Solved: Re: Cisco 6500/6509 with Sup 720-3B Ports

Hamidsattarrana · ‎10-27-2020

Hi All! Hope you guys are well.

We have 6509-E with SUP720-3B. The supervisor engine has one Ethernet port.

It also has Card Type: WS-X6548-GE-45AF.

My question is what is the purpose of Ethernet port on Supervisor Engine, Is it uplink etc? In fact, I can performed NAT and all other things on the ports come with WS-X6548-GE-45AF?

Giuseppe Larosa · ‎11-09-2020

Hello @Hamidsattarrana ,

Catalyst 6500 implements routed interface and routed subinterface using a VLAN, they are emulated. The VLAN used is called an internal VLAN.

However, try to use only SVIs on your Catalyst 6500 and have the downstream port connected to an external device acting as access layer switch.

In this way you should be able to perform your tests.

Instead of connecting gi0/3 to gi0/4 of the same device.

Hope to help

Giuseppe

View solution in original post

Georg Pauwen · ‎10-28-2020

Hello,

the SUP720-3B should actually have TWO GigabitEthernet ports, which indeed are uplink ports. These ports are fully configurable. Check the datasheet linked below:

https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/product_data_sheet09186a0080159856.html

Hamidsattarrana · ‎10-28-2020

But what if I terminate uplink from ISP into Card WS-X6548-GE-45AF. And make 1/48 outside NAT interface and 1/47.300 inside NAT interface. And then connect the 1/47.300 interface with 1/46 (Trunk Link with allowed Vlan 300). And 1/45 as access port. Just for testing purpose, I am making this scenerio. DHCP is also configured for Vlan 300.

Actually I have configured the above scenerio. But when I tried to configure vlan 300. I am getting the following error.

VLAN id: 300 is an internal vlan id - cannot use it to create a VTP VLAN.

Please Guide.

Joseph W. Doherty · ‎10-28-2020

Those ports (there should be two), on a sup720, are really intended more as management ports. You can generally use them as edge ports, but they often will not work/perform as well as some line card ports. (BTW, the sup32's supervisor ports, were designed for high performance as uplinks.)

Hamidsattarrana · ‎11-09-2020

Hi!

I am configuring Cisco 6509 as Core/Edge device.

On gi 0/3 I have created sub-interface int gig 0/3.300 with an IP address of 192.168.32.1. Also DHCP server is configured.

I want to terminate Gi 0/3 physically to Gi 0/4.

Gi 0/4 should be Trunk link with allowed vlan 300.

But after creating Sub-Interface for Vlan 300, I am not able to create Vlan 300 on the same switch.

Error: vlan id: 300 is an internal vlan id - cannot use it to create a vtp vlan.

if i delete Gi 0/4.300 subinterface then I can create Vlan 300.

Basically I want to use 6509 as Edge Router and and also Core-SW for all other access switches. Kindly check the diagram and suggest.

Thanks & Regards,

Hamid

Giuseppe Larosa · ‎11-09-2020

Hello @Hamidsattarrana ,

Catalyst 6500 implements routed interface and routed subinterface using a VLAN, they are emulated. The VLAN used is called an internal VLAN.

However, try to use only SVIs on your Catalyst 6500 and have the downstream port connected to an external device acting as access layer switch.

In this way you should be able to perform your tests.

Instead of connecting gi0/3 to gi0/4 of the same device.

Hope to help

Giuseppe

Hamidsattarrana · ‎11-12-2020

Thanks for the suggestion. It's working via SVI method.

One more thing I would like to ask. I have created Interface Vlan 300 but when I am trying to apply service policy on this interface. I am getting the following error. Any idea?

Configuarion:

Interface Vlan 300

service-policy output VOIP-POLICY

Error after executing above command:

NBAR/STILE is not supported on this platform,Policymap rejected!

VOIP Policy Configurations:

class-map VOIP

match protocol rtp audio

exit

policy-map VOIP-POLICY

match class VOIP

priority 10000

exit

Interface Vlan 300

service-policy output VOIP-POLICY

Thanks.

Giuseppe Larosa · ‎11-12-2020

Hello @Hamidsattarrana ,

the error message says you cannot use NBAR that is the feature invoked when doing a match protocol

match protocol rtp audio

instead of this use an extended ACL for a range of destination UDP ports 16000 to 32000.

Hope to help

Giuseppe

Joseph W. Doherty · ‎11-12-2020

As Giuseppe notes, NBAR isn't supported on the sup720.

What he also suggests may, or may not, be exactly the same as the NBAR match statement. (Some NBAR statements do much deeper matching/analysis than any ACL can, some, though, are really no more than a "pretty face" on an ACL.)

I recall the only 6500 supervisor that supported a variant/flavor of NBAR was the sup32 PISA.