VSS on cisco 4507R+E with sup8-E

Similar Messages

• Configure VSS on cisco 4506-E With sup ws-x45-sup8-e

  Hi There,
  I want to configure VSS on 4506-E with sup card 8 (ws-x45-sup8-e). Currently 4506-E is having 3.3.0.x0 with ROM as 15.1(1r)sg1.
  I am unable to configure VSS on this, i believe it is not support. Anyone help me on that.
  Many Thanks

  I believe VSS is not yet supported with IOS 3.3.X.  
  There's a new IOS scheduled for release by the end of June 2014.  Not sure if VSS will be supported by then.

• Cisco 4507R+E with SUP6L-E

  Hello All,
  At my core of my network I have a 4507R+E with a SUP6L-E and a 3750X, both these units are configured for HSRP.  So essentially the 3750X is not doing anything.  Many moons ago, at the time or purchase an additional SUP6L-E was twice the cost of a 3750X, so the 3750X was purchased to create a sense of high availability.
  My question is, if I happen to come across another SUP6L-E, would it be a better configuration to install a secondary supervisor card and remote the 3750X from my network?
  Of course EOS/EOL plays a factor but aside from that, would I see any simplification and enhancement to the network by the installation of a secondary supervisor?

  Hi,
  I would keep the 3750 as one of your core. The reason being is that this design gives you chassis redundancy.
  If you install a second sup in the 4500 and something happens to it, you have no redundancy.
  HTH

• Cisco 4507R WCCP with blue coat SG 8000 as proxy server integration

  Dear All,
  I installed the blue coat on one of the vlan with users in diffwrent vlans. The core 4507R is used with L3 vlans as gateway for the respective vlan users. Now i need to configure both core switch and blue coat as proxy server so that all the users in different vlans access internet websites without configure the blue coat proxy address but the core switch would redirect the users request to the blue coat proxy server. I tried with latest IOS upgrade to the switch eventhen i could not get the cmds related to WCCP blue coat documents suggest to use in core switch to configure the proxy server of SG8000
  Could any one help me to solve this issue.
  Thanks
  swamy

  Following link may help you
  http://www.cisco.com/en/US/products/hw/switches/ps4324/products_configuration_guide_chapter09186a008062cfc6.html

• Cisco Catalyst 4507R+E with WS-X4748 blade, ports not working

  I have a Cisco Catalyst 4507R+E  (with Sup7-E) and two blades; one WS-X4748-RJ45V+E and one WS-X4648-RJ45-E.
  When I connect a device to a port on the WS-X4748-RJ45V+E blade the port will not come up, show interface shows the status as "notconnect". When I connect the same device to the WS-X4648-RJ45-E blade the interface comes up.
  The WS-X4748-RJ45V+E blade seems to have initialised okay, it appears in the output of "show module" as OK.
  I get exactly the same effect on a second, identically configured Catalyst 4507R+E.
  The software version is IOS XE 3.1.0SG, which according to the release notes supports the WS-X4748-RJ45V+E blade. Has anybody else seen anything like this?

  I have 2 Core switches, single SUP on each.
  Line cards #1 and #2 randomly stop forwarding packets, only solution is to reload the switch ( hw-module reset does not work ). I have cat4500e-universalk9.SPA.03.05.00.E.152-1.E.bin and the sympton looks the same as the described one,
  although the code is newer than 3.2.2SG.
  Now we are downgrading to cat4500e-universalk9.SPA.03.04.02.SG.151-2.SG2.bin to check if that solves the issue,
  otherwise we´ll try removing/re-inserting the modules, and if issue persists, most probably RMA the Core1.
  We´ve sent a show tech to Cisco support while the issue was happening.
  Current modules on the Core switches.
  Mod Ports Card Type                              Model              Serial No.
  ---+-----+--------------------------------------+------------------+-----------
  1    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1627L48B
  2    48  10/100/1000BaseT EEE (RJ45)            WS-X4748-RJ45-E    CAT1629L0ZY
  3     4  Sup 7-E 10GE (SFP+), 1000BaseX (SFP)   WS-X45-SUP7-E      CAT1629L1PD
  5    12  1000BaseX (SFP)                        WS-X4612-SFP-E     JAE163007EO
  M MAC addresses                    Hw  Fw           Sw               Status
  --+--------------------------------+---+------------+----------------+---------
  1 30f7.0d57.80c0 to 30f7.0d57.80ef 1.1                               Ok      
  2 30f7.0dac.fd40 to 30f7.0dac.fd6f 1.1                               Ok      
  3 30f7.0dca.6c00 to 30f7.0dca.6c03 2.1 15.0(1r)SG10 03.05.00.E       Ok      
  5 a493.4c44.13e8 to a493.4c44.13f3 1.1                               Ok      
  Mod  Redundancy role     Operating mode      Redundancy status
  ----+-------------------+-------------------+----------------------------------
  3   Active Supervisor   SSO                 Active                           

• Cisco 4507R-E secondary SUP card is in disable state

  Hi All,
  I have one cisco 4507R-E switch with SUP 6-E. When I power UP switch. switch is boot with primary sup. Secondary module shown as "Disabled".
  How can i enable secondary module?

  Hi,
  Have a look at this doc on how to make the sups redundant
  You need to have the same exact IOS and license in both sups.
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/15-1-2/XE_340/configuration/guide/config/RPR.html#wp1125437
  HTH

• ASA , Cisco VPN client with RADIUS authentication

  Hi,
  I have configured ASA for Cisco VPN client with RADIUS authentication using Windows 2003 IAS.
  All seems to be working I get connected and authenticated. However even I use user name and password from Active Directory when connecting with Cisco VPN client I still have to provide these credentials once again when accessing domain resources.
  Should it work like this? Would it be possible to configure ASA/IAS/VPN client in such a way so I enter user name/password just once when connecting and getting access to domain resources straight away?
  Thank you.
  Kind regards,
  Alex

  Hi Alex,
  It is working as it should.
  You can enable the vpn client to start vpn before logon. That way you login to vpn and then logon to the domain. However, you are still entering credentials twice ( vpn and domain) but you have access to domain resources and profiles.
  thanks
  John

• Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?

  Cisco ISE FlexAuth with 802.1X PCs and IP Phones as MAB multi-domain Q?
  Im trying to follow the trustsec 2.1 guide on IP Phones into LowImpact mode.
  I can get a PC on its own to authenticate via dot1x/tls
  I can get a Cisco IP Phone on its own to authenticate via MAB.
  When the two are on the same switchport, the phone will authenticate but not the PC.  ISE logs EAP timeouts.
  The switchport has the LowImpact port ACL of
  ip access-group ACL-DEFAULT in
  The IP Phone gets a dACL that allows it ok.
  I assume MAB phone and dot1x PC is supported?  Any ideas?
  Thanks in advance.

  The ISE log detailed steps are as follows:
  Steps
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  Evaluating Service Selection Policy
  15048  Queried PIP
  15048  Queried PIP
  15004  Matched rule
  11507  Extracted EAP-Response/Identity
  12300  Prepared EAP-Request proposing PEAP with challenge
  12625  Valid EAP-Key-Name attribute received
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12501  Extracted EAP-Response/NAK requesting to use EAP-TLS instead
  12500  Prepared EAP-Request proposing EAP-TLS with challenge
  12625  Valid EAP-Key-Name attribute received
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12502  Extracted EAP-Response containing EAP-TLS challenge-response and accepting EAP-TLS as negotiated
  12800  Extracted first TLS record; TLS handshake started
  12805  Extracted TLS ClientHello message
  12806  Prepared TLS ServerHello message
  12807  Prepared TLS Certificate message
  12809  Prepared TLS CertificateRequest message
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12504  Extracted EAP-Response containing EAP-TLS challenge-response
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12504  Extracted EAP-Response containing EAP-TLS challenge-response
  12505  Prepared EAP-Request with another EAP-TLS challenge
  11006  Returned RADIUS Access-Challenge
  5411  No response received during 120 seconds on last EAP message sent to the client

• Integration of CISCO PRIME1.3 with WLC 7.5.102.0

  HI
  We have newly depolyed CISCO PRIME1.3 in our network Earlier we were using WCS withj WLC 7.0.116.0 .BUt we can not upgrade the WLC to higher version because of compatibity matrix with WCS therefore purchased CISCO PRIME1.3.
  Now e we want to upgrade our WLC to 7.5.102.0 but as per cisco  complatibity matrix with PRIME it is not supported with PRIME1.3.
  Can we go for the upgarde when we have PRIEM1.3.PRIEM is installed on VM.
  1.3.0.20
  7.4.110.0
  7.4.100.60
  7.4.100.0
  7.3.112.0
  7.3.101.0
  7.2.111.3
  7.2.110.0
  7.2.103.0
  7.0.240.0
  7.0.235.3
  7.0.235.0
  7.0.230.0
  7.1.91.0
  7.0.220.0
  7.0.116.0
  7.0.98.218
  7.0.98.0
  7.4.110.0
  7.4.100.0
  7.3.101.0
  7.2.110.0
  7.2.103.0
  7.0.240.0
  7.0.230.0
  7.0.220.0
  7.0.201.204
  7.0.112.0
  7.0.105.0
  ISE 1.0
  ISE 1.1
  3.2.0SE
  IOS12.2(50)SE
  IOS12.2(50)SG
  IOS12.2(33)SXI
  If deploying Prime Infrastructure as a virtual appliance on a  customer-supplied server, one of the following versions of VMware ESX or  ESXi can be used:
  •VMware ESX or VMware ESXi Version 4.0
  •VMware ESX or VMware ESXi Version 4.1
  •VMware ESXi Version 5.0
  Note VMware Tools Version 4.1 is preinstalled in the Prime Infrastructure virtual appliance.

  Please upgrade your PI to Pi 1.4 if you want to use WLC 7.5
  http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/1.4/release/notes/cpi_rn_14.html

• Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users

  Cisco WLC 5508 with 3702APs - mobile hotspot for 2000 Guest users
  I've been given a fantastic "opportunity" by my boss to use our existing wireless infrastructure to provide internet access to potentially upto 2000 VIP guests arriving with BYOD devices, in a very densely populated area for a 3 day event. We are talking an area of approx 200m x 15m. Think of it as an awards ceremony/concert. The solution will also be mobile so we will be using internet breakout from different telcos as it will move to approx 20 countries. The area is also incredibly densely populated with other wifi APs. I did a brief site survey and AirMagnet could detect over 2500 other 'rogue' APs from where I was stood! I hope CleanAir works!
  We need a simple authentication method for them to connect with zero admin from our side. We don't want to just offer up a rolling daily PSK as that's a bit amateur and we don't really want the VIP guests sharing the PSK with others during their stay. Ideally they could self-provision by providing an email address.
  I know the WLC can handle webauth for local users but I don't think it scales very well. ie I don't think I can offer the account to several hundred people.
  Cisco ISE looks a very expansive (and expensive) product but I don't think we need all it's capabilities (do I?). It would be nice to just ask a potential user for their email address and grant them access and email them next year. I've seen Cisco NAC but that looks over the top too for just guest users who will only be accessing a shared internet connection.
  I've seen 3rd party supposed software solutions from Kiosk Antamedia etc do they work with Cisco Enterprise WLC solutions?
  We'd like to limit users to a certain (low) bandwidth and block (say) torrent traffic to keep the general user experience worthwhile.
  Does anybody have any case study documents or experience of such a project? As well as the authentication it's how well the APs will handle the dense potential number of clients trying to connect in such a confined space. 
  Any suggestions would be gratefully appreciated from the knowledgeable community.
  Cheers,
  Mike

  Hi Rasika,
  We are having WLC 5508 model with software version running 7.4.121.0. AP Models are AIR-CAP2602I.
  Normally our WAN links are good even while the issue pertains. We are connected to remote offices over ipsec site to site vpn for WAN. The link latency in WLC between the AP and the controller shows  <1ms.
  currently the Guest network is using WPA2-PSK auth given in the controller. we are trying to find a option to make the Guest wireless auth local to the office, and see if this solves the problem. 
  any suggestions,
  Thank you,
  Arjun

• Monitoring Cisco ASR 1002 with IOS-XE in IPM 4.2

  We are running LMS 3.2 with IPM 4.2 installed....and we are looking to do IPSLA monitoring on a couple of our Cisco ASR's with IOS-XE code installed.
  I looked at the IPSLA feature mapping and it only talks about supported IOS code....do we need to upgrade our current IPM module to a current version?

  Hi Konstantin,
  Regarding "It is strange that these commands cleaned from sh run view.": this is normal for many default configuration commands.
  Mine is a lab device so I cannot really comment on stability or provide you a recommendation based on that. However, I see that the download section from Cisco.com mentiones the following release as the recommended based on quality, stability and longevity:
  asr1002x-universal.03.07.04a.S.152-4.S4a.SPA.bin
  The best would be for you to check this with yor cisco Account Team or Advanced Services Team as normally they are the proper point of contacts for SW advisory.
  Regards.

• Cisco 2600 router with 4A/S module can be terminal server

  I have a cisco 2600 router with 4A/S module, can it become the terminal server? If yes, which kind of octal cable should I choose to connect to other cisco routers console ports? Thanks a lot

  The commands mean that R1's console is connected using the first RJ-45 cable and is available on port 2001, R2's console is connected using the second RJ-45 cable and is available on port 2002 and so on. Remember that the ports are numbered as 2000 plus the line number. Hence, the first port is 2001. If you have more than eight devices and have connected a second CAB-OCTAL-ASYNC cable then you need to add a similar configuration line with the port numbers starting from 2009 till 2016.
  In your configuration u configured 9 ports. So please add second cable for another 8 ports.
  To connect to the console of a device, telnet to the terminal server router's loopback address and specify the port number associated to the device. For example, to connect to console of router R1 (from our example) type telnet 192.168.12.1 2001 in the Run dialog box from your PC.
  For further information click the below url
  http://www.cisco.com/public/technotes/smbsa/en/us/internet/config_cisco_router_term_server.html#trouble

• When is the update for Cisco Connect software with OS X 10.8 Mountain Lion?

   @OfficialLinksys When will @Cisco_Support update Cisco Connect software with OS X 10.8 Mountain Lion compatibility?

  I believe all Mac users are waiting for that update but so far it is not yet available. We are yet to hear from Cisco for its official release for the software that is compatible already for Mountain Lion.

• Urgent-- could cisco uc320 work with dumb switch ? how to configure

  could cisco uc320 work with dumb poe switch, with its voice vlan alway in 100, I can't change it, and my phone can not find the pbx through the switch, if it can, how can I configure it.

  Hi Rex,
  If the switch is unmanaged the 802.1q (tagged) ethernet frames typically pass right through the switch as if the phone was directly connected to the UC320W.  In this case both voice VLAN works and data VLAN. I would guess that if a switch has PoE that it is a managed switch though.  If it is a managed switch you will need to configure ports, vlans, and possibly CDP passthrough.
  Chris

• CIsco UCS-C200M2 with Unified Communication Products

  Hi,
  If anybody knows what are the Unified Communication products we can install on Cisco UCS solution with EXS VMware ESXi 4.0 Standard Edition.
  If any other products pls let me know that alo.
  Thanks in Advance.
  Regards,
  Sunish

  Yes, the DocWiki covers this on the Supported Applications page. It is worth mentioning that only there are specific hardware component requirements of the C200M2 for VTG support.
  Please rate useful responses.