Okay, so the concept of stacking needs to be understood.

2960's may not have enough capacity for more than 6 etherchannels.

I assumed you would have 8 individual stacks, not 8 stack members, which sounds like what you are trying to do.

When you have 8 stack members as 1 logical switch then there should not be a need to create more than one etherchannel to the 4500. You only need 1.

So instead of creating 8 etherchannels you create 1 etherchannel, and make up to 8 ports part of that one etherchannel. This in my view might be an overkill at the access layer, you normally see port-channels of this 8Gb bandwidth in datacenters.

(I'm not too sure if the 2960 has a limit on the physical interfaces per etherchannel)

Therefore you will have one logical 8Gb link between the 4500 and the 2960.
E.g.
2960
interface gi0/1
channel-group 1 mode active
!
interface gi1/1
channel-group 1 mode active
!
interface gi2/1
channel-group 1 mode active
!
interface gi3/1
channel-group 1 mode active
!
interface gi4/1
channel-group 1 mode active
!
interface gi5/1
channel-group 1 mode active
2960
interface gi6/1
channel-group 1 mode active
!
interface gi7/1
channel-group 1 mode active
!
Interface po 1
Description ## Etherchannel to 4500 ## Po1 ##
Switchport trunk encapsulation dot1q
Switchport mode trunk
Switchport trunk allowed vlan 1-4

With regards to crypto key generating, you can't type out letters as the 1024 is the length of the keypair - measured in bits! In short the higher it is the more tough to crack (the algorithm that is used to encrypt your connection is better as a result)
http://en.m.wikipedia.org/wiki/Key_size

I recommend 1024 as this will allow you to enable ssh v2 and disable v1.

Hope this helps

Sent from Cisco Technical Support iPhone App

No it's 8 individual stacks. Each stack has two switches and 16 switches total, sorry for the miscommunication. When I went to the 7th stacked pair I came across the problem where it wouldn't take. It's okay I'll try again I'm sure I did something wrong. Does the stack switches have to be connected to core in order to configure etherchannel?

Note from:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/swethchl.html

The network device to which your switch is connected can impose its own limits on the number of interfaces in the EtherChannel. For Catalyst 2950 switches, the number of EtherChannels is limited to six with eight ports per EtherChannel.

For channel-group-number, the range is 1 to 6. Each EtherChannel can have up to eight compatibly configured Ethernet interfaces.

I found this on Cisco site saying limit is six, this is my problem. I need to figure out another way to manage two uplinks per stack switches that won't cause loops.

I need two uplinks per stack pair of switches if I can't use etherchannel then what do you think of enabling udld on uplink interfaces? I don't need both uplinks working simultaneously I prefer to have one link down and on standby in case the active uplink dies. Let me know thanks.

About crypto key so after I type:

crypto generate key rsa

Then I get the request for length/bit and I type 1024 to enable ssh v2, got it!

Thank you much for all your time.

Oh so it would look like this?

• 1st stack both uplink interfaces - channel-group 1 mode active
• 2nd stack both uplink interfaces - channel-group 1 mode active
• 3rd stack both uplink interfaces - channel-group 1 mode active
• 4th stack both uplink interfaces - channel-group 1 mode active
• 5th stack both uplink interfaces - channel-group 1 mode active
• 6th stack both uplink interfaces - channel-group 1 mode active
• 7th stack both uplink interfaces - channel-group 2 mode active
• 8th stack both uplink interfaces - channel-group 2 mode active

I'm still a little confused so interface Port-channel 1 is what maxes out at 6? I thought it was channel-group?

Sorry Bilal, this is the last config I need help with please clarify no rush.

ruckessbx1 wrote:
This will trunk all local vlans on the switch, so you have to create the vlans if you are not using VTP. Be careful though, before connecting any switch device to your network, ensure that the switch is not the VTP server, should be transparent in most cases.
I'm using two 1GB uplinks from each 2960S Stack, one from each switch. How do I make sure one of the 2960S switches isn't the VTP server?  

Just to reiterate Bill's comment to be careful with VTP when adding additional switches. Best to configure VTPv3 which offers protection from an unwanted overwrite of the VLAN database. It also supports the entire range of IEEE VLANs.

On the 4500 it will be different

For example:
Both uplinks for 1st stack you will do:
Channel-group 1 mode active

For the 2nd stack, you will do:
Channel-group 2 mode active

For 3rd stack, you will do:

Channel-group 3 mode active

And so on...

Will it go up to channel-group 7 and 8 on 4506?

Interface po 1

Description ## Etherchannel to 4500 ## Po1 ##

Switchport trunk encapsulation dot1q

Switchport mode trunk

Switchport trunk allowed vlan 1-4

Also how does it effect this config on both 2960 and 4506?

Thank you Bilal...

your first question... yes, I have 16 on the 4500 at the moment i think the limit is 64... will need to verify this.

The configs on your 2960's you use channel-group 1 mode active for all of them.

on your 4500 the channel-group command will increment for every stack as i explained previously.

Also dont forget your management IP's on your 2960's which will probably be the only thing different on your 2960's.

No problem, happy to help

Interface po 1

Description ## Etherchannel to 4500 ## Po1 ##

Switchport trunk encapsulation dot1q

Switchport mode trunk

Switchport trunk allowed vlan 1-4

This is the config I'm still confused about. I got the channel-group down now thanks to you.

In the first line it says Interface po 1 shouldn't it be something like Interface gi1/2.

What does the "po" stand for?

Do I use these commands for every port I use as a trunk uplink on 2600 and 4500?

I think I got it! Please review attached word document and let me know what you think.

Thank you for all your help!

Hey, that looks fine!

Wanted to add that I had the management interface as the first IP on the 4506 (you may want to change this to 10.0.0.254)

Just remember the ip route '0.0.0.0 0.0.0.0 10.0.0.1' or .254 depending on what you choose for your 4506 management SVI. Applies to all 2960's and the management vlan on the 2960's will be different:

i.e.

4506 10.0.0.1 or 10.0.0.254

2960 1st floor - 10.0.0.2

2960 2nd floor - 10.0.0.3

2960 3rd floor - 10.0.0.4

etc...

Another thing I wanted to mention was your access ports didn't have the spanning-tree portfast command which I forgot to add. Also if you want to configure several interfaces in one go you can do this:

conf t

interface range gi1/0/1 - 24

description CAMERAS_RECORD

switchport

switchport mode access

switchport access vlan 1

spanning-tree portfast

This will configure the entire range from gi1/0/1 to 1/0/24.

Username and password can remain the same if you wish and also the local login configurations can be the same for all your devices, i.e.

line console 0

login local

!

line vty 0 4

transport input ssh

login local

For me, personally it is easier to draw this up on a diagram and then view, will give me a better understanding.

Just as an example:

Hope this helps.

Understood Bilal, thanks.

What program did you use to make diagram?

I used Microsoft Visio, with Cisco's stencils found here:

http://www.cisco.com/en/US/products/hw/prod_cat_visios.html