Redundant Cisco Switches

Similar Messages

• Virtual IP for two redundant PCs in Cisco Switch

  Hi Team,
  We have redundant Computers connected to Switch . There is the third  system also connected to the switch.
  We want the two redundant PC ethernet to look like one for the third system. We want a virtual IP for the third System to get connected to any one of the  two PC’s.
  we have a Cisco Small business switch.Is that possible in this switch to create a virtual IP for redundancy ?
  which cisco switch supports this functionality ??
  Attached is the diagram of the setup.

  Hi,
  That is not possible with just a switch.  You need some sort of load balancer in front of the switch with a virtual VIP.  So when a packet comes from SCATA to PC1 and if PC1 is not available it will send it to PC2. A10 makes pretty good load balancers.
  http://www.a10networks.com/
  Is that what you are trying to do?
  HTH

• Redundant Multicast switching

  All, I have a customer with a L2 network with multiple VLANS and consisting of multiple access switches with two L2/L3 core switches.  Both core switches have a SVI for each vlan using HSRP to provde redundant Default Gateways.
  The main core switch is a Cisco 6500 (running 12.2(33)SXJ6) and the backup core switch is a Cisco 4500.
  One of the applications on this network is Multicast which needs the protection of the redundant core switches (this is for a critical public infrastruction and so requires the protection, if one switch fails the other must continue to support the service).
  I initially tried configuing "IP PIM DENSE-MODE" on the VLAN interfaces (one of the solutions as per Cisco doc #68131 which discribes a problem and solutions for configuring multicast on a L2 network) to make the switch act as a "mrouter".  When I configure pim on the applicatable vlan's on one (the main core) switch the multicast application/s work properly but when I then configure pim on the applicatable vlan's on the other (backup) switch igmp-snooping seems to fail and all interfaces on the vlan get the multicast traffic whether they have joined the group or not (effectively causing a DOS attack on the interfaces that haven't joined the group).
  Another solution from document #66131 is to enable the igmp querier feature on the L2 switches (and I assume, remove the IP PIM configuration).  This should make the switch act as a mrouter "proxy".
  I have also read the chapter (chaper 38) in the IOS configuraiton guide on "Configuring IGMP Snooping" which has a section on configuring redundant igmp snooping queriers.  I am thinking of trying the configuration this section is suggesting where I would remove the IP PIM and, instead, configure "ip igmp snooping querier" on the appropriate vlan interfaces on both switches.  Unfortunately I do not have a lab to test this out on and so am currently limited to trying this out on the actual network (scary!).
  So, my questions.  First, and in general, does anyone have any words of wisdom for me?  Two, if my network only has mrouter "proxies" only but no actual mrouter (as I believe will be the case if I am only using the "querier" configurations) will that cause any problems with the multicast applications?
  I am under some immediate pressure to solve this redundancy issue so any help would be greatly appreciated.

  Steve
  Can I have both IP PIM and the igmp querier configurations on the same (routed) VLAN interface?
  You don't need to. The IGMP querier function is only used when you don't have PIM enabled on the vlan interface. When you enable PIM on a L3 interface it then sends out IGMP queries and the switch listens to the responses with IGMP snooping so it can record the multicast mac address to the correct ports.  If you don't have PIM enabled, something still needs to make those IGMP queries otherwise the switch has nothing to listen for. So that is what the IGMP snooping querier does. So its one or the other. With PIM enabled you do not need the querier.
  To be honest i didnt understand a lot of what you said about your physical connectivity other than each switch sees the other switches via trunk links.
  So when you enable PIM on the 6500 only multicast works for all clients on all switches properly. When you enable it on both switches multicast is then flooded to all interfaces on both switches ?
  Cna you just clarify what you mean by all interfaces ie. do you mean all end devices on all the switches start seeing multicast traffic ?
  When you enabled PIM on the 4500 did you enable it on all L3 interfaces at the same time ?
  I am just trying to get a picture of which switches were affected and how they connect back to the core switches. Like i say i did not really follow your setup because i have no experience of that.  Is each access switch in effect connected to both core switches or do they only connect to one or the other ?
  Jon

• Connecting 300 IP Cameras using Cisco Switches

  Require help on a Case study. (Can only use Cisco switch)
  Description:
  This is a setup required for 300 security cameras.
  So availability and redundancy is important.
  I have calculate the bandwidth using [URL="http://www.jvsg.com/download/IPDesignToolSetup.zip"]this software[/URL].
  If each camera is set to 5MP and H.264-10, Bandwidth is 12.08Mbit
  So 300 cameras will require at least 3624.96Mbits in total.
  (correct me if i am wrong)
  Each NVR has 32 port.
  It will be just connecting within a LAN.
  Here is the brief 2 possible design I have draft out, but I am not sure which model and series of cisco switch to be use??
  Design 1:
  Design 2:
  Please advise which model and series can be used for this 2 two of design.

  Hello Chun,
  you need to accomodate 300 cameras and 32 ports for each network video recorder.
  data flows are from cameras to network video recorder ports.
  The amount of traffic per port at port connected to cameras is not huge and total traffic from cameras exceed GE links
  48 * 12,08 =       ?? in any case less then     < 1 Gbps
  You can deploy a hierarchical network design with an access layer made of switches with fixed configuration 48 ports and GE uplinks like a C3750 with 48 ports or  a 2960 with 48 ports (if it exists)
  Each access layer switch needs to have two uplinks to distribution switches
  And you need 300/48 switches => 7 switches     => 7 GE uplinks on each distribution switches
  Distribution switches should be two and should be able to connect to access layer switches and to NVR that requires 32 ports each.
  Different solutions are possible:
  instead od deploying 7 standalone switches with 48 ports each you could use two modular C4507 equipped with  WS-4548 48 10/100/1000 linecards
  the distribution switches can be two C3750 E, eventually configured and connected as a stack, to allow to use both uplinks of each access layer switch
  Hope to help
  Giuseppe

• Windows 7 LLDP and Cisco Switches

  Does Windows 7 support IEEE LLDP (not to be confused with MS LLTP). We have LLDP enabled on are Cisco Switches and want to be able to see are what ports the Windows 7 devices are connected to. Using the Cisco Show LLDP neighbors.

  Hi,
  I suggest you refer to the following article in MSDN blog:
  Link Layer Topology Discovery Protocol Specification
  http://msdn.microsoft.com/en-us/library/windows/hardware/gg463061.aspx
  Thanks,
  Vincent Wang
  TechNet Community Support

• Rrack mounting brackets for Cisco switch SF300-48P ?

  Does anyone know how to get rack mounting brackets for Cisco switch SF300-48P ?

  You might be able to get them through Cisco support.  Check this thread: https://supportforums.cisco.com/discussion/11201291/sf-300-series-rack-mount-brackets

• Has anyone develped an EM plug-in for Cisco switches or routers

  Folks,
  Has anyone develped an EM plug-in for Cisco switches or routers? Please reply to this thread if you have developed one and would like to share your experience in developing this plug-in?
  Thanks,

  It's probably not the conversion from CMYK to RGB that's causing the problem, but color profile (ICC) embedding in Photoshop. Fireworks doesn't read color profiles. You might be able to create an action to remove the color profile in Photoshop and then batch process the images with it.

• NPS Discarding RADIUS request from Cisco switch (802.1x)

  Last few weeks I've been busy to get the following to work:
  - Cisco 2960 switch as the suppliant
  - Another Cisco 2960 as the authenticator switch
  - The supplicant is only able to send MS-EAP MS-ChapV2 requests
  - The NPS server is Windows 2008 R2 (and also tested on 2012 R2)
  This is called "NEAT" by Cisco; which does seem to work with Cisco ISE (http://www.cisco.com/c/en/us/support/docs/lan-switching/8021x/116681-config-neat-cise-00.html)
  but I'd like to get it to work with Windows NPS.
  Within NPS I've setup the following Connection Request policy:
  - NAS Port Type: Ethernet
  I'm using the following Network Policy:
  - User Group: DOMAIN\Switches (the useraccount used by the switch is part of this group)
  - NAS Port Type: Ethernet
  - Autehntcation Type: EAP
  Now the request sent by the switch is discarded. The actual error is the following (excluded irrelevant information):
  User:
  Account Name: Rotterdam-Switch-8-1
  Account Domain: DOMAIN
  Authentication Details:
  Connection Request Policy Name: Secure Wired Connections
  Network Policy Name: Switches Allowed
  Authentication Provider: Windows
  Authentication Server: SERVER.DOMAIN.local
  Authentication Type: EAP
  EAP Type: -
  Account Session Identifier: -
  Reason Code: 1
  Reason: An internal error occurred. Check the system event log for additional information.
  Wireshark on the NPS server shows:
  1. The RADIUS Access-Request (1) being received by the NPS Server
  2. The NPS Server sending out a RADIUS Access-Challenge (11) to the authenticator switch
  3. Another RADIUS Access-Request (1) is beging received by the NPS Server
  Packet 2 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 1 (Challange)
  Packet 3 has an t=EAP-Message(79) with type MS-EAP-Authentication [Palekar](26) and MS-CHAPv2-ID set to 2 and OpCode 2 (Response)
  I've also tried the following:
  - I've also tested with an invalid username/password. The request is correctly denied
  - I've also tested by added ALL EAP Types as condition to the Network Policy. The request isn't pickup by this policy anymore.
  Any help would be greatly appriciated ofcourse.
  Kind regards,
  Peter

  It only took like.. uhm.. forever.. but there's an answer which is "OK ish..".
  Cisco 2960 switches support EAP-MSCHAP; but it seems that NPS only supports EAP-MSCHAP for VPN Connections and not for Wired/Wirelss authentication. Something to do with inner and outer methods and NPS requireing PEAP as an outer method for Wired/Wirelss
  authentication.
  End result is that both the Cisco switches and NPS do support EAP-MD5. Though it's definitly not as secure (at all), it's definitly a step in the right direction and it's something that we'll be implementing.
  Now it seems that NPS doesn't support EAP-MD5 (which is supposidly depricated), it's possible to re-enable it. Using the following articles.
  http://support.microsoft.com/kb/922574/en-us
  Microsft mentioned me that "Though this article says it applies to Windows Vista only, it does apply to Server 2008R2 as well. Also I would suggest you the following link:
  http://support.microsoft.com/kb/981190"
  Please note that you'll have to enable 'Store password using reversible encryption’  on the accounts that will be used for NEAT authentication.
  All though I would have hoped EAP-MSCHAPv2 would work, I feel I do need to clarify that I understand Microsoft's point of view on this as well. They feel EAP methods without PEAP are simply not safe; which is understandable, espcially for EAP-MD5 which
  could be sniffer using a hub/repeater/etc.
  Kind regards,
  Peter

• DACL does not get downloaded to Cisco Switch from ISE

  Hello,
  I have a cisco switch with ios: c3550-ipbasek9-mz.122-44.SE6.bin
  I am trying to push dACL fro my ISE device into the switch, but it is not getting applied to switch.   dynamic vlan assignment workds fine, but dACL doesnot apply
  Any instruction plz?

  Hi Jatin,
  ISE is properly configured for dACL,   i think there is some compatibility issue on cisco switch ios.
  following is the debug output>>
  06:36:43: dot1x-packet:Received an EAP packet on interface FastEthernet0/11
  06:36:43: EAPOL pak dump rx
  06:36:43: EAPOL Version: 0x1  type: 0x0  length: 0x0006
  06:36:43: dot1x-packet:Received an EAP packet on the FastEthernet0/11 from mac 0019.b981.e812
  06:36:43: dot1x-sm:Posting EAPOL_EAP on Client=1D68028
  06:36:43:     dot1x_auth_bend Fa0/11: during state auth_bend_request, got event 6(eapolEap)
  06:36:43: @@@ dot1x_auth_bend Fa0/11: auth_bend_request -> auth_bend_response
  06:36:43: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_enter called
  06:36:43: dot1x-ev:dot1x_sendRespToServer: Response sent to the server from 0019.b981.e812
  06:36:43: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_request_response_action called
  06:36:43: RADIUS/ENCODE(00000049):Orig. component type = DOT1X
  06:36:43: RADIUS(00000049): Config NAS IP: 192.168.2.250
  06:36:43: RADIUS/ENCODE(00000049): acct_session_id: 73
  06:36:43: RADIUS(00000049): sending
  06:36:43: RADIUS(00000049): Send Access-Request to 192.168.2.231:1812 id 1645/99, len 267
  06:36:43: RADIUS:  authenticator 5B 61 1D 64 D3 D5 9F AD - 23 E0 11 11 B3 C3 5C 81
  06:36:43: RADIUS:  User-Name           [1]   6   "test"
  06:36:43: RADIUS:  Service-Type        [6]   6   Framed                    [2]
  06:36:43: RADIUS:  Framed-MTU          [12]  6   1500
  06:36:43: RADIUS:  Called-Station-Id   [30]  19  "00-11-5C-6E-5E-0B"
  06:36:43: RADIUS:  Calling-Station-Id  [31]  19  "00-19-B9-81-E8-12"
  06:36:43: RADIUS:  EAP-Message         [79]  8
  06:36:43: RADIUS:   02 7A 00 06 0D 00                 [ z]
  06:36:43: RADIUS:  Message-Authenticato[80]  18
  06:36:43: RADIUS:   A6 AB 5A CA ED B8 B4 1E 36 00 9D AB 1A F6 B9 E0                [ Z6]
  06:36:43: RADIUS:  Vendor, Cisco       [26]  49
  06:36:43: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A802FA0000006F016B36D8"
  06:36:43: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
  06:36:43: RADIUS:  NAS-Port            [5]   6   50011
  06:36:43: RADIUS:  NAS-Port-Id         [87]  18  "FastEthernet0/11"
  06:36:43: RADIUS:  State               [24]  80
  06:36:43: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43  [37CPMSessionID=C]
  06:36:43: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30  [0A802FA0000006F0]
  06:36:43: RADIUS:   31 36 42 33 36 44 38 3B 33 35 53 65 73 73 69 6F  [16B36D8;35Sessio]
  06:36:43: RADIUS:   6E 49 44 3D 69 73 65 2D 73 65 72 76 65 72 2D 31  [nID=ise-server-1]
  06:36:43: RADIUS:   2F 31 37 31 30 32 35 39 38 38 2F 32 34 3B    [ /171025988/24;]
  06:36:43: RADIUS:  NAS-IP-Address      [4]   6   192.168.2.250
  06:36:43: %LINK-3-UPDOWN: Interface FastEthernet0/11, changed state to up
  06:36:43: RADIUS: Received from id 1645/99 192.168.2.231:1812, Access-Challenge, len 1134
  06:36:43: RADIUS:  authenticator 78 36 A3 38 30 1C F0 7A - 19 83 93 81 B4 6B FF 9E
  06:36:43: RADIUS:  State               [24]  80
  06:36:43: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43  [37CPMSessionID=C]
  06:36:43: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30  [0A802FA0000006F0]
  06:36:43: RADIUS:   31 36 42 33 36 44 38 3B 33 35 53 65 73 73 69 6F  [16B36D8;35Sessio]
  06:36:43: RADIUS:   6E 49 44 3D 69 73 65 2D 73 65 72 76 65 72 2D 31  [nID=ise-server-1]
  06:36:43: RADIUS:   2F 31 37 31 30 32 35 39 38 38 2F 32 34 3B    [ /171025988/24;]
  06:36:43: RADIUS:  EAP-Message         [79]  255
  06:36:43: RADIUS:   4D 5D 13 47 FC 46 16 EE 62 76 40 09 77 48 31 B6 01 6B 5E 52 33 56 A2 1E 34  [M]GFbv@wH1k^R3V4]
  06:36:43: RADIUS:   02 32 39 FA 4D CA 79 18 4A 42 A2 4E 5C BD AE 29 D2 3D D1 5A FC C2 ED 3E E5 FB C6 B8 D8 DE A8 75 EB 3A A5 7D 02 03 01 00 01 A3 81 CD 30  [29MyJBN\)=Z>u:}0]
  06:36:43: RADIUS:   81 CA 30 0B 06 03 55 1D 0F 04 04 03 02 01 86 30 0F 06 03 55 1D 13 01 01 FF 04 05 30 03 01 01 FF 30 1D 06 03 55 1D 0E 04 16 04 14 C4 56 80 A7 C9 18 50 92 EE CC 91 D4 E1 EC DB AD E7 1E 70 A8 30 79 06 03 55 1D 1F 04 72 30 70  [0U0U00UVPp0yUr0p]
  06:36:43: RADIUS:   30 6E A0 6C A0 6A 86 32 68 74 74 70 3A 2F 2F 73 79 73 6C  [0nlj2http://sysl]
  06:36:43: RADIUS:   6F 67 2D 73 65 72 76 65 72 2F 43 65 72 74 45 6E  [og-server/CertEn]
  06:36:43: RADIUS:   72 6F 6C 6C 2F 46 4D 46 42 5F 54 72 75 73 74 65  [roll/FMFB_Truste]
  06:36:43: RADIUS:   64 43 41 2E 63 72 6C 86 34 66 69 6C 65 3A 2F 2F 5C  [dCA.crl4file://\]
  06:36:43: RADIUS:   5C 73 79 73 6C 6F 67 2D 73 65 72 76 65 72 5C 43  [\syslog-server\C]
  06:36:43: RADIUS:   65 72 74 45 6E 72 6F 6C 6C 5C 46 4D 46 42 5F 54  [ertEnroll\FMFB_T]
  06:36:43: RADIUS:   72 75 73 74 65 64 43 41 2E         [ rustedCA.]
  06:36:43: RADIUS:  EAP-Message         [79]  251
  06:36:43: RADIUS:   63 72 6C 30 10 06 09 2B 06 01 04 01 82 37 15 01 04 03 02 01 00 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 82 01 01 00 63 BA F8 CE D5 8B 0E 94 77 AE 86 6C 37 AB 2F 36 9A B2 85 D5 4A  [crl0+70*Hcwl7/6J]
  06:36:43: RADIUS:   74 8C 33 F5 93 06 A6 57 8D 39 56 8F 02 08 97 CB C6 08 70 8C 22 1E 5D 1F A8 26 6D 60 1F 05 62 D1 24 AB 03 8C 41 F8 1C F1 F8 C2 87 8B 97 02 71 FC 6A  [t3W9Vp"]&m`b$Aqj]
  06:36:43: RADIUS:   EB 12 FC DD 8C 5C 9C 2D AF D2 C4 1C 18 1B 40 BE 78 B0 54 55 59 89 03 1B B7 FB 91 85 EE CA C0 18 1C 78 5D 4D BA FA 9E 44 D3 45 53 A3 BE 46 8A FB 81 BD F1 4C B3 3B  [\-@xTUYx]MDESFL;]
  06:36:43: RADIUS:   D6 66 7E 5B 79 9F 83 53 5E 49 92 B5 7F E5 1A E2 86 8C 83 96 7D 75 A5 1D 08 4E 32 C3 5E EC BF 28 53 EC 53 8A C3 E0 36  [f~[yS^I}uN2^(SS6]
  06:36:43: RADIUS:   82 EE AA 0D 38 3E BA 9C 1D D9 24 BD 48 A6 EE 44 BD 95 68 85 CA 8C 44 F8 E8 A2 FB 94 BC 6F 7C F2 06 91 6C A0 A6 BB 7B 7F 56 BD 15 32 A4     [ 8>$HDhDo|l{V2]
  06:36:43: RADIUS:  Message-Authenticato[80]  18
  06:36:43: RADIUS:   DD 82 F7 10 3F C7 B5 62 9B 2A BB 24 16 A7 59 33            [ ?b*$Y3]
  06:36:44: RADIUS(00000049): Received from id 1645/99
  06:36:44: RADIUS/DECODE: EAP-Message fragments, 253+253+253+249, total 1008 bytes
  06:36:44: dot1x-packet:Received an EAP request packet from EAP for mac 0019.b981.e812
  06:36:44: dot1x-sm:Posting EAP_REQ on Client=1D68028
  06:36:44:     dot1x_auth_bend Fa0/11: during state auth_bend_response, got event 7(eapReq)
  06:36:44: @@@ dot1x_auth_bend Fa0/11: auth_bend_response -> auth_bend_request
  06:36:44: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_exit called
  06:36:44: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_request_enter called
  06:36:44: dot1x-packet:dot1x_mgr_send_eapol :EAP code: 0x1  id: 0x7B length: 0x03F0 type: 0xD  data: @Cfui[ab2,Jt1){                                                                                                                              2]g&GZ1pIbu;+Ga;iF"jy#
  oohuV.aFZ4_|
  P0`At   )B
  06:36:44: dot1x-ev:FastEthernet0/11:Sending EAPOL packet to group PAE address
  06:36:44: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
  06:36:44: RADIUS:  Message-Authenticato[80]  18
  06:36:44: RADIUS:   F5 B0 56 D3 C6 87 BD 10 6E C7 4A 72 5B 5C 60 C5           [ VnJr[\`]
  06:36:44: RADIUS:  Vendor, Cisco       [26]  49
  06:36:44: RADIUS:   Cisco AVpair       [1]   43  "audit-session-id=C0A802FA0000006F016B36D8"
  06:36:44: RADIUS:  NAS-Port-Type       [61]  6   Ethernet                  [15]
  06:36:44: RADIUS:  NAS-Port            [5]   6   50011
  06:36:44: RADIUS:  NAS-Port-Id         [87]  18  "FastEthernet0/11"
  06:36:44: RADIUS:  State               [24]  80
  06:36:44: RADIUS:   33 37 43 50 4D 53 65 73 73 69 6F 6E 49 44 3D 43  [37CPMSessionID=C]
  06:36:44: RADIUS:   30 41 38 30 32 46 41 30 30 30 30 30 30 36 46 30  [0A802FA0000006F0]
  06:36:45: dot1x-ev:FastEthernet0/11:Sending EAPOL packet to group PAE address
  06:36:45: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
  06:36:45: dot1x-registry:registry:dot1x_ether_macaddr called
  06:36:45: dot1x-ev:dot1x_mgr_send_eapol: Sending out EAPOL packet on FastEthernet0/11
  06:36:45: EAPOL pak dump Tx
  06:36:45: EAPOL Version: 0x2  type: 0x0  length: 0x0039
  06:36:45: EAP code: 0x1  id: 0x7E length: 0x0039 type: 0xD
  06:36:45: dot1x-packet:dot1x_txReq: EAPOL packet sent to client (0019.b981.e812)
  06:36:45: dot1x-sm:Fa0/11:0019.b981.e812:auth_bend_response_request_action called
  06:36:46: dot1x-ev:dot1x_mgr_pre_process_eapol_pak: Role determination not required on FastEthernet0/11.
  06:36:46: dot1x-packet:dot1x_mgr_process_eapol_pak: queuing an EAPOL pkt on Authenticator Q
  06:36:46: dot1x-ev:Enqueued the eapol packet to the global authenticator queue
  06:36:46: EAPOL pak dump rx
  06:36:46: EAPOL Version: 0x1  type: 0x0  length: 0x0006
  06:36:46: dot1x-ev:
  dot1x_auth_queue_event: Int Fa0/11 CODE= 2,TYPE= 13,LEN= 6
  06:36:46: dot1x-packet:Received an EAPOL frame on interface FastEthernet0/11
  06:36:46: dot1x-ev:Received pkt saddr =0019.b981.e812 , daddr = 0180.c200.0003,
                      pae-ether-type = 888e.0100.0006
  06:36:46: dot1x-ev:dot1x_auth_process_eapol: EAPOL flag status of the port  Fa0/11 is TRUE

• Cisco switches and virtual ip address(load balancing address) on xenapp portals

  Hi I am quite new in configuring cisco switches and stumble across an issue after installing xenapp7.6 with load balanced portal to the ddc`s
  It seems i only can ping or get access to portal if using real ip address behind cisco switch from other subnets in my network.
  I can ping ddc01 and ddc02 and connect to the portal with http without problem. However when i triy to access the load balancing address of the ddc`s
  it wont answer to ping or http
  In same subnett it is no problem connecting to the load balancing address of the ddc`s, but in loactions on other subnets i only can access real server ip
  eks
  dd01   192.168.1.4    ok ping and access behind cisco switch from subnets
  ddc02 192.168.1.5   ok to ping  access behind cisco switch from subnets
  load balancing for both ddc 192.168.1.6 not able to get answer og access from subnets, only in same subnett
  Is there any way to configure switch to access the load balancing address of the ddc`s ?
  Regards
  Pål Arne Røberg

  Wrong forum. This forum is dedicated to feedback related to CSC framework itself. You should not wish for response here.
  Moved by moderator, no longer apply.

• Collecting information from Cisco switchs using SNMP

  Dear All,
  I have a wide network with more than 250 sites connected using the DSL. the WAN devices are under the provider responsability and the LAN devices are directly in my responsability. In each site, I have :
  1 or 2 Cisco switchs (2960 or 3560), connecting via fibr.
  or
  Linksys switch connected via ethernet cable
  and
  cisco 877 router connected to switch
  cisco 881G router conected to switch
  pc and printers
  In order to improve the availibilty of our network, we lauch every day a script from local pc to test connectivity of LAN equipements :
  ping to switchs (Vlan 1), ping to ip fa0/0 cisco router1, ip cisco router2, ping to HSRP address (of two router). the resulting ini file will be inserted in a database and exported to excel for analysing.
  I'm asking if someone can help in order to implement SNMP and let me know the name of cisco MIB to implement to :
  - to have from SNMP information, the result of show cdp nei, show interface status, show ip int brief,...
  - to have if wan router LAN interface are up,connected
  -  others usefuls informations.
  Thanks and regards,
  AA

  Hi,
  the basic SNMP config for 2960 and 3560 is:
       snmp-server community <> RO
  The configuration for SNMP traps to get alerts from the device if there is for example a failure with a fan is:
            snmp-server enable traps
            snmp-server host <> <>
  This enables all traps available with your IOS version. You can the disable not wanted traps by using the "no"-command like this.
  Example for dot1x traps:
            no snmp-server enable traps dot1x
  With a snmp client you can then do a snmpwalk (or snmp get) without a specific OID to get all the SNMP information from the device:
  On a Linux server the following command should work:
       snmpwalk -v 2c -c <> -T <>
  -v = use SNMP version 2c
  -c = use the community string you configured on the device
  -T = output in the dotted decimal format
  But be careful, this will be a lot of data output.
  Here you will find a docu for configuring SNMP on a Cisco device:
  http://www.cisco.com/en/US/docs/ios/12_2/configfun/configuration/guide/fcf014.html
  Sven

• What's "SAVE" configuration command for Cisco switch/ router?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well,
  but so long, any other command that easy to remenber?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well, but so long,
  any other command that easy to remenber?
  yes, here: Switch#write,and want to know more about the Cisco switch, please visit:http://www.3anetwork.com/cisco-switches-price_c1

• SIP 7960 to non-Cisco Switch

  Does anyone know if a 7960 (SIP) phone can connect to a non-Cisco switch and separate the Voice traffic from the access port traffic?
  I tried connecting a 7960 to a baystack 450T, configuring the switchport as a "tagged trunk", and then changing the Admin Vlan ID on the phone to the desired voice vlan. It looks as though the switch wants the access port traffic to be tagged as well.
  Any help would be greatly appreciated!
  Thanks,
  Darin

  Hi !
  You need to configure a 802.1q trunk on your non-cisco switch. The 802.1q native vlan should be the one the PC is in. The voice vlan will be tagged.
  Configure all parameters (like voice-vlan-id etc) on the phone manually (obviously CDP does not work). I have done it and it works fine (but i never tried on the switch you mentioned).
  Inline Power will also not work because the 7960 is not 802.3af compliant (yet).
  Mike

• How to view the login log in window NPS after login cisco switch and without SQL server database

  how to view the login log in window NPS after login cisco switch and without SQL server database
  in summary 
  there is only log with event id 4400
  A LDAP connection with domain controller XCPAWS20.cyberport.noc for domain NOC2 is established.

  Hi adil,
  For your issue, you can create a custom security token service (STS) and then set up a trust relationship between a SharePoint 2010 farm and the custom STS.
  For more information, you can refer to the articles:
  http://forums.asp.net/t/1335229.aspx?Sharing+Authentication+Ticket+Between+ASP+NET+and+Sharepoint
  https://msdn.microsoft.com/en-us/library/office/ff955607(v=office.14).aspx
  http://www.paraesthesia.com/archive/2011/02/01/working-with-windows-identity-foundation-in-asp-net-mvc.aspx/
  Best Regards,
  Eric
  Eric Tao
  TechNet Community Support

• NTP Service on Domain Controller have problem with cisco switch

  Hello!
  I  have Windows Server 2008 R2 SP1 Domain Controller with NTP services
  The windows opertion system clients get NTP time ok.
  There are problem with cisco switch, can't get time from NTP.
  Can anybody help me to fix problem?
  C:\Users\Sysuser>w32tm /query /configuration
  [Configuration]
  EventLogFlags: 2 (Local)
  AnnounceFlags: 5 (Local)
  TimeJumpAuditOffset: 28800 (Local)
  MinPollInterval: 6 (Local)
  MaxPollInterval: 10 (Local)
  MaxNegPhaseCorrection: 1800 (Local)
  MaxPosPhaseCorrection: 1800 (Local)
  MaxAllowedPhaseOffset: 300 (Local)
  FrequencyCorrectRate: 4 (Local)
  PollAdjustFactor: 5 (Local)
  LargePhaseOffset: 50000000 (Local)
  SpikeWatchPeriod: 900 (Local)
  LocalClockDispersion: 10 (Local)
  HoldPeriod: 5 (Local)
  PhaseCorrectRate: 7 (Local)
  UpdateInterval: 100 (Local)
  [TimeProviders]
  NtpClient (Local)
  DllName: C:\Windows\system32\w32time.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  ResolvePeerBackoffMinutes: 15 (Policy)
  ResolvePeerBackoffMaxTimes: 7 (Policy)
  CompatibilityFlags: 2147483648 (Local)
  EventLogFlags: 0 (Policy)
  LargeSampleSkew: 3 (Local)
  SpecialPollInterval: 3600 (Policy)
  Type: NTP (Policy)
  NtpServer: 10.7.0.4 (Policy)
  NtpServer (Local)
  DllName: C:\Windows\system32\w32time.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 0 (Local)
  AllowNonstandardModeCombinations: 1 (Local)
  VMICTimeProvider (Local)
  DllName: C:\Windows\System32\vmictimeprovider.dll (Local)
  Enabled: 1 (Local)
  InputProvider: 1 (Local)
  Cisco config and errors
  CISCO1#show ntp ass det
  10.7.0.7 configured, insane, invalid, stratum 3
  ref ID 10.7.0.4, time D5BC850F.C8400AB2 (15:50:39.782 MSK Mon Aug 19 2013)
  our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024
  root delay 62.50 msec, root disp 11128.04, reach 377, sync dist 11218.796
  delay 6.06 msec, offset -467951.1096 msec, dispersion 56.49
  precision 2**6, version 3
  org time D5BC8864.F79C33A7 (16:04:52.967 MSK Mon Aug 19 2013)
  rcv time D5BC8A38.EBDECB39 (16:12:40.921 MSK Mon Aug 19 2013)
  xmt time D5BC8A38.EA5173BE (16:12:40.915 MSK Mon Aug 19 2013)
  filtdelay =     6.06    5.87    3.23    7.90    6.41    5.17   13.03    3.43
  filtoffset = -467951 -467905 -467936 -467885 -467764 -467816 -467707 -467697
  filterror =     0.02   15.64   31.27   46.89   62.52   78.14   93.75   93.78

  Hi,
   >>I gave log on as a service right to this account in Default Domain Controllers Policy but unfortunately it was not enough
  Based on your description, we can try to grant this account Allow log on locally
  user right in the default domain controller policy to see if it helps.
  The policy setting is:
  Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on locally
  Allow log on locally
  http://technet.microsoft.com/en-us/library/cc756809(v=ws.10).aspx#feedback
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards,
  Frank Shen