WiSM Service Vlan Issues
Folks,
I have seen strange problem in WiSM, while configuring as service vlan, I could see the status of one of the service vlan's as Oper-Up. Second one is mentioned as -- , whereas I could access both wism by means of html. Through CLI i could access only one WisM.
Apart from that, I could see in log files lost hearbeat with supervisor. Is this log related with the missing service vlan's . How can I solve this issue? Will it be due to WiSM/Core Switch IOS incompatibility?
Regards,
SIDdarth
Folks,
1. Could you please advise regarding strange issue which happens on my wism
When I type show wism module, I see one of the controller is mentioned with service vlan ip and controller ip and status as 'Oper-Up' , whereas second wism controller does show any ip and is mentioned as -- with status mentioned as 'Service-Up'. But remotely i can access both controllers through WiSM.
Why does it come so? I am having controller firmware version 5.0. How can I solve this issue.
2. Secondly as I have heard from other users that 5.0 is buggy firmware, will I lose my configuration if i upgrade firmware to 5.2/6.0
Please provide me ur experiences.
Thanks a lot
-SIDdarth
Similar Messages
-
Hi All,
I am trying to configure a new wism module, as per the cisco official document i have configured all settings for the service interface, but it is not leasing ip address from my dhcp pool. What could be the possible reason ? Please Help
Thanks in advance.
Rgds.
Shijo.Hello All,
Thank you very much for the replies and let me inform you that i could resolve the problem by myself. I am glad to share my experiance and solution herev.
As per the cisco documents the 'service port' will automatically lease an ip from the service vlan dhcp pool, as i posted b4 it was not working. Then tried to access the wism's console port using the default user name and password 'admin' (as per cisco documnets). But unfortunately for me it was 'cisco'. (It really took half of a day to make a blind attempt, my bad luck ). Using the newly discovered user name and password i had logged into the cosole and serached for a solution. The result was bit shocking - DHCP in service port was disabled !!!.Anyway i fixed it and logged out. The service port then leased IPs from the sevice vlan dhcp pool.
Then i tried 'session' to the controller, it simpley gave me the next issue. The switch failed to session into controller !!. After a few hrs attempt i found that telnet was also diabled in the controller from the wism's console, fixed it from the wism console itself.
Again, as per the cisco document in the first loggin to the wism you will get a configuration wizard, i didnt get anything like that .
Anyways for the time it is working fine, and as it is my very first experience with a WISM i am expecting more issues when entering into more complex configuration. I expect all of yours support then.
Merry X'mas in advance.
Thank you very much,
Shijo. -
WiSM having trouble getting the IP from service-vlan DHCP
WiSM WLAN Service Module WS-SVC-WISM-1-K9 in 6509e running VSS IOs s72033-ipservicesk9_wan-mz.122-33.SXI2a.bin having trouble to get the IP from service-vlan DHCP.
The pertinent config is as follows.
vlan 300
name WiSM_Service_Vlan
interface Vlan300
description *** WiSM Service-Vlan
ip address 192.168.200.1 255.255.255.0
ip dhcp excluded-address 192.168.200.1
ip dhcp pool WiSM_Service-Vlan_300
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
wism service-vlan 300
vlan 183
name WiSM_Management
interface Vlan183
description *** WiSM Management Vlan ***
ip address 10.39.139.254 255.255.255.0
wism switch 1 module 4 controller 1 allowed-vlan 125,126,183,300
wism switch 1 module 4 controller 2 allowed-vlan 125,126,183,300
wism switch 2 module 4 controller 1 allowed-vlan 125,126,183,300
wism switch 2 module 4 controller 2 allowed-vlan 125,126,183,300
wism switch 1 module 4 controller 1 native-vlan 183
wism switch 1 module 4 controller 2 native-vlan 183
wism switch 2 module 4 controller 1 native-vlan 183
wism switch 2 module 4 controller 2 native-vlan 183
HO2NET0001#sh wism status
Service Vlan : 300, Service IP Subnet : 192.168.200.1/255.255.255.0
WLAN
Slot Controller Service IP Management IP SW Version Status
----+-----------+----------------+----------------+-----------+---------------
20 1 0.0.0.0 0.0.0.0 Service Port Up
20 2 0.0.0.0 0.0.0.0 Service Port Up
HO2NET0001#sh module
Mod Ports Card Type Model Serial No.
1 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL13442Q5N
2 8 CEF720 8 port 10GE with DFC WS-X6708-10GE SAL13442GAL
3 48 CEF720 48 port 10/100/1000mb Ethernet WS-X6748-GE-TX SAL13410N8P
4 10 WiSM WLAN Service Module WS-SVC-WISM-1-K9 SAD133101UY
5 5 Supervisor Engine 720 10GE (Active) VS-S720-10G SAL13442JE4
Mod MAC addresses Hw Fw Sw Status
1 0025.84f1.55b8 to 0025.84f1.55bf 2.1 12.2(18r)S1 12.2(33)SXI2 Ok
2 0025.84f1.4e58 to 0025.84f1.4e5f 2.1 12.2(18r)S1 12.2(33)SXI2 Ok
3 0027.0da7.c240 to 0027.0da7.c26f 3.2 12.2(18r)S1 12.2(33)SXI2 Ok
4 0023.5e25.7168 to 0023.5e25.7177 2.3 12.2(14r)S5 12.2(33)SXI2 Ok
5 001f.9e2a.2608 to 001f.9e2a.260f 3.1 8.5(3) 12.2(33)SXI2 Ok
Mod Sub-Module Model Serial Hw Status
1 Distributed Forwarding Card WS-F6700-DFC3C SAL13442EG9 1.4 Ok
2 Distributed Forwarding Card WS-F6700-DFC3C SAL13442H9T 1.4 Ok
3 Centralized Forwarding Card WS-F6700-CFC SAL13442HU9 4.1 Ok
4 Centralized Forwarding Card WS-SVC-WISM-1-K9-D SAD133200D6 2.1 Ok
5 Policy Feature Card 3 VS-F6K-PFC3C SAL13442E5S 1.1 Ok
5 MSFC3 Daughterboard VS-F6K-MSFC3 SAL13421AJZ 2.0 Ok
Mod Online Diag Status
1 Pass
2 Pass
3 Pass
4 Pass
5 Pass
HO2NET0001#sh vlan
300 WiSM_Service_Vlan active Gi1/4/9, Gi1/4/10
The service IP is supposed to have been populated with an address from the dhcp pool. I am also unable to connect to it by doing a session switch 1 slot 4 processor 1. I get the following upon attempting to do so:
HO2NET0001##session switch 1 slot 4 proc 1
The default escape character is Ctrl-^, then x. You can also type 'exit' at the remote prompt to end the session Trying 0.0.0.0 ...
Any assistance or ideas offered will be greatly appreciated.
Thanks,wired client is working & able to get IP from vlan 300 DHCP pool.
Here is the complete configuration.
Core-Switch6509#sh run
Building configuration...
Current configuration : 21462 bytes
upgrade fpd auto
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service counters max age 5
hostname
boot-start-marker
boot system flash sup-bootdisk:
boot-end-marker
security passwords min-length 1
logging buffered 8192
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 192.168.200.1 192.168.200.2
ip dhcp pool wism-service-port
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
ip dhcp pool voiceFLR1
network 10.39.103.128 255.255.255.128
default-router 10.39.103.254
option 150 ip 10.39.139.240 10.39.139.241
ip dhcp pool voiceFLR2
network 10.39.104.128 255.255.255.128
default-router 10.39.104.254
option 150 ip 10.39.139.240 10.39.139.241
ip dhcp pool voiceFLR3
network 10.39.105.128 255.255.255.128
default-router 10.39.105.254
option 150 ip 10.39.139.240 10.39.139.241
no ip domain-lookup
vtp domain
vtp mode transparent
switch virtual domain 100
switch mode virtual
mls netflow interface
mls cef error action reset
spanning-tree mode pvst
spanning-tree extend system-id
wism service-vlan 300
wism switch 1 module 4 controller 1 allowed-vlan 125,126,183,300
wism switch 1 module 4 controller 2 allowed-vlan 125,126,183,300
wism switch 2 module 4 controller 1 allowed-vlan 125,126,183,300
wism switch 2 module 4 controller 2 allowed-vlan 125,126,183,300
wism switch 1 module 4 controller 1 native-vlan 183
wism switch 1 module 4 controller 2 native-vlan 183
wism switch 2 module 4 controller 1 native-vlan 183
wism switch 2 module 4 controller 2 native-vlan 183
diagnostic bootup level minimal
redundancy
main-cpu
auto-sync running-config
mode sso
vlan internal allocation policy ascending
vlan dot1q tag native
vlan access-log ratelimit 2000
vlan 101
name Grd_FLR_Data_Vlan
vlan 102
name Grd_FLR_Voice_Vlan
vlan 103
name MZ_FLR_Data_Vlan
vlan 104
name MZ_FLR_Voice_Vlan
vlan 105
name 1st_FLR_Data_Vlan
vlan 106
name 1st_FLR_Voice_Vlan
vlan 107
name 2nd_FLR_Data_Vlan
vlan 108
name 2nd_FLR_Voice_Vlan
vlan 109
name 3rd_FLR_Data_Vlan
vlan 110
name 3rd_FLR_Voice_Vlan
vlan 111
name 4th_FLR_Data_Vlan
vlan 112
name 4th_FLR_Voice_Vlan
vlan 113
name 5th_FLR_Data_Vlan
vlan 114
name 5th_FLR_Voice_Vlan
vlan 115
name 6th_FLR_Data_Vlan
vlan 116
name 6th_FLR_Voice_Vlan
vlan 117
name 7th_FLR_Data_Vlan
vlan 118
name 7th_FLR_Voice_Vlan
vlan 119
name 8th_FLR_Data_Vlan
vlan 120
name 8th_FLR_Voice_Vlan
vlan 121
name 9th_FLR_Data_Vlan
vlan 122
name 9th_FLR_Voice_Vlan
vlan 123
name 10th_FLR_Data_Vlan
vlan 124
name 10th_FLR_Voice_Vlan
vlan 125
name Wireless_Users
vlan 126
name Wireless_Guest
vlan 150
name Printer
vlan 151
name v151
vlan 152
name v152
vlan 153
name v153
vlan 154
name v154
vlan 155
name v155
vlan 183
name Network_Management
vlan 300
name WiSM_Service_Vlan
interface Port-channel1
description *** For 1st Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel2
description *** For 2nd Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel3
description *** For 3rd Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel4
description *** For 4th Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel5
description *** For 5th Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel6
description *** For 6th Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel7
description *** For 7th Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel8
description *** For 8th Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel9
description *** For 9th Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel10
no switchport
no ip address
switch virtual link 1
mls qos trust cos
no mls qos channel-consistency
interface Port-channel11
description *** For 10th Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel12
description *** For Ground Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel13
description *** For MZ Floor ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface Port-channel20
no switchport
no ip address
switch virtual link 2
mls qos trust cos
no mls qos channel-consistency
interface TenGigabitEthernet1/1/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
interface TenGigabitEthernet1/1/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
interface TenGigabitEthernet1/1/3
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
interface TenGigabitEthernet1/1/4
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
interface TenGigabitEthernet1/1/5
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode on
interface TenGigabitEthernet1/1/6
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode on
interface TenGigabitEthernet1/1/7
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode on
interface TenGigabitEthernet1/1/8
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode on
interface TenGigabitEthernet1/2/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 7 mode on
interface TenGigabitEthernet1/2/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 8 mode on
interface TenGigabitEthernet1/2/3
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 9 mode on
interface TenGigabitEthernet1/2/4
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 11 mode on
interface TenGigabitEthernet1/2/5
description *** Connected to Juniper Port Ten 0 Inside ***
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
interface TenGigabitEthernet1/2/6
no switchport
no ip address
interface TenGigabitEthernet1/2/7
no switchport
no ip address
interface TenGigabitEthernet1/2/8
no switchport
no ip address
interface GigabitEthernet1/3/1
switchport
switchport access vlan 183
switchport mode access
interface GigabitEthernet1/3/2
switchport
switchport access vlan 183
switchport mode access
interface GigabitEthernet1/3/3
switchport
switchport access vlan 183
switchport mode access
interface GigabitEthernet1/3/4
switchport
switchport access vlan 183
switchport mode access
interface GigabitEthernet1/3/5
switchport
switchport access vlan 154
interface GigabitEthernet1/3/6
switchport
switchport access vlan 154
interface GigabitEthernet1/3/7
switchport
switchport access vlan 154
interface GigabitEthernet1/3/8
switchport
switchport access vlan 154
interface GigabitEthernet1/3/9
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/10
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/11
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/12
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/13
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/14
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/15
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/16
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/17
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/18
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/19
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/20
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/21
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/22
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/23
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/24
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/25
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/26
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/27
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/28
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/29
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/30
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/31
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/32
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/33
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/34
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/35
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/36
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/37
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/38
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/39
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/40
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/41
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/42
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/43
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/44
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/45
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/46
no switchport
no ip address
shutdown
interface GigabitEthernet1/3/47
switchport
switchport access vlan 107
switchport mode access
spanning-tree portfast edge
interface GigabitEthernet1/3/48
switchport
switchport access vlan 152
switchport mode access
interface GigabitEthernet1/5/1
no switchport
no ip address
shutdown
interface GigabitEthernet1/5/2
no switchport
no ip address
shutdown
interface GigabitEthernet1/5/3
no switchport
no ip address
shutdown
interface TenGigabitEthernet1/5/4
description *** Connected to CS-2 Port Ten 2/5/4 ***
no switchport
no ip address
mls qos trust cos
channel-group 10 mode on
interface TenGigabitEthernet1/5/5
description *** Connected to CS-2 Port Ten 2/5/5 ***
no switchport
no ip address
mls qos trust cos
channel-group 10 mode on
interface TenGigabitEthernet2/1/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
interface TenGigabitEthernet2/1/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
interface TenGigabitEthernet2/1/3
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode on
interface TenGigabitEthernet2/1/4
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode on
interface TenGigabitEthernet2/1/5
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 3 mode on
interface TenGigabitEthernet2/1/6
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 4 mode on
interface TenGigabitEthernet2/1/7
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 5 mode on
interface TenGigabitEthernet2/1/8
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 6 mode on
interface TenGigabitEthernet2/2/1
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 7 mode on
interface TenGigabitEthernet2/2/2
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 8 mode on
interface TenGigabitEthernet2/2/3
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 9 mode on
interface TenGigabitEthernet2/2/4
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 11 mode on
interface TenGigabitEthernet2/2/5
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface TenGigabitEthernet2/2/6
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface TenGigabitEthernet2/2/7
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface TenGigabitEthernet2/2/8
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
interface GigabitEthernet2/3/1
switchport
switchport access vlan 183
switchport mode access
interface GigabitEthernet2/3/2
switchport
switchport access vlan 183
switchport mode access
interface GigabitEthernet2/3/3
switchport
switchport access vlan 183
switchport mode access
interface GigabitEthernet2/3/4
switchport
switchport access vlan 183
switchport mode access
interface GigabitEthernet2/3/5
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/6
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/7
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/8
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/9
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/10
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/11
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/12
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/13
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/14
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/15
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/16
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/17
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/18
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/19
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/20
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/21
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/22
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/23
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/24
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/25
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/26
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/27
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/28
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/29
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/30
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/31
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/32
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/33
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/34
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/35
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/36
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/37
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/38
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/39
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/40
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/41
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/42
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/43
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/44
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/45
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/46
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/47
no switchport
no ip address
shutdown
interface GigabitEthernet2/3/48
no switchport
no ip address
shutdown
interface GigabitEthernet2/5/1
no switchport
no ip address
shutdown
interface GigabitEthernet2/5/2
no switchport
no ip address
shutdown
interface GigabitEthernet2/5/3
no switchport
no ip address
shutdown
interface TenGigabitEthernet2/5/4
description *** Connected to CS-1 Port Ten 1/5/4 ***
no switchport
no ip address
mls qos trust cos
channel-group 20 mode on
interface TenGigabitEthernet2/5/5
description *** Connected to CS-1 Port Ten 1/5/5 ***
no switchport
no ip address
mls qos trust cos
channel-group 20 mode on
interface Vlan1
no ip address
interface Vlan101
description *** Grd Floor Data Vlan ***
ip address 10.39.101.126 255.255.255.128
interface Vlan102
description *** Grd Floor Voice Vlan ***
ip address 10.39.101.254 255.255.255.128
interface Vlan103
description *** MZ Floor Data Vlan ***
ip address 10.39.102.126 255.255.255.128
interface Vlan104
description *** MZ Floor Voice Vlan ***
ip address 10.39.102.254 255.255.255.128
interface Vlan105
description *** 1st Floor Data Vlan ***
ip address 10.39.103.126 255.255.255.128
interface Vlan106
description *** 1st Floor Voice Vlan ***
ip address 10.39.103.254 255.255.255.128
interface Vlan107
description *** 2nd Floor Data Vlan ***
ip address 10.39.104.126 255.255.255.128
interface Vlan108
description *** 2nd Floor Voice Vlan ***
ip address 10.39.104.254 255.255.255.128
interface Vlan109
description *** 3rd Floor Data Vlan ***
ip address 10.39.105.126 255.255.255.128
interface Vlan110
description *** 3rd Floor Voice Vlan ***
ip address 10.39.105.254 255.255.255.128
interface Vlan111
description *** 4th Floor Data Vlan ***
ip address 10.39.106.126 255.255.255.128
interface Vlan112
description *** 4th Floor Voice Vlan ***
ip address 10.39.106.254 255.255.255.128
interface Vlan113
description *** 5th Floor Data Vlan ***
ip address 10.39.107.126 255.255.255.128
interface Vlan114
description *** 5th Floor Voice Vlan ***
ip address 10.39.107.254 255.255.255.128
interface Vlan115
description *** 6th Floor Data Vlan ***
ip address 10.39.108.126 255.255.255.128
interface Vlan116
description *** 6th Floor Voice Vlan ***
ip address 10.39.108.254 255.255.255.128
interface Vlan117
description *** 7th Floor Data Vlan ***
ip address 10.39.109.126 255.255.255.128
interface Vlan118
description *** 7th Floor Voice Vlan ***
ip address 10.39.109.254 255.255.255.128
interface Vlan119
description *** 8th Floor Data Vlan ***
ip address 10.39.110.126 255.255.255.128
interface Vlan120
description *** 8th Floor Voice Vlan ***
ip address 10.39.110.254 255.255.255.128
interface Vlan121
description *** 9th Floor Voice Vlan ***
ip address 10.39.111.126 255.255.255.128
interface Vlan122
description *** 9th Floor Voice Vlan ***
ip address 10.39.111.254 255.255.255.128
interface Vlan123
description *** 10th Floor Voice Vlan ***
ip address 10.39.112.126 255.255.255.128
interface Vlan124
description *** 10th Floor Voice Vlan ***
ip address 10.39.112.254 255.255.255.128
interface Vlan150
description *** Printer Vlan ***
ip address 10.39.120.254 255.255.255.0
interface Vlan151
description *** Connected to Juniper FW Port Ten 0 ***
ip address 10.39.121.1 255.255.255.240
interface Vlan183
description *** Network Management Vlan ***
ip address 10.39.139.254 255.255.255.0
interface Vlan300
ip address 192.168.200.1 255.255.255.0
ip classless
ip route 0.0.0.0 0.0.0.0 10.39.140.169
ip route 0.0.0.0 0.0.0.0 10.39.121.14
no ip http server
no ip http secure-server
control-plane
dial-peer cor custom
line con 0
login local
line vty 0 4
login local
line vty 5 15
login local
mac-address-table aging-time 480
no event manager policy Mandatory.go_switchbus.tcl type system
module provision switch 1
slot 1 slot-type 227 port-type 60 number 8 virtual-slot 17
slot 2 slot-type 227 port-type 60 number 8 virtual-slot 18
slot 3 slot-type 147 port-type 61 number 48 virtual-slot 19
slot 4 slot-type 242 port-type 31 number 10 virtual-slot 20
slot 5 slot-type 254 port-type 31 number 2 port-type 61 number 1 port-type 60 number 2 virtual-slot 21
module provision switch 2
slot 1 slot-type 227 port-type 60 number 8 virtual-slot 33
slot 2 slot-type 227 port-type 60 number 8 virtual-slot 34
slot 3 slot-type 147 port-type 61 number 48 virtual-slot 35
slot 4 slot-type 242 port-type 31 number 10 virtual-slot 36
slot 5 slot-type 254 port-type 31 number 2 port-type 61 number 1 port-type 60 number 2 virtual-slot 37
end
Thanks & Awaiting for response. -
WiSM & SUP720 Performance Issue
We use WiSM 4.0.217.0 and SUP720 12.2(18) SXF5. We experience bad performance with wireless client download, for only about 70kbps. I tried with a WLC2006 connected to the same SUP720 with similar configurations with WiSM and I got 2Mbps download speed via WLC2006. Has anyone seen this issue before?
Thanks!
ZhenningThere are several possible reasons that this error message is generated. From the WiSM's perspective, the most common reason is an incorrect configuration of the service port on the Supervisor Engine.
In the case of a WiSM, the service port is used solely for communication between the Supervisor 720 and the WiSM.
Complete these steps in order to get rid of this error message.
Create a new VLAN for the WiSM service ports on the Supervisor Engine that does not exist anywhere on the network.
Create a DHCP scope setup on your Supervisor 720 to assign IP addresses to the service ports of the controllers. This IP range should not start with the same octet of any interface that already exists on your network .
Note: It is recommended that you create a DHCP scope for the service port of the Catalyst WiSM. Alternatively, you can also session (session slot X process 1 or 2 ) or console directly into the WiSM and set the static IP addresses (configure the interface address service port).
Assign the WiSM service ports to this newly created VLAN with the command wism service-vlan new VLAN ID on the Supervisor Engine. -
SVI needed for WiSM service-port?
I currently have a vlan/SVI on my 6506 for the WiSM service-port. The WiSM has an address on the same subnet. To manage the WiSM, I either https to the Management interface address or use 'session slot X proc Y' from the the 6506. Since I am essentially only using two addresses from a subnet for this service-port I would like to free up the subnet. Can I keep my current functionality by having a vlan only (with the wism service-vlan XX command) with no SVI? Thanks.
Yes, correct. You dont have to have this as a SVI. You can just drop them into the vlan with no SVI. So long as the WiSMs have a service port and IP and they are on the same subnet in the same vlan you are good.
After you set this up do a show wism status .. You should see thet are all up.
In fact I bloged about a security issue with the service port and the SVI interface. Its a good read..
http://www.my80211.com/security-labs/2010/10/7/cisco-wism-config-practice-opens-svi-vulnerability.html
I hope this helps. -
Subnet Size for Service Vlan e AP-Manager in WiSM
Hi guys,
Is there any recommendations about the size of the subnets used to communicate the supervisor 720 with the wism.
I think I will waste address, for example, if I use two subnets /24 for service vlan e ap-manager.
Thanks in Advanced,
Andre LomonacoYour subnet should be big enough to accomodate all the hosts which will need addresses. A /28 or /29 is probably plenty big for your service vlan.
On the other hand, RFC 1918 gives you close to 18 million addresses worthof private space to work with, so it's unlikely you're going to run out in most deployments. -
WiSM Service Port is sourcing Fin-Ack packets
For some reason or another, both of the service port interfaces on our WiSM WLCs are sorucing Fin-Ack packets to IP addresses out on the Internet.
My understanding is that the service ports are only suppose to be used for communication between the Sup720 and WiSM, and I'm wondering if this could be due to some type of misconfiguration on the WiSM or 6509E.
We have static IP addresses configured on the service ports in vlan 999 on the 6509E:
interface Vlan999
description VLAN for WiSM Service Port
ip address 192.168.99.1 255.255.255.0
no ip redirects
no ip proxy-arp
end
There is also a connected route for this vlan on the 6509E:
ROUTER# sh ip route
C 192.168.99.0/24 is directly connected, Vlan999
I have verified that traffic on vlan 999 is being routed off of that vlan. Should I? and how can I prevent that?
Should our service port vlan (999) be a L2 vlan instead of L3 at the 6509E?
Should we even have an SVI for vlan 999 on the 6509E?
With the 6509E being a VTP server, vlan 999 has propigated to all of the other swtiches on our campus.
Any advice would be greatly appreciated.
- JonathanThanks for answering my questions Nicolas.
I will configure an ACL to block this traffic.
It just seems odd that this traffic would be coming from the service port interfaces.
The source port for the Fin-Ack packets are always port 2006 of the WiSM service port interfaces:
Ex)
10:57:14 192.168.99.3.2006 > 178.16.32.26.55604: F ack 1572593820 win 1378
10:57:14 192.168.99.3.2006 > 68.192.70.95.50091: F ack 520899031 win 1378
10:57:14 192.168.99.3.2006 > 157.252.133.95.52194: F ack 198026245 win 1378
10:57:14 192.168.99.3.2006 > 68.175.103.222.62076: F ack 2128482631 win 1378
10:57:14 192.168.99.2.2006 > 69.192.173.15.52873: F ack 3642030540 win 1378
10:57:15 192.168.99.3.2006 > 184.88.1.180.59208: F ack 644520437 win 1378
Its understandable that traffic destined for the service port subnet would be forwarded out of the service port interfaces but in this case the traffic is destined for the IP addresses out on the Internet, not the service port subnet.
- Jonathan -
7936 not showing software version and vlan issue
I have a 7936 that does not show the software version. I have installed the newest load on the callmanager, but still cannot see what version it is running on the phone.
My main issue with the phone is that I have to set the switchport access vlan to the voice vlan, if I try to let the phone use the swithport voice vlan, it will pull an IP address off of the data vlan and not the voice vlan.
Any help with either of these issues would be greatly appreciated. I do rate all helpful posts.
Thanks,
RobertHi Robert,
Here is some info that may help;
Verifying Firmware Version Information
You can obtain information about the firmware version installed on the IP Conference Station.
Follow these steps to verify the firmware version on an IP Conference Station:
Step 1 Press the Menu button.
Step 2 Press the Up or Down scroll button to select the Admin Setup menu.
Step 3 Press the Select button.
Step 4 Enter the administrator password. (The default administrator password is **#.)
Step 5 Press the Enter softkey.
Step 6 Press the Up or Down scroll button to select System Information.
Step 7 Press the Select button.
Step 8 Press the Up or Down scroll button to select SW Version.
The firmware version number is displayed.
Or if that is not working try accessing this way;
Using the Web Interface
Follow these steps to access the Cisco IP Conference Station 7936 web interface:
Step 1 Open your web browser.
Step 2 In the address field enter:
http:// IP address of the IP Conference Station:
Configuration information applies to the specific IP Conference Station associated with the IP address you enter.
Note If you changed the HTTP port number, you need to use that number as a suffix to the IP address. If you did not change the HTTP port number, then you do not need to enter a suffix.
The web interface appears, and the initial login page is displayed.
Step 3 To log in as the administrator, enter the administrator password and click Login.
The default administrator password is **#.
Note When logged in to the IP Conference Station web pages, the web pages will time out after approximately 20 minutes of inactivity. You will then have to log back in.
Step 4 To log off, click Administrator Logout.
Information Available on All Web Pages
The top right portion of the Cisco IP Conference Station 7936 web interface includes a separate section that displays consistent information for all of the web pages.
This section contains the following information; example text appears next to each item in the list:
Software Version: 3.3(2.00)
Protocol Type: SCCP
Boot Load ID: PC0503031418
Application Load ID: CMTERM_7936.3-3-2-0
IP Address: 10.1.1.11
MAC Address: 00c742655892
Local Number: 2022
As far as the VLAN issue goes, this has always been the case for our 7935's as well and I'm sure the 7936 is the same.
Switchport mode access
Switchport access VLAN XXX
Hope this helps!
Rob
Please remember to rate helpful posts........ -
Hey guys,
I'm configuring my access points with two SSID's through the GUI. The first is a corporate SSID and the second a guest SSID. The corporate SSID needs to be attached to native VLAN 1000. The guest SSID needs to be attached to VLAN 1234. Both SSID's / VLAN's are to use WPAv2 AES CCMP with a PSK. Although I'm getting an error message indicating that my VLAN's don't exist on ‘Radio1-802.11N 5GHZ’ . Here are steps I take from start to error...
Create SSID’s with no security. CORP not to broadcast. Set CORP to use native VLAN 1000. Set guest to use VLAN1234.
Within security encryption manager > Set encryption mode cipher to AES CCMP on both VLAN 1000 and VLAN1234.
Within services > VLAN check that both VLAN’s have Radio0-802.11N 2.4GHZ and Radio1-802.11N 5GHZ selected. They do.
Within Security > SSID Manager – set client authenticated key management to mandatory, enable WPA – WPAv2. Set pre-shared key. Hit apply > “ERROR: VLAN 1000 doesn’t exist on ‘Radio1-802.11N 5GHZ’ (see Services > VLAN).
I get the same error for both SSID’s. Radio1-802.11N 5GHZ is "checked" against both VLAN's. Am I missing something? Both Radio0-802.11N 2.4GHZ and Radio1-802.11N 5GHZ are enable interfaces and are "up".
I'm pretty customed to switch and router IOS although have absolutely no exposure to WAP CLI.
Any assistance appreciated.I've resolved this myself. The GUI is basically terrible and very buggy. I used the CLI and was able to add WPA through the CLI.
-
IPM problem with shadow router management vlan and services vlan
Hi everybody!
Im trying to config a shadow router that has 2 vlan int one is for managemt and the other for services.
Cisco Works server only sees the management interface of this shadow router.
On the other end i have a cisco device with rtr responder enabled on the services vlan, so shadow router and this device see each other on this vlan.
In the shadow router i know i can configure the source address.
Is there a way i can configure the end device as a target that has rtr responder enabled even if i cant reach it from the Cisco Works Server?
thanks in advance.Thanks for the reply - yes I did save it. All the other ports have the command. But when the phone boots up - it ends up disappearing after the above occurs:
When the phone boots up - it seems to encounter a broadcast storm (???) the port goes from this:
interface gigabitethernet36
switchport trunk allowed vlan add 10
to this:
interface gigabitethernet36
storm-control broadcast enable
storm-control broadcast level 10
storm-control include-multicast
port security max 10
port security mode max-addresses
port security discard trap 60
spanning-tree portfast
switchport trunk allowed vlan add 10
macro description ip_phone
!next command is internal.
macro auto smartport dynamic_type ip_phone
Then in a minute or two I'm no longer able to ping the voicelan - and when I do a show run - gi36 isn't even visible. However, the PC that is also on gi36 works fine.
If I then reissue the 'switchport trunk allowed vlan add 10' to gi36 - the phone is pingable - and works continuously until the phone is rebooted.
So I'm not really sure what happens during the bootup that causes this to happen, or a way to try and prevent it from occuring. -
QoS / Native VLAN Issue - Please HELP! :)
I've purchased 10 Cisco Aironet 2600 AP’s (AIR-SAP2602I-E-K9 standalone rather than controller based).
I’ve configured the WAP’s (or the first WAP I’m going to configure and then pull the configuration from and push to the others) with 2 SSID’s. One providing access to our DATA VLAN (1000 – which I’ve set as native on the WAP) and one providing access to guest VLAN (1234). I’ve configured the connecting DELL switchport as a trunk and set the native VLAN to 1000 (DATA) and allowed trunk traffic for VLAN’s 1000 and 1234. Everything works fine, when connecting to the DATA SSID you get a DATA IP and when you connect to the GUEST SSID you lease a GUEST IP.
The problem starts when I create a QoS policy on the WAP (for Lync traffic DSCP 40 / CS5) and try to attach it to my VLAN’s. It won’t let me attach the policy to VLAN 1000 as it’s the native VLAN. If I change VLAN 1000 on the WAP to NOT be the native VLAN I can attach the policies however wireless clients can no longer attach to either SSID properly as they fail to lease an IP address and instead get a 169.x.x.x address.
I'm sure I'm missing something basic here so please forgive my ignorance.
This is driving me insane!
Thanks to anyone that provides assistance. Running config below and example of the error...
User Access Verification
Username: admin
Password:
LATHQWAP01#show run
Building configuration...
Current configuration : 3621 bytes
! Last configuration change at 02:37:59 UTC Mon Mar 1 1993 by admin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LATHQWAP01
logging rate-limit console 9
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
no ip routing
dot11 syslog
dot11 vlan-name Data vlan 1000
dot11 vlan-name Guest vlan 1234
dot11 ssid LatitudeCorp
vlan 1000
authentication open
authentication key-management wpa version 2
wpa-psk ascii
dot11 ssid LatitudeGuest
vlan 1234
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii
crypto pki token default removal timeout 0
username admin privilege 15 password!
class-map match-all _class_Lync0
match ip dscp cs5
policy-map Lync
class _class_Lync0
set cos 6
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1234 mode ciphers aes-ccm
encryption vlan 1000 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
stbc
station-role root
interface Dot11Radio0.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1
no ip address
no ip route-cache
encryption vlan 1234 mode ciphers aes-ccm
encryption vlan 1000 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
no dfs band block
stbc
channel dfs
station-role root
interface Dot11Radio1.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
interface GigabitEthernet0.1000
encapsulation dot1Q 1000 native
no ip route-cache
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.1234
encapsulation dot1Q 1234
no ip route-cache
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
service-policy input Lync
service-policy output Lync
interface BVI1
ip address 10.10.1.190 255.255.254.0
no ip route-cache
ip default-gateway 10.10.1.202
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
transport input all
end
LATHQWAP01#conf
Configuring from terminal, memory, or network [terminal]? t
Enter configuration commands, one per line. End with CNTL/Z.
LATHQWAP01(config)#int dot11radio1.1000
LATHQWAP01(config-subif)#ser
LATHQWAP01(config-subif)#service-policy in
LATHQWAP01(config-subif)#service-policy input Lync
set cos is not supported on native vlan interface
LATHQWAP01(config-subif)#Hey Scott,
Thank you (again) for your assistance.
So I' ve done as instructed and reconfigured the WAP. I've added an additional VLAN (1200 our VOIP VLAN) and made this the native VLAN - so 1000 and 1234 are now tagged. I've configure the BVI interface with a VOIP IP address for management and can connect quite happily. I've configured the connecting Dell switchport as a trunk and to allow trunk vlans 1000 (my DATA SSID), 1200(native) and 1234 (MY GUEST SSID). I'm now back to the issue where when a wireless client attempts to connect to either of my SSID's (Guest or DATA) they are not getting a IP address / cannot connect.
Any ideas guys? Forgive my ignorance - this is a learning curve and one i'm enjoying.
LATHQWAP01#show run
Building configuration...
Current configuration : 4426 bytes
! Last configuration change at 20:33:19 UTC Mon Mar 1 1993 by Cisco
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname LATHQWAP01
logging rate-limit console 9
enable secret 5
no aaa new-model
no ip source-route
no ip cef
dot11 syslog
dot11 vlan-name DATA vlan 1000
dot11 vlan-name GUEST vlan 1234
dot11 vlan-name VOICE vlan 1200
dot11 ssid LatitudeCorp
vlan 1000
authentication open
authentication key-management wpa version 2
mobility network-id 1000
wpa-psk ascii
dot11 ssid LatitudeGuest
vlan 1234
authentication open
authentication key-management wpa version 2
mbssid guest-mode
mobility network-id 1234
wpa-psk ascii
no ids mfp client
dot11 phone
username CISCO password
class-map match-all _class_Lync0
match ip dscp cs5
policy-map Lync
class _class_Lync0
set cos 6
bridge irb
interface Dot11Radio0
no ip address
encryption vlan 1000 mode ciphers aes-ccm
encryption vlan 1234 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
stbc
mbssid
station-role root
interface Dot11Radio0.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio0.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 spanning-disabled
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1
no ip address
encryption vlan 1000 mode ciphers aes-ccm
encryption vlan 1234 mode ciphers aes-ccm
ssid LatitudeCorp
ssid LatitudeGuest
antenna gain 0
peakdetect
no dfs band block
stbc
mbssid
channel dfs
station-role root
interface Dot11Radio1.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 subscriber-loop-control
bridge-group 255 spanning-disabled
bridge-group 255 block-unknown-source
no bridge-group 255 source-learning
no bridge-group 255 unicast-flooding
service-policy input Lync
service-policy output Lync
interface Dot11Radio1.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 subscriber-loop-control
bridge-group 254 spanning-disabled
bridge-group 254 block-unknown-source
no bridge-group 254 source-learning
no bridge-group 254 unicast-flooding
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0
no ip address
duplex full
speed auto
interface GigabitEthernet0.1000
encapsulation dot1Q 1000
bridge-group 255
bridge-group 255 spanning-disabled
no bridge-group 255 source-learning
service-policy input Lync
service-policy output Lync
interface GigabitEthernet0.1200
encapsulation dot1Q 1200 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.1234
encapsulation dot1Q 1234
bridge-group 254
bridge-group 254 spanning-disabled
no bridge-group 254 source-learning
service-policy input Lync
service-policy output Lync
interface BVI1
mac-address 881d.fc46.c865
ip address 10.10. 255.255.254.0
ip default-gateway 10.10.
ip forward-protocol nd
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login local
transport input all
sntp server ntp2c.mcc.ac.uk
sntp broadcast client
end
LATHQWAP01# -
I have eight C3550 switches connected to a C6509 (gig ports). About every 5 days the C3550 switches have very spotty pings to the VLAN 102 segment and basically all the PC's connected to those switches loose network access to VLAN 102. It seems when this issue happens I can ping the Vlan 100 just fine from the C3550's.
Also the 6509 Cannot ping the vlan 102 when this issue happens even if the server sits on the 6509.
any suggestions?I'm not seeing any increased error counters on the Gigabit truck interface. the 6509 is running Version 12.2(17a)SX1 and the 3550's are running (C3550-IPBASE-M), Version 12.2(25)SEB2
thanks!!!! Adam
Here is the 3550 config,
Password:
Password:
6509>en
Password:
6509#shwo ru ow run
Building configuration...
Current configuration : 27499 bytes
! Last configuration change at 08:06:06 EST Sat Jun 18 2005
! NVRAM config last updated at 07:53:44 EST Sat Jun 18 2005
here is the 3550 config,
show run
Building configuration...
Current configuration : 7124 bytes
! No configuration change since last restart
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname upstairs_10.175.102.8
logging console critical
logging monitor critical
enable secret 5
no aaa new-model
clock timezone EST -5
ip subnet-zero
ip domain-name xxxxxx
ip name-server 10.175.102.16
ip name-server 10.175.102.17
--More-- !
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0/1
switchport access vlan 102
switchport mode access
spanning-tree portfast
interface FastEthernet0/47
switchport access vlan 102
switchport mode access
spanning-tree portfast
interface FastEthernet0/48
switchport access vlan 102
switchport mode access
--More-- duplex full
spanning-tree portfast
interface GigabitEthernet0/1
switchport access vlan 102
switchport mode access
interface GigabitEthernet0/2
switchport mode dynamic desirable
interface Vlan1
no ip address
shutdown
interface Vlan102
ip address 10.175.102.8 255.255.255.0
ip default-gateway 10.175.102.1
ip classless
ip http server
logging trap notifications
logging 10.175.100.71
--More-- snmp-server community xxxxxx RW
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps cluster
snmp-server enable traps entity
snmp-server enable traps envmon
snmp-server enable traps cpu threshold
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps flash insertion removal
snmp-server enable traps port-security
snmp-server enable traps MAC-Notification
snmp-server enable traps copy-config
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps rtr
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
--More-- control-plane
line con 0
password 7
login
line vty 0 4
password 7
login
line vty 5 15
password 7
login
ntp clock-period 17180206
ntp server 128.10.252.10
end
upstairs_10.175.102.8# -
L2VPN Local Switching VLAN to VLAN issue on 7200VXR/NPE-G1
I've been working with a client trying to get this working. We tried 12.2(31)SB6, 12.4(15)T1 IP Services and 12.4(15)T1 Advanced IP Services.
It works fine for Ethernet to Ethernet, or Ethernet to VLAN, but it doesn't work for VLAN to VLAN either on the same interface or on different interfaces. We've tried this on both a Cat5505 as well as a Cat294XL thinking that maybe there would be some issues with one platform or the other.
Here's an example:
! VXR (12.4(15)T1 Adv. IP Services)
interface GigabitEthernet0/1
no ip address
duplex full
speed 100
media-type rj45
no negotiation auto
interface GigabitEthernet0/1.202
encapsulation dot1Q 202
interface GigabitEthernet0/1.203
encapsulation dot1Q 203
connect test GigabitEthernet0/1.202 GigabitEthernet0/1.203
! Cat 5505
set vlan 202 9/1
set vlan 203 9/2
set port name 9/1 PC1
set port name 9/2 PC2
set port name 9/3 VXR-G0/1TRUNK
clear trunk 9/3 1-201,204-999
set trunk 9/3 on dot1q 202-203,1000-1005
We seem to be able to sequeeze a few packets through every once in awhile - like 1 or 2 every 20 or 30 packets:
64 bytes from 192.168.1.1: icmp_seq=10 ttl=64 time=0.604 ms
64 bytes from 192.168.1.1: icmp_seq=18 ttl=64 time=0.638 ms
64 bytes from 192.168.1.1: icmp_seq=40 ttl=64 time=0.621 ms
64 bytes from 192.168.1.1: icmp_seq=48 ttl=64 time=0.608 ms
64 bytes from 192.168.1.1: icmp_seq=70 ttl=64 time=0.605 ms
64 bytes from 192.168.1.1: icmp_seq=78 ttl=64 time=0.630 ms
As you can see from the below show interface, the interface is receiving lots more packets than it's sending:
Router#show int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is BCM1250 Internal MAC, address is 001c.b0fa.101b (bia 001c.b0fa.101b)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set
Keepalive set (10 sec)
Full Duplex, 100Mbps, RJ45, media type is RJ45
output flow-control is unsupported, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:15
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
40 packets input, 2836 bytes, 0 no buffer
Received 36 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 19 multicast, 0 pause input
8 packets output, 672 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
Router#
Does L2VPN Local Switching VLAN to VLAN not work on VXRs or something?
This link seems to indicate that E-E VLAN is supported in 12.4(11)T.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/fslocal.htm#wp1149105
What am I missing?Hi,
In ASR9k, VLAN is port significant so yes you can match the same VLAN on different port.
For your untagged traffic, both UPE fo site 1 will think they are directly connected via two links so yes STP should take care about the loop
For your VPLS domain, if you are not using VLAN 100 on site 3, you need to pop the tag on both ASR9k. Also do you extend STP to site 3 ?
SVI is not supported in ASR9k today so you have to use unumbered interfaces instead:
interface Loopback1
ipv4 address a.b.c.d 255.255.255.255
interface g0/7/0/0.200
encapsulation dot1q 200
ipv4 point-to-point
ipv4 unnumbered Loopback1
proxy-arp
interface g0/7/0/1.200
encapsulation dot1q 200
ipv4 point-to-point
ipv4 unnumbered Loopback1
proxy-arp
I never tested it in this situation but from STP perspective those links should be seen as host connection.
Let me know if it works
HTH
Laurent. -
Native VLAN issue on 2900XL/3500XL
I currently have TAC case open on this but I thought I would go ahead and start a thread here and see what others think...
We currently have over 200 2900/3500XL's left in our production environment. We recently finished our yearly IOS upgrade and moved all these series switches to the latest IOS (WC13), most of them had WC10.
After the upgrade (reload of the switches) we noticed many of the switches lost their CDP neighbor info. The switches are otherwise working fine, trunks are still up and users are having no issue. However this is wreaking havco on Cisco works "Topology Services". The CDP neighbor info is simply gone. Also when you do a debug CDP packet on the switches you never see any of the switches "receive" CDP packets back only send them.
Our standard config is to use a native VLAN of 999 and not include it on the trunks (per Cisco best practice). Basically what we have noticed is the only way to get CDP to work with any WC IOS past 10 is to include the native VLAN on the trunk.
My question is why would Cisco revert back to this as a default (non best practice)?
One more interesting thing is when a 2900/3500XL running WC13 is trunked (connected) to anything else (2950, 3750, 4506, etc) the CDP info works and shows up fine.We have seen some of this also , just on nontrunked links back to routers or mls's . A lot of the time i have been to get them to work by doing a "clear interface F0/X on both sides . I don't know if this would be disruptive on a trunk link or not as we don't trunk these old boxes . You have to do the clear command on both sides of the link if one side does not work , you may have to wait for the cdp timers after the clear command to see if it worked or not . May not work at all on a trunk link I don't know but it's something to try to if it will kick start the cdp process. Personally I think it is a bug but they probably won't fix it because these are EOL and EOS .
-
I'm throwing this out in hopes of finding a solution. I just purchased the Cisco SG300-28 to replace an old Catalyst 3548 switch. I have three VLAN's and I use a separate routing appliance. My VLANS I use are 1 (management/Trunk), 100 (Regular Access), and 101 (Restricted Access). On the Catalyst 3548 I statically assigned the ports for the Vlans. My servers use trunk ports to communicate between the VLANs for various services.
My problem is that when I setup the SG300-28 for trunk ports for the servers, I can communicate with them so long as I'm on another port that's not setup for the other two VLANS. Vlan 100 and 101 don't route or get DHCP anymore. I am also not able to ping back into the Vlans from the trunk ports.
I believe my issue is that I don't understand the difference between the old way of statically assigning Vlans to the ports from the new way. I was using V3 of the Cisco Networking Assistant which is different from the Web Interface of the Cisco SG300. It also could be that I wasn't using the trunk ports properly.
Either way, any assistance would certainly be appreciated. Thank you.
DJ SmithI did get this switch figured out finally and I apologize for not getting back to this sooner. I had crafted a response only to have this board dump it so I am using notepad to
save everything before posting.
Here is a basic diagram
/--------------{CISCO SG300-28}------------------------------------\
| | | | |
| | | | |
[Cisco 3548] [VMWare ESXi 3.5] [Windows SVR 2003] | |
[Port 13] [Port 28] [Port 27] [Ports 1-6] [Ports 7-12]
/ \ | | |
/ \ | | |
/ \ | | |
/ \ [VLAN1, 100] [WrkStns] [WrkStns]
/ \ [VLAN100] [VLAN101]
[Astaro GTWY ] [MS Svr 2008]
[VLAN1,100,101] [VLAN1 ]
VLAN1 - Management
VLAN100 - Main Network
VLAN101 - Restricted Network
I just put the main players on this setup. The problem I was having is that the workstations wouldn't communicate with any of these devices.
My problem was understanding how to use the web interface of the SG300 to get the devices to talk to the other devices.
In the Cisco 3548 setup using the Cisco Networking Assistant you setup the ports to the VLANS was very staight forward. Set 802.q and VLAN ID to the VLAN you wanted or ALL in
the case of the Servers.
With the Web interface, this is what I discovered:
Under Create VLAN, I had to create VLAN 100 and 101
Under Interface Settings, Set Ports g1-g6 to General. Administrative PVID to 100.
Then Set Ports g7 - g14 to General. Administrative PVID to 101
Then set Port g27 to General. Administrative PVID left to 1
Also set Port g28 to General. Again, left PVID to 1
Go to Port to VLAN settings;
Change VLAN ID = to 100 press GO
Select g1-g6 to untagged. Checked PVID box. Also checked g13, g27, g28 to tagged.
Changed VLAN ID = 101 Press GO
Select g7-g14 to untagged. Checked PVID box. Also checked g13, g28 to tagged. Verified g27 to untagged.
After that it was setup up like my old setup. Everything communicating as it should.
Maybe you are looking for
-
Minor keyboard issue with new 15" MBP - will genius bar help me?
I bought a new 15" 2.67GHz MacBook Pro last Thursday and I noticed that the F11 key is slightly crooked and not level. I am certain there was no abuse to the computer, it's like my baby and I know nothing happened to it. If I take it to a Genius Bar,
-
Add video clips to organizer without keeping video on hardrive
I would like to catalog my Mini DV tapes in Organizer (PSE4) without keeping the video on my hardrive. I know if I capture the video, add it to the organizer them burn to CD or DVD It will show the thumbnails as "offline" but I do not want to burn to
-
GR Cancellation amount greater than GR?
Hi Expert, May I know in what situation the GR cancellation amount is greater than GR in PO history? I am facing a problem that: 1. Create a PO for 4 pcs of Material A, 1000 USD total. 2. IV for the material A, 4 pcs also, 1000 USD. The date of IV w
-
Synchronizing Calendar with Outlook Marks Everyday of the Year as an Event
Scenario: 2nd Generation Touch 32GB, Windows XP Pro SP3, Outlook 2003 Prior to purchasing my touch last week, I have been able to successfully synchronize my calendar and contacts with my iPod Classic. My new iPod Touch synchronizes my contacts and c
-
F.27 Transaction timeout error
Hello In ECC Production, F.27 Transaction is running foreground morethan 45 minutes and it got terminated due to timout error, But same report executed and completed background within 01 Min, Report also fine. I don't how it get completed, Anybody ha