Drops of output on Cisco 3750
Hi all
I could really do with help with my Cisco 3750 X; Basically, I use the 3750 as a dedicated iSCSI switch which is connected to 3 Hyper-V servers via 1 GB (each server Hyper-V a 4x1Go connections) and it is also a hybrid storage device connected to the switch using 10 GB SFP +.
Interfaces 1 GB I see quite a few drops of output, but on 10 GB interfaces, I do not see drops of output. I really need to find what causes the output drops, and how I can solve this problem.
That's what I've configured on the switch:
- Extended on a MTU of 9000 frames
- Control flow receive desired is on all interfaces
- Quality of service has been disabled (see issues prior to allowing QoS)
- Spanning-Tree Portfast enabled on all interfaces
I also downloaded the release of some show commands that should help out if all goes well (let me know if there are other commands you want to start).
Thanks in advance for any help that anyone can give.
Disclaimer
The author of this announcement offers the information in this publication without compensation and with the understanding of the reader that there is no implicit or explicit adequacy or adaptation to any purpose. Information provided is for information purposes only and should not be interpreted as making the professional advice of any kind. Use information from this announcement is only at risk of the reader.
RESPONSIBILITY
Any author will be responsible for any damage that it (including, without limitation, damages for loss of use, data or profits) arising out of the use or inability to use the information in the view even if author has been advised of the possibility of such damages.
Poster
You probably are bumping within the buffer of the 3750 X series.
You could update your IOS to the liberation of SE8, doubt that will help you in this case.
The only thing that could mitigate your drops is active flow control, although this can cause latency.
PS:
Jumbo Ethernet deactivation may decrease drops too, if it slows down the effective data transfer rate.
Tags: Cisco Network
Similar Questions
-
Newbie connection DELL 6248 pile to pile of CISCO 3750
Hi all
I need to extend the desktop LAN by connecting a battery of CISCO 3750 existing a new pile of DELL 6248.
I intend to use the fiber/combo harbour in DELL 6248 to connect to the CISCO uplink port.
I want to use DELL port 48 but I saw there was 1/g48 and 1/xg48. From memory, they are mutually exclusive.
Q1. That means I'll just set up 1/g48 and do not enter the config of 1/xg48 of the sentence?
Q2. To connect together the 2 batteries, devrais I defined just two ports to connect as a trunk port? I have no experience in doing so. FOR INFO. We already use VLAN in piles CISCO and so the new DELL batteries must know about it.
Any help will be very appreciated!
Combo ports have a combined input and output of the PHY chip. Only the optical port or RJ-45 port can be used individually, but not at the same time. Any cable is connected will first use the port PHY. If the Ethernet port is used, you will configure with 1/g48, if fiber port is used then set up uses 1 / x 48.
Yes, you are right, a network connection is what you want between the two battery. Commands on the switch PowerConnect looks like this.
Console > activate
Console # config
Console (config) # interface ethernet 1/g48
console switchport mode trunk #.
console # permit trunk switchport vlan add 2,3,4,5
On the PowerConnect 62xx switches, you must use general mode if you want to allow traffic from management on the switch on the PVID. If you use the Trunk mode, you will not have the default VLAN on these ports. The ports will only allow labeled traffic. So if the Trunk mode does not you, then switch to general mode.
As the pile of Cisco has already VLAN on it, we must ensure to the PowerConnect switch has those same VLAN. Here is an example of creating a VLAN on the PowerConnect switch.
Console > activate
Console # config
Console (config) # vlan database
VLAN console(config-VLAN) # 2
output console(config-VLAN) #.
Console (config) # interface vlan 2
Console # name Marketing
Console # end
Another thing you may perform is place a static route to help the traffic at the back of the battery.
IP route {network} {mask with joker} {Next Hop-IP}
Console # config
Console (config) # ip route 172.16.0.0 255.255.0.0 10.0.0.2
Console (config) # end
I hope this info helps,
Thank you.
-
Issue of Telnet and SSH on Cisco 3750.
I turn on Cisco 3750 and everything so I wasn't able to connect in the area. I even changed the source interface and update transport under the VTY lines input method, no luck.
Can I choose to disable SSH by removing the corresponding lines of configs and RSA keys. And I changed the entry to transport back to Telnet. After the reboot of the switch, I'm still not able to connect despite the fact that the box is accessible.
Any help?
Thank you
Jean-Marie
Hello
This should help to confirm the configuration and troubleshooting SSH on your device: -.
http://www.Cisco.com/c/en/us/support/docs/security-VPN/Secure-Shell-SSH/4145-SSH.html
I hope this helps.
Kind regards
Dinesh MoudgilPS Please rate helpful messages.
-
CISCO 3750: OSPF interface IP unnumbered
Hi Expert,
This is the first time that I'm working on OSPF and IP Unnumbered interfaces.
My task is to adjacencies OSPF put forward two switches CISCO 3750 connected back-to-back by IP of interfaces not numbered. I use the loopback interface to borrow the IP addresses for the interfaces not numbered on both CISCO switches. After trying so many times, OSPF is not at all to come through Unnumbered interfaces but when tried with numbered interface was fine.
I'm pasting here complete running-config. Please help me to solve the problem:
Here is the brief info put in place:
R1(Gi1/0/19) - R (article gi1/0/19)
Swicth R1:
===========
Current configuration: 2129 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
Switch host name
!
boot-start-marker
boot-end-marker
!
!
No aaa new-model
1 supply ws-c3750g-24ts-1u switch
mtu 1500 routing system
IP subnet zero
IP routing
!
!
!
!
!
!
!
!
!
!
pvst spanning-tree mode
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
!
!
!
interface Loopback1
IP 10.10.10.10 address 255.255.255.0
!
GigabitEthernet1/0/1 interface
Shutdown
!
interface GigabitEthernet1/0/2
Shutdown
!
interface GigabitEthernet1/0/3
Shutdown
!
interface GigabitEthernet1/0/4
Shutdown
!
interface GigabitEthernet1/0/5
Shutdown
!
interface GigabitEthernet1/0/6
Shutdown
!
interface GigabitEthernet1/0/7
Shutdown
!
interface GigabitEthernet1/0/8
Shutdown
!
interface GigabitEthernet1/0/9
Shutdown
!
interface GigabitEthernet1/0/10
Shutdown
!
interface GigabitEthernet1/0/11
Shutdown
!
interface GigabitEthernet1/0/12
Shutdown
!
interface GigabitEthernet1/0/13
Shutdown
!
interface GigabitEthernet1/0/14
Shutdown
!
interface GigabitEthernet1/0/15
Shutdown
!
interface GigabitEthernet1/0/16
Shutdown
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
Shutdown
!
interface GigabitEthernet1/0/19
No switchport
IP unnumbered Loopback1
IP ospf network point
!
interface GigabitEthernet1/0/20
Shutdown
!
interface GigabitEthernet1/0/21
Shutdown
!
interface GigabitEthernet1/0/22
Shutdown
!
interface GigabitEthernet1/0/23
Shutdown
!
interface GigabitEthernet1/0/24
Shutdown
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
Shutdown
!
router ospf 100
router ID - 100.100.100.100
Log-adjacency-changes
Network 10.10.10.0 0.0.0.255 area 0
!
IP classless
IP route 20.20.20.20 255.255.255.255 GigabitEthernet1/0/19
IP http server
IP http secure server
!
!
!
control plan
!
!
Line con 0
line vty 5 15
!
!
control the source session interface 1 item in gi1/0/19
control interface of destination session 1 item in gi1/0/17
end
===
The #show switch ip interface brief | include the
The #show switch ip interface brief | include the
GigabitEthernet1/0/17 no undefined upward down YES
GigabitEthernet1/0/19 10.10.10.10 YES manual up up
Loopback1 10.10.10.10 YES manual up up
==================================================
Switch R2:
==================
Switch #sho run
Switch #sho running-config
Building configuration...
Current configuration: 2079 bytes
!
version 12.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
Switch host name
!
boot-start-marker
boot-end-marker
!
!
!
!
No aaa new-model
switch 1 supply ws-c3750g-24 t
mtu 1500 routing system
allow authentication mac-move
IP subnet zero
IP routing
!
!
!
!
!
!
!
!
pvst spanning-tree mode
spanning tree etherchannel guard misconfig
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
!
!
!
interface Loopback1
IP 20.20.20.20 255.255.255.0
!
GigabitEthernet1/0/1 interface
Shutdown
!
interface GigabitEthernet1/0/2
Shutdown
!
interface GigabitEthernet1/0/3
Shutdown
!
interface GigabitEthernet1/0/4
Shutdown
!
interface GigabitEthernet1/0/5
Shutdown
!
interface GigabitEthernet1/0/6
Shutdown
!
interface GigabitEthernet1/0/7
Shutdown
!
interface GigabitEthernet1/0/8
Shutdown
!
interface GigabitEthernet1/0/9
Shutdown
!
interface GigabitEthernet1/0/10
Shutdown
!
interface GigabitEthernet1/0/11
Shutdown
!
interface GigabitEthernet1/0/12
Shutdown
!
interface GigabitEthernet1/0/13
Shutdown
!
interface GigabitEthernet1/0/14
Shutdown
!
interface GigabitEthernet1/0/15
Shutdown
!
interface GigabitEthernet1/0/16
Shutdown
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
Shutdown
!
interface GigabitEthernet1/0/19
No switchport
IP unnumbered Loopback1
IP ospf network point
!
interface GigabitEthernet1/0/20
Shutdown
!
interface GigabitEthernet1/0/21
Shutdown
!
interface GigabitEthernet1/0/22
Shutdown
!
interface GigabitEthernet1/0/23
Shutdown
!
interface GigabitEthernet1/0/24
Shutdown
!
interface Vlan1
no ip address
Shutdown
!
router ospf 100
router ID - 200.200.200.200
Log-adjacency-changes
network 20.20.20.0 0.0.0.255 area 0
!
IP classless
Route IP 10.10.10.10 255.255.255.255 GigabitEthernet1/0/19
IP http server
IP http secure server
!
!
activate the IP sla response alerts
!
!
!
Line con 0
line vty 5 15
!
!
control the source session interface 1 item in gi1/0/19
control interface of destination session 1 item in gi1/0/17
end
====================
The #sho switch ip interface brief | include the
GigabitEthernet1/0/17 no undefined upward down YES
20.20.20.20 GigabitEthernet1/0/19 YES manual up up
Loopback1 20.20.20.20 YES manual up up
====================================
Thank you very much in advance for your answer!
Kind regards
Aerts
Hi AEK.
the IP unnumbered command does not work on multiaccess-interfaces such as Ethernet (even when you set it up as a point-to-point OSPF):
Understand and configure the IP without order number
Cisco IOS IP Addressing Services Command Reference #ip unnumberd
HTH
Rolf
[EDIT]:
... apparently, with the exception of high range as the 6 k platforms:
Order history
(...)
12.2 (18) SXF: this command has been modified to support the physical Ethernet interfaces and switched virtual interfaces (LASS).
-
Cisco 3750 X - 24 Port stacked: support VRF?
Hello community,
We have 2 x switch WS-C3750X-24 t-S that are stacked through StackWise cables. We would like to activate VRF on it, but orders aren't there. We currently have a basic IP license (which I know is the reason). I tried to do some research and looking at the release notes, but the answer is not clear. I read that it is only available as a stand-alone and not stacked switch. Is - anyone out there know if this device is capable of making the VRF as a battery? If so, what are the requirements?
Thank you
Neocec
Hello
You can use this link to verify what image you want.
Ref: http://www.Cisco.com/go/fn
1 select 'Search by feature' and "Multi-VRF VRF Lite support"
2. Select "" Cisco 3750 x".
Finally, you will see that taken IOS support this feature. Then go to the download page (if you have the right to download.)
HTH,
Toshi
-
the need to increase the speed of the network on my vpshere 4.1 with cisco 3750
Hello
Must I increase now my network speed on my esxi vpshere 4.1 my switch cisco 3750. the rdp on the erp application is now affected with speed. What would be the best solution on this? each host on my vpshere have two NICs for the network of the vm and vmotion. each network adapter is 1 G and cisco 3750 is the bandwidth of 1 G.
Add multiple NICs for vmotion separated and the vm network? do all the network adapters in vm network stuck for a bandwidth of submission? or do I just have to prioritize the rdp session in my cisco switch? or all will help?
help please, thank you.
It is recommended to separate management, vmotion, storage and LAN VM traffic from each other (or in the case of 10 G, use QOS at the rate limit and separate each type of traffic...
On a standard server with 50 or so VM on it, double 1Gbit nic is much band bandwidth for traffic of vm... and actually on the blades, I saw 2x1GB nic handle all traffic very well...
RDP uses about 121kbits/s of traffic per session rdp (on average)... I highly doubt that the speed of ar causing you performance issues your card network interface, but you should easily be able to tell if you are having problems of saturation of the network with a simple PRTG, MRTG or solarwinds type of surveillance.
-
I was not able to get the VDS to talk to the physical switch (Cisco 3750 running IOS 12.2 (53) SE). I tried many different configurations. Can what comments you make on how to get this working. Here are 3 different configurations I tried:
Installation: I have 3 servers vSphere4 attached through 2 connections each to a Cisco3750. I created a dvSwitch and added the VLAN (100) primary and selected secondary 101 of VLAN (isolated) and the secondary VLAN 102 (community). Communication on the PVLANS work in the ESX servers as they are supposed to, but I can not connect on these PVLANS Cisco switch.
The 3750 is in talks with the firewall on vlan 100, but will not speak for here ESX Servers configurations I tried and all have failed. What I am doing wrong?
Configuration 1: (affecting the switchports promiscuity and the use of the mapping of layer 2 to pvlans)
VLAN 100
private - vlan primary school
private - vlan association 101-102
!
VLAN 101
name PVLAN_Isolated
private - vlan isolated
!
VLAN 102
name PVLAN_Community
Community of private - vlan
!
interface FastEthernet1/0/1
Description ESX_VM_Trunk_Ports
switchport private - vlan mapping 100 101-102
switchport mode private - vlan promiscuity
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/2
Description ESX_VM_Trunk_Ports
switchport private - vlan mapping 100 101-102
switchport mode private - vlan promiscuity
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/3
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport private - vlan mapping 100 101-102
switchport mode private - vlan promiscuity
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/4
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport private - vlan mapping 100 101-102
switchport mode private - vlan promiscuity
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/5
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport private - vlan mapping 100 101-102
switchport mode private - vlan promiscuity
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/6
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport private - vlan mapping 100 101-102
switchport mode private - vlan promiscuity
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface Vlan100
Description «PVLAN» primary
74.X.X.X 255.255.252.0 IP address
no ip redirection
private - vlan mapping 101-102
Configuration 2: (definition trunk port to the VLAN as its primary VLAN native)
VLAN 100
private - vlan primary school
private - vlan association 101-102
!
VLAN 101
name PVLAN_Isolated
private - vlan isolated
!
VLAN 102
name PVLAN_Community
Community of private - vlan
!
!
!
interface FastEthernet1/0/1
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport trunk vlan 100 native
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/2
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport trunk vlan 100 native
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/3
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport trunk vlan 100 native
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/4
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport trunk vlan 100 native
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/5
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport trunk vlan 100 native
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/6
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport trunk vlan 100 native
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast trunk
spanning tree enable bpduguard
interface Vlan100
Description «PVLAN» primary
74.X.X.X 255.255.252.0 IP address
no ip redirection
private - vlan mapping 101-102
config #3 (affecting the trunk port vlan native 2 - another thing that the vlan primary - on the trunk ports on ESX servers)
VLAN 100
private - vlan primary school
private - vlan association 101-102
!
VLAN 101
name PVLAN_Isolated
private - vlan isolated
!
VLAN 102
name PVLAN_Community
Community of private - vlan
!
!
!
interface FastEthernet1/0/1
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport vlan trunk native 2
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/2
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport vlan trunk native 2
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/3
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport vlan trunk native 2
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/4
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport vlan trunk native 2
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/5
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport vlan trunk native 2
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast trunk
spanning tree enable bpduguard
!
interface FastEthernet1/0/6
Description ESX_VM_Trunk_Ports
switchport trunk encapsulation dot1q
switchport vlan trunk native 2
switchport trunk allowed vlan 101 102
switchport mode trunk
Speed 100
full duplex
spanning tree portfast trunk
spanning tree enable bpduguard
interface Vlan100
Description «PVLAN» primary
74.X.X.X 255.255.252.0 IP address
no ip redirection
private - vlan mapping 101-102
What I've found, is that Cisco 3750 s are PVLAN informed, but do not support promiscuous chutes for the ESX servers. Only the 4500, 4900 and 6500 s have the possibility of doing circuits PVLAN promiscuity due to their hardware ASICs.
-
A VLAN is created on a Cisco 3750 G with the last IOS a 'good' way to secure a vmware network? In this case, I'm hiding vmotion traffic, and the entire network is behind a firewall. I realize, it would be better to have dedicated and isolated switch, but it's a VLAN on a reliable and secure Cisco switch? Or safety lies elsewhere, for example, encrypt the vmotion traffic or ACL solid?
Sly-
I think you got it nailed in your post there are some things you need to do when using VLANs to avoid trouble. The vulnerability referred to as Tom has to do with IOS/CatOS decoding of the VTP frames - just like we see in the Windows RPC/NetbIOS or SMB/CIFS vulnerabilities or other remotely exploitable vulnerabilities, it is possible to design a framework with malicious content that could overflow a buffer, string handling (uncommitted entry), double - frees, etc.. This type of vulns found often by "fuzzing" where you create bad images or images partially wrong and feed them in the unit under test, in the hope of finding an accident or create a denial of service. I remember simple tools like CITI (IP Stack Integrity Checker) to validate the equipment running and occasionally would cause you a switch to plant, especially the more IOS. So it is not limited to any control plane protocols such as VTP, this can also happen in the data plan. The data plan is much more robust because it is attack surface area is much more exposed to attacks that the protocols as VTP and a large number of problems have been corrected. If you look back in history, there are tons of questions of security in the Cisco data plan and other gear in less used features as options of ownership intellectual, management, the fragment of the types and codes rarely used ICMP, TCP sequence overflows. Now, I bet that if the security research community concentrated early protocols such as CDP, VTP and STP - you would have seen several vulnerabilities earlier.
So to say "don't use VLANs otherwise, you are vulnerable due to a VTP vulnerability" is equivalent to say do not run IP using Cisco routers/switches when both IP and ICMP vulnerabilities exist in the data plan.
Now, if you had followed that Cisco and other L2 switches providers recommend, you could be not to expose your VTP domain for such attacks and therefore, you are not vulnerable. Just as you would not expose your switches to receive Spanning Tree BPDU or dynamic routing of packets of protocol like OSPF, ISIS, or BGP of unapproved of speakers. Take a look at a blog I posted w/r/t this topic:
http://blogs.VMware.com/Networking/2009/06/lets-talk-security-DMZs-VLANs-and-L2-attacks.html
There is a lot of fear in the community about the attacks of L2, because networks and network devices are often a mystery to people server and a bad configuration L2 could be a source of security and stability problems. It is important to educate the community on the possible exposures, and VMware and other leaders of the market as Cisco take the responsibility to do.
Disclosure on my part - I'm talking to and had operational experience of implementation and now one of the largest networks of data center global worldwide (Global Crossing/GlobalCenter-> later became the exodus-> Savvis) as one of network engineers senior and even 10 years back we would have data center with massive switch of the fabric that the guests accommodated like Yahoo , Ask Jeeves, etc. - isolated and segmented using VLANS. If you go in a large data center hosted today, you certainly would not get your own physical switch and backbone uplink - you would like to share a 6500, a foundry for 100 + often other customers or the great extreme.
-
ESX 3.5, iSCSI and Cisco 3750
I have a pretty basic or newly created three ESX environment 3.5 servers, switches from NetApp for storage and a battery (two) of Cisco 3750.
IM using for my data vmfs iSCSI store and will only run about 15-20 VM at best. This isn't a great environment but I want to plan for future growth and I won't get a second chance to get the stack of 3750 correct configuration.
I have 2 GB ethernet by the host to the storage and 4 GB of my NAS ethernet ports all converge on the stack of Cisco.
Can someone point me to a cisco config guide or the white paper which can guide me for the installation to take advantage of the cross battery etherchannel and balancing of load on the side of esx?
Suggestions?
Experiences?
Advice?
Much appreciated in advance.
Hello.
While it's not hardware Cisco, Scott Lowe has some excellent articles on this subject.
http://blog.scottlowe.org/2007/06/13/Cisco-link-aggregation-and-NetApp-vifs/
http://blog.scottlowe.org/2008/10/08/more-on-VMware-ESX-NIC-utilization/
Good luck!
-
IPsec tunnel on cisco 3750 Switch
Guys... I just wanted to know, is - it possible to configure/close the tunnel vpn ipsec on cisco switch 3750.
Thanks in advance.
NO u cant, you can on CAT 6500 with VPN module!
-
2 GB Cisco EtherChannel Cisco 3750 x 2960S
Hello
Im trying to configure an EtherChannel between my stack of 3750 and my stack of 2960S.
I have 2 3750 x in the form of battery. (2 switches).
I have 4 2960 s in the form of battery. (4 switches).
I need to create a channel of 2 GB between them. My heart is the 3750 and my stack of 4 2960 s is on another floor, so I want to create a channel of 2 GB between them.
I know that you can create a PO between them, but what I want to do is to create a channel of 2 GB between them that run at the same time, active on both ports of 1 GB.
Is this possible and how? This is my current setup until now:
Change the battery 3750
Interface Port-channel10
Description ETHSW04 - 1.5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
spanning tree cost 15Interface Port-channel11
Description of uplink BRP at ETHSW04 - 1.5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
spanning tree cost 1interface GigabitEthernet1/0/39
Description ETHSW04 uplink - 1.5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
channel-protocol lacp
active in mode channel-group 10interface GigabitEthernet1/0/40
Description ETHSW04 uplink - 1.5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
channel-protocol lacp
active in mode channel-group 10interface GigabitEthernet2/0/39
Description Uplink of BRP - uplink ETHSW04 - 1.5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
channel-protocol lacp
active in mode channel-Group 11interface GigabitEthernet2/0/40
Description Uplink of BRP - uplink ETHSW04 - 1.5
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
channel-protocol lacp
active in mode channel-Group 11---------------------------------------------------------------------------------
Battery 2960 s
Interface Port - Channel 1
Description CORE01 uplink
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
spanning tree cost 15Interface Port-canal2
Uplink BRP to CORE02 description
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
spanning tree cost 1interface GigabitEthernet1/0/47
Description CORE1-G1/0/39
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
channel-protocol lacp
active in mode channel-group 1interface GigabitEthernet1/0/48
Description CORE1-G1/0/40
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
loop of spanning tree guard
channel-protocol lacp
active in mode channel-group 1interface GigabitEthernet4/0/47
BRP-CORE2-G2/0/39 description
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
spanning tree portfast
loop of spanning tree guard
channel-protocol lacp
active in mode channel-group 2
!
interface GigabitEthernet4/0/48
BRP-CORE2-G2/0/40 description
switchport trunk allowed vlan 1,210,220,214,216,220,306,406
switchport mode trunk
added mac-SNMP trap notification change
deleted mac-SNMP trap notification change
spanning tree portfast
loop of spanning tree guard
channel-protocol lacp
active in mode channel-group 2Thank you...
Not possible AFAIK.
LACP will provide examples of the use of load balancing and redundancy that is good enough for most.
Other then that you would have to watch the 10GB uplinks between switches for more bandwidth. -
Error message, unbalanced power supplies, battery switch, cisco 3750 x
Hello
A new Member switch has been added. There seems to be a power supply problem as alerted in the newspapers of the switch, as shown.
Journal:
% PLATFORM_STACKPOWER-4-UNBALANCED_PS: electric battery switch 3A unbalanced power supplies
When I watched this show, research has pointed out this bug; CSCtg20513. The bug suggested orders, below;
You can enable or disable ports (stop/no closed) battery on the unit which incorrectly reports this error.
config t
battery-switch
Standalone
no autonomousHowever, these commands have been ineffective.
See the Version
Version 12.2 (55) SE3,.
Any other suggestions to help, is very much appreciated!
Thank you
JoBee
That fix is an earlier version, SE2, SE3 is not down like 1 of the service version that is why he can not work
12.2 (55) SE3 is almost to the State deferred as well as I would upgrade to a more recent image which now has 4 years of
Have you tried to manually reposition the power stacks
-
Hi experts,
I'm trying to stop trying to authenticate for the guests. They will not have the credentials to be authorzied and we'll put in the guest VLAN. However, the switch always seems to default retries the authentication every 15 seconds approximately. It is fine if the guests are rare, but I'm being implemented in a hotel where most of the users are invited (like 1000 of them at the same time...).
I really need to turn off the coast or at least find a timer to reduce the frequency... It is urgent, because the hotel is about to open... Here is the config I put on an interface:
switchport access vlan 1055
switchport mode access
switchport nonegotiate
switchport voice vlan 657
IP access-group ACL_PortIso_IDF21 in
authentication event failure action allow vlan 1055
no response from the authentication event action allow vlan 1055
multi-domain of host-mode authentication
Auto control of the port of authentication
protect the violation of authentication
MAB
no link-status of snmp trap
dot1x EAP authenticator
dot1x quiet-time 300
dot1x tx-timeout 2
dot1x timeout supp-timeout 2
dot1x max-reauth-req 10
dot1x timeout that outfit-300
No cdp enable
spanning tree portfast
spanning tree enable bpduguard
no ip igmp snooping tcn floodThank you!
I guess what is happening.
dot1x in your configuration falls down after tx-period (max-reauth-req + 1) X that for you 22 seconds.
AUTH MGR (the software that controls (dot1x / MAB / webauth) is probably set to restart every 60 seconds.)
You can check this with:
' performance show all | b X / Y'-replace x / y with the correct port you are testing with.
Look for the command 'restart timer authentication 60'.
Try setting it to 0. If IOS doesn't let you change it, thanks for posting your version of the software.
-
Fail to implement channel ports in cisco 3750 and ESXi 4u1
I have set up a vswitch with a rising and electric connection for multiple VLANs. Everything works fine, when the network admin replicate the configuration in a second network port and set up a port with two interfaces channel all my communication with my network management interface is lost, but the test of the esxi management network is successful.
The vswitch using ip hash and the use of the pswitch political of the src-dst-ip.
Thanks in advance for any help you can provide.
F.F.: This is the configuration of the switch:
interface
GigabitEthernet1/0/17
switchport trunk encapsulation dot1q
switchport
trunk mode
switchport nonegotiate
channel-group mode 3 on
spanning tree
PortFast trunk
spanning tree enable bpduguard
interface
GigabitEthernet1/0/7
switchport trunk encapsulation dot1q
switchport
trunk mode
switchport nonegotiate
channel-group mode 3 on
spanning tree
PortFast trunk
spanning tree enable bpduguard
interface
Port-canal3
switchport trunk encapsulation dot1q
switchport
trunk mode
switchport nonegotiate
spanning tree portfast trunk
spanning tree
bpduguard enable
port-channel-src-dst-ip load balancingTake-off of VLANs allowed 4094... the native should not be part of the traffic that will flow on the link...
-
Hello
I have a scan server (IP = 1.2.3.4 for this example) who wreaks havoc when it works, which is evident in the number of drops of output I see. I thought the police thing, but it is a production environment and 3750-G switch does not support Netflow or any other tool that would provide accurate estimates of flow to work from.
So, my thoughts are rather to implement queuing for the scan server and limit his access to common buffers, etc.. I would like to have some feedback on the config. (I've included notes in an attempt to illustrate my thought.)
!**| Catalyst 3750-G | **
!
! * Activate QoS
!
MLS qos
!
! * Create custom queue-set
! * increase buffer 1 and disable the stamp 4
!
MLS qos all the output queue 2 buffers 50 25 25 0
!
! * To queue 1, make available to the threshold of 1 full buffer,
! * reserve full buffer for the local queue only, enable
! * queue to borrow 3 x more common pool pads.
!
MLS qos all the queue of output 2 1 100 100 100 400 threshold
!
! * To queue 3, make available to the threshold of 1 full buffer,
! * reserve 30% of buffer for the local queue only, enable
! * queue to borrow 4 x more common pool pads.
!
MLS qos all the queue of output 2 3 100 100 33 165 threshold
!
! * Assign values DSCP 16, 18, 20, 22 & to queue 1;
! * assign values DSCP 8, 10, 12, 14 & the queue of 3
!
queue threshold 1 dscp-map of MLS qos srr-queue output 1 16 18 20 22
queue threshold 3 dscp-map of MLS qos srr-queue output 1 8 10 12 14
!
! * To be complete, assign COS values associated with the same queues.
!
queue threshold cos 1-map of MLS qos srr-queue output 1 2
queue threshold cos 3-map of MLS qos srr-queue output 1 1
!
! * Access-list 130 identifies (bidirectional) scan traffic.
!
IP access-list 130 allow any host 1.2.3.4
access-list 130 allow the host ip 1.2.3.4 everything
!
! * Create a class map to match previously configured access group.
!
class-map correspondence-any CM-SCANS
Description * no critical analysis traffic
game group-access 130
output
!
! * Create policy-map to assign a DSCP values to analyze default traffic.
!
Policy-map PM-QOS-IN
Description * Ingress QoS strategy
class of CM-SCANS
set ip dscp af11
output
!
class class by default
set ip dscp af21
output
output
!
! * Assign the queue-series 2 and/or service-policy (single entry) if required.
!
gix/x/x interface
queue-series 2
entry of service-politics-PM-QOS-IN
output
!PS - There is no voice that cross this switch, so I don't see it had to book the queue 1 for voice or turn on the priority queue, etc..
Any help is appreciated. Thank you in advance.
Disclaimer
The author of this announcement offers the information in this publication without compensation and with the understanding of the reader that there is no implicit or explicit adequacy or adaptation to any purpose. Information provided is for information purposes only and should not be interpreted as making the professional advice of any kind. Use information from this announcement is only at risk of the reader.
RESPONSIBILITY
Any author will be responsible for any wha2tsoever of damage and interest (including, without limitation, damages for loss of use, data or profits) arising out of the use or inability to use the information in the view even if author has been advised of the possibility of such damages.
Poster
Well, then you're a little stuck trying to manage the flow of this server. Unless you want to look at the penetration of the port police server and/or to "shape" the output port. The idea being, if you can slow down the movement of this server, you might avoid configuration QoS requirements.
Otherwise, you're on the right track, in what you're trying to do.
You may want to traffic of tag to this server as 'trap' (CS1). Ideally, you may be able to distinguish the traffic 'scan' of other traffic to and from this server.
On treatment of output of your QoS policy, rather than create a 'special' configuration to handle this traffic, you should consider having a policy that has a low priority class (scavenger), which is where direct you this traffic. That is a policy of 4 class that takes in charge in time real (PQ), foreground (twice in 10 x % of the default value), by default and the background (1%), planning priorities.
3750 of buffer management, I found the setting of thresholds all up and moving more if not all buffers to the pool, usually works quite well.
Maybe you are looking for
-
whenever I open a new tab, it allows to open directly on the "new tab" page, the one with the thumbnails of your popular and other sites. but instead of showing this, new tabs have been directly opened recently to the firefox home page instead. could
-
How to share iCloud drive among the members of the family share
Me, my wife and my children are using iPhones and I Pads, they have all the smaller memories compared to a cloud storage. If I'decided to go on a paid plan and get 200 GB of iCloud Drive thinking that we can share as a family. Something like Dropbox
-
Hago parte una red domestica of back computadores y desde el mio the more no responde. Hago what?
-
How to create a custom color palette?
Hello, basically brand new on Photoshop, but hoping to do something quickly...I would like to create a custom, black and white color palette and 7 specific colors in a way that I can quickly reprocess several images exclusively with this palette.I wo
-
Is it possible to place a clip imported chronology by script or plug-in?
Is it possible to place a clip imported chronology by script or plug-in?I can't find any indication as to the control of a clip on the timeline.