Stackwise on 3850's

Hi - Still finding my feet in the cisco world so please bear with me.
Just got four 3850s in the office and I'm having a go at configuring them. I have a base config running securing the various lines and services but I cannot get the switches to stack.
I originally plugged all the stackwise cables in but it did not set active switch to the one I desired. I then followed this documentation to configure the priority of each switch. I ran these commands on each switch after unplugging the stackwise cables:
switch01# switch 1 renumber 9
switch02# switch 2 renumber 7
switch03# switch 3 renumber 5
switch04# switch 4 renumber 3     (those numbers might not be exact but the end result is)
So with that I reloaded each switch for re-election but now each switch is detecting no neighbors.
SWITCH01#show switch
Switch/Stack Mac Address : dca5.f4d3.2080 - Local Mac Address
Mac persistency wait time: Indefinite
                                             H/W   Current
Switch#   Role    Mac Address     Priority Version State
*9       Active   dca5.f4d3.2080     1      V02     Ready
SWITCH01#show sw neighbors
Switch #    Port 1       Port 2
      9        None          None
So SWITCH01 has the highest number so should get elected as the active in an election as I understand it but it is not detecting any neighbors. Nor are the other 3 switches. I have also double checked all cables are seated correctly.
Can anyone point me in the right direction to get this working? As you may have guessed, I'm not familiar with stacking switches so I apologise if I have made a mess of this.
Thanks,
Gareth

Thanks for the infomation. Where I had gone wrong is not understanding that there are two seperate values for the switch numbers and their respective priorities. Running the correct command "switch 1 priority 15" was the ticket. show switch now returns the following:
STACK01#show switchSwitch/Stack Mac Address : dca5.f4d3.2080 - Local Mac AddressMac persistency wait time: Indefinite H/W CurrentSwitch# Role Mac Address Priority Version State------------------------------------------------------------*1 Active dca5.f4d3.2080 15 V02 Ready 2 Standby 7c95.f32e.8680 14 V02 Ready 3 Member 7c95.f32e.ad80 13 V02 Ready 4 Member 7c95.f380.4100 12 V02 Ready
Also I reseated all cables.
Thank you to all for your help. Greatly appreciated.

Similar Messages

Stackwise 3850 for VSS dual active detection

Hello
by means of 3750 or 2960-S stacks, it was impossibile to perform VSS dual active detction
using ePAgP trough a MEC towards different members of a stack.
Here the QA docs for 3850 state it is now supported:
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/qa_c67-722110.html
Though, I'd like to read some confirmation from someone already using it in production or maybe
from some up to date Cisco representative.
I'd like to use lots of 3850 stacks as access switches linked to a 6500 VSS pair. In order to keep
everything redundant i would like to couple VSLP Fast Hellos and ePAgP trough the Stackwise 3850s
but not before making myself sure it's actually supported.
Thanks
francesco

Francesco,
I have deployed stacks of up to five 3850 switches with stackwise and powerstack cables, there are no issues running active/active on redundant links. I recommend using LACP.

3750 and 3850 stackwise

I need to replace 2 3750's in a stack of 5. I will be replacing the remaining 3 3750's later in the year. Can I add two 3850's to the stack? If not, what would be the best way to replace the 2 3750's in the stack that would set everything up later in the year when I can complete replacing the remaining 3750's without having any issues ?

Can I add two 3850's to the stack?
There is no physical way this can be achieved. The stacking cables do not match.

What is the max number of 3850 switches in a stack

This doc states 4. Has there been any change to allow more?
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/qa_c67-722110.html

Up to 9 Cisco Catalyst 3850 switches can be stacked together to build single logical StackWise-480 switch since Cisco IOS XE Release 3.3.0SE.
Prior to Cisco IOS XE Release3.3.0SE, up to 4 Cisco Catalyst 3850 switches could be stacked together.
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-3850-series-switches/qa_c67-722110.html

3850 Stack Question. I'm new to stacks

So, I have two 3850's I want to put in a closet. Do I stack them or just leave them stand alones... My plan was to connect each to the core switch using fiber and users on each switch.
When I conenct the switches using the stackwise cable, I have an active and standby... Is there a way to make the standby a member? is the standby in true "standby" mode? Can I use the ports on the standby switch?
SO many questions Apppriecte any help..
Thanks

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
BTW, when you stack your pair, ideally, you still want an uplink from each switch. Depending on L2/L3 configuration, on both your stack and core device, you should be able to use the bandwidth from both links to/from the stack too. Also, if possible, try not to have the two links terminate on same line card on your core device, to avoid that also being a single point of failure.

Core LAN with 3850 switches

Hi everyone,
I know Cisco does not classify the 3850 series switches as a core switch even in small implementations neither there is information on StackWise-480 how this is working in high availability in a similar way as VSS. What I am wondering whether I could create a DSN (Data-Center Services Node) with 2 of those switches, insert ASAs or Load Balancers in a DSN manner and L3 port-channel those into each switch, something similar to MEC in VSS.
Anybody has any experience in implementing those switches in a similar way or it has any comments on that I would greatly appreciate it.
Thanks in advance.
Remi

Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Again, can't speak specifically about the 3850s, although in principle, believe its supposed to function like StackWise does on a 3750s.
On the 3750s stacks, failure of a member switch isn't too bad, but failure of the stack master can cause a "blip". One potential issue, again on 3750s, is by default, stacks use the original stack master's MAC, and also by default, it changes when a new stack master is elected. This can cause MEC port-channels to drop. In theory, stack members are supposed to be able to continue to L2 forward during even a stack master reelection. L3 forwarding depends on NSF settings (and stack MAC). Stack MAC issues can be mitigated by using the persistent option.
I recall (?) reading 3850s stacks are more VSS like than 3750 stacks (although "regular" VSS only supports two members).
So, again, I'm unsure how solid a 3850 stack would be.
PS:
Depending on your core port needs, maybe a 4500-X VSS pair would be a better choice.

How many Cisco Catalyst 3850 switches can make up a Cisco StackPower stack?

I know the number of Cisco 3850 switches for stacking is 9, so, if I make up a Cisco StackPower stack, MAX is 9, too?

Hi, emma, only 4 switches can become part of the same Cisco StackPower stack in a ring topology.
For the Cisco 3850 switches stack number,there are two types:
Up to 9 Cisco Catalyst 3850 switches can be stacked together to build single logical StackWise-480 switch since Cisco IOS XE Release 3.3.0SE. Prior to Cisco IOS XE Release3.3.0SE, up to 4 Cisco Catalyst 3850 switches could be stacked together.

Cisco Catalyst 3850 switches

How many Cisco Catalyst 3850 switches can stack into a single logical entity?

Hi, emma, only 4 switches can become part of the same Cisco StackPower stack in a ring topology.
For the Cisco 3850 switches stack number,there are two types:
Up to 9 Cisco Catalyst 3850 switches can be stacked together to build single logical StackWise-480 switch since Cisco IOS XE Release 3.3.0SE. Prior to Cisco IOS XE Release3.3.0SE, up to 4 Cisco Catalyst 3850 switches could be stacked together.

Single 3850(MC) how many AP can control

Hi All now i testing about 3850..
i have some question about 3850
1. how many APs can control in single 3850(MC)
if we buy Single 3850(48port) then can we use all port for AP?
2. build a MC-MA Wireless environment, If MC goes down MA Can still working without MC?(is there kind of NSF?)
3. for example MC has a AP and MA has a AP. then we can see ap only each 3850. how we can management whole APs
Prime infrastructure can see whole APs, is this only way ?. I think this is not good for management Wireless.
4. If MA has over two APs(AP1, AP2), User1 connected AP1, User2 connected AP2.
User1 need to connect with User2(FTP or something) , User1,2 can connect directly? without through of MC
MC-----------------MA
|
AP1 AP2
| |
user1 user2
if you have any answer plz talk to me.
thank you.

A 3850 can support up to 50 directly-connected APs.

3850 PoE issues with AP3600 and AP3700

The switch is more than capable of providing 30 watts of power to the 3600AP yet it negotiates 15.4 watts and then I get errors in prime. Can someone explain how to fix this issue or what is causing the problem? Both radios are enabled so I would expect it to draw about 20 watts. We are seeing the same issues with 3700 series APs on the 3850 series switches. The APs tie back to a controller and not the 3850 switch
Error Message from Prime
Virtual Domain: ROOT-DOMAIN
PI has detected one or more alarms of category AP and severity Critical in Virtual Domain ROOT-DOMAIN for the following items:
1. Message: Access point 'CAZBM-LAPA02' associated with controller 'BRO-5500' draws low power from Ethernet. Failure reason: 'The AP draws 15.4 watts from Ethernet'.
(6 times)
E-mail will be suppressed up to 30 minutes for these alarms.
Switch Info:
Show Version
Cisco IOS Software, IOS-XE Software, Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 03.02.02.SE RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 14-Jun-13 19:24 by prod_rel_team
Cisco IOS-XE software, Copyright (c) 2005-2013 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
(http://www.gnu.org/licenses/gpl-2.0.html) For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
BOOTLDR: CAT3K_CAA Boot Loader (CAT3K_CAA-HBOOT-M) Version 1.2, RELEASE SOFTWARE (P)
BRO-Zone-A-Stack uptime is 18 weeks, 2 days, 23 hours, 56 minutes
Uptime for this control processor is 18 weeks, 2 days, 23 hours, 59 minutes
System returned to ROM by reload
System restarted at 09:42:37 EST Sat Nov 15 2014
System image file is "flash:packages.conf"
Last reload reason: Reload command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
License Level: Lanbase
License Type: Permanent
Next reload license Level: Lanbase
cisco WS-C3850-48P (MIPS) processor with 4194304K bytes of physical memory.
Motherboard Assembly Number : 73-14442-08
Model Revision Number : L0
Motherboard Revision Number : C0
Model Number : WS-C3850-48P
Switch Ports Model SW Version SW Image Mode
1 56 WS-C3850-48P 03.02.02.SE cat3k_caa-universalk9 INSTALL
Show power inline
Module Available Used Remaining
(Watts) (Watts) (Watts)
1 450.0 15.4 434.6
2 450.0 0.0 450.0
3 450.0 0.0 450.0
4 450.0 120.0 330.0
Interface Admin Oper Power Device Class Max
(Watts)
Gi1/0/1 auto off 0.0 n/a n/a 30.0
Gi1/0/2 auto off 0.0 n/a n/a 30.0
Gi1/0/3 auto off 0.0 n/a n/a 30.0
Gi1/0/4 auto off 0.0 n/a n/a 30.0
Gi1/0/5 auto off 0.0 n/a n/a 30.0
Gi1/0/6 auto off 0.0 n/a n/a 30.0
Gi1/0/7 auto off 0.0 n/a n/a 30.0
Gi1/0/8 auto off 0.0 n/a n/a 30.0
Gi1/0/9 auto off 0.0 n/a n/a 30.0
Gi1/0/10 off off 0.0 n/a n/a 30.0
Gi1/0/11 off off 0.0 n/a n/a 30.0
Gi1/0/12 off off 0.0 n/a n/a 30.0
Gi1/0/13 auto off 0.0 n/a n/a 30.0
Gi1/0/14 auto on 15.4 AIR-CAP3602I-A-K9 0 30.0
Gi1/0/15 auto off 0.0 n/a n/a 30.0

Duplicate post.
Go HERE.

Converged Access Design Help (Catalyst 3850 and WLC 5508...Mobility Oracle)

Hello,
I am an engineer working with a Cisco Gold Partner in Saudi Arabia. We have a large university as our client where they are constructing a new
building and require our services to build the network infrastructure. Therefore, we are to implement the routing and switching infrastructure as
well as the Wireless solution.
At present, I have no issues in implementing the R&S infrastructure as it is very straight forward but it has implications on the deployment of
the wireless solution which I explain further below. The R&S infrastructure comprises of the typical Core, Distribution, and Access layers and we
are focusing on the local distribution and access switches with regards to the new building. The client has a converged Layer 3 network spanning
from distribution layer to core layer and they are running EIGRP for this convergence. This is not a problem and has already been implemented.
Yet, the challenge arises in deploying the WLAN infrastructure. The client already has a Cisco WLAN infrastructure in place where they have a
large number of LAPs that are registered with their controllers in the Data Center. They have two WLC 5508 where one is the Primary and the other
the Secondary. The local distribution switch to which the WLC are connected also is the gateway for the SVIs for the SSIDs that are configured on
the controllers. This means that once the packets from the AP come in to the WLC, they are tagged with the correct VLAN and sent to the directly
connected distribution switch which then routes it into the rest of the Layer 3 network. Interestingly, the WLC 5508 are running AireOS 7.6 and
support the "New Mobility" feature. The two controllers have formed a Mobility Group (MG) between each other.
Now, the new building will have two Catalyst 3850 switches installed where each one has a total of 40 AP licenses pre-installed and activated
i.e. a total of 80 APs can be supported by the two switches. A total of 67 LAPs will be deployed in the new building which can be accommodated
between the two switches and their integrated controller.
Yet, based on my understanding and research about Converged Access is that, ideally, the Catalyst 3850 will only run the Mobility Agent (MA)
feature while a central controller would provide the Mobility Controller (MC) service. unfortunately, there are not enough licenses on the
existing WLC 5508 nor can we migrate the new licenses that will facilitate such a split deployment.
This means that I would need to configure the two Catalyst 3850 as independent MC and form a MG between them. I have done this and tested this
already and the mobility is working fine. But my concern is not about getting the Catalyst 3850 to work as this is simple but rather it is
focused on creating a common Mobility Domain (MD) so that clients can roam from this new building to the rest of the campus while maintaining the
state of their connections to the WLAN infrastructure.
To make things more complicated, since the new building will have its own Layer 3 distribution switch and the Catalyst 3850 switches will connect
to this distribution switch, it means that new VLANs and SVIs need to be created for the SSIDs broadcast in the new building. This means that new
subnets need to be assigned to the SSIDs.
As such, I have the following questions:
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means
that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG
as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to
the solution as per the next question. Please advise which is a better option?
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can
then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD).
Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Please advise at your earliest. To assist further, I have attached a topology diagram which may aid in explaining the situation with more
clarity. If these things are clarified, I will be better able to wrap my head around the technology and in turn service my clients better.
Regards,
Amir

Hi Amir,
Q1) If we create new SVIs for the SSIDs (same SSIDs names will be used in the new building as in the rest of the university campus) this means that new subnets will be assigned to these SSIDs. Now, I believe I have two options...one is to make the new Catalyst 3850s to be in the same MG as the existing WLC 5508 which then cater for Layer 3 client roaming or I have to treat this as a totally seperate WLAN network and follow on to the solution as per the next question. Please advise which is a better option?
I would configure them in the same mobility group. Also configure same SPG for those two 3850 stacks if users are frequently roaming within these two buildings.
Q2) I could create separate MG i.e. the new building Catalyst 3850s can be in one MG and the existing controllers can be in another MG. I can then have one of the existing WLC 5508 (the primary one) to run the Mobility Oracle (MO) feature so as to create a single Mobility Domain (MD). Would this facilitate in Layer 3 client roaming and RRM for all the controllers in the same MD?
MO is not required (it is only for very large scale deployments)
Q3) If I do create a MD, how is this accomplished in such an environment since the documentation is severely limited in this regard?
Yes, documents are hard to find :(
These notes may be useful to you based on my experience. I am running IOS-XE 3.6.1 in my production.
http://mrncciew.com/2014/05/06/configuring-new-mobility/
http://mrncciew.com/2013/12/14/3850ma-with-5760mc/
HTH
Rasika
*** Pls rate all useful responses ****

Error in GUI of Cisco 3850 Switch with Wireless Controller.

Hi,
I have Configured 3850 switch wireless controller. But while accessing the controller through GUI, I faced following errors while configuring it through GUI.
Because its complecated to configure it through CLI.
Attached are the snaps of error faced.
and if I didnt get this error, and able to configure, I can save it because of this error.
Please help me on this issue, so that I can easily configure the controller.
Brgds,
Ninad Thakare

Hi Sandeep,
Here is the configuration which I have did.
ip http server
ip http secure-server
wsma agent exec
profile httplistener
profile httpslistener
wsma agent config
profile httplistener
profile httpslistener
wsma agent filesys
profile httplistener
profile httpslistener
wsma agent notify
profile httplistener
profile httpslistener
wsma profile listener httplistener
transport http
wsma profile listener httpslistener
transport https
wireless mobility controller
wireless management interface Vlan4 ( Voice VLAN )
wlan FG-WiFi 1 FG-WiFi
client vlan 4
ip dhcp server 10.106.72.1
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 testing1234
no security wpa wpa2
no security wpa wpa2 ciphers aes
no wmm
no shutdown
wlan GLOBALACCESSII 2 GLOBALACCESSII
client vlan 4
ip dhcp server 10.106.72.1
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 testing1234
no security wpa wpa2
no security wpa wpa2 ciphers aes
no wmm
no shutdown
ap group default-group
ap group 3850WLC
wlan FG-WiFi
vlan 4
wlan GLOBALACCESSII
vlan 4
end
Brgds,
Ninad Thakare

3850 Stack not displayed correctly in CiscoView 6.1

HI,
our customer installed lms 4.2, updated it to 4.2.5 and applied the Maintenance_Release_4_2_5_01_LNX. Its a fresh installation, so there are no previous data. After a discovery via SNMPv3 the 3850 (stacks with 2 or 3 units) show up in CiscoView but only one unit, the others are missing. When I take a look in the fan status, it displays the fan status of the other stack members, so the stack is recognized, but not displayed...
Installed Packages:
CiscoView version is 6.1.156
Cat3850.cv50.v1-0.zip (installed with the 4.2.5 update)
Anybody got an idea how to fix this?
Thanks!

The reason why the C3850 switch stack is showing as standalone in LMS CiscoView is because
it's returning sysObjectID as standalone.
It should return as 1.3.6.1.4.1.9.1.1745 --cat38xxstack
While, if you poll it for sysObjectID, the Catalyst 3850 stack switches will be returning OID 1.3.6.1.4.1.9.1.1641.
This is an IOS bug "CSCul00003 - Incorrect Sys OID for Cat3850 Stack device".
Unless this bug is fixed, LMS will not be able to show it as stack device.
You can try to check if you can manually change the device identity to cat38xxstack from Inventory > add/edit device > edit identity.
Else we need to wait for the fix of this bug.
-Thanks
Vinod

[Cisco ISE 1.2 with 3850 - Trunk AP] Problem with MAB

Hi everyone,
After reading some documentation about using MAB in a trunk port with the 3850 I would like to know if someone has implemented ISE policies with a 3850 interface in trunk mode. My problem is that when I try using MAB in a trunk port the mac address of the AP it´s no visible in the "show mac address interface" and because of that the AP is not authenticated in ISE. The thing is that if I use a 2960 everything goes smoothly with no problems!
Let me show you what I have,
interface GigabitEthernet1/0/3
description AP
switchport trunk native vlan 999
switchport mode trunk
trust device cisco-phone
authentication event fail action next-method
authentication host-mode multi-host
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x max-req 4
auto qos voip cisco-phone
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy
############################################# switch model - 3850 ##################################################
SW1#sh mac address-table interface GigabitEthernet1/0/3
          Mac Address Table
Vlan    Mac Address       Type        Ports
SW1#sh dot1x interface Gi1/0/3
Dot1x Info for GigabitEthernet1/0/3
PAE                       = AUTHENTICATOR
QuietPeriod               = 60
ServerTimeout             = 0
SuppTimeout               = 30
ReAuthMax                 = 2
MaxReq                    = 4
TxPeriod                  = 30
Switch Ports Model              SW Version        SW Image              Mode
*    1 56    WS-C3850-48P       03.03.03SE        cat3k_caa-universalk9 INSTALL
############################################# Different switch model - 2960 ##################################################
interface GigabitEthernet1/0/1
description AP
switchport trunk native vlan 999
switchport mode trunk
srr-queue bandwidth share 1 30 35 5
priority-queue out
authentication event fail action next-method
authentication host-mode multi-host
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
mab
snmp trap mac-notification change added
snmp trap mac-notification change removed
mls qos trust device cisco-phone
mls qos trust cos
dot1x pae authenticator
dot1x max-req 4
auto qos voip cisco-phone
service-policy input AUTOQOS-SRND4-CISCOPHONE-POLICY
SW1#$cation sessions interface GigabitEthernet1/0/1
            Interface: GigabitEthernet1/0/1
          MAC Address: xxxx.xxxx.4a38
           IP Address: 172.18.1.170
            User-Name: xx-xx-xx-xx-4A-38
               Status: Authz Success
               Domain: DATA
       Oper host mode: multi-host
     Oper control dir: both
        Authorized By: Authentication Server
          Vlan Policy: N/A
      Session timeout: N/A
         Idle timeout: N/A
    Common Session ID: 0A18129D000060E39DAE8A8A
      Acct Session ID: 0x0000725D
               Handle: 0x0F00028C
Runnable methods list:
       Method   State
       mab      Authc Success
       Switch Ports Model              SW Version            SW Image
     1 28    WS-C2960X-24PS-L   15.0(2)EX5            C2960X-UNIVERSALK9-M
SW2#sh dot1x interface Gi1/0/1
Dot1x Info for GigabitEthernet1/0/1
PAE                       = AUTHENTICATOR
QuietPeriod               = 60
ServerTimeout             = 0
SuppTimeout               = 30
ReAuthMax                 = 2
MaxReq                    = 4
TxPeriod                  = 30
Am I doing something wrong?
BR,

I know what you mean and I agree with what you are saying :) Nonetheless, at the moment, the official stance from Cisco on this is that 802.1x is not supported on trunk ports. Now one can argue that MAB is different but I think we are just splitting hairs here :)
Like I said, I have gotten stuff to work before but always had some goofy things happening so in general I have stayed away from doing it.
Now in your situation, if your configuration is working fine on the 2960 but not on the 3850, then most likely the issue is with the XE code running on the 3850s. The XE code has been very problematic until recently so you are probably hitting some sort of a defect. As a result, I recommend that you upgrade the switch(es) to 3.3.5 or 3.6.1. Version 3.7.x is also out but it just came out 8 days ago so I would not recommend going to it.
Thank you for rating helpful posts!

Flexible Netflow (v.9) question on 3850 ipservices doesn't seem to register

Greetings all - I am trying to enable netflow on a new 3850-24 with ipservices. I am leveraging LiveAction and have raised a ticket with them to help me through the issue, but more generally I'm confused about the lack of features I'm seeing. Per the 3850 guide here (http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/flexible_netflow/configuration_guide/b_fnf_3se_3850_cg/b_fnf_3se_3850_cg_chapter_010.html) it is stated that you will have the option of turning on inbound and outbound directions on 3850's with ipbase and ipservices.
We are running ip services:
Slot# License name Type Count Period left
1 ipservices permanent N/A Lifetime
However, we get the following error when trying to turn on flow inbound and outbound on the interfaces - whether they are svi (layer3) or interface (layer2)
-----------------Layer2: ----------------------------------------------
(config)#interface GigabitEthernet1/0/24
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR'
Unsupported match field "interface input" for ipv4 traffic in output direction
Unsupported collect field "interface output" for ipv4 traffic in output direction
---------------- Layer3 ---------------------------------------------
switch(config)#interface Vlan190
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
------------------------------------ untruncated output ------------------------------
switch(config-flow-record)#collect counter bytes
% Incomplete command.
switch(config-flow-record)#collect counter packets
% Incomplete command.
switch(config-flow-record)#collect flow sampler
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect interface output
switch(config-flow-record)#collect ipv4 destination mask
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect ipv4 dscp
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect ipv4 id
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect ipv4 source mask
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect ipv4 source prefix
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect routing destination as
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect routing next-hop address ipv4
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect routing source as
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect timestamp sys-uptime first
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect timestamp sys-uptime last
^
% Invalid input detected at '^' marker.
switch(config-flow-record)#collect transport tcp flags
switch(config-flow-record)#exit
switch(config)#flow monitor LIVEACTION-FLOWMONITOR
switch(config-flow-monitor)#$ DO NOT MODIFY. USED BY LIVEACTION.
switch(config-flow-monitor)#exporter LIVEACTION-FLOWEXPORTER
switch(config-flow-monitor)#cache timeout inactive 10
switch(config-flow-monitor)#cache timeout active 60
switch(config-flow-monitor)#record LIVEACTION-FLOWRECORD
switch(config-flow-monitor)#exit
switch(config)#interface Vlan197
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
switch(config-if)#exit
switch(config)#interface Vlan190
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR input
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
switch(config-if)#ip flow monitor LIVEACTION-FLOWMONITOR output
% Flow Monitor: Flow Monitor 'LIVEACTION-FLOWMONITOR' flexible netflow not supported on vlan interfaces
-------------------- config it's trying to apply----------------------------
config t
ip cef
snmp-server ifindex persist
flow exporter LIVEACTION-FLOWEXPORTER
description DO NOT MODIFY. USED BY LIVEACTION.
destination <removed private IP address to liveaction server>
source Loopback0
transport udp 2055
template data timeout 600
option interface-table
exit
flow record LIVEACTION-FLOWRECORD
description DO NOT MODIFY. USED BY LIVEACTION.
match flow direction
match interface input
match ipv4 destination address
match ipv4 protocol
match ipv4 source address
match ipv4 tos
match transport destination-port
match transport source-port
collect counter bytes
collect counter packets
collect flow sampler
collect interface output
collect ipv4 destination mask
collect ipv4 dscp
collect ipv4 id
collect ipv4 source mask
collect ipv4 source prefix
collect routing destination as
collect routing next-hop address ipv4
collect routing source as
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect transport tcp flags
exit
flow monitor LIVEACTION-FLOWMONITOR
description DO NOT MODIFY. USED BY LIVEACTION.
exporter LIVEACTION-FLOWEXPORTER
cache timeout inactive 10
cache timeout active 60
record LIVEACTION-FLOWRECORD
exit
interface Vlan197
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface Vlan190
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/13
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/18
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/4
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/3
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/6
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/5
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/23
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output
exit
interface GigabitEthernet1/0/24
ip flow monitor LIVEACTION-FLOWMONITOR input
ip flow monitor LIVEACTION-FLOWMONITOR output

Welcome to the Arch forums. That was an amazing first post. It is refreshing to see a new forum member actually post with as much detail as possible in order to explain the situation. Too often we get people saying things like "I can't get to the internet... why?" as the extent of their post. So thanks.
So I am curious about what the dhcpcd is trying to do. It seems to be trying to soliciting for a ipv6 address, but mentions nothing about in ipv4 address. It is not unfortunately not entirely uncommon for dhcpcd to time out waiting for an ipv6 address that never comes. So are you using ipv6? Do you expect an ipv6 address? I noticed that when you tried to ping the google DNS server, you used their ipv4 address (8.8.8.8). So I am thinking that means you are actually using ipv4.
I wonder if you might be able to poll for just an ipv4 address with dhcpcd. Just run it with -4 and it should disable the ipv6 stuff. You might also want to try dhclient and see what kind of output it gives you. If you are definitely not using ipv6, and it is not offered in your area, you might want to disable it. There are instructions in the wiki on how to do this... but you might want to wait until you establish the issue before doing things like that.

Stackwise on 3850's

Similar Messages

Maybe you are looking for