WAAS Configuration for 3750 Switch

Similar Messages

• Best IOS version for 3750 switch

  I have just received 2 3750 switches, but both have a different IOS version.
  One has -> IOS version 12.1(19)EA1d
  and the other has -> IOS version 12.2(25)SEB2.
  I just want to use the switches as Gb collectors for a serverfarm seperatly (so no stack configuration) with a redundant uplink to my distribution layer.
  Can someone advise my which IOS is the best for my network?
  Thanx, Marty

  Switch 1:
  Cisco Internetwork Operating System Software
  IOS (tm) C3750 Software (C3750-I5-M), Version 12.1(19)EA1d, RELEASE SOFTWARE (fc1)
  Copyright (c) 1986-2004 by cisco Systems, Inc.
  Compiled Mon 05-Apr-04 22:06 by antonino
  Image text-base: 0x00003000, data-base: 0x009206D8
  ROM: Bootstrap program is C3750 boot loader
  BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.1(14r)EA1a, RELEASE SOFTWARE (fc1)
  2224-3750-037000137 uptime is 23 hours, 52 minutes
  System returned to ROM by power-on
  System restarted at 09:02:42 GMT Thu Aug 11 2005
  System image file is "flash:c3750-i5-mz.121-19.EA1d/c3750-i5-mz.121-19.EA1d.bin"
  cisco WS-C3750G-24TS (PowerPC405) processor (revision H0) with 118776K/12288K bytes of memory.
  Processor board ID CAT0904X00B
  Last reset from power-on
  Bridging software.
  1 Virtual Ethernet/IEEE 802.3 interface(s)
  28 Gigabit Ethernet/IEEE 802.3 interface(s)
  The password-recovery mechanism is enabled.
  512K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address : 00:13:1A:65:50:00
  Motherboard assembly number : 73-7058-12
  Power supply part number : 341-0045-01
  Motherboard serial number : CAT090400A0
  Power supply serial number : LIT09020266
  Model revision number : H0
  Motherboard revision number : A0
  Model number : WS-C3750G-24TS-E
  System serial number : CAT0904X00B
  Hardware Board Revision Number : 0x09
  Switch Ports Model SW Version SW Image
  * 1 28 WS-C3750G-24TS 12.1(19)EA1d C3750-I5-M
  Configuration register is 0xF
  Switch 2:
  Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEB2, RELEASE SOFTWARE (fc1)
  Copyright (c) 1986-2005 by Cisco Systems, Inc.
  Compiled Wed 08-Jun-05 01:19 by yenanh
  ROM: Bootstrap program is C3750 boot loader
  BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.1(14r)EA1a, RELEASE SOFTWARE (fc1)
  2224-3750-037000138 uptime is 59 minutes
  System returned to ROM by power-on
  System image file is "flash:c3750-ipservices-mz.122-25.SEB2/c3750-ipservices-mz.122-25.SEB2.bin"
  cisco WS-C3750G-24TS (PowerPC405) processor (revision L0) with 118784K/12280K bytes of memory.
  Processor board ID CAT0925Z0WZ
  Last reset from power-on
  1 Virtual Ethernet interface
  28 Gigabit Ethernet interfaces
  The password-recovery mechanism is enabled.
  512K bytes of flash-simulated non-volatile configuration memory.
  Base ethernet MAC Address : 00:14:A8:71:CA:00
  Motherboard assembly number : 73-7058-13
  Power supply part number : 341-0045-01
  Motherboard serial number : CAT09251J90
  Power supply serial number : PHI09220165
  Model revision number : L0
  Motherboard revision number : A0
  Model number : WS-C3750G-24TS-E
  System serial number : CAT0925Z0WZ
  Hardware Board Revision Number : 0x09
  Switch Ports Model SW Version SW Image
  * 1 28 WS-C3750G-24TS 12.2(25)SEB2 C3750-IPSERVICES-M
  Configuration register is 0xF

• QoS Questions for 3750 Switches

  2x3750 switches are stacked and we are trying to simulate traffic congestion at the UTP ports by using Smartbit 6000C. The objective of the test is to see if the QoS setting works in reality even though we see from Wireshark that the packets are marked with DSCP for voice traffic.
  Setup is as follows :
  Smartbit<->Avaya IP Phone<->3750 switches<->6509 switch.
  Please note that the configuration is set on the 3750 switch port as well as trusted on the Cat 6 switch port. However, when I set to continuous traffic with byte size of 64. Even though its a 100Mbps port, the Avaya IP Phone is already acting weird with hanged symptom. Just side note is that performing "show mls qos inter gi2/0/7 statistic" shows that data and voice traffic are marked on the different priority which seemed correct.
  1) Is this the right way to test? If not, what should be the correct way?
  2) The port that's connected to Smartbit is configured and it seemed that with the continuous traffic, even other IP Phones are hanged even though I have set Smartbit to hit on the IP address of the CAT6 Switch port. This is not normal right as this is supposed to be unicast traffic. Any idea what could be the reason?

  Hello Brandon,
  I understand your concern and how you want to test, but with the VoIP services you need to understand that there are 2 points (telephones if you want) involved. Your local one, where you might have taken all the necessary steps to protect and prioritize your voice traffic, and the oposite end which also need to have the voice packets prioritized.
  Now, from your description, I understand that the packets (voice and data) marked correctly (I believe on C3750), but that's not enough. You need to use CBWFQ together with LLQ to give priority to the Voice traffic over data in case of congestion. Do you have such configuration? Can you show us some excerpt from it?
  Next, during the testing, you said that your phone hang-up...where you in a call?
  To respond to your questions:
  1. The start is ok, but we need more details. You are pushing traffic from Smarbit, this is your local end, but where is the traffic pushed to (remote end), who is receiving the traffic?
  2. In theory, you shouldn't have any impact over voice if links are 100Mbit, only if you have such a power packet generator that could fill 100Mbit. What do you mean by "This is not normal right as this is supposed to be unicast traffic"? VoIP is also unicast traffic...
  I can see that you are determined to solve this issue, and this is OK as it will help you back with gained knowledge, but I have to warn you that troubleshooting QoS / Voice related problems may be more tricky than you think, as it will involve a strong know-how in these areas.
  We will help, but you have to come back with more precise details.
  Good luck!
  Calin

• Snmp for 3750 switch stack

  Hi,
  I have two 3750 switch stack together with one ip address mange the stack.
  Can I monitor the memory and cpu for each individual switch? what is the oid then?
  Thanks.
  C.K.

  Hello CK,
  On the Catalyst 3750, the stack master handles the SNMP requests and traps for the whole switch stack.
  The stack master transparently manages any requests or traps that are related to all stack members. When a new stack master is elected, the new master continues to handle SNMP requests and traps as configured on the previous stack master, assuming that IP connectivity to the SNMP management stations is still in place after the new master has taken control.
  So to answer your question, with the OID for CPU and Mempory usage the switch will return only values for the active master. The other stack members are hot standby and do not produce SNMP information for CPU and/or Memory.
  HTH
  --Leon

• 802.1x configuration for 3500 switch and 2800 switc

  Can anyone point me to a document on how to do a 3500 switch 802.1x configuration as well as a 2800 switch? How do you define the server auth-port? Thanks

  Even tough this link is for CAT6k, it has some very useful screen-shots that will help you to successfully implement dot1x:
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a00801d11a4.shtml
  Regards
  Farrukh

• Where is the complete configuration for catos4000 switch?

  thank you!

  Hi Friend,
  Here is the complete configuration guide for catos 4k switch
  For release 7.x
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/rel7_1/config/index.htm
  Complete details about 4k switch with command reference
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/rel7_1/index.htm
  HTH
  Ankur

• SPAN or RSPAN Configuration for intermediate Switch.

  Hi
  I am having three switches. My Sniffer is connected with my Core Switche port 11.
  I am having 1 core SW, 2 Access SW.
  CoreSW --------------Trunk--------------->AccessSw1-----------------Trunk-------------------------AccessSw2.
  I am trying to configure Monitor session between AccessSW2 and Core SW.
  my configuration ar Core SW
  monitor session 1 destination interface Fa0/11
  monitor session 1 source remote vlan 901
  At AssessSw2
  monitor session 1 source interface Fa0/1 - 22
  monitor session 1 destination remote vlan 901
  these configurations work fine if I ommit AccessSw1.
  So what Configuration I need at AccessSW1 to communicate fine. Please help me on this..

  Alexander,
  You will have to specify the remote vlan on Sw2, just creating it won't help. Following is the config for the SW2.
  Switch(config)# monitor session 1 source remote vlan 901Switch(config)# monitor session 1 destination interface fastEthernet0/5
  The commands are a bit platform specific, as they are a bit different for the 6500 switches:
  For SW2 on Cisco6500
  Router(config)# monitor session 1 type rspan-destination
  Router(config-rspan-dst)# source remote vlan 2
  Router(config-rspan-dst)# destination interface gigabitethernet 1/2
  Thanks
  Ankur
  "Please rate the post if found useful"

• Switch port configuration for 3500i AP

  Hi,
  We are due to install a brand new enterprise WLAN based on the WiSM2 platform, 3502i AP and WCS. The APs will be plugged into the 2960S-24TPS-L.
  I have scanned over all documentation and cannot for the life of me find a recommended switch port configuration for connecting the AP to the switch in terms of speed / duplex etc. For example, should I just configure the port to auto detect, or is forcing the speed / duplex the way to go. I could also do with knowing other best practice configurations for AP connectivity.
  Any help would be greatly appreciated.
  Chris.

  The AP comes online with just auto detect, but I want to know if there are any benefits to forcing this to 1Gbps / Full duplex, or even if this is the right way to go. I suspect auto detect is the best method.

• Switch configuration for AP's

  We are trying to install a 2106 controller with a few 1261 AP's which we have downgraded to Lightweight.
  We are getting our head around the 2106 config but am unsure as to what config to put on the switchport the AP's connect to.
  As far as our reading goes it is best practice to plug the AP's into a network swtich and trunk vlan's from the switch to the controller.
  Bit confused about the way the AP's connect to the switch.
  Thanks
  Roger

  Hi,
  As I understood ... you need to map existing vlan subnet with your wlan ...
  you will have interfaces which you first need to configure on your controller .
  1) Management IP of wlc
  2) AP- manager
  3) dynamic interface which will be used to map the vlan with respective wlan
  4) virtual
  procedure :
  1) if you do not have dhcp seperate configured , first you need to create vlan then configure svi interface with ip address and  dhcp pool for your ap to get ip address in your l3 switch which is connected to your controller with default-router command which will point to your switch
  2) login to your controller through console and configure the management IP address
  command  : WLC( config ) > interface address management ... ip address... mask .... gateway ( it will be your switch )
  configure AP-manager interface with above command with ap manager option ..
  Now switch side you configure the one port which is connected to your controller as a TRUNK
  connect ap to any port which will configured with above vlan which you have configured in l3 switch
  Now AP should get registered and then follow below procedure for getting client connected to respective WLAN
  3 ) once you configure login to gui of controller and configure dynamic interface with existing vlan subnet and give the dhcp server ip address if you have or else configure the dhcp pool for users also.
  4) go to " wireless " option
  5) select the respective wlan and map the vlan with respective dynamic interface
  check whether clients got ip address.
  please let me know ........ if you have doubt about it

• What's "SAVE" configuration command for Cisco switch/ router?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well,
  but so long, any other command that easy to remenber?

  What's "SAVE" configuration command for Cisco switch / router? I know Switch#copy running-config startup-config works well, but so long,
  any other command that easy to remenber?
  yes, here: Switch#write,and want to know more about the Cisco switch, please visit:http://www.3anetwork.com/cisco-switches-price_c1

• Using 3750 switches & 2821 router for video & http qos

  Hello all,
  I know that the 3750 switches and 2821 routers are aging platforms, though, was curious if it they are capable of providing QoS for video (such as WebEx) and HTTP/HTTPS, in addition to voice traffic?
  Thanks

  Thank you Reza.
  One reason we're looking into this, is that we wanted to see if we could give priority to traffic destined for, and arriving from, certain servers  (in addition to certain classes of traffic).   Is that possible?  Most of our switches have IPBase images (12.2(55)SE1).
  Thanks

• Switch configuration for LAPs

  A local mode LAP is broadcasting WLANs that use VLAN10, VLAN20, and VLAN30.  The switchport the LAP is connected to is configured in access mode.  Do VLANs 10, 20 & 30, need to be configured on the switch? 

  No,
  You need to configure the WLC port as trunk and allow these vlan to this port.
  Example:
  WLC:
  interface GigabitEthernet1/0/1
  description Trunk Port to Cisco WLC
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 10,20,30
  switchport mode trunk
  AP:
  interface GigabitEthernet1/0/22
  description Access Port Connection to Cisco Lightweight AP
  switchport access vlan 10 ------> in which vlan AP getting ip
  switchport mode access
  no shutdown
  Regards
  Dont forget to rate helpful posts

• Issues with using /31 mask on 3750 switch

  I work for a large manufacturing plant that employes Cisco 3750 and 6500 series switches. We are having a problem in using 255.255.255.254 mask on point-to-point VLAN uplinks. Every time, the switch restarts, after the initial boot process, it locks up after the following error message:
  "Warning: use /31 mask on non point-to-point interface cautiously".
  The switch in question is a 3750-12 port fibre switch. IOS version: 12.2(25).SEB March 2005.
  Any help would be greatly appreciated.
  Thanks
  Haroon

  I believe you are seeing two different things.
  1)The message is just a warning message introduced through
  http://www.cisco.com/cgi-bin/bugtool/onebug.pl?bugid=CSCdw51648
  It is not only during boot up but the message is printed even when the IP address is configured.
  3750#
  1w3d: %SYS-5-CONFIG_I: Configured from console by console
  3750#conf t
  Enter configuration commands, one per line. End with CNTL/Z.
  3750(config)#int vlan 1
  3750(config-if)#ip address 14.1.25.225 255.255.255.254
  % Warning: use /31 mask on non point-to-point interface cautiously
  3750(config-if)#do sh run int vlan 1
  Building configuration...
  Current configuration : 63 bytes
  interface Vlan1
  ip address 14.1.25.225 255.255.255.254
  end
  3750(config-if)#
  The reason you are seeing after boot up is because start up config is applied to running config.
  2)However, this should not lock up the switch.

• 802.1x "MachineorUser" Auth Mode strange behavior in 2950 & 3750 Switches

  Good Day Support Team around the world,
  Having started recently  tests with 802.1x in a lab environment, I noticed  a strange behavior related to authentication. First let me provide you with the network components I used.
  supplicant:                    domain-joined laptop with Windows XP SP3 802.1x embedded client
  authenticator1:              Cisco 2950-24   
  authenticator2:              Cisco 3750-24
  authentication server:     MS NPS Windows Server 2008
  1.     In the first scenario with 3750 switch when I connect the laptop to relevant port the machine authentication is successful. Then I try to login with a domain account and again the authentication is completed without any problem. Then I log off and user authentication is revoked and the machine authentication is used again without any issue. When I try to login again as local user the authentication fails as expected but the port remains disabled (port blinking amber) regardless the fact that port is configured for Auth-Fail Vlan. When I log off then the machine authentication is used again and the access is granted.
  2.     In the second scenario with 2950 switch as authenticator, I follow the same steps as before and when I try to login as local user the authentication is failed and the port is assigned the Auth-Fail Vlan (as expected based on configuration). However when I log off it seems that the 2950 switch still use the Auth-Fail Vlan for that port and never authenticates again for machine authentication.
  Could you please let me someone know if this is normal ( I suppose no). Please find attached the relevant debug output from the second scenario.
  Thank you!!!

  Hi,
  basically what happens is that the maximum EAP packet size for communication between client and RADIUS server is negotiated. Therefore, in your case the switch notifies NPS that the client is capable of handling packets up to 9000 bytes in size.
  EAP messages, especially those containing the server certificate, are usually bigger than 1500 bytes and arrive at the switch in multiple fragments:
  Mar  6 15:50:11.881: RADIUS(0000002C): Received from id 1645/41
  Mar  6 15:50:11.881: RADIUS/DECODE: EAP-Message fragments, 253+253+253+253+253+253+253+253+20, total 2044 bytes
  Having learned that 2044 bytes is acceptable for the client, the switch forwards the full message in one chunk, but since your client is likely to have set the interface MTU to 1500, the packet is oversized and never reaches its destination.
  And yes, I think changing the System Jumbo MTU to 1500 bytes would lead to the same result. If my memory serves me right, a new setting takes effect only after a reboot, so I'd suggest giving it a go in your lab first.
  Best regards,
  Josef

• How to check if 3750 switch is using sslv3

  Hi Everyone,
  i an trying to https to 3750 switch using firefox below is error message
  Firefox cannot guarantee the safety of your data on 10.0.0.4 because it uses SSLv3, a broken security protocol.
  Advanced info: ssl_error_no_cypher_overlap
  Learn More…
  ip http secure-server ---- is configured on 3750.
  i checked config on 3750 switch it does not show if sslv3 is enabled.
  is there any command i can use to check ssl config on 3750 switch?
  Regards
  Mahesh

  Hi Mahesh,
  Try running nmap against your switch: http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html
  nmap --script ssl-enum-ciphers -p 443 <switch_name>
  There is an open Cisco bug for this vulnerabilty:
  https://tools.cisco.com/bugsearch/bug/CSCur23656
  ...which implies that this vulnerabilty is not fixed in any version of IOS!? If you are concerned, use the CLI and drop the HTTP(S) access.
  cheers,
  Seb.