Standard Catalyst switch vs. Enhanced routing version

Similar Messages

• Cannot Establish Gigabit Link Between Catalyst Switches and GSR Router

  The GSR Gigabit interface is configured for no negotiation auto and the line protocol goes up when connected to the Catalyst switch.
  The Catalyst switch port remains unconnected even when it is physically attached to the GSR router.

  The flow control settings must match on both sides for the link to come up. It is highly recommended that you configure auto-negotiation to on for both devices. (Auto-negotiation is enabled by default on all Catalyst switches.) Otherwise, if you have a layer 1 problem, the link remains up and a unidirectional link will result.
  The initial software releases that support Gigabit Ethernet on the GSR router do not support gigabit auto-negotiation.
  The following command configures gigabit auto-negotiation on the Catalyst 6000/6500:
  set port negotiation module/port disable|enable

• Vtp between 2 Catalyst switches across a router

  I have in my domain :
  C3750 ---.1Q G0/1---C2821 ISR---.1Q G0/2 --- C2950
  C3750 is in vtp server mode
  C2821 is in vtp transparent mode
  C2950 is in vtp client mode
  Will my vlans be distributed from C3750 to C2950 across ?

  Hi,
  Thanks for reply.
  I thought that VTP could be forwarded across c2821 but it doesn't work like a switch/router such as C3750 in vtp transparent mode.
  I suppose that C2821 has not the same switching backplane architecture than C3750.
  I put a trunk link cable between c3750 and c2924
  and set both in the same vtp domain.
  Then now I get all my level 2 vlans on C2924, but they can be routed at IP level by C2821 or C3750.

• Cryptographic IOS versions on Catalyst Switches

  1. Where can one find the differences between Catalyst switch IOS with cryptographic features and without cryptographic features?
  2. In order to access Cat switches over SSH and HTTPS, do we require Cryptographic versions of the Cat IOS?
  3. What does "k9" stands for in IOS names? e.g. "3560-ipservicesk9"
  Thanks

  Hi
  Answer to Q1 :
  Best plase to compare the Catos and IOS is
  www.cisco.com/go/fn
  there you can search by ios names or platforms or features and compare images.
  Answer to Q2 :
  Yes you need Cryptographic version
  Answer to Q3 :
  K9 stand for Cryptographic version if you have ipservicesk9 you can do SSH in the feature navigator if you search the ios without K9 you will find this :
  IP SERVICES W/O Crypto
  that means this catos does not support Cryptographic.
  Best Regards Bahman Mozaffari.
  Please Rate if Helpful.

• Router "snmp-server contact" command for catalyst switches??

  From the router you can configure the "snmp-server contact <text>" command
  to set the system contact for SNMP. Is there any equivalent command for
  Catalyst switches? I know that there's a "set system contact" command for
  CatOS but i'm sure if it has something to do with SNMP.
  Thanks in advance.

  Yes, set system contact on switch is the same that on the router for the above command. Once you use this this command to enter the contact info, it can be polled via the SNMP MIB Object sysContact (.1.3.6.1.2.1.1.4) from RFC1213-MIB. Example, if I use 'set system contact foo', I see the following using the 'show system' output:
  System Name System Location System Contact CC
  foo
  Polling the above via the above MIB object on the switch:
  % snmpwalk .1.3.6.1.2.1.1.4
  system.sysContact.0 = foo
  Similarly, if you set the 'System Name' on the switch using the command 'set system name ', can be polled via sysName (.1.3.6.1.2.1.1.5) from RFC1213-MIB
  Lastly, 'set system location ', once set can be polled via sysLocation (.1.3.6.1.2.1.1.6) from RFC1213-MIB

• Intel MAC Compatibility with 3560/Other Catalyst Switches

  Some of our users recently reported problems with their new Intel based Macintosh computers when we upgraded from old Extreme Summits to Catalyst 3560 series switches. They report sluggish response from the network. We have checked the ports for negotiation issues and errors and do not find any. Suspect the Intel Mac; but wanted to find out if anyone else is experiencing the same or has suggestions. Thanks.

  Hello,
  to my understanding MAC issues should not be the cause of your issues. Either the Ethernet frame is standard compliant, then there should not be an issue with Catalyst switches and no port errors. Or the Ethernet frames or MAC in use is non standard then the switch would report an error.
  Network response times depend on many things and negotiation might be the first thing to check - as you did. I would still recommend fixed settings for port speed and especially duplex. Just to avoid also intermittend problems (f.e. between PC reboots).
  Have you also checked for MTU and TCP window size settings? What else did change when you upgraded to the 3560s? Did you also check Router and switch ports for duplex and speed settings?
  Hope this helps! Please rate all posts.
  regards, Martin

• The difference between VTP server and transparent mode on Catalyst Switch.

  Hello 
  I have a question about the difference between VTP server mode and VTP transparent mode on general catalyst switch.
  Basically VTP server mode can create and modify VLAN configuration but  actually there is not any VLAN configuration through running-config, is it true?  When I checked it on Cat3550, certainly there is not VLAN configuration on VTP server mode. But VTP transparent can create VLAN and configuration but does not synchronize with other switch VLAN status. I appreciate any related information and reason of the VTP server mode specification, thank you very much.
  [VTP Transparent mode]
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Transparent
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *omit
  vlan 99
   name TEST-VLAN
  [VTP Server mode]
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *no VLAN like above configuration on VTP transparent mode.
  Best Regards,
  Masanobu Hiyoshi

  Hi mhiyoshi,
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Transparent
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *omit
  vlan 99
   name TEST-VLAN
  The above out put indicates that Vlan is created and then mode changed to transparent. i.e why revision no is 0.
  3550#sh vtp status
  VTP Version                     : 2
  Configuration Revision          : 0
  Maximum VLANs supported locally : 1005
  Number of existing VLANs        : 27
  VTP Operating Mode              : Server
  VTP Domain Name                 :
  VTP Pruning Mode                : Disabled
  VTP V2 Mode                     : Disabled
  VTP Traps Generation            : Disabled
  *omit
  3550#
  3550#sh run
  Building configuration...
  *no VLAN like above configuration on VTP transparent mode.
  This indicates that vlan never created in server mode nor learnt from another switch as revision no is 0

• The difference of the IEEE802.1x Auth between Cisco Routers and Catalyst switches

  Hello
  I am investigating the difference of the IEEE802.1x Auth between Routers and Switches.
  Basically dot1x auth is availlable on Catalyst Switches. however if I want to check to
  PortBased Multi-Auth , MAC address Auth and any certification Auth with this feature,
  Is it possible to integrate into Cisco Router such as Cisco 891F ?
  In my opinion Cisco891F is also available to use basic IEEE802.1x but if it compares with Catalyst switches such as Cat3560X
  I think there might be any unsupported feature on Cisco 891F.
  I appreciate any information. thank you very much in advance.
  Best Regards,
  Masanobu Hiyoshi

  Many time in interviews asked comaprison between cisco  routers and switches that i was answerless bcoz i dont have much knowledge about that.Can anyone provide me the compariosin sheet of the same.how are the cisco devices differ with each other how much Bandwidth each routres support and Etc...
  Ummmm ... The most common question I get is "what is the difference between a router and a switch".
  However, if you get a question like this, then my impression to this line of questioning are:
  1.  The candidate they are looking for has in-depth knowledge of routers and switches.  And I mean IN-DEPTH!;
  2.  They are not looking for a candidate.  They just want to stroke their ego.  There is not alot of people who can give you the "names and numbers" of routers and switches at a snap of a finger.  And if you do happen to know the answer, then and there, then expect a tougher follow-up question. 

• Differences between MSFC1 and MSFC2 in Catalyst switches

  Hi,
  Want to know the differences between MSFC1 and MSFC2 in Catalyst switches.

  Hi,
  There is not much difference between MSFC1 and MSFC2, the main difference is how the MSFCs send the hardware programming to the PFC. The MSFC1 uses MLS to program the hardware by using the first packet of the traffic. While the MSFC2 uses CEF-based MLS to program the PFC so that the supervisor can make the hardware switching of the packet. NOtice the difference if the MSFC1 needs to see the first packet while the MSFC2, in theory will not need to see a first packet as it uses the CEF routing table to program the PFC2. Now, the kicker, if MSFC2 in sup1A , all this CEF-based MLS is not used since it needs PFC2 to be able to do this. Sup1A does not come with PFC2 only Sup2 comes with PFC2. The MSFCs gives the Cat6K a L3 ability and it's important but the switching performance of the switch depends on the PFC.
  Here is a link on MSFC2 data sheet:
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_data_sheet09186a00800887fd.html
  Please rate helpful posts.

• Dacl on ACS 5.1 and Catalyst switch 3560

  Dear all
  I have ACS 5.1 and Catalyst switch 3560 with version 12.2(53)SE. I configure a dacl on the ACS and I use it on authorization profile.
  This authrization profile is used on access policy.
  I tried the authentication but it doesn't work. I checked the ACS logs and I found that the user is authenicated successfuly but the dacl gives this error (The Access-Request for the requested dACL is missing a cisco-av-pair attribute with the value aaa:event=acl-download. The request is rejected)
  Steps:
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  11025  The Access-Request for the requested dACL is missing a cisco-av-pair attribute with the value aaa:event=acl-download. The request is rejected
  11003  Returned RADIUS Access-Reject
  DACL:
  deny ip host 1.2.3.4 1.2.3.0 0.0.0.255 log
  permit ip any any log
  Thanks on advance,

  Dear Tiago
  I applied the command "radius-server vsa send". Now I can see the dacl is applied but I can't see it on the switch and even the authentication is succueeded ont the ACS logs but it give me unauthoized on the switchport. You can see the logs( started with the username acstest and the access-list is applied but it doesn't work and you can see theat it goes for mab after eap timed out). I hope you can help on this issue.
  Dec 13,10 10:29:00.513 AM
  00-23-AE-7A-58-A6
  00-23-AE-7A-58-A6
  Default Network Access
  Lookup
  Dot1x-3560-Switch
  1.2.3.4
  FastEthernet0/5
  TESTACS
  22056 Subject not found in the applicable identity store(s).
  Dec 13,10 10:28:29.186 AM
  #ACSACL#-IP-Guest-4cfcc14d
  Dot1x-3560-Switch
  1.2.3.4
  TESTACS
  Dec 13,10 10:28:28.726 AM
  acstest
  00-23-AE-7A-58-A6
  Default Network Access
  PEAP (EAP-MSCHAPv2)
  Dot1x-3560-Switch
  1.2.3.4
  FastEthernet0/5
  TESTACS
  Thanks,

• I don't understand correlation between ACL and dACL. If dACL is downloaded to the Catalyst switch what is the status of the ACL

  Understanding  ISE and dACL.
   I don't understand correlation between ACL and dACL.
   If dACL is downloaded to the Catalyst switch what is the status of the ACL attached to physical port. Is dACL appended to the existing ACL? When I typed ‘sh ip access-list int fa0/1’ I can see only dACL for access domain and dACL for voice domain appended to the previous dACL and no ACL lines.
   Regards,
  Vice

  Hi,
  Downloadable ACLs (dACL) are applied from your RADIUS server based on authentication and authorization policies.  It overrides any standard interface ACL.
  Standard interface ACLs are in place to limit traffic on the port before 802.1x or MAB authentication.
  When an authenticated session terminates on the interface the standard ACL will be re-applied until the next authentication.

• Standard process for creating a new version of an existing report

  Hi All,
  We are using Siebel 8.1 with BI Publisher.
  Does any one know the standard process for creating a new version of an existing report - ie if 'BIP Report XXX' is created and works correctly from the siebel view but then an enhancement is developed, how is the enhancement deployed so that the new version completely replaces the old?
  One suggestion was:
  You can upload a new version of an existing report. You have to navigate to Administration - BIP > Report Template Registration... search for the report you need to replace (I would say that the new rtf file need to have the same name). Now you have to go to the "Template" column where there is the reference to the report file already uploaded but you don't have to click on the link that is displayed you have to click near the link in order to place the cursor on the field then you will be able to see the Multi Value Grup icon .. you click on it and you will be able to upload a new file.
  We have tested this process today, however it is not effective in replacing the old version of the report.
  After carrying out this process (including related steps from bookshelf - ie "click upload files"), we can generate the report from the relevant siebel view and the previous version of the report is still generated.
  Is there a standard process for replacing an existing report that is effective?
  Thanks.

  Hi ,
  This currently seems like a bug , we have encountered this too.
  work around is you have to delete the rtf files from server Siebel\client\temp\XMLP directory and upload them again so that they are not cached any more.
  same on dedicated client you may have to delete relavant files form siebel\client\temp\xmlp directory and upload again.
  Thanks,
  Vamsi

• Can MPLS aware Netflow ver. 9 be enabled on the catalyst switches 6500

  HI, I'm working for KOREA TELECOM, and currently providing MPLS VPN.
  We're planning to provide our customer with traffic report using NetFlow..
  I read some documents which reads Netflow ver.9 can be enabled on Cisco GSR 12000 Series, but no mention about catalyst switches. So, I ' m curious about that Netflow ver 9 can be activated on catalyst 6500 series.. because the point where switch is located already have mpls encapsulated packet ( mpls vpn packet).
  Thank you , in advance.

  NetFlow is now integral to Cisco 6500. A configuration we recommend is as below:
  mls netflow     // This enables NetFlow on the Supervisor.
  mls nde sender version 7
  mls aging long 64  // This breaks up long-lived flows into (roughly) one-minute segments.
  mls aging normal 32  // This ensures that flows that have finished are exported in a timely manner.
  mls flow ip interface-full
  mls nde interface
  The  next two commands will help to enable NetFlow data export for  bridged  traffic which is optional. You can specify the list of VLANs  here to  enable bridged traffic.
  ip flow ingress layer2-switched vlan
  ip flow export layer2-switched vlan
  Apart from this, NetFlow has to be enabled on the MSFC using the below commands.
  ip flow egress       // This command has to be executed on all the L3/VLAN interfaces.
  ip flow-export destination {hostname|ip_address} 9996  // The hostname or IP address of the flow server
  ip flow-export source {interface} // The interface through which NetFlow packets are exported. eg: Loopback0
  ip flow-export version 9
  ip flow-cache timeout active 1
  snmp-server ifindex persist
  The new Cisco Flexible NetFlow actually allows for export of MPLS specific information (I believe it is stack lables) in addition to information on IP Address, port, etc. But you will need a tool that can support these additional fields. Otherwise you can view IP, port, protocol, etc related information from MPLS links.
  Regards,
  Don Thomas Jacob
  ManageEngine NetFlow Analyzer

• Catalyst Switch Uptime

  There is a site that I have just become responsible for and the first thing that I noticed is that some of the switches uptime is over 2years without a reboot. What is the longest your switch or router should go before it gets rebooted? Is there a white paper that explains the problems that can occur if you don't reboot, such as memory leak, vlan bleeding, etc.
  Thanks,

  John
  While there have been a few releases of Catalyst code that have problems like memory leaks, they are the exception to the rule. Unlike some other operating systems there is generally not a need for a periodic reboot to clear memory problems. In general the Catalyst code is not bothered very much with issues of memory leaks and other similar problems. And memory fragmentation is usually not much of a problem - in contrast to some other operating systems. So uptimes of 2 years are not rare and are generally not a cause for concern. In general I would not reboot a Catalyst switch until there is a demonstrated need for it.
  HTH
  Rick

• Cisco nexus 9508 Vpc with catalyst switches

  Hi,
      i am karthik.
  we are going to build the nexus 9508 with NX-OS in our data center. in existing we are having 50's of catalyst L2 and L3 switches.
  If we perform the Vpc with 9K and catalyst switches. is there any restrictions on particular model catalyst switches will support Vpc with 9K?
  Kindly clarify my question?
  Thanks in advance for the valuable response!!!!

  Hi,
    i am having 4500 series switches and 6E sup engine.
  Then we are having nexus 9508 and N2232PP. when we try to configure fex between these switches.
  in Nexus 9508 showing unknown features error.
  Current Nx-OS version is n9000-dk9.6.1.2.I2.2.bin.