cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

13728
Views
65
Helpful
75
Replies
Cisco Employee

ASK THE EXPERTS:LAN Switching

Hi Peter,

Please fine below for the comments:

1. 

The switch will continue processing the response. Since it does  not correspond to the local switch information, the option 82  information will not be removed in this case as opposed to being removed  if it had been received on the originating switch. 

2. 

If option 82 circuit id field is set, the destination port is  extracted from there.  Otherwise, the Mac address table is looked up  based on client hardware address.  If the client hardware address lookup  is failed, the packet mac DA is used to lookup Mac address table for  the output port.

3. 

Option 82 is skipped. So the forward preference would be chadd, then mac DA in this case.

4.

That is correct.

The above is based on cat6500 implementation but it should be common to most of the catalyst switch platforms.

best regards

Jane

Beginner

ASK THE EXPERTS:LAN Switching

Hi Matt & Jane,

Is it possible to police traffic on the Nexus 5548? I want to rate-limit (pps) ARP, DHCP, and some other traffic, but I'm having trouble finding documentation for configuring policing. Any help would be appreciated...

Thanks!

Lee

Cisco Employee

ASK THE EXPERTS:LAN Switching

Lee,

The N5K platform is curently supported by our SAN (storage) team instead of Lan Switching. That said, from the few internal discussions and customer queries I've come across, policing is not yet supported on N5K. The following feature enhancement has been opened on the ingress policing and it's already on the roadmap with the product marketing team:

CSCtr43928    Support for Ingress policing on Nexus 5500 platform

regards

Jane

Participant

ASK THE EXPERTS:LAN Switching

If there is a NATIVE VLAN mismatch on either side of an 802.1Q trunk, layer-2 loops may occur because VLAN 1 STP bridge protocol data units (BPDUs) are sent to the IEEE STP MAC adress (0180.c200.0000) untagged.

Can you explain this with examples?

Beginner

ASK THE EXPERTS:LAN Switching

hi JANE i have onluy one question can you please answer it,

if ASA5540 can be used for DMVPN?

Cisco Employee

ASK THE EXPERTS:LAN Switching

Oliver,

ASA5540 can do DMVPN passthrough but it does not do DMVPN. Since ASA/VPN is beyound my expertise, please feel free to post further questions on our security forum.

regards

Jane

Beginner

ASK THE EXPERTS:LAN Switching

Hello to the LAN-Switching Experts  :-)

Could you answer my following two questions, all related to the SG300-Family of SMB-Switches (i.e. SG300-10MP resp. SG300-20):

a) Cisco recently updated the Firmware from 1.0.0.27 to 1.1.0.73. When can we expect the corresponding and working Language-Files?

b) SG300-Family was promoted with IPv6. As I was able to read in newspapers/onlineforums it seems that there is a lot of room for improvement. Can you comment on that?

THX in advance and best regards from Switzerland.

Marc

Participant

Re: ASK THE EXPERTS:LAN Switching

Hello again dear experts!

Tell me please is there any way to boot catalyst 3750 (3560, 2960) switch from tftp?

Beginner

ASK THE EXPERTS:LAN Switching

you can load you IOS from the tftpd32 , first donload tftpd32 from google its free, run it but make it sure that you have you IOS image bin file in you PC, then , follow these steps ,

STEP 1.

                Store the IOS image on the computer in any drive with its original name .

STEP2.

           Connect the Switch to the Computer through straight cable.

STEP 3.

             Come to the Switch , come in the enable or privilege mode by entering   enable

             Then come to the configuration mode , type  config terminal push enter

           Now type interface fast Ethernet or giga Ethernet port what ever the port is connected to the PC , example interface fast Ethernet 0/1 then push enter

Now give ip address, like

Ip address 1.1.1.1 255.0.0.0   enter

No shut   enter

STEP 3 .

                 Come to the PC GO TO THE NETWORk CARD and give the ip address 1.1.1.2 subnet mask 255.0.0.0 gateway 1.1.1.0 nothing else.

STEP 4.

             Now download    tftpd32  you can get it on google download it  AND RUN IT . AFTER THAT OPEN THE TFTP WHICH WILL BE ON DESKTOP , DOUBLE CLICK IT AND COME TO current directory and brows the IOS IMAGE FILE where you save that and select that it will then comes to the current directory , now below current directory you will see server interface , in front of that you will have to click show dir and see that the IOS file can be seen .

STEP 5. COME TO THE SWITCH AGAIN , GO in enable mode.

Type this.

                   Copy tftp flash. Push enter

                 It will ask you the name and address of remote host ?

Give the IP ADDRESS of the system , 1.1.1.2 and push enter .

Now it will ask you about the source file name ?

Copy the file name from pc where the IOS IMAGE which is saved on the PC and past on the switch and type.bin in the end and push enter.

Now the SWITCH will ask you about the destination file name , you can create your own name or use the same default name that is saved on the PC which you copy past on switch , after entering the name push enter. NOW WAIT FOR 10 MINUTES IF IT WILL ASK YOU SOMETHING PUSH ENTER AND WAIT FOR THE IMAGE TO UPLOAD.

AFTER THAT COME TO THE enable mode and type wr  and the type reload and wait for the reboot process, in case you are using same destination file name as kept on the pc otherwise. Look below

If you have create your own choice name then,

Come to configuration mode , by typing config terminal push enter.

Type this command

   Boot system switch all flash:/new name that you have created and type.bin in the end push enter.

Now type exit come to the enable mode .

Type WR push enter.

Now run these commands for verification.

Show boot. ( after running this command check if the file name of the IOS is there then its ok )

Dir flash. ( after running this command check if the file name of the IOS is there then its ok )

Now TYPE THE LAST COMMAND

Reload and allow the switch to reboot and wait .

Cisco Employee

ASK THE EXPERTS:LAN Switching

Hello Pavel,

Unfortunately there is no way to directly boot the switch from tftp.  If you are stuck at the switch: prompt with no bootable IOS image you are stuck doing xmodem, though you can boost up the console speed to reduce the pain somewhat.

-Matt

Beginner

ASK THE EXPERTS:LAN Switching

Hi

can you explain me about difference between stacking and uplink in brief????????????

Cisco Employee

ASK THE EXPERTS:LAN Switching

Hi Rajnarayanan,

Can you please be more specific with the question? Stacking and Uplink are totally different concepts/terms. I'm not sure that I understand the question fully. If you could provide a context where this question arises, it'll help to answer it as well.

thanks

Jane

Frequent Contributor

ASK THE EXPERTS:LAN Switching


Hi Matt Blanshard and Jane Gao ,

How are You?

Thanks for joning the Lan switching forum.

Need to ask question on DHCP snooping.

I have 2 cisco 3550 switches and they are running HSRP.

Both switches are acting as DHCP  servers.

Switch A -3550SMIA#  is active HSRP.

Switch A 3550SMIA#  connects to layer 2 switch 2960.

I have enabled DHCP snooping on switch 3550SMIA#.

Also one port from 3550SMIA switch connects to wi fi router .

I need to know which ports on 3550SMIA  switch should be marked as trusted ?

Also do i need to mark any port as trusted on the layer 2 switch also?

Thanks

MAhesh

Cisco Employee

ASK THE EXPERTS:LAN Switching

Mahesh,

The trusted ports would allow all DHCP packets to go  through, whereas the untrusted ports would only allow client generated  packets to go through, including DHCP discovery/requests. Therefore  every switch running DHCP snooping must have its ports facing the DHCP  server as trusted.

In your case, only the L2 switch  2960 needs to have the uplink towards Switch A 3550SMIA marked as  trusted, assuming that is running dhcp snooping as well. For 3550SMIA,  all the DHCP server packets would be egress only, therefore you don't  need any port to be trusted.

regards

Jane

Frequent Contributor

ASK THE EXPERTS:LAN Switching

Hi Gao,

Thanks for the reply.

On 3550 A  switch port fa0/8 was going to 2950 switch and i removed the command ip dhcp snooping trust.

On 2950 port connecting to 3550 A here is config

2950T#sh run int fa0/8
Building configuration...

Current configuration : 148 bytes
!
interface FastEthernet0/8
description Dynamic desirable Trunk connection to Switch 3550SMIA
speed 100
duplex full
ip dhcp snooping trust
end

I connected PC  to port on switch 2950 and it got IP address and DHCP snooping was working fine.

2950T#sh ip dhcp snooping  binding

Option 82 on untrusted port is not allowed

MacAddress          IpAddress        Lease(sec)  Type     VLAN  Interface

------------------  ---------------  ----------  -------  ----  --------------------

00:1E:33:92:D5:7A   192.168.10.4     84584       dynamic  10    FastEthernet0/3.

When i connected my pc to port on 3550A  switch it gets ip and works fine but when i run the command below

3550SMIA#sh ip dhcp snooping binding

MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface

------------------  ---------------  ----------  -------------  ----  --------------------

Total number of bindings: 0

It does not show any output as it shows on 2950T  switch ?

Can you please  explain me why?

Thanks

MAhesh

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards