ASK THE EXPERTS:LAN Switching - Page 3

ciscomoderator · ‎07-29-2011

With Matt Blanshard and Jane Gao

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to ask your toughest layer 2 questions to two of the technical leaders of the San Jose LAN Switching team, Matt Blanshard and Jane Gao. Learn more about Spanning Tree, VTP, Trunking, Resilient Ethernet Protocol, IGMP Snooping, Private VLANS, Q-in-Q Tunneling, QoS, various switching platforms including all desktop switches, Metro Ethernet switches, 4500 and 6500 switches, Blade Center switches, and Nexus 7000 switches.

Matt Blanshard began his Cisco career as an intern in 2007. He is now a technical leader at the Cisco Technical Assistance Center on the LAN Switching team. He holds a bachelor's degree from the University of Phoenix in computer science, and has CCNA certification.

Jane Gao is a technical leader in the Lan Switching Technical Assistance Center (TAC) team in San Jose. She has been working with LAN switching technologies and supporting Cisco switching platforms Jane's Bio since 2009. Ms. Gao was previously a technical leader in the Wireless TAC team in San Jose. Prior to joining Cisco Ms. Gao was working in software development. She has a Master of Science degree in Computer Science from DePaul University in Chicago.

Remember to use the rating system to let Matt and Jane know if you have received an adequate response.

They might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Lan Switching and Routing discussion forum shortly after the event. This event lasts through August 12, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

Zizhen Gao · ‎08-02-2011

Hi Peter,

Please fine below for the comments:

1.

The switch will continue processing the response. Since it does not correspond to the local switch information, the option 82 information will not be removed in this case as opposed to being removed if it had been received on the originating switch.

2.

If option 82 circuit id field is set, the destination port is extracted from there. Otherwise, the Mac address table is looked up based on client hardware address. If the client hardware address lookup is failed, the packet mac DA is used to lookup Mac address table for the output port.

3.

Option 82 is skipped. So the forward preference would be chadd, then mac DA in this case.

4.

That is correct.

The above is based on cat6500 implementation but it should be common to most of the catalyst switch platforms.

best regards

Jane

lxcollin1 · ‎08-01-2011

Hi Matt & Jane,

Is it possible to police traffic on the Nexus 5548? I want to rate-limit (pps) ARP, DHCP, and some other traffic, but I'm having trouble finding documentation for configuring policing. Any help would be appreciated...

Thanks!

Lee

Zizhen Gao · ‎08-01-2011

Lee,

The N5K platform is curently supported by our SAN (storage) team instead of Lan Switching. That said, from the few internal discussions and customer queries I've come across, policing is not yet supported on N5K. The following feature enhancement has been opened on the ingress policing and it's already on the roadmap with the product marketing team:

CSCtr43928 Support for Ingress policing on Nexus 5500 platform

regards

Jane

Pavel Doronin · ‎08-02-2011

If there is a NATIVE VLAN mismatch on either side of an 802.1Q trunk, layer-2 loops may occur because VLAN 1 STP bridge protocol data units (BPDUs) are sent to the IEEE STP MAC adress (0180.c200.0000) untagged.

Can you explain this with examples?

oliver · ‎08-03-2011

hi JANE i have onluy one question can you please answer it,

if ASA5540 can be used for DMVPN?

Zizhen Gao · ‎08-03-2011

Oliver,

ASA5540 can do DMVPN passthrough but it does not do DMVPN. Since ASA/VPN is beyound my expertise, please feel free to post further questions on our security forum.

regards

Jane

mste972379 · ‎08-04-2011

Hello to the LAN-Switching Experts :-)

Could you answer my following two questions, all related to the SG300-Family of SMB-Switches (i.e. SG300-10MP resp. SG300-20):

a) Cisco recently updated the Firmware from 1.0.0.27 to 1.1.0.73. When can we expect the corresponding and working Language-Files?

b) SG300-Family was promoted with IPv6. As I was able to read in newspapers/onlineforums it seems that there is a lot of room for improvement. Can you comment on that?

THX in advance and best regards from Switzerland.

Marc

Pavel Doronin · ‎08-04-2011

Hello again dear experts!

Tell me please is there any way to boot catalyst 3750 (3560, 2960) switch from tftp?

oliver · ‎08-04-2011

you can load you IOS from the tftpd32 , first donload tftpd32 from google its free, run it but make it sure that you have you IOS image bin file in you PC, then , follow these steps ,

STEP 1.

Store the IOS image on the computer in any drive with its original name .

STEP2.

Connect the Switch to the Computer through straight cable.

STEP 3.

Come to the Switch , come in the enable or privilege mode by entering enable

Then come to the configuration mode , type config terminal push enter

Now type interface fast Ethernet or giga Ethernet port what ever the port is connected to the PC , example interface fast Ethernet 0/1 then push enter

Now give ip address, like

Ip address 1.1.1.1 255.0.0.0 enter

No shut enter

STEP 3 .

Come to the PC GO TO THE NETWORk CARD and give the ip address 1.1.1.2 subnet mask 255.0.0.0 gateway 1.1.1.0 nothing else.

STEP 4.

Now download tftpd32 you can get it on google download it AND RUN IT . AFTER THAT OPEN THE TFTP WHICH WILL BE ON DESKTOP , DOUBLE CLICK IT AND COME TO current directory and brows the IOS IMAGE FILE where you save that and select that it will then comes to the current directory , now below current directory you will see server interface , in front of that you will have to click show dir and see that the IOS file can be seen .

STEP 5. COME TO THE SWITCH AGAIN , GO in enable mode.

Type this.

Copy tftp flash. Push enter

It will ask you the name and address of remote host ?

Give the IP ADDRESS of the system , 1.1.1.2 and push enter .

Now it will ask you about the source file name ?

Copy the file name from pc where the IOS IMAGE which is saved on the PC and past on the switch and type.bin in the end and push enter.

Now the SWITCH will ask you about the destination file name , you can create your own name or use the same default name that is saved on the PC which you copy past on switch , after entering the name push enter. NOW WAIT FOR 10 MINUTES IF IT WILL ASK YOU SOMETHING PUSH ENTER AND WAIT FOR THE IMAGE TO UPLOAD.

AFTER THAT COME TO THE enable mode and type wr and the type reload and wait for the reboot process, in case you are using same destination file name as kept on the pc otherwise. Look below

If you have create your own choice name then,

Come to configuration mode , by typing config terminal push enter.

Type this command

Boot system switch all flash:/new name that you have created and type.bin in the end push enter.

Now type exit come to the enable mode .

Type WR push enter.

Now run these commands for verification.

Show boot. ( after running this command check if the file name of the IOS is there then its ok )

Dir flash. ( after running this command check if the file name of the IOS is there then its ok )

Now TYPE THE LAST COMMAND

Reload and allow the switch to reboot and wait .

Matthew Blanshard · ‎08-05-2011

Hello Pavel,

Unfortunately there is no way to directly boot the switch from tftp. If you are stuck at the switch: prompt with no bootable IOS image you are stuck doing xmodem, though you can boost up the console speed to reduce the pain somewhat.

-Matt

mrajnarayanan · ‎08-04-2011

Hi

can you explain me about difference between stacking and uplink in brief????????????

Zizhen Gao · ‎08-04-2011

Hi Rajnarayanan,

Can you please be more specific with the question? Stacking and Uplink are totally different concepts/terms. I'm not sure that I understand the question fully. If you could provide a context where this question arises, it'll help to answer it as well.

thanks

Jane

mahesh18 · ‎08-04-2011

Hi Matt Blanshard and Jane Gao ,

How are You?

Thanks for joning the Lan switching forum.

Need to ask question on DHCP snooping.

I have 2 cisco 3550 switches and they are running HSRP.

Both switches are acting as DHCP servers.

Switch A -3550SMIA# is active HSRP.

Switch A 3550SMIA# connects to layer 2 switch 2960.

I have enabled DHCP snooping on switch 3550SMIA#.

Also one port from 3550SMIA switch connects to wi fi router .

I need to know which ports on 3550SMIA switch should be marked as trusted ?

Also do i need to mark any port as trusted on the layer 2 switch also?

Thanks

MAhesh

Zizhen Gao · ‎08-05-2011

Mahesh,

The trusted ports would allow all DHCP packets to go through, whereas the untrusted ports would only allow client generated packets to go through, including DHCP discovery/requests. Therefore every switch running DHCP snooping must have its ports facing the DHCP server as trusted.

In your case, only the L2 switch 2960 needs to have the uplink towards Switch A 3550SMIA marked as trusted, assuming that is running dhcp snooping as well. For 3550SMIA, all the DHCP server packets would be egress only, therefore you don't need any port to be trusted.

regards

Jane

mahesh18 · ‎08-06-2011

Hi Gao,

Thanks for the reply.

On 3550 A switch port fa0/8 was going to 2950 switch and i removed the command ip dhcp snooping trust.

On 2950 port connecting to 3550 A here is config

2950T#sh run int fa0/8
Building configuration...

Current configuration : 148 bytes
!
interface FastEthernet0/8
description Dynamic desirable Trunk connection to Switch 3550SMIA
speed 100
duplex full
ip dhcp snooping trust
end

I connected PC to port on switch 2950 and it got IP address and DHCP snooping was working fine.

2950T#sh ip dhcp snooping binding

Option 82 on untrusted port is not allowed

MacAddress IpAddress Lease(sec) Type VLAN Interface

------------------ --------------- ---------- ------- ---- --------------------

00:1E:33:92:D5:7A 192.168.10.4 84584 dynamic 10 FastEthernet0/3.

When i connected my pc to port on 3550A switch it gets ip and works fine but when i run the command below

3550SMIA#sh ip dhcp snooping binding

MacAddress IpAddress Lease(sec) Type VLAN Interface

------------------ --------------- ---------- ------------- ---- --------------------

Total number of bindings: 0

It does not show any output as it shows on 2950T switch ?

Can you please explain me why?

Thanks

MAhesh

Ask the Experts :LAN Switching