2014年3月10日星期一

EOL and EOS Announcement for Cisco 2960 Series Switches

According to cisco.com, some of the most popular Cisco 2960 series switches are coming to their EOS and EOL, the table 1 and table 2 will tell you the details:
Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s).

Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

Table 1. End-of-Life Milestones and Dates for the Cisco Catalyst 2960 Series Switches

Milestone

Definition

Date

End-of-Life Announcement Date

The date the document that announces the end-of-sale and end-of-life of a product is distributed to the general public.

October 31, 2013

End-of-Sale Date

The last date to order the product through Cisco point-of-sale mechanisms. The product is no longer for sale after this date.

October 31, 2014

Last Ship Date:
HW

The last-possible ship date that can be requested of Cisco and/or its contract manufacturers. Actual ship date is dependent on lead time.

January 29, 2015

End of SW Maintenance Releases Date:
HW

The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.

October 31, 2015

End of Vulnerability/Security Support:
HW

The last date that Cisco Engineering may release a planned maintenance release or scheduled software remedy for a security vulnerability issue.

October 30, 2017

End of Routine Failure Analysis Date:
HW

The last-possible date a routine failure analysis may be performed to determine the cause of hardware product failure or defect.

October 31, 2015

End of New Service Attachment Date:
HW

For equipment and software that is not covered by a service-and-support contract, this is the last date to order a new service-and-support contract or add the equipment and/or software to an existing service-and-support contract.

October 31, 2015

End of Service Contract Renewal Date:
HW

The last date to extend or renew a service contract for the product.

January 29, 2019

Last Date of Support:
HW

The last date to receive applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions. After this date, all support services for the product are unavailable, and the product becomes obsolete.

October 31, 2019

HW = Hardware OS SW = Operating System Software App. SW = Application Software

Table 2. Product Part Numbers Affected by This Announcement


End-of-Sale Product Part Number

Product Description

Replacement Product Part Number

Replacement Product Description

Additional Information

WS-C2960-24-S

Catalyst 2960 24 10/100 LAN Lite Image

WS-C2960+24TC-S

Catalyst 2960 Plus 24 10/100 + 2 T/SFP LAN Lite

-

WS-C2960-24LC-S

Catalyst 2960 24 10/100 (8 PoE) + 2 T/SFP LAN Lite Image

WS-C2960+24LC-S

Catalyst 2960 Plus 24 10/100 (8 PoE) + 2 T/SFP LAN Lite

-

WS-C2960-24LT-L

Catalyst 2960 24 10/100 (8 PoE)+ 2 1000BT LAN Base Image

WS-C2960+24LC-L

Catalyst 2960 Plus 24 10/100 (8 PoE) + 2 T/SFP LAN Base

-


Catalyst 2960 24 10/100 PoE + 2 T/SFP LAN Base Image

WS-C2960+24PC-L

Catalyst 2960 Plus 24 10/100 PoE + 2 T/SFP LAN Base

-

WS-C2960-24PC-S

Catalyst 2960 24 10/100 PoE + 2 T/SFP LAN Lite Image

WS-C2960+24PC-S

Catalyst 2960 Plus 24 10/100 PoE + 2 T/SFP LAN Lite

-

WS-C2960-24TC-L

Catalyst 2960 24 10/100 + 2T/SFP LAN Base Image

WS-C2960+24TC-L

Catalyst 2960 Plus 24 10/100 + 2T/SFP LAN Base

-

WS-C2960-24TC-S

Catalyst 2960 24 10/100 + 2 T/SFP LAN Lite Image

WS-C2960+24TC-S

Catalyst 2960 Plus 24 10/100 + 2 T/SFP LAN Lite

-


Catalyst 2960 24 10/100 + 2 1000BT LAN Base Image

WS-C2960+24TC-L

Catalyst 2960 Plus 24 10/100 + 2T/SFP LAN Base

-

WS-C2960-48PST-L

Catalyst 2960 48 10/100 PoE + 2 1000BT +2 SFP LAN Base Image

WS-C2960+48PST-L

Catalyst 2960 Plus 48 10/100 PoE + 2 1000BT +2 SFP LAN Base

-

WS-C2960-48PST-S

Catalyst 2960 48 10/100 PoE + 2 1000BT +2 SFP LAN Lite Image

WS-C2960+48PST-S

Catalyst 2960 Plus 48 10/100 PoE + 2 1000BT +2 SFP LAN Lite

-

WS-C2960-48TC-L

Catalyst 2960 48 10/100 + 2 T/SFP LAN Base Image

WS-C2960+48TC-L

Catalyst 2960 Plus 48 10/100 + 2 T/SFP LAN Base

-

WS-C2960-48TC-S

Catalyst 2960 48 10/100 + 2 T/SFP LAN Lite Image

WS-C2960+48TC-S

Catalyst 2960 Plus 48 10/100 + 2 T/SFP LAN Lite

-


Catalyst 2960 48 10/100 + 2 1000BT LAN Base Image

WS-C2960+48TC-L

Catalyst 2960 Plus 48 10/100 + 2 T/SFP LAN Base

-

WS-C2960-48TT-S

Catalyst 2960 48 10/100 + 2 1000BT LAN Lite Image

WS-C2960+48TC-S

Catalyst 2960 Plus 48 10/100 + 2 T/SFP LAN Lite

-
It is referred from: http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/eos-eol-notice-c51-730121.html

2014年3月3日星期一

Why the Virtual Switches Need Bpdu Guard

I have receive the question as below:
What happens if a VM running within a vSphere host sends a BPDU? Will it get dropped by the vSwitch or will it be sent to the physical switch (potentially triggering BPDU guard)?

Last, I got the answer from visibly harassed Kurt (@networkjanitor) Bales during the Networking Tech Field Day; one of his customers has managed to do just that.


Here’s a sketchy overview of what was going on: they were running a Windows VM inside his VMware infrastructure, decided to configure bridging between a vNIC and a VPN link, and the VM started to send BPDUs through the vNIC. vSwitch ignored them, but the physical switch didn’t – it shut down the port, cutting a number of VMs off the network.
Best case, BPDU guard on the physical switch blocks but doesn’t shut down the port – all VMs pinned to that link get blackholed, but the damage stops there. More often BPDU guard shuts down the physical port (the reaction of BPDU guard is vendor/switch-specific), VMs using that port get pinned to another port, and the misconfigured VM triggers BPDU guard on yet another port, until the whole vSphere host is cut off from the rest of the network. Absolutely worst case, you’re running VMware High Availability, the vSphere host triggers isolation response, and the offending VM is restarted on another host (eventually bringing down the whole cluster).

There is only one good solution to this problem: implement BPDU guard on the virtual switch. Unfortunately, no virtual switch running in VMware environment implements BPDU guard.

Nexus 1000V seems to offer a viable alternative. It has an implicit BPDU filter (you cannot configure it) that would block the BPDUs coming from a VM, but that only hides the problem – you could still get forwarding loops if a VM bridges between two vNICs connected to the same LAN. However, you can reject forged transmits (source-MAC-based filter, a standard vSphere feature) to block bridged packets coming from a VM.

Lacking Nexus 1000V, you can use a virtual firewall (example: vShield App) that can filter layer-2 packets based on ethertype. Yet again, you should combine that with rejection of forged transmits.

In theory, an interesting approach might be to use VM-FEX. A VM using VM-FEX is connected directly to a logical interface in the upstream switch and the BPDU guard configured on that interface would shut down just the offending VM. Unfortunately, I can’t find a way to configure BPDU guard in UCS Manager.

Other alternatives to BPDU guard in a vSwitch range from bad to worse:

Disable BPDU guard on the physical Cisco Switch. You’ve just moved the problem from access to distribution layer (if you use BPDU guard there) ... or you’ve made the whole layer-2 domain totally unstable, as any VM could cause STP topology change.

Enable BPDU filter on the physical switch. Even worse – if someone actually manages to configure bridging between two vNICs (or two physical NICs in a Hyper-V host), you’re toast; BPDU filter causes the physical switch to pretend the problem doesn’t exist.

Enable BPDU filter on the physical switch and reject forged transmits in vSwitch. This one protects against bridging within a VM, but not against physical server misconfiguration. If you’re absolutely utterly positive all your physical servers are vSphere hosts, you can use this approach (vSwitch has built-in loop prevention); if there’s a minimal chance someone might connect bare-metal server or a Hyper-V/XenServer host to your network, don’t even think about using BPDU filter on the physical switch.


Summary

BPDU filter available in Nexus 1000V or ethertype-based filters available in virtual firewalls can stop the BPDUs within the vSphere host (and thus protect the physical links). If you combine it with forged transmit rejection, you get a solution that protects the network from almost any VM-level misconfiguration.

However, I would still prefer a proper BPDU guard with logging in the virtual switches for several reasons:

BPDU filter just masks the configuration problem;
If the vSwitch accepts forged transmits, you could get an actual forwarding loop;
While the solution described above does protect the network on Catalyst 2960 , it also makes troubleshooting a lot more obscure – a clear logging message in vCenter telling the virtualization admin that BPDU guard has shut down a vNIC would be way better;
Last but definitely not least, someone just might decide to change the settings and accept forged transmits (with potentially disastrous results) while troubleshooting a customer problem @ 2AM.

Notes: There are more comments of discussing Virtual Switches Need Bpdu Guard in the original page http://blog.ipspace.net/2011/11/virtual-switches-need-bpdu-guard.html

2014年2月19日星期三

How to Build a Cisco Router Base Configuration

In this Cisco tutorial video, will demonstrate how to build a basic router configuration using the question-driven setup dialog. This Cisco router training applies to all IOS-based Cisco routers. Learn how to give the router a name, assign a static IP address to an interface, how to assign a DHCP address, and how to save the configuration. Hope can help you.

The comprehensive portfolio of Cisco routers such as Cisco 2901 and can Cisco 2911 help you create a more intelligent, responsive, and integrated network. Cisco routers can be classified as Branch Routers, Cloud Connectors, Cloud Routers, Connected Grid Routers, Data Center Interconnect Platforms, Mobile Internet Routers, Service Provider Core Routers, Service Provider Edge Routers, Small Business Routers, WAN Aggregation and Internet Edge Routers. As a leading Cisco routers wholesaler, 3Anetwork.com keeps a huge stock of Cisco 1900/2900/3900/7600 routers and their bundles. In many cases, we can deliver Cisco routers in 2 business days at very good price and we can ship to worldwide.



2014年2月11日星期二

What are the differences between Cisco Catalyst 2960-X and 2960-XR switches?

Q. What are the notable differences between the Cisco Catalyst 2960-X and 2960-XR switches?
A. The Cisco Catalyst 2960-XR switch models have the following additional capabilities in addition to the features in the 2960-X models:
Dual-FRU power supply with integrated fan
Layer 3 features with IP Lite feature set
Configurable 8 queues per port (standalone)
48 Ether channel groups

Cisco Catalyst 2960-X Series front panel sticker has the feature set name. From the rear of the Cisco Catalyst 2960-X Series Switch, the LAN Lite models do not support stacking. The left side will not have a location for the FlexStack-Plus module to be inserted.
From the Cisco IOS Software command line, there are two ways to tell which software image the switch has.
The last letter in the product ID. If the last letter is "-L," it's LAN Base. If it's "-LL," it's LAN Lite. If it's "-I," it's IP Lite.
For example:
WS-C2960XR-48FPS-I is IP Lite.
WS-C2960X-48LPS-L is LAN Base.
WS-C2960X-48TS-LL is LAN Lite.

Cisco Catalyst 2960-X Series Switches use the Universal image, but no license is required. The feature set is bound to the hardware model type and cannot be changed. For convenience, a single software image is used for all Cisco Catalyst 2960-X switches, regardless of whether they are IP Lite, LAN Base, or LAN Lite models.

Q. Can Cisco Catalyst 2960-X switches stack with Cisco Catalyst 2960-XR switches?
A. No. Cisco Catalyst 2960-X and 2960-XR switches can't stack together since they don't share common feature set model.
WS-C2960S-48LPD-LWS-C2960S-48FPD-L  Cisco 2960S popular switch for you.

2014年1月22日星期三

Fault processing methods of the Cisco switches and Cisco routers

Fault processing method
One, network complexity
The general network, dial, including video, (ISDN, WAN, frame relay, ATM,... ), LAN, VLAN,...
Two, failure model
1, the definition of the problem (Define the Problem)
Detailed and accurate description of fault symptoms and potential causes
2, collecting detailed information (Gather Facts) R> source of information: the key to the user, the network management system, the router / machine
1) identify symptoms:
2) to reproduce the fault: check the fault still exists
3) to investigate the failure frequency:
4) range to determine the fault: there are three kinds of methods to establish the scope of fault
From the outside to inside? Treatment failure (Outside-In Troubleshooting): generally applicable to a plurality of host can not be connected to one or a set
1,from the inside to the outside fault treatment (Inside-Out Troubleshooting):
2,half fault treatment (Divide-by-Half Troubleshooting)
3,consider possibilities (Consider Possibilities) to consider possible reasons causing thefailureset up a plan of action (Create the Action Plan)
4,implement the action plan (Implement the Action Plan)
5,Is used to correct the cause of network fault. From the fault source, come up with treatmentfor each completed step, check whether the failure to solve
6, observe the action plan execution result (Observe Results)
7, if the action plan will not solve the problem, repeat the above process (Iterate as Needed)
Three, record the changes
In the plan of action to solve the problem, the part of the record as the fault processing,recording all the configuration changes.
The second chapter web documents
A, network baseline
The simplest way to solve network problems is the current configuration and the previous configuration compared.
Baseline document consists of a network and system documents is different, it includes:
Network configuration table?
Network topology?
The ES network configuration table?
ES network topology?
Considerations for creating a network:
1) to determine the scope of the document;
2) remain the same: the same information collection of all equipment in the network;
3) clear goal: to understand the use of the document;
4) documents are easy to use and access;
5) timely update the document.
Cisco 2900 router, such as Cisco 2901 is the popuplar router, more discount news on 3anetwork.com


2014年1月21日星期二

Copy Configuration of Cisco Switch to Another, How to do?

I have to deploy one more Cisco Catalyst 2960 to our network... what i wanted to do is just copy the config file of another 2960- which is already on the network, and just change the ip address after that. My problem is I forgot how to do it using ftp.. I have filezilla client and server, as well as tera term. I had used filezilla once to download config from one of our switch, but i forgot the steps. And I'm confuse which one I will use to download the config, filezilla client or file zilla server?... Or can I just copy and paste the output of the config from my teraterm?

The solution:
1 You can copy the config from the first switch to the FTP server and then from the FTP server to the second switch. Be sure the second switch isn't connected to the network, but instead with a direct connection to the FTP server. Otherwise, you will have network problems with both switches having the same IP address.

2 FTP / TFTP or copy / paste using Notepad and PuTTY / Tera Term etc is the easiest way. Saving to a thumb drive just adds an extra two steps that aren't required. And none of the 2900 series switches have USB ports anyway... well not for that anyway. New 2960's such as WS-C2960S-24TS-L have mini-USB ports for the new USB console cables.

3 I have a trick to offer that will help with editing your file in the copy/paste route.
Once in global config mode, type:
term length 0
show run
What that does is prints the entire config from top to bottom, without the "press enter to continue" messages in the middle. Once it's done, you put it back with:
term length 24

If you don't put it back, scrolling is permanently off. Hope that's useful.

2014年1月13日星期一

Cisco WS-C4507R Connect a Cisco IP Phone

We have a Cisco WS-C4507R, just need some clarification if this switch is capable of poe.
we tried connecting a cisco ip phone and it would not power up, tried on serveral ports. is there some global config to turn POE on. Below are some show command outputs.

show power inline
Available:1400(w)  Used:0(w)  Remaining:1400(w)

Interface Admin  Oper            Power(Watts)     Device              Class
                            From PS    To Device                   

Totals:          0    on    0.0        0.0      


show power

Power                                             Fan      Inline
Supply  Model No          Type       Status       Sensor   Status
------  ----------------  ---------  -----------  -------  -------
PS1     PWR-C45-2800AC    AC 2800W   good         good     good  
PS2     PWR-C45-2800AC    AC 2800W   good         good     good  

Power supplies needed by system    : 1
Power supplies currently available : 2

Power Summary                      Maximum
 (in Watts)              Used     Available
----------------------   ----     ---------
System Power (12V)        308        1360
Inline Power (-50V)         0        1400
Backplane Power (3.3V)     40          40
----------------------   ----     ---------
Total                     348        2800


show module
Chassis Type : WS-C4507R

Power consumed by backplane : 40 Watts

Mod Ports Card Type                              Model              Serial No.
---+-----+--------------------------------------+------------------+-----------
 1     2  Supervisor IV 1000BaseX (GBIC)         WS-X4515           JAE07460HNP
 3    48  10/100/1000BaseT (RJ45)                WS-X4548-GB-RJ45   JAE07460MH6
 7    48  1000BaseX SFP                          WS-X4448-GB-SFP    JAE1123KYM9

 M MAC addresses                    Hw  Fw           Sw               Status
--+--------------------------------+---+------------+----------------+---------
 1 0007.0e34.1700 to 0007.0e34.1701 3.0 12.1(12r)EW  12.2(25)EWA6     Ok      
 3 000e.38fb.0c00 to 000e.38fb.0c2f 1.0                               Ok      
 7 001b.d546.9ab0 to 001b.d546.9adf 1.3                               Ok      

Mod  Redundancy role     Redundancy mode     Redundancy status
----+-------------------+-------------------+-------------------
 1   Active Supervisor   Non redundant       Active

The chassis can support PoE, but the blade can't. The model number will have a V in it that indicates PoE (WS-X4548-GB-RJ45). Here is an example of one: WS-X4548-RJ45V+.