[nsp] 6509 Help - Please! :)

Paul Stewart pauls at nexicom.net
Thu Mar 18 20:19:39 EST 2004


Hi everyone...

I'm trying to bring a new 6509 online in hybrid mode... This is my first
attempt at hybrid mode (although I am used to 5500's with RSM cards so
hoping it's not much different)....

Anyways, my problem is getting native vlan online.  

At the moment this switch is configured but not live... However I cannot get
vlan 2 (my default vlan) to come online.. Trying to avoid using vlan 1 for
political reasons.  This is all in an effort to run policing on vlan ports
and limit bandwidth.  Since my last posts I have discovered that a 6509 we
connect to via fiber is running hybrid mode and doing policing on vlan's no
problem hence why we dumped native ios for the time being.... ;)

Anyways, here's my configs... Hope someone has a minute to browse them and
let me know where I'm going wrong... My main concern is to get vlan2 up..
Once it's up I believe the rest should fall into place..  But I'm really
lost at this point (geesh, these configs are long haha)

Our setup is *really* simple... Port 3/1 is a trunked isl port that has
multiple vlan's on it.  *All* other ports are part of vlan2 itself.  That's
it.  It's a low traffic site and my goal is simple to get everything running
through it and hopefully do some policing on the vlan's in the "router".
Oh, and this switch is the vtp master as well...

Right now I cannot ping my own address while on the router side even... Vlan
2 is down/down as are all other vlans.  From the switch side I cannot ping
it's own address or the router side neither...

Sorry that the configs are so long but didn't want to miss anything that
might be important...  I've tried to cutout the obvious stuff...

Thanks so much in advance to the group.. You guys/gals  have been
wonderful...  I'm now 3 days longer at the client site and this is getting
embarrassing..;)

Paul

begin
!
# ***** ALL (DEFAULT and NON-DEFAULT) CONFIGURATION *****
!
!
#time: Fri Mar 19 2004, 00:59:31
!
#version 8.2(1)
!
set feature agg-link-partner disable
set option long-cable disable
set password xxxxxxx
set enablepass xxxxxxxx
set prompt xxxxxxx>
set length 24 default
set logout 20
set config mode binary
set banner motd ^C^C
set banner lcd ^C^C
!
#test
set test diaglevel minimal
set test diagfail-action offline
!
#dot1x
set dot1x system-auth-control enable
set dot1x quiet-period 60
set dot1x tx-period 30
set dot1x shutdown-timeout 300
set dot1x supp-timeout 30
set dot1x server-timeout 30
set dot1x max-req 2
set dot1x re-authperiod 3600
set feature dot1x-radius-keepalive enable
!
#errordetection
set errordetection inband disable
set errordetection memory disable
set errordetection portcounter disable
!
#system
set system baud  9600
set system modem disable
set traffic monitor 100
set system highavailability disable
set system highavailability versioning disable
set system info-log disable
set system info-log tftp 0.0.0.0 sysinfo
set system info-log interval 1440
set system crossbar-fallback bus-mode
set system switchmode allow truncated
set system switchmode threshold 2
set system core-dump disable
set system core-file  slot0:crashinfo
set system syslog-dump disable
set system syslog-file  slot0:sysloginfo
set system supervisor-update disable
set feature log-command enable
set feature loop-detect enable
set feature supmon enable
!
#power
set power redundancy enable
!
#Default Inlinepower
set inlinepower defaultallocation 15400
!
#frame distribution method
set port channel all distribution ip both
!
#mac address reduction
set spantree macreduction disable
!
#default portcost mode
set spantree defaultcostmode short
!
#Local User
set localuser authentication disable
!
#stp mode
set spantree mode rapid-pvst
!
#vtp
set vtp domain xxxxx
set vtp mode server
set vtp mode server vlan
set vtp passwd xxxxxx
set vtp version 1
set vtp pruning disable
set vtp pruneeligible 2-1000
clear vtp pruneeligible 1001-1005
set vlan 2 name Management_VLAN type ethernet mtu 1500 said 100002 state
active
set vlan 50 name xxxxxxx type ethernet mtu 1500 said 100050 state active
set vlan 99 name xxxxxx type ethernet mtu 1500 said 100099 state active
set vlan 200 name xxxxxx type ethernet mtu 1500 said 100200 state active
set vlan 201 name xxxxxx type ethernet mtu 1500 said 100201 state active
set vlan 202 name xxxxxxx type ethernet mtu 1500 said 100202 state active
set vlan 203 name xxxxxx type ethernet mtu 1500 said 100203 state active
set vlan 204 name xxxxxx type ethernet mtu 1500 said 100204 state active
set vlan 205 name xxxxxx type ethernet mtu 1500 said 100205 state active
set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active
set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state
active stp ibm
set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state
active stp ibm
<this part I find quite weird...for vlan 1>
set vlan 1
set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state
active mode srb aremaxhop 0 stemaxhop 0 backupcrf off
set vlan 1 translation 1002 translation 1003
set vlan 1002 translation 1 translation 1003
set vlan 1003 translation 1 translation 1002
!
#dot1q-all-tagged
set dot1q-all-tagged disable
!
#Layer 2 protocol tunnel
set l2protocol-tunnel cos 5
set l2protocol-tunnel trunk disable
!
#ip
set feature mdg enable
set feature psync-recovery no-powerdown
set interface sc0 1 xxx.xxx.100.14/255.255.255.0 xxx.xxx.100.255

set interface sc0 up
set interface trap sc0 disable
set interface sl0 0.0.0.0 0.0.0.0
set interface sl0 up
set interface trap sl0 disable
set interface sc1 2 0.0.0.0/0.0.0.0 0.0.0.0

set interface sc1 down
set interface trap sc1 disable
set arp agingtime 1200
set ip redirect   enable
set ip unreachable   enable
set ip fragmentation enable
set ip route 0.0.0.0/0.0.0.0         xxx.xxx.100.1
set ip alias default         0.0.0.0
!
#command alias
!
#vmps
set vmps server retry 3
set vmps server reconfirminterval 60
set vmps downloadmethod tftp
set vmps downloadserver 0.0.0.0 vmps-config-database.1
set vmps state disable

!
#rcp
set rcp username
!
#ftp
set ftp username
set ftp password encrypted
set ftp mode passive enable
!
#dns
set ip dns server 216.168.96.10 primary
set ip dns server 216.168.96.13
set ip dns enable
set ip dns domain nexicom.net
!
#spantree
#spantree global defaults
set spantree global-default portfast disable
set spantree global-default loop-guard disable
#portfast
set spantree global-default bpdu-guard disable
set spantree global-default bpdu-filter disable
#bpdu-skewing
set spantree bpdu-skewing disable

#MST (IEEE 802.1s)
set spantree fwddelay 15 mst
set spantree hello 2  mst
set spantree maxage 20 mst
set spantree mst maxhops 20
set spantree priority 32768 mst
set spantree priority 32768 mst 1
set spantree priority 32768 mst 2
set spantree priority 32768 mst 3
set spantree priority 32768 mst 4
set spantree priority 32768 mst 5
set spantree priority 32768 mst 6
set spantree priority 32768 mst 7
set spantree priority 32768 mst 8
set spantree priority 32768 mst 9
set spantree priority 32768 mst 10
set spantree priority 32768 mst 11
set spantree priority 32768 mst 12
set spantree priority 32768 mst 13
set spantree priority 32768 mst 14
set spantree priority 32768 mst 15

#MST Configuration
set spantree mst config rollback force
set spantree mst config name  revision 0
set spantree mst 0 vlan 1-4094
set spantree mst config commit

#uplinkfast groups
set spantree uplinkfast disable
#backbonefast
set spantree backbonefast disable
#vlan                         <VlanId>
#vlan(defaults)
set spantree enable  1-2,50,99,200-205
set spantree fwddelay 15     1-2,50,99,200-205
set spantree hello    2      1-2,50,99,200-205
set spantree maxage   20     1-2,50,99,200-205
set spantree priority 32768  1-2,50,99,200-205
!
#set boot command
set boot config-register 0x2102
set boot config-register auto-config overwrite
set boot config-register auto-config sync disable
set boot system flash bootflash:cat6000-sup2k8.8-2-1.bin
set config acl nvram
!
!
#permanent arp entries
!
#igmp
set igmp enable
set igmp fastleave disable
set igmp v3-processing disable
set igmp fastblock disable
set igmp ratelimit disable
set igmp ratelimit general-query 100
set igmp ratelimit dvmrp 100
set igmp ratelimit mospf1 100
set igmp ratelimit mosfp2 100
set igmp ratelimit pimv2 100
!
#igmp querier
set igmp querier disable 1-1005,1025-4094
set igmp querier 1-1005,1025-4094 qi 125
set igmp querier 1-1005,1025-4094 oqi 300
!
#rgmp
set rgmp disable
!
#protocolfilter
set protocolfilter disable
!
#mls
set mls flow full
set mls rate 0
set mls cef load-balance source-destination-ip
set mls cef per-prefix-stats enable
set mls verify checksum enable
set mls verify length ip minimum enable
set mls verify length ip inconsistant enable
set mls verify length ipx minimum enable
set mls verify length ipx inconsistant enable
set mls bridged-flow-statistics disable 1-1000,1025-4094
set mls nde version 7
set mls nde destination-ifindex enable
set mls nde source-ifindex enable
set mls agingtime long-duration 320
set mls agingtime 12
set mls agingtime ipx 12
set mls agingtime fast 0 0
set mls nde disable
!
#vlan mapping
!
#gmrp
set gmrp disable
!
#garp
set garp timer all 200 600 10000
!
#cdp
set cdp interval 60
set cdp holdtime 180
set cdp enable
set cdp version v2
set cdp format device-id other
!
#cops
set cops retry-interval 30 30 300
!
#acllog
set acllog ratelimit 0
!
!
#mmls nonrpf
set mmls nonrpf enable
set mmls nonrpf timer 60
set mmls nonrpf window 10
set mmls nonrpf timer 10
!
#mmls flow-statistics
set mmls flow-statistics timer 20
set mmls flow-statistics threshold 60
!
#udld
set udld disable
set udld interval 15
!
#LACP channel
set lacp-channel system-priority 32768
!
#channelprotocol
set channelprotocol pagp 1
set channelprotocol pagp 3
set channelprotocol pagp 4
!
#port channel
set port channel 1/1-2 85
set port channel 3/1-4 87
set port channel 3/5-8 88
set port channel 3/9-12 89
set port channel 3/13-16 90
set port channel 3/17-20 91
set port channel 3/21-24 92
set port channel 3/25-28 93
set port channel 3/29-32 94
set port channel 3/33-36 95
set port channel 3/37-40 96
set port channel 3/41-44 97
set port channel 3/45-48 98
set port channel 4/1-4 99
set port channel 4/5-8 100
set port channel 4/9-12 101
set port channel 4/13-16 102
set port channel 4/17-20 103
set port channel 4/21-24 104
set port channel 4/25-28 105
set port channel 4/29-32 106
set port channel 4/33-36 107
set port channel 4/37-40 108
set port channel 4/41-44 109
set port channel 4/45-48 110
!
#security ACLs
set security acl arp-inspection match-mac enable
set security acl arp-inspection address-validation enable
set security acl feature ratelimit 500
set security acl log maxflow 500
set security acl log ratelimit 2500
!
#accounting
set accounting exec disable
set accounting connect disable
set accounting system disable
set accounting commands disable
set accounting suppress null-username disable
set accounting update new-info
!
#errdisable timeout
set errdisable-timeout disable other
set errdisable-timeout disable udld
set errdisable-timeout disable duplex-mismatch
set errdisable-timeout disable bpdu-guard
set errdisable-timeout disable channel-misconfig
set errdisable-timeout disable crossbar-fallback
set errdisable-timeout disable gl2pt-ingress-loop
set errdisable-timeout disable gl2pt-threshold-exceed
set errdisable-timeout disable bcast-suppression
set errdisable-timeout disable authentication-fail
set errdisable-timeout disable md5-fail
set errdisable-timeout disable arp-inspection
set errdisable-timeout disable nostatic-power
set errdisable-timeout interval 300
!
#http configuration
set ip http server disable
set ip http port 80
!
#private vlans
!
#crypto key
!
#qos statistics data export
set qos statistics export disable
set qos statistics export interval 300
set qos statistics export destination 0.0.0.0 0
!
#mmls srm
set mmls srm leak-start 30
set mmls srm purge 120
set mmls srm enable
set mmls srm leak-end 90
set mmls srm batch-size 10
!
#port security
set port security auto-configure disable
!
# default port status is enable
!
!
#module 1 : 2-port 1000BaseX Supervisor
set module name    1
set vlan 1    1/1-2
set port enable     1/1-2
set port clock 1/1-2 auto
set port trap       1/1-2  disable
set port name       1/1-2
set port security 1/1-2 disable age 0 maximum 1 shutdown 0 unicast-flood
enable violation shutdown
set port dot1x 1/1-2 port-control force-authorized
set port dot1x 1/1-2 multiple-host disable
set port dot1x 1/1-2 multiple-authentication disable
set port dot1x 1/1-2 shutdown-timeout disable
set port dot1x 1/1-2 re-authentication disable
set port dot1x 1/1-2 guest-vlan none
set port broadcast  1/1-2  100.00% violation drop-packets multicast disable
unicast disable
set port membership 1/1-2  static
set port protocol 1/1-2 ip on
set port protocol 1/1-2 ipx auto
set port protocol 1/1-2 group auto
set port negotiation 1/1-2 enable
set port flowcontrol    1/1-2 send desired
set port flowcontrol    1/1-2 receive off
set port vtp 1/1-2 enable
set cdp enable   1/1-2
set udld aggressive-mode disable 1/1-2
set trunk 1/1  auto negotiate 1-1005,1025-4094
set trunk 1/2  auto negotiate 1-1005,1025-4094
set spantree portfast    1/1-2 default
set spantree bpdu-filter 1/1-2 default
set spantree bpdu-guard 1/1-2 default
set spantree link-type 1/1-2 auto
set spantree portpri     1/1-2  32 mst
set spantree portinstancepri 1/1  0 mst
set spantree portinstancepri 1/2  0 mst
set spantree portcost    1/1-2  20000 mst
set spantree portinstancecost 1/1  cost 19999 mst
set spantree portinstancecost 1/2  cost 19999 mst
set spantree portcost    1/1-2  4
set spantree portpri     1/1-2  32
set spantree portvlanpri 1/1  0
set spantree portvlanpri 1/2  0
set spantree portvlancost 1/1  cost 3
set spantree portvlancost 1/2  cost 3
set spantree guard default 1/1-2
set port qos 1/1-2 cos 0
set port qos 1/1-2 trust untrusted
set port qos 1/1-2 port-based
set port qos 1/1-2 policy-source cops
set port rsvp 1/1-2 dsbm-election disable 128
set port gvrp     1/1-2  disable
set gvrp registration normal   1/1-2
set gvrp applicant normal   1/1-2
set port gmrp   1/1-2  enable
set gmrp registration normal   1/1-2
set gmrp fwdall disable    1/1-2
set port jumbo  1/1-2  disable
set port dot1qtunnel 1/1-2 disable
set port dot1q-all-tagged 1/1-2 enable
set port dot1q-ethertype 1/1  8100
set port dot1q-ethertype 1/2  8100
set port l2protocol-tunnel 1/1-2 cdp stp vtp disable
set port l2protocol-tunnel 1/1  drop-threshold 0 shutdown-threshold 0
set port l2protocol-tunnel 1/2  drop-threshold 0 shutdown-threshold 0
set port arp-inspection 1/1  drop-threshold 0 shutdown-threshold 0
set port arp-inspection 1/2  drop-threshold 0 shutdown-threshold 0
set qos statistics export port 1/1 disable
set qos statistics export port 1/2 disable
set port sync-restart-delay 1/1 210
set port sync-restart-delay 1/2 210
set port debounce 1/1 disable
set port debounce 1/1 delay 10
set port debounce 1/2 disable
set port debounce 1/2 delay 10
set port unicast-flood 1/1-2 enable
set port errdisable-timeout 1/1-2 enable
set cam notification added disable 1/1-2
set cam notification removed disable 1/1-2
set port channel 1/1-2 mode auto silent
!
#module 2 empty
!
#module 3 : 48-port 10/100BaseTX Ethernet
set module name    3
set module enable  3
set vlan 2    3/1-48
set port auxiliaryvlan 3/1-48 none
set port qos 3/1-48 trust-ext untrusted
set port qos 3/1-48 cos-ext 0
set port qos 3/1-48 trust-device none
set port enable     3/1-48
set port speed      3/1-48  auto
set port trap       3/1-48  disable
set port name       3/1  Fiber_Port
set port name       3/2-48
set port security 3/1-48 disable age 0 maximum 1 shutdown 0 unicast-flood
enable violation shutdown
set port dot1x 3/1-48 port-control force-authorized
set port dot1x 3/1-48 multiple-host disable
set port dot1x 3/1-48 multiple-authentication disable
set port dot1x 3/1-48 shutdown-timeout disable
set port dot1x 3/1-48 re-authentication disable
set port dot1x 3/1-48 guest-vlan none
set port broadcast  3/1-48  100.00% violation drop-packets
set port membership 3/1-48  static
set port protocol 3/1-48 ip on
set port protocol 3/1-48 ipx off
set port protocol 3/1-48 group auto
set port flowcontrol    3/1-48 send off
set port flowcontrol    3/1-48 receive off
set port vtp 3/1-48 enable
set cdp enable   3/1-48
set udld disable 3/1-48
set udld aggressive-mode disable 3/1-48
set trunk 3/1  on isl 1-1005,1025-4094
set trunk 3/2  auto negotiate 1-1005,1025-4094
set trunk 3/3  auto negotiate 1-1005,1025-4094
set trunk 3/4  auto negotiate 1-1005,1025-4094
...
set spantree portfast    3/1-48 default
set spantree bpdu-filter 3/1-48 default
set spantree bpdu-guard 3/1-48 default
set spantree link-type 3/1-48 auto
set spantree portpri     3/1-48  32 mst
set spantree portinstancepri 3/1  0 mst
set spantree portinstancepri 3/2  0 mst
set spantree portinstancepri 3/3  0 mst
...
set spantree portcost    3/1-3,3/5-48  2000000 mst
set spantree portcost    3/4  200000 mst
set spantree portinstancecost 3/1  cost 1999999 mst
set spantree portinstancecost 3/2  cost 1999999 mst
set spantree portinstancecost 3/3  cost 1999999 mst
set spantree portinstancecost 3/4  cost 199999 mst
...
set spantree portcost    3/4  19
set spantree portcost    3/1-3,3/5-48  100
set spantree portpri     3/1-48  32
set spantree portvlanpri 3/1  0
set spantree portvlanpri 3/2  0
...
set spantree portvlancost 3/1  cost 99
set spantree portvlancost 3/2  cost 99
set spantree portvlancost 3/3  cost 99
...
set spantree guard default 3/1-48
set port qos 3/1-48 cos 0
set port qos 3/1-48 trust untrusted
set port qos 3/1-48 port-based
set port qos 3/1-48 policy-source cops
set port rsvp 3/1-48 dsbm-election disable 128
set port gvrp     3/1-48  disable
set gvrp registration normal   3/1-48
set gvrp applicant normal   3/1-48
set port gmrp   3/1-48  enable
set gmrp registration normal   3/1-48
set gmrp fwdall disable    3/1-48
set port jumbo  3/1-48  disable
set port dot1qtunnel 3/1-48 disable
set port dot1q-all-tagged 3/1-48 enable
set port l2protocol-tunnel 3/1-48 cdp stp vtp disable
set port l2protocol-tunnel 3/1  drop-threshold 0 shutdown-threshold 0
set port l2protocol-tunnel 3/2  drop-threshold 0 shutdown-threshold 0
set port l2protocol-tunnel 3/3  drop-threshold 0 shutdown-threshold 0
...
set port arp-inspection 3/1  drop-threshold 0 shutdown-threshold 0
set port arp-inspection 3/2  drop-threshold 0 shutdown-threshold 0
set port arp-inspection 3/3  drop-threshold 0 shutdown-threshold 0
set port arp-inspection 3/4  drop-threshold 0 shutdown-threshold 0
...
set qos statistics export port 3/1 disable
set qos statistics export port 3/2 disable
set qos statistics export port 3/3 disable
...
set port debounce 3/1 disable
set port debounce 3/2 disable
set port debounce 3/3 disable
...
set port unicast-flood 3/1-48 enable
set port errdisable-timeout 3/1-48 enable
set cam notification added disable 3/1-48
set cam notification removed disable 3/1-48
set port channel 3/1-48 mode auto silent
!
!
#module 5 empty
!
#module 6 empty
!
#module 7 empty
!
#module 8 empty
!
#module 9 empty
!
#module 15 : 1-port Multilayer Switch Feature Card
set module name    15
set module enable  15
set vlan 2    15/1
set port name       15/1
set port vtp 15/1 enable
set cdp enable   15/1
clear trunk 15/1  1-1005,1025-4094
set trunk 15/1  nonegotiate isl
set spantree portcost    15/1  20000 mst
set spantree portinstancecost 15/1  cost 19999 mst
set spantree portcost    15/1  4
set spantree portpri     15/1  32
set spantree portvlanpri 15/1  0
set spantree portvlancost 15/1  cost 3
set spantree guard default 15/1
set port gmrp   15/1  enable
set gmrp registration normal   15/1
set gmrp fwdall disable    15/1
set port jumbo  15/1  disable
set port arp-inspection 15/1  drop-threshold 0 shutdown-threshold 0
set cam notification added disable 15/1
set cam notification removed disable 15/1
!
#module 16 empty
!
#switch port analyzer
!
#cam
set cam agingtime 1-2,50,99,200-205 300
set cam notification disable
set cam notification interval 300
set cam notification historysize 1
set cam notification threshold disable
set cam notification threshold limit 50
set cam notification threshold interval 300
set cam notification move disable
!
#gvrp
set gvrp dynamic-vlan-creation disable
set gvrp disable
!
#vlan verify-port-provisioning
set vlan verify-port-provisioning disable
!
#authorization
set authorization exec disable console
set authorization exec disable telnet
set authorization enable disable console
set authorization enable disable telnet
set authorization commands disable console
set authorization commands disable telnet
end


MSFC CONFIG

Building configuration...

Current configuration : 2066 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname xxxx
!
boot system flash sup-slot0:c6msfc2-jsv-mz.122-14.ZA7.bin
logging snmp-authfail
logging queue-limit 100
enable secret 5 xxxxxxx
!
clock timezone est -5
ip subnet-zero
!
!
!
!
!
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 ip address xxx.xxx.100.1 255.255.255.0
!
interface Vlan50
 ip address xxx.xxx.103.1 255.255.255.252
!
interface Vlan99
 ip address xxx.xxx.116.49 255.255.255.252
!
interface Vlan200
 ip address xxx.xxx.106.105 255.255.255.252
!
interface Vlan201
 ip address xxx.xxx.116.9 255.255.255.248
!
interface Vlan202
 ip address xxx.xxx.119.193 255.255.255.252
!
interface Vlan203
 ip address xxx.xxx.106.113 255.255.255.248
!
interface Vlan204
 ip address xxx.xxx.119.197 255.255.255.252
!
interface Vlan205
 ip address xxx.xxx.119.209 255.255.255.252
!
!
ip default-gateway xxx.xxx.103.2
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.103.2
ip route xxx.xxx.100.64 255.255.255.192 xxx.xxx.108.7
ip route xxx.xxx.100.128 255.255.255.128 xxx.xxx.108.7
ip route xxx.xxx.101.0 255.255.255.128 xxx.xxx.108.8
ip route xxx.xxx.101.128 255.255.255.128 xxx.xxx.100.6
ip route xxx.xxx.105.64 255.255.255.240 xxx.xxx.100.2
ip route xxx.xxx.108.64 255.255.255.192 xxx.xxx.108.6
ip route xxx.xxx.108.128 255.255.255.128 xxx.xxx.108.6
ip route xxx.xxx.119.200 255.255.255.248 xxx.xxx.116.50
ip route xxx.xxx.120.0 255.255.255.0 xxx.xxx.100.2
no ip http server
!
!
!
!
!
line con 0
 exec-timeout 0 0
line vty 0 4
 password 7 xxxxxxxxxx
 login
!
end




More information about the cisco-nsp mailing list