Please fine below for the comments:
The switch will continue processing the response. Since it does not correspond to the local switch information, the option 82 information will not be removed in this case as opposed to being removed if it had been received on the originating switch.
If option 82 circuit id field is set, the destination port is extracted from there. Otherwise, the Mac address table is looked up based on client hardware address. If the client hardware address lookup is failed, the packet mac DA is used to lookup Mac address table for the output port.
Option 82 is skipped. So the forward preference would be chadd, then mac DA in this case.
That is correct.
The above is based on cat6500 implementation but it should be common to most of the catalyst switch platforms.
Hi Matt & Jane,
Is it possible to police traffic on the Nexus 5548? I want to rate-limit (pps) ARP, DHCP, and some other traffic, but I'm having trouble finding documentation for configuring policing. Any help would be appreciated...
The N5K platform is curently supported by our SAN (storage) team instead of Lan Switching. That said, from the few internal discussions and customer queries I've come across, policing is not yet supported on N5K. The following feature enhancement has been opened on the ingress policing and it's already on the roadmap with the product marketing team:
CSCtr43928 Support for Ingress policing on Nexus 5500 platform
ASA5540 can do DMVPN passthrough but it does not do DMVPN. Since ASA/VPN is beyound my expertise, please feel free to post further questions on our security forum.
Hello to the LAN-Switching Experts :-)
Could you answer my following two questions, all related to the SG300-Family of SMB-Switches (i.e. SG300-10MP resp. SG300-20):
a) Cisco recently updated the Firmware from 188.8.131.52 to 184.108.40.206. When can we expect the corresponding and working Language-Files?
b) SG300-Family was promoted with IPv6. As I was able to read in newspapers/onlineforums it seems that there is a lot of room for improvement. Can you comment on that?
THX in advance and best regards from Switzerland.
you can load you IOS from the tftpd32 , first donload tftpd32 from google its free, run it but make it sure that you have you IOS image bin file in you PC, then , follow these steps ,
Store the IOS image on the computer in any drive with its original name .
Connect the Switch to the Computer through straight cable.
Come to the Switch , come in the enable or privilege mode by entering enable
Then come to the configuration mode , type config terminal push enter
Now type interface fast Ethernet or giga Ethernet port what ever the port is connected to the PC , example interface fast Ethernet 0/1 then push enter
Now give ip address, like
Ip address 220.127.116.11 255.0.0.0 enter
No shut enter
STEP 3 .
Come to the PC GO TO THE NETWORk CARD and give the ip address 18.104.22.168 subnet mask 255.0.0.0 gateway 22.214.171.124 nothing else.
Now download tftpd32 you can get it on google download it AND RUN IT . AFTER THAT OPEN THE TFTP WHICH WILL BE ON DESKTOP , DOUBLE CLICK IT AND COME TO current directory and brows the IOS IMAGE FILE where you save that and select that it will then comes to the current directory , now below current directory you will see server interface , in front of that you will have to click show dir and see that the IOS file can be seen .
STEP 5. COME TO THE SWITCH AGAIN , GO in enable mode.
Copy tftp flash. Push enter
It will ask you the name and address of remote host ?
Give the IP ADDRESS of the system , 126.96.36.199 and push enter .
Now it will ask you about the source file name ?
Copy the file name from pc where the IOS IMAGE which is saved on the PC and past on the switch and type.bin in the end and push enter.
Now the SWITCH will ask you about the destination file name , you can create your own name or use the same default name that is saved on the PC which you copy past on switch , after entering the name push enter. NOW WAIT FOR 10 MINUTES IF IT WILL ASK YOU SOMETHING PUSH ENTER AND WAIT FOR THE IMAGE TO UPLOAD.
AFTER THAT COME TO THE enable mode and type wr and the type reload and wait for the reboot process, in case you are using same destination file name as kept on the pc otherwise. Look below
If you have create your own choice name then,
Come to configuration mode , by typing config terminal push enter.
Type this command
Boot system switch all flash:/new name that you have created and type.bin in the end push enter.
Now type exit come to the enable mode .
Type WR push enter.
Now run these commands for verification.
Show boot. ( after running this command check if the file name of the IOS is there then its ok )
Dir flash. ( after running this command check if the file name of the IOS is there then its ok )
Now TYPE THE LAST COMMAND
Reload and allow the switch to reboot and wait .
Unfortunately there is no way to directly boot the switch from tftp. If you are stuck at the switch: prompt with no bootable IOS image you are stuck doing xmodem, though you can boost up the console speed to reduce the pain somewhat.
Can you please be more specific with the question? Stacking and Uplink are totally different concepts/terms. I'm not sure that I understand the question fully. If you could provide a context where this question arises, it'll help to answer it as well.
Hi Matt Blanshard and Jane Gao ,
How are You?
Thanks for joning the Lan switching forum.
Need to ask question on DHCP snooping.
I have 2 cisco 3550 switches and they are running HSRP.
Both switches are acting as DHCP servers.
Switch A -3550SMIA# is active HSRP.
Switch A 3550SMIA# connects to layer 2 switch 2960.
I have enabled DHCP snooping on switch 3550SMIA#.
Also one port from 3550SMIA switch connects to wi fi router .
I need to know which ports on 3550SMIA switch should be marked as trusted ?
Also do i need to mark any port as trusted on the layer 2 switch also?
The trusted ports would allow all DHCP packets to go through, whereas the untrusted ports would only allow client generated packets to go through, including DHCP discovery/requests. Therefore every switch running DHCP snooping must have its ports facing the DHCP server as trusted.
In your case, only the L2 switch 2960 needs to have the uplink towards Switch A 3550SMIA marked as trusted, assuming that is running dhcp snooping as well. For 3550SMIA, all the DHCP server packets would be egress only, therefore you don't need any port to be trusted.
Thanks for the reply.
On 3550 A switch port fa0/8 was going to 2950 switch and i removed the command ip dhcp snooping trust.
On 2950 port connecting to 3550 A here is config
2950T#sh run int fa0/8
Current configuration : 148 bytes
description Dynamic desirable Trunk connection to Switch 3550SMIA
ip dhcp snooping trust
I connected PC to port on switch 2950 and it got IP address and DHCP snooping was working fine.
2950T#sh ip dhcp snooping binding
Option 82 on untrusted port is not allowed
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------- ---- --------------------
00:1E:33:92:D5:7A 192.168.10.4 84584 dynamic 10 FastEthernet0/3.
When i connected my pc to port on 3550A switch it gets ip and works fine but when i run the command below
3550SMIA#sh ip dhcp snooping binding
MacAddress IpAddress Lease(sec) Type VLAN Interface
------------------ --------------- ---------- ------------- ---- --------------------
Total number of bindings: 0
It does not show any output as it shows on 2950T switch ?
Can you please explain me why?