Newbie connecting DELL 6248 stack to CISCO 3750 stack

I need to extend the office LAN by connecting an existing CISCO WS-C3750X-12S-S   stack to a new DELL 6248 stack.

I intend to use the fibre/combo port In DELL 6248 to connect to CISCO uplink port.

I want to use DELL port 48 but I saw there were 1/g48 and 1/xg48.  From memory, they are mutually exclusive.

Q1.  Does it mean I will just configure 1/g48 and don't bother going into the config of 1/xg48?

Q2.  To connect the 2 stacks together, should I just define both connecting ports as trunk port?  I have no experience in doing that.  FYI.  We are using VLANs in the CISCO stacks already and so the new DELL stacks need to know about it.

I was able to connect the 2 stacks together, but I am not sure if what I did was correct.

On the existing CISCO stack, I have been using VLAN 1 as the data (untagged) and VLAN 100 as voice (tagged).

On the new DELL stack, I defined 1/g48 (fibre port) as access port and VLAN 100 as the default untagged VLAN.

On the existing CISCO stack, I leave the Gigabit 1/0/4 port to its default which happens to be access mode with 1 as the default VLAN.

I thought what I did was incorrect but anyway I thought I still gave it a go and I was able to plug a PC into the DELL stack and do the normal "data" stuff without any problems.

Q1.  So, does it mean that even if the VLAN nos do not match on the connecting ports, it does not really matter?

Is this correct?

a) On the DELL stack, I configured the 1st fibre port as below:

#show interfaces switchport ethernet 1/g48

Port: 1/g48

VLAN Membership mode:Access Mode

Operating parameters:

PVID: 100

Ingress Filtering: Enabled

Acceptable Frame Type: Untagged

Default Priority: 0

GVRP status:Disabled

Protected:Disabled

Port 1/g48 is member in:

VLAN    Name                              Egress rule   Type

----    --------------------------------- -----------   --------

100     Data                              Untagged      Static

Static configuration:

PVID: 100

Ingress Filtering: Enabled

Acceptable Frame Type: Untagged

Port 1/g48 is statically configured to:

VLAN    Name                              Egress rule

----    --------------------------------- -----------

100     Data                              Untagged

Forbidden VLANS:

VLAN    Name

----    ---------------------------------

b) On the CISCO stack, I configured the fibre port as below:

Name: Gi1/0/4

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked:  WS-C3750V2-48PS-S    disabled

Appliance trust: none

Cisco 3750 =>blocking dhcp trafic on an interface

At work I've got a cisco WS-C3750V2-24PS-S   switch and few end devices which of course are company proprietary, connected to this switch in a separate VLAN. Now these end devices generate dhcp traffic "request" and is being propagated across all the sites where these devices are connected.

     Now I've been reading stuff about dhcp snooping features which is great but in this instance these end devices don't have a DHCP server. In this scenario all these end end devices have got static ip addresses allocated.

    Also my senior engineer being very narrow minded wants me to implement this change only on the interface level and not on the configuration level.

     Can someone please confirm if I can just only enable "ip dhcp snooping trust" on the interface level which i believe will stop the dhcp traffic ??

I'd only enable "ip dhcp snooping Vlan 10" in the global config.

So after enabling "ip dhcp snooping Vlan 10" in the global config , the switch will only stop DHCP traffic, correct ??

I am a little pedantic  since i've never performed this setting on a cisco  WS-C3750X-24P-S  switch before and would really appreciate input of experienced people !!

Configuring SNMPv3 for Cisco 3560X

I am using OpManager ver 9101.

Recently installed a Cisco WS-C3560X-24T-L   switch and wanted to test using SNMPv3 to manage the switch.

The following are the commands used on Cisco 3560X:-

snmp-server group OpMgrGrp v3 priv

snmp-server user OpMgrUser OpMgrGrp v3 auth sha ABC priv aes 128 DEF

snmp-server context opmanager

I created the credentials using OpMgrUser with SHA ABC and AES DEF, and context opmanager in OpManager.

Then try to add device, but it is trying until timeout and failed to add the device.

If I use the following command, then OpManger added the device successfully.

snmp-server community public RO 99

Which context name should I put in OpManager credential?

If you have followed the KB WS-C3560X-24T-S , you can leave it blank.

Cisco Catalyst 3750 PoE Issue

we have a 3-switch stack (1x WS-C3750V2-24PS-S    48-port w/no PoE on top, and 2x 3750 48-port PoE underneath). We have PoE IP phones that are all functioning. I recently acquired 2 Engenius EAP9550s to add as repeaters for an expansion of our office. When I connect the APs (in PoE mode on the switches), the indicator for each AP turns green and the APs power up, briefly.

After about 10 seconds, the indicator LED on the switch turns amber. At this point, almost all of the indicators are amber on this bottom switch, they all changed to amber after I tried the APs in them. We have about 5 PoE phones connected to it (the remainder are on the middle PoE 3750)

The device specs state that each AP runs at about 18W (48 VDC x 375 mA)

I can't imagine that I am hitting my wattage limit per switch with the small number of phones that are connected to that particular switch, but the indicator code seems to imply the switch is denying PoE for these ports due to the 350W limit. I don't see any voltage limits in the spec sheet for the switch so I am at a loss.

So, when the switches are stacked, is there a different limit? Or does each switch have its own individual limit? Do I need a booster? I was under the impression the APs would function fine, we have a separate AP on a different physical network with the identical switch setup and it works just fine. PoE is enabled in the port specifications for every port on all of our PoE switches (its the default but I double-checked to be sure).

Do you actually need Power over Ethernet for all of the ports that have it active? If not turn off the extras as you don't need the power drain...

Are these switches connected to a UPS system and is that system throwing any warnings or errors? It could be that you are actually running out of available power with all the ports and switches and such connected in the same place...

Also, how is the power getting into the switches? You're not trying to chain feed it from one to the next right? They each have their own AC adapters correct?

We need the option since the IP phones we have are pass-through switches for our non VoIP traffic - i.e. VLAN 9 - VoIP, VLAN 8 Data, both through the same port and it needs PoE for the phone to power on and provide the passthrough switching.

We have 3 UPSs running at 30% capacity each according to the management consoles, no warnings. That was the first thing I checked, each switch is plugged directly into a PDU and it is all load balanced, no chaining at all.

If there is a non-PoE (or no device at all) plugged into the PoE switch, does it drain more power than designating the port as non-PoE? I thought the switches automatically determined power requirements.

I figured the same thing regarding the circuit, but there is nothing else plugged in to this particular switch aside from 5 PoE IP phones and the 2 APs.

Switching the positions of the switches would be a task, so I haven't tried it. I picked up 2xGb PoE Boosters for cheap to see if they fix the problem. Thinking about the stack, they are all trunked, but they each have dedicated power supplies so I can't imagine the stack would have a more limited Wattage than the sum of the 3 switches  WS-C3750X-24P-S  . We shall see, thanks for helping me brainstorm!

Ios update for 3560-C

I plan to buy WS-C3560X-24T-L   (Catalyst 3560-C) for my home lab. I just created a new account on cisco.com (I did not register any equipment or contract for that new account). I was able to download ios 12 and 15 for that switch.

Will I be able to flash one of these versions when I will have the new switch ?

Cisco warranty for these Switchs (Enhanced Limited Lifetime Hardware Warranty, www.cisco-servicefinder.com/warrantyfinder.aspx) says NO OS Software Updates included. Does tha mean that I can download ios updates but won't be able to flash the device or use it ?

- Do I really have to buy Smartnet support to be able to update ios for that switch ?

Hello just to answer some of your points.

- Everybody with an cisco account and without contract can download universal ios. The universal ios file can't be used without an proper license. So it doesn't matter

Maybe this is the case, may just come with a base feature set. Ip base or LAN base?

- 3560CG comes with an IP Base license and can't be upgraded to IP Services

It can be upgraded to ip services. You need the correct image or license, depending on which major version you go with, I.e. 12 or 15.

12 you can download the correct firmware with the feature set, with 15 you need a license.

- So I suppose that I will be able to update 3560CG with any universal ios version and "stay" at IP Base level

Depending on what feature set the universal image has without licenses. I assume its base.

- Smartnet is required if you need support (TAC) or quick (4, 8 hours) hardware replacement

Yes I believe so, although I think the thing you call smartnet, I call Cisco service support contract..?

- Smartnet is not required for normal (days) hardware replacement as WS-C3560X-24T-S   warranty is lifetime of the product (except power for 5 years)

This information should all be in the service support contract.

Cisco 2901 Licensing Confusion

I am trying to figure out Cisco's licensing when it comes to universal images. I have a Cisco 2921 price   router that I am about to implement but need some clarification. I need to be able to participate in OSPF routing and to use the EHWIC-4ESG (4 port L2) card.

The router I have has the IP Base, SEC and UC packages enabled. Now this should work for OSPF according to what I have read, but I am concerned about L2 ports. According to cisco.com the DATA package includes

     

Data features found in SP Services and Enterprise Services IOS image on ISR 1800,2800 and 3800 e.g. MPLS, BFD, RSVP ,L2VPN, L2TPv3 ,LAYER 2 LOCAL SWITCHING , Mobile IP, Multicast Authentication,FHRP-GLBP ,IP SLAs, PfR ,DECnet, RSRB, BIP, DLSw+, FRAS, Token Ring ,ISL, IPX ,STUN, SNTP, SDLC, QLLC etc.

The part that throws me there in 'Layer 2 Local Switching', does that mean I can not do any switching on the EHWIC unless I have the data license? This doesnt make sense.

Well answered my own question by testing the configuration. It does not appear to impact the switch module. So I am not sure what that is referring to in the Data licensing. Maybe only the  Cisco 2901-SEC  Router ports?

QOS implementation on 3750 switches

I am wanting to test our qos design behavior in a lab using two WS-C3750X-12S-S  switches that are trunked together each with a laptop connected to a switch port.  I would like to create traffic across the trunk link so that i can observe what traffic is dropped in the queue when congestion occurs.  I am having a hard time creating enough traffic on the link to drop packets. 

what is the best way to create traffic just for this purpose?  Should i change some key configuration parameters (ie interface bandwidth) to make it easier to reach a point of conjestion with less traffic?

Considering those are Gb ports you probably aren't going to be able to produce enough traffic to congest that testbed with only 2 laptops.  Whatever QoS you are trying to test lower the threshold to something radically low so a single conversation can trip it.  However I'm still not sure you are going to see anything interesting WS-C3750V2-48PS-S   because there isn't any other traffic being produced on the switch.