01-04-2002 11:05 AM - edited 03-05-2019 11:17 AM
Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss Catalyst 6500 Series switches with Cisco expert Jeff Raymond. Jeff is a Technical Marketing Engineer for the Catalyst 6500 Series of switches. His focus is on switching architectures and performance testing. Feel free to post any questions relating to Catalyst 6500 series switches.
Jeff may not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through January 18. Visit this forum often to view responses to your questions and the questions of other community members.
Solved! Go to Solution.
01-18-2002 02:36 AM
Jeff,
Can you confirm a switch design scenario I'm developing for a customer. Can a 6509 with MSFC2 run as an MLS-RP and populate the multicast cache to external switches that are;
1. 5509's directly attached running NFFC ( WS-F5521)
2. 5509's attached via a L3 RSM routed connection then L2 uplink to a 5509 running NFFC
Best Regards
Stuart
Dimension Data
01-04-2002 10:19 PM
I want to know when Cat6K MSFC IOS support IPv6?
01-07-2002 09:32 AM
Thanks for the question.
IPv6 software support in Catalyst 6500 MSFC IOS is targetted for release in the late 2nd quarter, 2002 timeframe.
Hope this helps.
01-08-2002 08:36 AM
Hi,
What is the best method to upgrade a supervisor 1A with MSFC1/PFC with a redundany supervisor, (with min downtime). Is it best to upgrade the redundant first then switch or is there a better way? I have tried upgrading from cat6000 5.5.1 to cat6000 6.3.1 by upgrading the redundant first. The switch fails to see the gigabit uplinks on the 2nd card and seems to take an age to upgrade the software
thanks
01-08-2002 04:09 PM
Hi and thanks for the question.
It is best to upgrade the standby Supervisor first. Then, once that module is online running the new software version, you can upgrade the active supervisor.
The following white paper might be helpful as it provides an upgrade procedure.
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/hafc6_wp.pdf
Pages 10 and 11 refer to the redundant Supervisor upgrade procedure.
One note - the document refers to verifying HA compatibility between the images (step 11). If you are upgrading from the 5.x train to the 6.x train, then the images will not be HA compatible. This means that the switchover from standby to active supervisor can still be done, but it will not be stateful (i.e. greater than 3 seconds failover).
Re: the gigabit uplinks on the 2nd Supervisor. Are you sure that the 2nd card is online? (Try a show module to see if it is "ok") If it is not online, then the 2nd Supervisor might be in Rom Monitor mode. If so, post what you see and I'll provide some more detail. If it is online, then the gigabit uplinks should be available. If they are still not available, then I would recommend opening a TAC case on this issue. They would be able to give you more direct assistance in troubleshooting.
Hope this helps.
Jeff Raymond
Catalyst 6500 Product Team
01-09-2002 12:28 AM
Hi Jeff,
I have some question about 6500 and hope you can help me.
1. Can CSPM manage the IDS module of 6500?
2. Can IDS module work with MLS? Or I should disable the MLS feature in 6500?
3. Can you refer me some document or URL for 6500 internal structure?
Thanks
01-09-2002 03:31 PM
Hi Michael,
Here are some answers to your questions...
Question 1:
Cisco Secure Policy Manager can indeed manage the IDS Module for the Catalyst 6500. Check CCO for the latest image.
Question 2:
The IDS module works fine with MultiLayer Switching (MLS) enabled - no need to disable MLS. MLS is a Layer 3 forwarding architecture used to route traffic via the Policy Feature Card (PFC). Traffic is sent passively to the IDS - i.e. a copy of the original packet is sent to the IDS while the real traffic is switched/routed to the destination. The method for sending traffic to the IDS is either via the Switch Port ANalyzer feature (SPAN) or via the VLAN Access Control List Capture feature. Both of these features send copies of the original packet to the IDS.
SPAN in Catalyst Software:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_1/conf_gd/span.htm
VLAN ACL Capture in Catalyst Software:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/sw_7_1/conf_gd/acc_list.htm
SPAN in Cisco IOS software:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/121_8aex/swconfig/span.htm
VLAN ACL Capture in Cisco IOS Software:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/121_8aex/swconfig/secure.htm
Question 3:
Here is a document the describes the 6500 architecture.
http://www.cisco.com/warp/customer/cc/pd/si/casi/ca6000/tech/k6kfy_wp.pdf [requires CCO login]
Hopefully this answers your questions.
Jeff Raymond
Catalyst 6500 Product Team
01-09-2002 05:59 AM
Another Q...
We have a number of new servers (win2k) which we are having problems with, one is active and another acts as a backup each with their own ip address and each supporting a virtual 3rd ip address. When they turn one server off the other server is supposed to takeover the virtual ip address. We can see this on the routers happening, the MSFC1 sees a different mac address for the ip address ok, but the server is unable to ping any device outside of it's subnet. It is either a "clear ip arp" or wait approx 28 mins and the new server responds fine. We are running cat6000 with dual supervisors and MSFC1 and are also are multilayer switching.
My Q is does the clear ip arp also clear the MLS tables as the router sees the new mac address straight away and otherwise works fine for othe dual homed servers. Thanks
01-10-2002 09:33 AM
Hi.
When the mac-address changes for a given IP address, we are supposed to flush the MLS entries for any flows to that destination IP address as now the rewrite for the destination mac-address has changed. Looks like this is not happening. We may be rewriting with the old mac-address in the mls-cache - in which case, the packet will not get to the new server as it's mac-address is different. This is not correct operation.
This seems to be the case, as when you do a 'clear ip arp' you do see that everything is working (because the MLS entry gets purged for that destination IP).
A quick way to verify if indeed they are running into this problem is to get the output of 'show mls rlog l3' from CatOS side when there is a change in mac-address for the vertual ip. You should see a message from the MSFC to purge flow for the virtual IP. If not, it is a bug. You should try a more recent release of software (IOS/CatOS) or contact the TAC. [Note that 'show mls rlog l3' is a hidden command and not intended for normal use.]
Hope this helps.
Jeff Raymond
Catalyst 6500 Product Team
01-11-2002 01:59 AM
Thanks
01-16-2002 04:43 AM
What version code are you running. We had a problem that sounds like this with the 6509 MSFC1 running Native Code 21.1(3a)E4. It was a bug with CEF that would not allow a server to talk off its' subnet for about 30mins after powering up. And since you cannot disable CEF in Native, Cisco provided a work-around and we just finished upgrading to 12.1(7a)E1 which fixes this bug.. Bug ID#: CSCds36857
01-09-2002 06:40 AM
Jeff, Any plans to roll the SFM functionality into the supervisor module ?
Thanks
01-09-2002 03:34 PM
Hi Jack,
This is something that we are considering, but no definite plans yet.
Thanks for the question.
Jeff Raymond
Catalyst 6500 Product Team
01-10-2002 08:58 AM
What commands need to be set on the MSFC in order to boot the system image from the PCMCIA card in slot0:
I read on CCO that the bootldr had to be changed using the below for PCMCIA card:
boot bootldr bootflash:boot_loader_image
boot sup-slot0:system_image
Not sure if this is the way it is done? Does not look right. What is changing on the boot loader for slot0: ? And I would think the boot command would be
boot system slot0:system_image_name
01-10-2002 06:41 PM
Hi.
The correct way of booting the MSFC IOS from sup-slot0: is:
boot system flash sup-slot0:
boot bootldr bootflash:
There have been some old bootldr image issues, but newer softwares should have no problem, if you follow the above.
I would consider, however, that booting from slot0: is not foolproof - as someone can walk away with the pcmcia card unknowingly and after 3 months if the box crashes (or) reloads for some other reason, there is no valid image to boot from.
Hope this helps.
Jeff Raymond
Catalyst 6500 Product Team
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide