PWRINJ-BLR2 can this power injector be feed using a POE switch or do i have to use the 48v power adapter
regards
Elie

ELie: no PoE. You can only use power supply to operate the bridge.
HTH
Amjad
Sent from Cisco Technical Support iPad App

Power Redundancy problem for cisco 3750 stack switches

Hi Team,
I have installed and configured cisco 3750X series switches in stackwise. Those are having dual power supply.
Power redundancy test performed:
1. Removed one of the power supply and inserted it back.
2. once the first power supply is ready, removed another power supply and switch got rebooted.
please find the below stack-power output:
JP2-RDC-DIS-02#sh stack-power detail
Power Stack           Stack   Stack    Total   Rsvd    Alloc   Unused Num Num
Name                  Mode    Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW   PS
Powerstack-2          SP-PS   Stndaln 700     477     223     0       1    2
Powerstack-1          SP-PS   Stndaln 700     477     223     0       1    2
Power stack name: Powerstack-2
    Stack mode: Power sharing
    Stack topology: Standalone
    Switch 2:
        Power budget: 223
        Power allocated: 223
        Low port priority value: 22
        High port priority value: 13
        Switch priority value: 4
        Port 1 status: Not connected
        Port 2 status: Not connected
        Neighbor on port 1: 0000.0000.0000
        Neighbor on port 2: 0000.0000.0000
Power stack name: Powerstack-1
    Stack mode: Power sharing
    Stack topology: Standalone
    Switch 1:
        Power budget: 223
        Power allocated: 223
        Low port priority value: 22
        High port priority value: 13
        Switch priority value: 4
        Port 1 status: Not connected
        Port 2 status: Not connected
        Neighbor on port 1: 0000.0000.0000
        Neighbor on port 2: 0000.0000.0000
Can anyone help what went wrong here?
Thanks
Manish

Cosmetic bug
CSCui21029    3750X Stack no standalone stays in running configureation as standalone
Symptom:
When you are configuring a 3750x stack and initially putting it into a stack ring topology by configuring the following.
Switch(config)#stack-power switch 1
Switch(config-switch-stackpower)#sta
Switch(config-switch-stackpower)#no stan
Switch(config-switch-stackpower)#no standalone
You will see that in the running configuration it shows up as standalone mode
stack-power switch 1
switch mode: standalone
stack-power switch 2
switch mode: standalone
Conditions:
3750X stacks with any license level
Workaround:
none

Which CISCO switch supports SFP, SFP+ and 10G ethernet ports

I would like to have information about a CISCO switch which can support fiber ports SFP(1g) and SFP+(10g) and copper 1g and 10g ethernet ports. And will it also software upgradable to support L3 protocols ?

You can choose from the Cisco 3560-E, 4900, 4500, and 6500 series switches. That's in order of capability (and cost!), from least to greatest.
The 3560-E and 4900 series are fixed chassis systems (the 4900M is semi-modular) while the 4500 and 6500 series are completely modular - buy the chassis and populate it according to your requirements.
In addition to the references cited above, also refer to the Cisco Products Quick Reference Guide (CPQRG), available at http://www.cisco.com/en/US/prod/qrg/index.html
Hope this helps. Please rate this post if it does.

Any one ever worked on 6500 series Cisco switches QOS or 6503 or 6524 QOS(Urgent help needed)

Hi All,
I am having issue specifally doing QOS configuration on 6503 or 6524 or 6509 switches. I am unable to match any EF(voice) traffic for eompls(vlan based) on 6503 cisco switch. If i use any other router as 2811 or 2821 my QOS configuration works perfect but if i put 6503 as PE2 it does not work.i am using vlan based eompls.
Below is the scenario & configuration which i am having issue.
CE1(2821 router)(dot1Q)--------->PE1(2821 router)------->P(6524 switch)-------->PE2(6503 switch)------->(dot1Q)(2821 switch)CE2.
On CE1 i can match ip-precedence 5 traffic and mark that traffic to cos5 on outbound port.On PE1 i can match cos5 packet and mark with mpls exp top5 on inbound port, on outbound port i can match mpls exp 5.
On PE2(6503) i am unable to match that mpls exp5 packet on inbound port. none of the configuration worked on 6500 series switches with mls qos, ,mls qos trust dscp,mls qos trust cos etc. Although i can match cos5 traffic on CE2 on inbound interface.i can not match mpls exp 5 traffic on 6503 and all i can see traffic as default-class on 6503 switch. I tried many things and many configurations on 6503 but nothing worked.If i put 2821 router as PE2 instead of 6503 my qos configuration works. but why if i put 6503 my same qos configuration does not work?
---match means=classification or classify
Can anyone tell me how qos works on 6500 series switches or where i am having issue in my scenario.
i am using this ios on 6503: s72033-advipservicesk9_wan-mz.122-33.SXI3.bin.
below r my questions for 6503 qos:
1.do i need to use some other map tables,am i using correct map tables on 6503 as cos-dscp,dscp-cos,exp-dscp etc.
2.any other configutaion of qos needed on 6503?
3.i am unable to match anything on outbound port of 6503.
4.on 6503 i am using sup720 and PFC3BXL.any specific configuration needed for PFC3bxl.
5. 6503 not allowing me to match qos-group on inbound interface, not allowing me to set cos5 on outbound interface. not allowing me to set cos5 as an inbound interface.
CE1(2821) config:
class-map match-any EF
match ip precedence 5
class-map match-any data
match ip precedence 3
policy-map ip2mpls
class EF
set cos 5
class data
set cos 3
interface FastEthernet0/0
no ip address
duplex auto
speed auto
interface FastEthernet0/0.455
encapsulation dot1Q 455
ip address 172.16.15.1 255.255.255.252
service-policy output EF
PE1(2821) config:
mls qos map cos-dscp 0 8 16 24 32 40 48 56
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all mpls_exp
match mpls experimental topmost 5
class-map match-any cos3
match cos 3
class-map match-any LOO1
match cos 5
policy-map EF
class LOO1
set mpls experimental imposition 5
class cos3
set mpls experimental imposition 3
policy-map QOS_G_5
class mpls_exp
priority
class exp_3
bandwidth 500
interface Loopback0
ip address 3.3.3.3 255.255.255.255
interface FastEthernet0/0
ip address 192.168.23.2 255.255.255.0
ip ospf network point-to-point
duplex auto
speed auto
mpls ip
service-policy output QOS_G_5
interface FastEthernet0/1.455
encapsulation dot1Q 455
xconnect 5.5.5.5 455 encapsulation mpls
service-policy input EF
PE2(6503 qos):
R1#show module
Mod Ports Card Type Model Serial No.
1 4 CEF720 4 port 10-Gigabit Ethernet WS-X6704-10GE SAL09401U2L
2 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL114247YN
3 16 16 port 1000mb GBIC ethernet WS-X6416-GBIC SAL0712AM69
4 24 CEF720 24 port 1000mb SFP WS-X6724-SFP SAL10019J4N
5 2 Supervisor Engine 720 (Hot) WS-SUP720-3BXL SAD102805VM
6 2 Supervisor Engine 720 (Active) WS-SUP720-BASE SAD0846060F
Mod Sub-Module Model Serial Hw Status
1 Distributed Forwarding Card WS-F6700-DFC3BXL SAD102504EF 5.3 Ok
2 Centralized Forwarding Card WS-F6700-CFC SAD111300PD 3.1 Ok
4 Centralized Forwarding Card WS-F6700-CFC SAL1004BQ2A 2.0 Ok
5 Policy Feature Card 3 WS-F6K-PFC3BXL SAD10270189 1.8 Ok
5 MSFC3 Daughterboard WS-SUP720 SAD102801G5 2.5 Ok
6 Policy Feature Card 3 WS-F6K-PFC3BXL SAL1415FE95 1.11 Ok
6 MSFC3 Daughterboard WS-SUP720 SAD08440794 2.4 Ok
R1#show mls qos maps
Normal Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 01 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 01 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Maximum Burst Policed-dscp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 01 02 03 04 05 06 07 08 09
1 : 10 11 12 13 14 15 16 17 18 19
2 : 20 21 22 23 24 25 26 27 28 29
3 : 30 31 32 33 34 35 36 37 38 39
4 : 40 41 42 43 44 45 46 47 48 49
5 : 50 51 52 53 54 55 56 57 58 59
6 : 60 61 62 63
Dscp-cos map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Dscp-exp map: (dscp= d1d2)
d1 : d2 0 1 2 3 4 5 6 7 8 9
0 : 00 00 00 00 00 00 00 00 01 01
1 : 01 01 01 01 01 01 02 02 02 02
2 : 02 02 02 02 03 03 03 03 03 03
3 : 03 03 04 04 04 04 04 04 04 04
4 : 05 05 05 05 05 05 05 05 06 06
5 : 06 06 06 06 06 06 07 07 07 07
6 : 07 07 07 07
Cos-dscp map:
cos: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
IpPrecedence-dscp map:
ipprec: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 8 16 24 32 40 48 56
mls netflow interface
mls qos map cos-dscp 0 10 18 24 34 46 48 56
mls qos
class-map match-all exp_3
match mpls experimental topmost 3
class-map match-all EXP_5
match mpls experimental topmost 5
class-map match-all QOS_GROUP_5
match qos-group 5
class-map match-all prec5
match ip precedence 5
class-map match-all cos5
match cos 5
policy-map mpls2ip
class QOS_GROUP_5
set cos 5
policy-map IN_FROM_R3
class EXP_5
set qos-group 5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
interface GigabitEthernet2/2
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
interface GigabitEthernet2/2.455
encapsulation dot1Q 455
xconnect 3.3.3.3 455 encapsulation mpls
service-policy output mpls2ip
interface GigabitEthernet2/1
ip address 192.168.34.4 255.255.255.0
ip ospf network point-to-point
mls qos trust cos
or <------------ (tried both individually but none worked)
mls qos trust dscp
mpls ip
service-policy input IN_FROM_R4
Thanks & regards,
Ahsan Rasheed

Hi All,.
I am still having issue on 6503 or 6524 Cisco Switch.
" Can any one give me any sample of 6524 or 6503 QOS working configuration, i would be really thankful "
As i have mentioned in my prevoius post of configuration of 6503. I am unable to match mpls exp 5 packet on 6503. My qos configuration on PE1(2811 router) is working perfectly. I am unable to classify mpls ex5 or mpls exp3 on 6503 switch. Am i missing something on configuration?
PE2 config:"6503 switch"
class-map match-all mpls_exp
match mpls experimental topmost 5
policy-map EF
class mpls_exp
R!#mls qos
int Gi2/4
service-policy input EF
mls qos trust cos
dscp: 0 10 18 24 34 46 48 56
Exp-dscp map:
exp: 0 1 2 3 4 5 6 7
dscp: 0 10 18 24 34 46 48 56
Thanks,
Ahsan Rasheed

Itunes over ethernet?

I have a Mac Pro in my upstairs office and it is connected to the home network by an Ethernet hardwire. The router is a Netgear model.
I also have a Windows laptop connected to the network in the family room via WiFi.
Is there a way for me to use the Laptop to control the iTunes library on the Mac Pro and have the audio play through my home theater in the family room? The Home Theater has access to the hardwire Ethernet and I would prefer a solution that uses the hardwire NOT WiFi....
Thanks,
Pete D.

Why are there ethernet ports on both the aiport and the aiport express
So you can plug ethernet devices into them.
In order to do audio over ethernet, you have to convert the audio to packetized data which would then have to be converted back to audio at the far end and fed to an amp.
You would get a customized system installed to play audio/video over CAT5 ethernet.
Or use wifi which should work anywhere in the house unless you have a lot of wiring in the walls, shielding the signals.
You don't simply play regular analog audio thru an ethernet wire though it would be possible. If so, it would not be used for ethernet connection.
Keep in mind that a CAT5 cable in the wall is not ethernet. Ethernet is a communications protocol that typically uses CAT5 cabling between devices (routers and switches).
A bit about AoE-> Audio over Ethernett

Using FCoE connection to non Cisco switches

Hello,
does anyone know what port configuration needs to be configured on a Nexus switch that is connected to say Brocade switch or any other vendor that supports FCoE. I have created VLAN to VSAN mapping, i assume next step is to create a vfc device ? Since this is not connection to an initiator or a target but another FCoE capable switch, how do i need to configure this vfc ? Any tips ?
Thanks

Hi,
Looks like from the document that you referenced that this switch runs in NPV mode for FCoE:
FCoE features
Fibre Channel over Ethernet (FCoE*)
FIP & FCoE packets are all forwarded when DCB is configured
* FCoE frames as defined by T11 Committee
So, I would configure the Cisco Nexus switch for FCoE and NPIV
Configure the Nexus 5000 for FCoE and NPIV
There are several procedures that are required in order to configure the Nexus 5000 for FCoE and NPIV:
    Enable Feature FCoE
    Enable N Port Identifier Virtualization (NPIV) on the Nexus 5000
    Enable Nexus 5000 Quality of Service (QoS) for FCoE
    Enable Link Layer Discovery Protocol (LLDP)
    Configure VLAN
    Configure VSAN
    Map the VLAN to VSAN
Example:
feature lldp
feature fcoe
feature npiv
interface vfc130
bind interface Ethernet1/30
switchport mode F
no shutdown
interface Ethernet1/30
switchport mode trunk
switchport trunk allowed vlan 1,100
spanning-tree port type edge trunk
vsan database
vsan 100 interface vfc130
vlan 100
fcoe vsan 100
Example of QOS:
system qos
service-policy type qos input fcoe-default-in-policy
service-policy type queuing input fcoe-default-in-policy
service-policy type queuing output fcoe-default-out-policy
service-policy type network-qos fcoe-default-nq-policy
Best regards,
Jim

Non Cisco Switches

Dear ALL,
I am an IT Potfessional, Doing Network + . I have a questions:
1) Do Non Cisco Switches have Access and Trunk ports. What i mean is do non cisco switches distinguish between ethernet prots as trunk and access.
2) Do we need Cross talk cable for Connectine two non cisco switches preferably D-Link . Also How to interconnect a Cisco switch wioth non cisco switch.
Regards
Haseeb

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
As Daniel noted "decent" switches, i.e. manageable and supporting VLANs, will generally support VLAN tagging ports using the 801.2q standard. (NB: this standard allows VLAN tagging between different vendors.) Switches that support VLANs will distinguish between untagged (edge) ports (e.g. Cisco access) and the tagged ports (e.g. a Cisco trunk), but as Daniel also noted, their terminology might be different.
As Leo noted, many switches offer auto MDI/MDI-X. Surprisingly, this feature was often seen on unmanageable switches before it was seen on manageable switches. Also on older unmanageable switches, you might find a pair of physical ports that are the same logical port, one wired MDI and other wired MDI-X or you might find some button to change one port's MDI to/from MDI-X. Such "special" ports are often the "uplink" port. (NB: the purpose of the "uplink" port was to allow connecting it to another switch whether you had a straight through or cross over cable.)
If you do have a switch supporting auto MDI/MDI-X, or one with the earlier physical MDI/MDI-X options, you only need one switch, not both with such a feature, to support either a straight through or cross over cable. Of course, both switches might have such an option, which is fine too. Only if both switches are "hard wired", you'll need a cross over cable for a switch to switch connection.

AP1252AG Power Injector - Ethernet Failure Radios still UP

Hi All,
please can somebody help?
I was doing a simple test today with 2 AP's, both AP's are powered by Cisco Power Injectors. I was expecting that my client would simply switch association from one access point to another if I disconnected the ethernet cable of one AP (breaking the network connection). What I noticed was that the Radio's of the AP which has it's ethernet cable unplugged were still authenicating clients. i.e clients were authenticaing with radios of AP which has it ethernet interface down.
Please can somebody tell me whether there is a command that will cause the radios to shutdown in case of ethernet failure, thus forcing clients to try to find another AP
Regards

Hi,
Thanks for reading my post, I've found the command, which shuts down the radio if the ethernet goes down:
ap(config)#interface dot11Radio 0
ap(config-if)#station-role root fallback shutdown
ap(config-if)#end
ap#
ap#
ap#sh ip inter brie
Interface IP-Address OK? Method Status Protocol
BVI1 XXX.XXX.XXX.XX YES NVRAM up up
Dot11Radio0 unassigned YES NVRAM up up
Dot11Radio1 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES NVRAM up up
ap#
Unplug the Ethernet cable from Switch
*Mar 1 00:08:28.523: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to down
*Mar 1 00:08:28.527: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar 1 00:08:29.527: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Mar 1 00:08:30.527: %LINK-3-UPDOWN: Interface BVI1, changed state to down
*Mar 1 00:08:31.527: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to down
ap#
ap#sh ip inter brie
Interface IP-Address OK? Method Status Protocol
BVI1 XXX.XXX.XXX.XX YES NVRAM down down
Dot11Radio0 unassigned YES NVRAM reset down
Dot11Radio1 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES NVRAM up down
ap#
Plug Ethernet Cable back into Switch
*Mar 1 00:08:56.975: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed state to up
*Mar 1 00:08:56.983: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:08:57.979: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:08:58.983: %LINK-3-UPDOWN: Interface BVI1, changed state to up
*Mar 1 00:08:59.983: %LINEPROTO-5-UPDOWN: Line protocol on Interface BVI1, changed state to up
ap#sh ip inter brie
Interface IP-Address OK? Method Status Protocol
BVI1 XXX.XXX.XXX.XX YES NVRAM up up
Dot11Radio0 unassigned YES NVRAM up up
Dot11Radio1 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES NVRAM up up
ap#
This Works....
Regards

How do I set up multiple Airport Expresses to connect over ethernet for Airtunes only?

I am trying to set up an Airtunes network using an Airport Extreme and three Airport Expresses connected together via ethernet (CAT5 cable). At each Airport Express there will be a speaker setup. I don't need/want internet connectivity on the network, but not sure if it is required for setup or not. I have made this work over wifi, using the Expresses to extend the network, but struggling to get this to work over ethernet.
I would be verry grateful of a step-by-step method to setting this up! I am also looking to set up 6 airport expresses to do the same thing in another location.
Thanks in advance!

Thanks for the info.
I assume that the AirPort Extreme is setup and working at this point.
Work with one AirPort Express at a time to get them all configured, and then you can locate them where they will be needed.
AirPort Setup will configure the Express devices to "extend a wireless network" using Ethernet, so they will be broadcasting the same wireless signal as the AirPort Extreme and provide more wireless signal coverage as well.
I have yet to meet the first person who thought that they had too much wireless coverage, but you would have the option to turn off the wireless on the Express if you wanted. Most users like having extended wireless for their devices.
Temporarily, move an Express close to the AirPort Extreme
Connect a spare Ethernet cable from one of the LAN <-> ports on the Extreme to the WAN "O" port on the Express
Power up the Express for a few minutes
Hold in the reset button on the back of the Express for 10 seconds and release. Allow a full minute for the Express to restart to a slow, blinking amber light.
Click the Airport icon at the top of the Mac's screen and wait a few seconds for AirPort Express to appear just under the listing of New AirPort Base Station
Click directly on the AirPort Express
AirPort Setup will open up automatically and take a minute to analyze the network, then announce that the Express will be configured to extend the AirPort Extreme network.
Enter a device name that you want to use....example.....Express1.....and click Next
AirPort Setup will configure everything for you. Notice that the message will say that the Express is being set up to extend using Ethernet. When you see the message of setup complete, click Done.
Now you can move the Express to the remote location where it is needed, hook it up to the Ethernet connection there, power up the Express and set up AirTunes on the device.
AirTunes is enabled by default, to other than make the speaker connection, you won't have much to do on that.
Set up other Express devices the same way, except assign a different name to each device....example....Express2, Express3, etc.....to keep things organized.

Dynamic bandwidth selection for PPPoE over Ethernet/VLAN

Hello all, hope you are doing great.
I'm planning to deploy PPPoE Server (Cisco Router 7609) for a ISP. This ISP will provide Internet connection for customer over Ethernet.
I have to provide a solution to assign bandwidth to each customer by RADIUS and I find some clues that Dynamic Bandwidth Selection (DBS) should be the answer. Unfortunately, DBS only support PPPoA or PPPoE over ATM.
If you have any experience with equivalent function, please help me. Thank you very much.
Regards,
Hiep Nguyen.

Hiep,
I think I have figured this out. Here is the test config on my PPPoE server:
int lo1
ip address 172.25.25.25 255.255.255.255
ip radius source-interface Loopback1
aaa new-model
radius-server host 172.16.1.55 auth-port 1812 acct-port 1813 key cisco$$$
aaa group server radius RADIUS-ACT
server 172.16.1.55 auth-port 1812 acct-port 1813
aaa authentication login default group RADIUS-ACT local
aaa authorization exec default group RADIUS-ACT local
aaa accounting exec default start-stop group RADIUS-ACT
aaa accounting delay-start
aaa authentication ppp default if-needed group RADIUS-ACT local
aaa authorization network default group RADIUS-ACT local
aaa accounting network default start-stop group RADIUS-ACT
aaa accounting update periodic 5
bba-group pppoe global
virtual-template 1
interface fa0/1
pppoe enable group global
ip address 172.30.0.1 255.255.0.0
no shut
interface Virtual-Template1
mtu 1492
ip unnumbered FastEthernet0/1
peer default ip address pool GLOBALPOOL
ppp authentication chap
ip local pool GLOBALPOOL 172.30.0.2 172.30.127.255
policy-map POLICE-128K
class class-default
    police 128000
policy-map POLICE-512K
class class-default
    police 512000
Here are the attributes on the radius server, for a group the PPPoE customer belonged to:
Service-Type = Framed
Framed-Protocol = PPP
cisco-avpair="ip:sub-policy-In=POLICE-128K"
cisco-avpair+="ip:sub-policy-Out=POLICE-512K"
Here is the show policy-map on the virtual-access interface the client connected on:
sho policy-map int virtual-a 3
Virtual-Access3
Service-policy input: POLICE-128K
    Class-map: class-default (match-any)
      1000 packets, 1402000 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
      police:
          cir 128000 bps, bc 4000 bytes
        conformed 799 packets, 1120198 bytes; actions:
          transmit
        exceeded 201 packets, 281802 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps
Service-policy output: POLICE-512K
    Class-map: class-default (match-any)
      911 packets, 1137746 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any
      police:
          cir 512000 bps, bc 16000 bytes
        conformed 799 packets, 1136178 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps
I was able to generate enough traffic with ping to meet the exceed action in and have it drop packets.

NPS Discarding RADIUS request from Cisco switch (802.1x)

Last few weeks I've been busy to get the following to work:
- Cisco 2960 switch as the suppliant
- Another Cisco 2960 as the authenticator switch
- The supplicant is only able to send MS-EAP MS-ChapV2 requests
- The NPS server is Windows 2008 R2 (and also tested on 2012 R2)
This is called "NEAT" by Cisco; which does seem to work with Cisco ISE (http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116681-config-neat-cise-00.html)
but I'd like to get it to work with Windows NPS.
Within NPS I've setup the following Connection Request policy:
- NAS Port Type: Ethernet
I'm using the following Network Policy:
- User Group: DOMAIN\Switches (the useraccount used by the switch is part of this group)
- NAS Port Type: Ethernet
- Autehntcation Type: EAP
Now the request sent by the switch is discarded. The actual error is the following (excluded irrelevant information):
User:
Account Name: Rotterdam-Switch-8-1
Account Domain: DOMAIN
Authentication Details:
Connection Request Policy Name: Secure Wired Connections
Network Policy Name: Switches Allowed
Authentication Provider: Windows
Authentication Server: SERVER.DOMAIN.local
Authentication Type: EAP
EAP Type: -
Account Session Identifier: -
Reason Code: 1
Reason: An internal error occurred. Check the system event log for additional information.
Wireshark on the NPS server shows:
1. The RADIUS Access-Request (1) being received by the NPS Server
2. The NPS Server sending out a RADIUS Access-Challenge (11) to the authenticator switch
3. Another RADIUS Access-Request (1) is beging received by the NPS Server
Packet 2 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 1 (Challange)
Packet 3 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 2 (Response)
I've also tried the following:
- I've also tested with an invalid username/password. The request is correctly denied
- I've also tested by added ALL EAP Types as condition to the Network Policy. The request isn't pickup by this policy anymore.
Any help would be greatly appriciated ofcourse.
Kind regards,
Peter

It only took like.. uhm.. forever.. but there's an answer which is "OK ish..".
Cisco 2960 switches support EAP-MSCHAP; but it seems that NPS only supports EAP-MSCHAP for VPN Connections and not for Wired/Wirelss authentication. Something to do with inner and outer methods and NPS requireing PEAP as an outer method for Wired/Wirelss
authentication.
End result is that both the Cisco switches and NPS do support EAP-MD5. Though it's definitly not as secure (at all), it's definitly a step in the right direction and it's something that we'll be implementing.
Now it seems that NPS doesn't support EAP-MD5 (which is supposidly depricated), it's possible to re-enable it. Using the following articles.
http://support.microsoft.com/kb/922574/en-us
Microsft mentioned me that "Though this article says it applies to Windows Vista only, it does apply to Server 2008R2 as well. Also I would suggest you the following link:
http://support.microsoft.com/kb/981190"
Please note that you'll have to enable 'Store password using reversible encryption’ on the accounts that will be used for NEAT authentication.
All though I would have hoped EAP-MSCHAPv2 would work, I feel I do need to clarify that I understand Microsoft's point of view on this as well. They feel EAP methods without PEAP are simply not safe; which is understandable, espcially for EAP-MD5 which
could be sniffer using a hub/repeater/etc.
Kind regards,
Peter

Power Over ethernet on Cisco switches - why??

Similar Messages

Maybe you are looking for