Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss Cisco Catalyst 4000 with Cisco expert Robert Starmer. Robert is Manager of Technical Marketing for Cisco's Gigabit Switching Business Unit. Feel free to post any questions relating to Cisco Catalyst 4000.
Robert may not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through May 10. Visit this forum often to view responses to your questions and the questions of other community members.
occasionally I'm loosing the router access and router functionality on 4006.incident took place on 3 diffrent 4006/L3.L2 remain functional.all VLAns are IP&IPXIOS 12.0.6only power off/on switch restore the operation.
Unfortunatly, with the information available, I am not able to discern what is happening. For an issue of this nature, it is best to contact Cisco's TAC in order to get proper resolution to the situation you are experiencing.
I had exact problem on one of our remote offices. I installed a new 4006 switch with layer3 blade, we are running IP and IPX on the two VLANs. the router keeps droping one of the VLAN, the only way to fix it is to power off. Then after four month, the things got worse and worse. The final solution is NOT the config, I have upgraded the code on both the router and the switch (Cisco suggueted first), then changed the sup (Cisco's second sugguestion), finally, change the layer 3 blade (after out of ideas). The changing of the layer 3 blade did the trick. it's been working for the last three month without any problems.
I have enabled Multicast (igmp/cgmp/pim sparse/dense mode )on our L2/L3 switches (Catalyst 6509) and other L2 switches (Catalyst 4000). Connecting a multicast enabled client to the L2/L3 switches works but not when connected to the L2 Switch ( Catalyst 4006) although vtp trunking is enabled to carry traffic between all the Switches. What else do I need to do?
From your basic description, this sounds like there should be no problems. Have you verified that you are receiving IGMP join requests from hosts on the other end of the trunk on the C6500? If you are receiving IGMP joins, are you seeing CGMP messages being directed to the C4000? Are you running recent versions of code on both systems?
Hope that helps,
Yes I am receiving igmp/cgmp pkts.
This is the sh cgmp sta on the C4000
CGMP statistics for vlan:
valid rx pkts received 153904
invalid rx pkts received 0
valid cgmp joins received 153904
valid cgmp leaves received 0
And on the C6500
IGMP Mode: auto
IGMP Operational Mode: igmp-cgmp
IGMP Address Aliasing Mode: normal
sh igmp sta
IGMP statistics for vlan:
IGMP statistics for vlan:
General Queries: 0
Group Specific Queries: 1
General Queries: 156401
Group Specific Queries: 0
Total Valid pkts: 1944317
Total Invalid pkts: 0
Other pkts: 1251190
I am running 5.5.9 on C6500 and 6.3.1 on C4000. Still with all this, the application refuses to run on the C4000. Is there somethng else I should be looking at. Have you come across this problem before?
This is not a problem I have seen before, and I am truly puzzled. It does appear that your IGMP router is not receiving IGMP joins for a specific group, which seems odd. Have you tried disabeling CGMP to verify that there isn't some other configuration error? This will send packets to all ports in a vlan (at least at the end of the trunk), but it might give you more insight into what the problem is. Also, you might want to open a case with TAC, as they may have other ideas as to what is going wrong. There may also be code specific issues which I don't know of which they can help to resolve.
I am looking to poll for temperature sensors on catalyst 4000's. I have upgraded the switches software on a cat2948g (just to test) and can do a show environment all and see a temperature reading but I cannot find the temperature when I go through the mibs. I have successfully done this on cat6500's. Any help would be great. Thanks
Although the CISCO-ENVMON-MIB is supported in the CatOS release, it is not completely supported, and it does not currently support the temperature sensor option.
We have a Cat4006 with a separate layer 3 module and 3 x 48 port 10/100 modules installed. Is it correct that all the user ports should be assigned a different VLAN from the default (VLAN1) to ensure a better throughput for the users data and to ensure the CPU is giving priority to management data (ie. BDPU)?
Segregation of clients from vlan1 is the most typically recommended design. The goal is to seperate the client traffic from the management vlan (vlan1). The thought is that if something bad is going on in the client vlan, network support can attach via vlan1 and help to resolve the problem. I have seen both implementations (in vlan1 and not) and I prefer the clients in the non-vlan1 implementation.
Is it required to have an external router for each Vlan that is created or can the router module and supervisor engine be setup to handle all directed traffic? And if so, can this create a bottleneck on the router module?
No a single interface can be configured with subinterfaces for each vlan. It can create a bottle neck, it depends on the environment. To avoid this mutliple interfaces can be used (each with a few vlans) or an integrated (RSM/MSFC) module can be used in the switch (depends on switch module) so that the routing and switching are tightly coupled to the switch back plane.
Thanks for responding, but I perhaps didn't explain myself very well, you are talking about segregating clients from the switch management VLAN (ie. to enable a telnet session on to the switch), I was actually talking about the segregation of management protocols such as Spanning Tree from the clients VLAN.
My apologies - I didn't follow your line of thought. To my knowledge stp is going to run on each vlan for topology change detection and advertisment, so I don't believe you can seperate out the management protocols that are running on each vlan. Possibly someone else may have a suggestion. There are a few per port settings that you can change that will eliminate trunk and channel negotiation (which eliminates management protocol such as pagp), you can also set port priorities that will allow a port to have multiple time slots for traffic processing. The CiscoPress book ISBN 1-57870-094-9 goings into these types of issues in great detail it is a bit pricey ($70 list)
When stacking Cat3524's with Gigastack GBICs (WS-X3500-XL) and a resilient link between the top and bottom 3524's, is it possible to make one specific 3524 GBIC Sub-interface into a blocking state? It appears that Spanning-Tree is working on a per GBIC interface (NOT Sub-interface - via the lowest MAC-Address/lowest priority) and some Cisco specific protocol is running on the GBICs sub-interfaces (which appears to be the HIGHEST 3524 MAC-Address). In conclusion, how can I control which 3524 GBIC sub-interface is in a blocking state (ie. via the Cisco specific protocol)?
You can change the spantree portvlanpri (mod/port prior vlan) to set the port priority per vlan (default is vlan1) whch will force a given port to become root port for a given vlan. This can be used to load balance i.e. carry traffic for vlans 2,4,6,8 on port 1/1 and vlans 1,3,5,7 on port 1/2. Another method is to use spantree portcost . Alot of these types of settings depend on you specific switch topology as to which is best used to effect the behavior you desire. If you want all the traffic over one link 1/2 instead of 1/1 just set the priority for all the vlans on that port.
REDUNDANT POWER SUPPLIES
I am currently seeing up DFM to monitor my Catalyst 4006. When I discovered the switches with three (3) power supplies, DFM only sees two (2). Is this a problem with the MIB, DFM, or the Catalyst OS version?
The MIB on my version of CatOS (7.2(2)) does show all three power supplies, so it might be a bug in DFM or in an older version of CatOS, but I don't see this mentioned in the release notes, so I would look to see if there is an issue with DFM.
I did some more investigation. Cisco-ENVMON-MIB was not supported until 7.1 of CatOS for the 4000 series switches.
I have a number of 4006's used as edge switches supporting IP telephones with the aux power shelf & PEM. One thing that is frustrating is that while I have 6 power supplies (& cords), I need 2 of each to run. On my 6509's I connect one PS to a UPS and one to wall power so that I'm covered if either fails, but I can't do this with the 4006. I end up connecting everything to the UPS so the only redundancy I have is against a power supply, not power source, failure. Source failures are much more common for me. Is there a solution (either current or future) that would relieve this? It would be really nice if the 6 PS's could somehow be pooled (rather than separate phone power & switch power). Not to mention that all the cables make for a bit of a wiring mess. I really like the 4000 series as Layer 2 switches (haven't tried any L3 features yet, though I just bought one with a Sup3 so we'll see), but the power supplies/distribution are a weak point.
Any suggestions or encouragement?
We are investigating a number of options to help remedy this issue, but nothing has yet been commited, so I have no time frame for a resolution.
I am working on a Catalyst 4003,with supervisor engine-2,SW software version 6.1(2), Router software version 12.0(18).
I defined several VLANs on gigabit interfaces.I want to apply access-lists for restricting traffic between these VLANS.I set access-lists on gigabit sub-interfaces or gigabit interfaces(3 and 4) BUT it did NOT work. Although I tried different conditions, I did not get any positive result.
Did you try to apply any access-list on gigabit sub-interfaces? Is it working?
What maybe the problem?
I have not tested this particular configuration recently, but I will try to do so on Monday. Have you opened a TAC case about this? It might be a bug in the particular version you are using.
I did a bit of additional research, and there are indeed cases where an ACL will be accepted by the 4232-L3 router, and yet not actually get applied to traffic passing through the system. It has to do with wether the router is forwarding packets in hardware or software. Hardware ACLs in the 4232-L3 module are limited. There is more information on this available at:
I have only a little question but maybe not so uninportant,
Can I enable CDP in a live network with no problems?.
I ask this because it will gather a lot of information and i want to know if this is effecting network performance.
A long time ago there were issues with CDP messages flooding networks. This is no longer the case, and CDP has been found to be an excellent tool for gathering network topologies and troubleshooting networks. Certain tools, such as CiscoWorks rely heavily on CDP to help derive network topologies as well.
To that end, I am not aware of any issues with enableing CDP on a network.
I'm looking at using the Cat 4000 with the sup III as core for my small network (approx 600 nodes). From what I have read this platform would be a good fit since has full routing capabilities. Currently we utilize HP switches at the access point ( though we will be slowly moving to Cisco here as well ) I was wondering if the Cat 4000/ SupIII is in fact a good choice, and if there would be any issues linking up the non Cisco switches up to the core .
I think you will find that the SupIII is a perfect fit for your network and will provide standards based interoperability with your non-Cisco access devices. I think you will be very happy with your choice, and will be able to leverage the C4000 investment today as your network grows.