2013年12月30日星期一

Cisco 3750 - two ports stopped passing traffic

I have a WS-C3750V2-24PS-S   switch - two member stack - that has been up for four years.  It runs C3750-ADVIPSERVICESK9-M, Version 12.2(46)SE.  It's run flawlessly until the last few weeks.  Interface Gi1/0/6 stopped sending/receiving traffic although it was in up/up mode.  I tried to admin down/up the int but no good.  So I moved the cable to another interface (say 1/30) and the traffic flowed again.  Over the weekend interface Gi1/0/5 had the same symptom.  The host connected to it - a Cisco UCM stopped responding to ping or anything else although the port was up/up.  There were no errors visible when I tried "show log" and no incrementing errors on the interface, nothing in syslog.  I could even see the bps in and out appear to show some traffic.  But from a ping or TCP standpoint the interface was passing no traffic.  I bounced the UCM and still no traffic flowed.  I moved the cable to interface Gi 1/0/15 and now traffic was flowing again. 

I wanted to get some thoughts on here before opening a TAC case.  Does this sound like a memory leak bug with this version of IOS?  A failing ASIC?  Other thoughts on troubleshooting or possible explanation?

When traffic stops flowing, can you get any other device to communicate on those ports? Is any type of port security, storm control, dot1x, or any other method applied to the ports that could automatically disable a port?


Assuming that no security/error method (or spanning-tree) is blocking traffic, it does sound like an ASIC that is on the fritz. Perhaps a switch reboot is an order, and/or a TAC case. If you have smartnet, I would definitely start a TAC case immediately even if it's just a CYA. Grab a "show tech" when the issue is occurring for TAC  WS-C3750X-24P-S   to review.

2013年12月29日星期日

Configure HWIC-4ESW with three vlans in a Cisco 2811 router

I would like to setup a VOICE lab at home and has purchased two HWIC-2FE  cards for SiteB(BR1) and SiteC(BR2).I need to configure thre VLANS in each router.Could you please show me how to configure it.....your help is appreciated.......thnx
Configure an Ethernet/Fast Ethernet Interface
Int f0/0
   Ip address [IP] [mask]
   No shut
   Exit
interface FastEthernet [PORT#].10
   encapsulation dot1q 10
   ip address [IP] [mask]
   no shutdown
   exit
interface FastEthernet [PORT#].20
   encapsulation dot1q 20
   ip address [IP] [mask]
   no shutdown
   exit

Vlan 10
     name Voice
     Exit

Vlan 20
     name Voice
     Exit
Interface range ethernet 0/1 - 4
   Switchport mode access
   Switchport access vlan 20
   Switchport voice vlan 10
In my experience, the 2811 router does not allow the "vlan 10" and "vlan 20" sections.  In other words, you cannot configure the VLANs for the 4ESW in global config mode.  You need to configure these from vlan database:
Router#vlan database
Router(vlan)#vlan 10 name Name-Vlan10
Router(vlan)#vlan 20 name Name-Vlan20
Router(vlan)#vlan 30 name Name-Vlan30
Router(vlan)#exit
APPLY completed.
Exiting  EHWIC-1GE-SFP-CU....

Router#

2013年12月26日星期四

cisco 3560 isolate ports

i have 3 vlans on my catalyst WS-C3560X-24T-L
now vlan 1396 gets the internet connection from fast 0/1
vlan 2 is giving out the connection on fast 0/2 and it connected to the firewall
i want to create vlan3 which get internet from fast 0/3 and works like layer2 switch
because i return from firewall to the vlan 3

If I understand correctly(partly because of my experience in your last question)......VLAN 1396 takes an outside internet connection that routes to another internet address you have on interface VLAN 2 on your router.  Fa0/2 is configured for VLAN 2 and is connected to the WAN port of your firewall.  Fa0/3 is connected to the LAN port of your firewall?  Go ahead and configured vlan 3 on fa0/3 and all of your other interfaces.  from 3560(config)# :
vlan 3
name LAN
exit
int range fa0/3-24
switchport mode access

switchport  WS-C3560X-24T-S    access vlan 3

2013年12月25日星期三

Cisco Switch 3560 Errdisable disable State

Please see attached my error I get on up link of  trunk port.
How can I find root of problem to solve it.

This could be caused by a network device but I am guessing that would be rather difficult to track down. How many users are connected o the WS-C3560X-24P-S  switch? Are you able to provide me a sanitized configuration of the 3560? Also are you able to test the fiber link for any physical layer issues?

smaller frames are less effective and will cause drainage of the resource(memory/cpu) if it's being received at an alarming rate.

Since this is being received at the trunk port, trailing the diagram/cabling some network device or even a NIC is not working the way it's expected(may be half duplex or faulty) and network/link is congested at that segment and as a result of collision, the smaller frames are making their way in. It will be a tedious job to find that part.


If you can do a WS-C3560X-48P-L   packet capture, the source and destination field might make your life easy.

2013年12月24日星期二

Catalyst 3750 Stackwise technology

I am new to the WS-C3750X-24T-L  stackwise technology but from that I understand if two 3750s are connected together in the backplane with the stackwise technology, if one fails the stack is still running. But if one of my switch fails, all the users connected to that switch will be down. So what is the benefit of the stackwise technology. May be you can shed some lights on the subject.

Allows multiple switches to be managed as a single unit and gives higher bandwidth between the switches compared to using external switch port connections.

Sort of like have a chassis based switch (Catalyst WS-C3750X-24T-S, 7500, Nexsus 7K) without the expense of a chassis.


Even with a chassis if one blade fails, all of the devices connected to that blade still fails.

Configuring Point to Point T1 on Cisco Router WIC1DSU-T1 to HWIC-4T1/E1

We originally had a point to point T1 on two 2811 routers with HWIC-2T  cards.

I have a new 3925 that has a HWIC-4T1/E1 that I'm attempting to setup for multiple point to multipoint T1cards, but am not sure how to configure the HWIC-4T1 so it can talk to the WIC1DSU-T1.

My router with the WIC1DSU-T1 shows up as S0/0/0

My router with the HWIC-4T1 shows with 4 ports as:

controller T1 0/0/0

 cablelength long 0db

controller T1 0/0/1

 cablelength long 0db

controller T1 0/0/2

 cablelength long 0db

controller T1 0/0/3

 cablelength long 0db

When I plug the original T1 cable from one of the ports on the new HWIC-4T1, the port does not comes up and I am getting errors.

When I originally plugged up the WIC1DSU-T1 to WS-X45-SUP7-E   on my 2811's, the link just came right up.  Am I missing something on the configuration of the HWIC-4T1?


Thanks.  It actually ended up being a bad cable, but I appreciate the link for the configuration page.

2013年12月22日星期日

Cisco 2801 - Verizon WAN HWIC - Routing/Gateway Question

Looking for some advice on how this will work for us in a disaster recovery scenario.  Right now we are like most businesses on a fiber internet connection, and have fiber between our remote offices.  If in a disaster we lost fiber to our headquarter facility, we want to use the Verizon WAN HWIC-1T  solution to get us by until fiber service is restored.  What would this look like for us when the disaster happens?  How would I route us out through Verizon?

Right now we have everyone with a default gateway of our main switch.  That main switch has its default gateway as our firewall.  When the disaster happens, do I just change the main switches default gateway to my new router with the Verizon HWIC card in it?

I know this will only allow for outbound traffic to the internet, and nothing inbound, but will that work?

My other more pressing concern is, will this be safe?  Since traffic will now be routed through Verizon and a router only, no firewall?

Any thoughts or suggestions would be appreciated!

To put some IP Numbers into this mix to get a clearer picture and explanation, I am going to assume the following layout:

Fiber Internet  (1.X.X.1)           Verizon WWAN (2.X.X.1)
   |    (1.X.X.2)                                    | (2.X.X.2)
Firewall                                        Cisco 2801         
   |    (10.1.0.1, 10.2.0.1, 10.3.0.1 /24s)     |     (10.1.0.2, 10.2.0.2, 10.3.0.2 /24s)
---------------------Main Switch-------------------------
          |                               |
          |           Various Branch Office Uplinks
   HQ Subnets        (10.3.0.X /24)
(10.1.0.X /24)
(10.2.0.X /24)   


From the diagram you can see that you would simply define all of the VLANs on the Cisco 2801 and give them a layer 3 address in each VLAN.  You would also independantly configure the Cisco 2801 for NAT.  As long as the fiber solution is up, all traffic will be routed out of the firewall and nothing should end up in the router.  In the event of a failure of the fiber circuit, there are several options that can be employed depending on the capabilities of the firewall and "main switch".

1. If the switch supports basic static layer 3 routes, I would still define both routes on the device, however, I would not make them equal cost.  Instead I would make the 3G network, say 100 compared to 10 for the fiber circuit.  This will ensure that traffic never "automatically" goes to the 3G circuit.  As mentioned, with static routing failover is not automatic unless the interface goes down.  So in the event the firewall fails and brings the interface down, it would act as an automatic failover.  However, if the circuit goes down and the interface remains up, having the route in place allows you to failover the path much quicker and easier by simply shutting down the interface going to the firewall.  This prevents the need to define a more complex route statement while you are in the middle of an outage.

2. If the main switch supports ip slas of some type, you can automate the failover of the static route.

3.  If the firewall supports ip slas of some type AS WELL AS hairpinning, you may be able to use the firewall to failover to the 3G network if the fiber circuit fails.  This would be a bit of a complex configuration.


One additional point I would like to make is that you can make to further subnet your network and place "important" users into their own WS-X45-SUP7L-E   Since your failover circuit will be a 3G circuit, speeds will not be that stellar and can probably only reliably support maybe 10 simultaneous users at one time.  I would consider essentially allowing the network to be down when the fiber circuit is down for everyone except these "VIPS".  Otherwise, if internet access is granted company wide over the 3G network, the speeds will be some horrendous that everyone might as well be down.