General slowness in the network - Cisco core switches (4506 & 6509) and Edge switches(3750)

We have 2 core switches 4506 & 6509 with 4 cisco WS-C3750X-48T-L   stacks (8 switches per stack) across all 4 floors. we have an etherchannel of 2 * 1 GB ports between the cores. There is general slowness across the network and i cant really see any direct cause of it, We are also getting these alerts on most of our edge switches.

We need to add another stack of cisco 3750 switches for new 5th floor and i was wondering if our current setup will be able to cope with it.

5d00h: %CMP-CLUSTER_MEMBER_1-5-NBR_UPD_SIZE_TOO_BIG: Number of neighbors in neig

hbor update is 128, maximum number of neighbors allowed in neighbor update is 10

Error Message    CMP-5-NBR_UPD_SIZE_TOO_BIG: Number of neighbors in neighbor update is [int], maximum number of neighbors allowed in neighbor update is [int].

Note      This message applies to the Catalyst 3750-E and 3560-E switches.

Explanation    The number of cluster neighbors in the clustering neighbor update packet exceeds the number of neighbors supported by the clustering module. The first [int] is the new number of neighbors, and the second [int] the maximum number of neighbors.

Recommended Action    No action is required."

How are the stacks connected to the core switches? Are all switches configured the same, and are they all getting the messages?

Do you have the "cluster enable" command configured? Please post the config of a sample switch that's getting the message.

I have no idea whether the channel is a bottleneck, it depends on how much traffic is running between them. You can also add ports to the channel which is cheaper than moving to 10G and will give you a quick answer on whether that's an issue.

The mask on the server VLAN doesn't matter if the number of devices isn't outrageous.

I do see that some of the switches are not part of the stack config. I don't know if they're gone or just unstacked, but the latter might cause issues.

I would look at spanning tree. Take the time to determine exactly how everything is connected, where the spanning tree root is, and what links are blocked. Draw out an accurate topology and then mark up where blocking occurs, then post here if you like. It could be that a poor spanning tree design is causing problems.

Regarding the messages, my understanding is that you can safely remove the "cluster enable" command from your switches, and that is what causing the messages. Here is the Cisco info about this command:

Use the cluster enable global configuration command on a command-capable switch to enable it as the cluster command switch, assign a cluster name, and to optionally assign a member number to it. Use the no form of the command to remove all members and to make the cluster command switch a candidate switch.

cluster enable name [command-switch-member-number]

no cluster enable

Syntax Description

name

Name of the cluster up to 31 characters. Valid characters include only alphanumerics, dashes, and underscores.

command-switch-member-number

(Optional) Assign a member number to the cluster command switch of the cluster. The range is 0 to 15.

Defaults

The switch is not a cluster command switch.

No cluster name is defined.

The member number is 0 when the switch is the cluster command switch.

Command Modes

Global configuration

Command History

Release

Modification

12.1(11)AX

This command was introduced.

Usage Guidelines

Enter this command on any command-capable switch that is not part of any cluster. This command fails if a device is already configured as a member of the cluster.

You must name the cluster when you enable the cluster command switch. If the switch is already configured as the cluster command switch, this command changes the cluster name if it is different from the previous cluster name.

Examples

This example shows how to enable the cluster command switch, name the cluster, and set the cluster command switch member number to 4.

Switch(config)#  WS-C3750X-48T-S    cluster enable Engineering-IDF4 4

Cisco stacked 3750 switch

I have a stacked Cisco WS-C3750X-24T-L    switch, two of them in this stack.  They have dual power to a Cisco 2200 redundant power unit.  It appears (according to tac) that the on board power unit on the second switch in the stack has failed, and the 2200 is what is keeping it up and running.  They told me the onboard power supply is not hotswappable, and the second switch in the stack must be replaced. 

What is the best way to do this ?  Do I shut down both switches, swap out the second switch, plug cables back in and power up ?  Do I just shutdown the second switch with the failed power supply, pop in the new one, plug in cables and power up ?  The cfg is on the first switch in the stack correct ?  Is there anything I need to pull off of the second switch ?

^ second that.  If the firmware levels do not match, you may end up with a brick.  The master may attempt replacing firmware.  If it is writing old over new...brick.  If it is writing new over old, but stalls/fails...brick.

Better to do the firmware upgrade offline, while the existing stack units are still functioning.

In general, watch cable position.  Label them accordingly before disconnecting.  When you unplug them, all ports may not be equal.

For instance, did you have one forced to 10Mb duplex, or aggregated with other ports.

When replacing, I was able to move the downed switch 2u down, and mount the replacement.  Then I could move the patch cables over one-by-one.

YMMV.  But it made it easy that I could  WS-C3750X-24T-S   replicate the cable layout and not have to change any notes or documentation.

Cisco 2801 Router w/ 2 hwic-4esw cards..config help needed.

here is the scenario.  I have a T-1 connection and a cable high-speed internet connection.  A Cisco 2801 Router with 2 EHWIC-4ESG    cards.

the t-1 is in Fa0/1.  the ip block for this is 1.1.1.2 - 1.1.1.19

the cable internet is on Fa0/0.  the ip block for this is 2.2.2.2 - 2.2.2.19

I would like for any traffic coming through switch card 1 (Fa0/1/0) to go through the cable line Fa0/0

I would like for any any traffic coming through switch card 3 (Fa0/3/0) to go through the T-1 Fa0/1

I am fairly new at this and am having trouble following the Cisco guides.  I have successfully assigned my wan ip's to the Fa0/0 and Fa0/1 but am having problems routing the traffic from the switch cards to the correct Fa port

Ok. First of all the edge router (2801) needs to know a way of routing internal clients onto 2 different out going paths.

So lets say if the traffic coming on Fa0/1/0 is all from 10.0.0.0 network ; and;

traffic coming on Fa0/3/0 is all from 20.0.0.0 network. Which means router differentiates the ip addresses, so you can employ an access-list to match the traffic and let it go via the interface you want like;

Access-list  EHWIC-1GE-SFP-CU    <number> permit ip 10.0.0.0 0.255.255.255 any and set it to go using one link using route maps.

Connecting 2x stacked Cisco 3750 to 1x Cisco 2950

We have 2x Cisco WS-C3750X-24T-L   switches that have been partitioned into various VLANs. These switches are stacked, and the VLAN partitioning is symmetrical on both switches - that is ports x-y on switch 1 are in the same VLAN as the corresponding ports x-y in switch 2. This enables us to have redundancy with the networking of our servers as NIC1 of each machine is plugged into switch 1 and NIC2 is plugged into switch 2. Fairly standard stuff, I'd imagine...

We have some devices (managment NICs etc) that need to be in a particular VLAN (our management VLAN in this case). As these are inherently "single NIC" connections, and also because they are not used day-in-day-out (just on the odd occasion when we need to remotely manage the servers), it makes sense to connect these to another, cheaper, slower switch (enter the 2950) - so they don't use up valuable gigabit ports on the 3750s.

We don't want to lose the redundancy, however - even though these aren't connections that will be used frequently, we still want them to be as available as possible.

I'd like to be able to connect the 1x 2950 to BOTH of the 3750s in such a way that devices in the 2950 would be still available on the network if either of 3750s lost power.

My thinking is having a crossover cable from a port in the management VLAN on each 3750 attached to a port in the 2950, and configured to be trunked or aggregated in some way (I'd imagine there'd need to be special config to prevent routing loops). I have attached an image of what I imagine this setup would look like.

Please could someone let me know if this is possible, and if it is, also provide the relevant config required for each  WS-C3750X-24T-S    switch (only pertinent sections - port channels, interfaces)

If they're in the same subnet, they're in the same VLAN. So there's no need for a trunk.

You can connect the switches and let spanning-tree deal with the redundant link or do as Arnie says and channel the links. Since it's a low-use situation, there's not much difference as far as functionality goes.

Clone Cisco 3560 / 3750

I have a WS-C3750X-12S-S   switch which needs a complete reconfigure as we are moving to new IP ranges.

Is there an easy way to pre-configure a config and then upload it, reboot and have the switch configured?

I thought I could do a "copy tftp start", but it didn't work.  I thought it might be the vlans.dat file, but that's not it either, as even the HOSTNAME doesn't change when I try.

What if I wanted to blow out the same config to 100 switches?

Generally you would copy off the existing config. I am guessing here that name/ip change, but other config stays the same.

copy run tftp (to another switch/router/computer)

edit the config script by updating ip/hostname/port descriptions/whatever

copy tftp run (from updated script to switch)

<<test>>

copy run start  <<or>> write mem

The same procedure will work for many switches, but you will want them to have unique ip and name. You could build a config with no hostname or ip assigned, load each switch and do just the hostname and ip in the initial setup screens, then copy on the rest of the config using copy tftp start followed by a WS-C3750V2-48PS-S     power cycle.‘’

My PC cannot access FQDNs through Cisco 1841 HWIC 3G Gateway

I have set up a Cisco 1841 with the HWIC-1T    as a gateway.  I have one PC on the LAN side and can ping outside public IPs with no issues.  However, when I try to ping or connect via HTTP to a domain name, it won't resolve the IP address.  The Router config and interface status are below:

Router#sh ip int b

Any interface listed with OK? value "NO" does not have a valid configuration

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            172.16.1.1      YES manual up                    up

FastEthernet0/1            unassigned      YES unset  administratively down down

Cellular0/0/0              unassigned      YES manual up                    up

NVI0                       unassigned      NO  unset  up                    up

SSLVPN-VIF0                unassigned      NO  unset  up                    up

Dialer1                    10.97.206.87    YES IPCP   up                    up

Router#

Router#sh run

Building configuration...

Current configuration : 1801 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

dot11 syslog

ip source-route

!

!

!

ip dhcp pool ciscolab

   network 172.16.1.0 255.255.255.0

   dns-server 208.67.222.222

   domain-name ciscolab

   default-router 172.16.1.1

!

!

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

chat-script gsm "" "ATDT*98*2#" TIMEOUT 60 "CONNECT

archive

 log config

  hidekeys

interface FastEthernet0/0

 ip address 172.16.1.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface FastEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface Cellular0/0/0

 no ip address

 ip nat outside

 ip virtual-reassembly

 encapsulation ppp

 load-interval 60

 dialer in-band

 dialer pool-member 1

 dialer-group 1

 async mode interactive

 no fair-queue

!

interface Dialer1

 ip address negotiated

 ip nat outside

 ip virtual-reassembly

 encapsulation ppp

 dialer pool 1

 dialer idle-timeout 0

 dialer string internet

 dialer persistent

 dialer-group 1

 no fair-queue

 no cdp enable

 ppp authentication chap callin

 ppp chap hostname cisco

 ppp chap password 0 cisco

 ppp ipcp dns request

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

no ip http secure-server

!

ip nat inside source list 2 interface Dialer1 overload

!

access-list 2 permit any

dialer-list 1 protocol ip permit

!

control-plane

!

line con 0

line aux 0

line 0/0/0

 exec-timeout 0 0

 script dialer gsm

 login

 modem InOut

 no exec

 rxspeed 3600000

 txspeed 384000

line vty 0 4

 exec-timeout 0 0

 password cisco

 login

!

scheduler allocate 20000 1000

end

Router#

Do an ipconfig /all on the PC to ensure it is being issued the DNS server address via DHCP on the router.

After you have verified this, if the DNS server IP is present and correct;

Conduct an 'nslookup' from the command line

Check the server listed is correct, else type 'server 208.67.222.222'

Then type 'www.google.com.au' and see if it resolves in an NSLookup.

Let me know the results of the above.  WS-X45-SUP7L-E     Thanks

Policy Based Routing in 3750 Switch

The scenario is as follows :

a) A 3750 Switch , which as 2 VLANS , one is DATA VLAN and other VLAN is Voice VLAN

b) In the WS-C3750X-24P-S   Switch, DATA VLAN Gateway is a Router and Voice VLAN is a Voice gagteway has conected

c) In the Same Switch having two Gateways , in turn Gateways are connected to Internet

Querie :

a) How to Configure Routing for DATA and Voice for getting internet.

b) Is PBR helps for Each VLAN traffic sets with the respective gateways

c) Will it WOrks or any suggestions ?

d) Pls send the refference COnfiguration

You can just set up normal default routing for the data vlan, and just set up PBR for the voice traffic.

So you will just create an access-list to match vlan traffic and then create a route map to set the next hop to the voice gateway.

Forget about PBR, you don't need that. The switch has its default gateway in the data VLAN so you can access it and manage it, the default gateway points to the router IP address. All PC have their default gateway pointing to the router IP address, not to any address on the switch.

All phones have their default gateway on th IP address of the voice gateway, not on any IP address of the switch. The switch does not even need an IP address in the voice VLAN. It only transports ethernet frames in the two VLAN. For that matter just have a config with two VLAN, assign the VLAN to the corresponding ports and in case you use phones and PC on the same ports use the voice vlan commands.

I hope I have understood your situation correctly. Otherwise let me know.

I agree. If he is in fact just using the 3750 as a layer 2 switch then he doesn't need PBR. My assumption is that he is (I would hope) using the WS-C3750X-24P-L  as Layer 3 and have SVI for each vlan. Thus, he would need PBR in that case.

I don't know why everybody is so keen about using PBR. I agree it is a nice feature but in my opinion it is designed for situations that you have no other way of bringing them into service.

 IP is still a destination based protocol and so all optimizations in terms of forwarding performance are based on the destination address as criterion. After switching on PBR everyody asks immediately "why is it slower than what I am used to?". I have seen this in many situations.

For normal situations like one voice and one data VLAN a normal network design should be sufficient and therefore no need for PBR.