Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5571
Views
15
Helpful
4
Replies

Cisco 3850X - ACL turns up without configuring ?

Go to solution
Sheikh Islam
Level 1
Level 1

‎05-01-2018 06:46 AM - edited ‎03-08-2019 02:51 PM

Hello Everyone,

I have just recently configured a new 3850X.

We had 3750Xs on our network. An Infrastructure refresh is now planned and we got 3850Xs to replace the 3750Xs.

 

I started configuring one of the switch and pasted all standard config that we used to have on our 3750Xs. Added some extra bits that I thought may be necessary. Here is the config I used - 

 

 

no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service compress-config
!
hostname XX
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 XX
!
username X password 7 XX
username X password 7 XX
no aaa new-model
!
!

!

clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
switch 1 provision ws-c3850-24p

!
!
!
!
!
!
ip domain-list XX
ip domain-name XX
ip name-server XX
ip name-server XX
!
!
qos queue-softmax-multiplier 100
vtp domain none
vtp mode transparent
udld aggressive

authentication mac-move permit
no setup express
no cts server test all enable
!
!
dot1x system-auth-control
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause psp
errdisable recovery interval 35
diagnostic bootup level minimal
archive
path X
write-memory
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3

!
redundancy
mode sso
!
vlan 500
name X

!
vlan 900
name X
!

!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
description XX
switchport trunk allowed vlan 900,500
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface range GigabitEthernet1/0/1-24
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!

!
interface GigabitEthernet1/1/1
description XX
switchport trunk allowed vlan 900,500
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!
interface GigabitEthernet1/1/2
description XX
switchport trunk allowed vlan 900,500
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!


!

!
interface Vlan1
no ip address
shutdown
!
interface Vlan900
ip address XX
!

ip default-gateway XX
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!

!
logging host XX
logging host XX
!
snmp-server group X v3 priv read X
snmp-server view X iso included
snmp-server community XX RO
snmp-server community XX RW
snmp-server enable traps snmp authentication linkdown linkup coldstart
!
no setup express
!
!
!
!
line con 0
password 7 XX
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 XX
logging synchronous
transport input ssh
line vty 5 15
password 7 XX
logging synchronous
transport input ssh
!
ntp server XX
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
mac address-table notification change interval 0
mac address-table notification change
mac address-table notification mac-move
!
ap group default-group

vtp mode transparent
vtp domain XXX

crypto key generate rsa

 

 

 

Once saved. I reloaded the config and lots of extra ACLs turned up - 

 

Building configuration...

Current configuration : 15731 bytes
!
! Last configuration change at 14:02:22 BST Tue May 1 2018
!
version 16.3
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service compress-config
no platform punt-keepalive disable-kernel-core
!
hostname XX
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 XX
!
no aaa new-model
clock timezone gmt 0 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
switch 1 provision ws-c3850-24p
!
!
!
!
!
!
!
ip name-server XX
ip domain list XX
ip domain name XX
!
!
!
!
!
!
!
!
vtp domain XX
vtp mode transparent
udld aggressive

authentication mac-move permit
!
crypto pki trustpoint TP-self-signed-X
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-X
revocation-check none
rsakeypair TP-self-signed-X
!
!
crypto pki certificate chain TP-self-signed-X
certificate self-signed 01

quit
!
dot1x system-auth-control
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause psp
errdisable recovery interval 35
license boot level lanbasek9
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
archive
path XX
write-memory
!
!
username X password 7 XX
username X password 7 XX
!
redundancy
mode sso
!
hw-switch switch 1 logging onboard message
!
vlan 101
!
vlan 500
name XX
!
vlan 900
name XX
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, SGT Cache Full, LOGGING
class-map match-any system-cpp-default
description DHCP snooping, show forward and rest of traffic
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, Gold Pkt, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-control-low-priority
description ICMP redirect and general punt
class-map match-any system-cpp-police-wireless-priority1
description Wireless priority 1
class-map match-any system-cpp-police-wireless-priority2
description Wireless priority 2
class-map match-any system-cpp-police-wireless-priority3-4-5
description Wireless priority 3,4 and 5
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
policy-map system-cpp-policy
class system-cpp-police-data
police rate 200 pps
class system-cpp-police-sys-data
police rate 100 pps
class system-cpp-police-sw-forward
police rate 1000 pps
class system-cpp-police-multicast
police rate 500 pps
class system-cpp-police-multicast-end-station
police rate 2000 pps
class system-cpp-police-punt-webauth
class system-cpp-police-l2-control
class system-cpp-police-routing-control
police rate 1800 pps
class system-cpp-police-control-low-priority
class system-cpp-police-wireless-priority1
class system-cpp-police-wireless-priority2
class system-cpp-police-wireless-priority3-4-5
class system-cpp-police-topology-control
class system-cpp-police-dot1x-auth
class system-cpp-police-protocol-snooping
class system-cpp-police-forus
class system-cpp-default
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
description XX
switchport trunk allowed vlan 500,900
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/2
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/3
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/4
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/5
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/6
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/7
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/8
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/9
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/10
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/11
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/12
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/13
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/14
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/15
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/16
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/17
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/18
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/19
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/20
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/21
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/22
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/23
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/0/24
switchport access vlan 500
switchport mode access
switchport nonegotiate
storm-control broadcast level 0.02
storm-control multicast level 5.00
spanning-tree guard root
!
interface GigabitEthernet1/1/1
description XX
switchport trunk allowed vlan 500,900
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!
interface GigabitEthernet1/1/2
description XX
switchport trunk allowed vlan 500,900
switchport mode trunk
switchport nonegotiate
channel-group 1 mode active
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan900
ip address XX
!
ip default-gateway XX
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
permit tcp any any eq 22
permit tcp any any eq 465
permit tcp any any eq 143
permit tcp any any eq 993
permit tcp any any eq 995
permit tcp any any eq 1914
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit tcp any any eq smtp
permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
permit udp any any range 16384 32767
permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
permit tcp any any range 2300 2400
permit udp any any range 2300 2400
permit tcp any any range 6881 6999
permit tcp any any range 28800 29100
permit tcp any any eq 1214
permit udp any any eq 1214
permit tcp any any eq 3689
permit udp any any eq 3689
permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
permit tcp any any range 2000 2002
permit tcp any any range 5060 5061
permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
permit tcp any any eq 443
permit tcp any any eq 1521
permit udp any any eq 1521
permit tcp any any eq 1526
permit udp any any eq 1526
permit tcp any any eq 1575
permit udp any any eq 1575
permit tcp any any eq 1630
permit udp any any eq 1630
permit tcp any any eq 1527
permit tcp any any eq 6200
permit tcp any any eq 3389
permit tcp any any eq 5985
permit tcp any any eq 8080
!
logging host XX
logging host XX
!
snmp-server group X v3 priv read X
snmp-server view X iso included
snmp-server community XX
snmp-server community XX
snmp-server enable traps snmp authentication linkdown linkup coldstart
!
control-plane
service-policy input system-cpp-policy
!
!
vstack
!
line con 0
password 7 XX
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 XX
logging synchronous
login
transport input ssh
line vty 5 15
password 7 XX
logging synchronous
login
transport input ssh
!
ntp server XX
!
mac address-table notification change interval 0
mac address-table notification change
mac address-table notification mac-move
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap dot11 airtime-fairness policy-name Default 0
ap group default-group
ap hyperlocation ble-beacon 0
ap hyperlocation ble-beacon 1
ap hyperlocation ble-beacon 2
ap hyperlocation ble-beacon 3
ap hyperlocation ble-beacon 4
end

 

 

 

 

Any ideas why ? 

Do I need these ACLS ?

If not, what do you suggest we do ?

Also, Any other advise regarding this config will be highly appreciated.

 

Best regards,

Sheikh

 

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to Sheikh Islam

‎05-02-2018 06:26 AM

Hi,

All ACLs are normal behavior of new software and will automatically be added in configuration. Don't worry about it and if you need to reconfigure then you can also change.

 

These all are IOS and startup configuration files and yes you need for all files. Currently, this is upload with "Installed mode". 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/system_management/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter_010100.html#concept_995F29BBCF024184BEB15BB9731F45D0

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

View solution in original post

4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎05-01-2018 07:53 AM

Hi,

All these extra ACL and policies are normal and are part of the new software and new platforms. Also, you can't delete or modify them.

So, no need to do anything with them.

HTH

Go to solution
Sheikh Islam
Level 1
Level 1
In response to Reza Sharifi

‎05-02-2018 06:11 AM

Thanks.

 

Do I need all of these file sin the Flash:

 

HH_MEDSFW_SW2#sh flash:
-#- --length-- ---------date/time--------- path
2 2097152 May 02 2018 13:55:56.0000000000 +00:00 nvram_config
3 15954560 Apr 06 2017 04:22:42.0000000000 +00:00 cat3k_caa-guestshell.16.03.03.SPA.pkg
4 22173639 Apr 06 2017 04:22:39.0000000000 +00:00 cat3k_caa-rpbase.16.03.03.SPA.pkg
5 264899192 Apr 06 2017 04:22:42.0000000000 +00:00 cat3k_caa-rpcore.16.03.03.SPA.pkg
6 9091712 Apr 06 2017 04:22:40.0000000000 +00:00 cat3k_caa-srdriver.16.03.03.SPA.pkg
7 191324788 Apr 06 2017 04:22:40.0000000000 +00:00 cat3k_caa-wcm.16.03.03.SPA.pkg
8 13404796 Apr 06 2017 04:22:40.0000000000 +00:00 cat3k_caa-webui.16.03.03.SPA.pkg
9 4748 Mar 14 2018 13:50:58.0000000000 +00:00 packages.conf
10 407 May 02 2018 13:52:46.0000000000 +00:00 bootloader_evt_handle.log
11 4096 Mar 09 2018 18:18:57.0000000000 +00:00 core
12 4096 Apr 06 2017 04:25:18.0000000000 +00:00 core/modules
13 1 Mar 16 2018 15:52:51.0000000000 +00:00 core/.callhome
14 113947433 Mar 09 2018 18:18:57.0000000000 +00:00 core/kernel.rp_RP-EDISON_0_20180309181857.core.flat.gz
15 4096 Apr 06 2017 04:25:17.0000000000 +00:00 .prst_sync
16 4096 Apr 06 2017 04:25:19.0000000000 +00:00 .rollback_timer
17 4096 May 02 2018 13:53:00.0000000000 +00:00 dc_profile_dir
18 202640 May 02 2018 13:53:00.0000000000 +00:00 dc_profile_dir/dc_default_profiles.txt
19 202640 May 02 2018 13:33:45.0000000000 +00:00 dc_profile_dir/dc_default_profiles.txt.bkp
20 4096 Apr 06 2017 04:25:28.0000000000 +00:00 gs_script
21 65301 May 02 2018 13:53:17.0000000000 +00:00 memleak.tcl
22 4096 Apr 06 2017 04:25:59.0000000000 +00:00 .installer
23 34 May 02 2018 13:39:04.0000000000 +00:00 pnp-tech-time
24 44639 May 02 2018 13:39:07.0000000000 +00:00 pnp-tech-discovery-summary
25 2097152 May 02 2018 13:55:56.0000000000 +00:00 nvram_config_bkup
26 676 May 02 2018 13:55:47.0000000000 +00:00 vlan.dat
27 15954556 Mar 14 2018 13:49:42.0000000000 +00:00 cat3k_caa-guestshell.16.03.05b.SPA.pkg
28 22301472 Mar 14 2018 13:49:46.0000000000 +00:00 cat3k_caa-rpbase.16.03.05b.SPA.pkg
29 266035828 Mar 14 2018 13:49:43.0000000000 +00:00 cat3k_caa-rpcore.16.03.05b.SPA.pkg
30 9089660 Mar 14 2018 13:49:45.0000000000 +00:00 cat3k_caa-srdriver.16.03.05b.SPA.pkg
31 4748 Mar 14 2018 13:50:28.0000000000 +00:00 cat3k_caa-universalk9.16.03.05b.SPA.conf
32 212812400 Mar 14 2018 13:49:46.0000000000 +00:00 cat3k_caa-wcm.16.03.05b.SPA.pkg
33 13423224 Mar 14 2018 13:49:45.0000000000 +00:00 cat3k_caa-webui.16.03.05b.SPA.pkg
34 4737 Mar 14 2018 13:50:58.0000000000 +00:00 packages.conf.00-
362696704 bytes available (1178906624 bytes used)

 

----------------

 

Its coming up with a message  -

 

*May  2 13:00:33: %PLATFORM-4-ELEMENT_WARNING:Switch 1 R0/0: smand:  1/RP/0: limited space - copy corefiles/switch-reports out of flash:core & crashinfo: directories. flash:core value 7% (111 MB) exceeds warning level 5% (79 MB)

 

Regards,

 

Sheikh

 

 

0 Helpful

Go to solution
Deepak Kumar
VIP Alumni
VIP Alumni
In response to Sheikh Islam

‎05-02-2018 06:26 AM

Hi,

All ACLs are normal behavior of new software and will automatically be added in configuration. Don't worry about it and if you need to reconfigure then you can also change.

 

These all are IOS and startup configuration files and yes you need for all files. Currently, this is upload with "Installed mode". 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/system_management/configuration_guide/b_sm_3se_3850_cg/b_sm_3se_3850_cg_chapter_010100.html#concept_995F29BBCF024184BEB15BB9731F45D0

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Go to solution
andrewswanson
Level 7
Level 7
In response to Sheikh Islam

‎05-02-2018 11:44 AM

Hi


Are you running traces on your switch. You can check with "show platform software trace message" - see below ref

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/command_reference/b_163_consolidated_3850_cr/b_163_consolidated_3850_cr_chapter_010100.html

 

You could maybe running into the bug CSCvc14038 although your software isn't listed as an affected release.

 

To clean up unused software packages in flash see below link:

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/release_notes/ol-16-3-3850.html#pgfId-1158344

 

hth
Andy

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card