geekmungus

Search this site

Cisco and Networking

Post regarding Cisco and general networking issues and their fixes.
Subscribe to posts

Cisco 6509 Damaged POE Modules

posted 30 Jun 2011 03:05 by Tristan Self

We had a severe lightning storm with power cuts and multiple lightbolts hitting our buildings and grounds around our core server rooms. Luckly the UPSes carried the load and gobbled up the overvoltages etc no problem.
 
However the lightning induced an over voltage in the copper cables that run from the Cisco 6509 POE Blades (48 ports) to our workstations and POE telephones. Once the lightning was over we started getting calls about phones being down all over the place.
 
When checking the switch I saw the following (see below), and even after running a "hw-module" reset on each of the affected modules (blades) we still got no power (POE) to the phones, however the computers directly connected were working fine.
 
Upon reseating or resetting the module we got these errors on bootup of the module:
 
%PM_SCP-SP-2-LCP_FW_ERR_INFORM: Module 6 is experiencing the following error: Inline Power Module - PS voltage bad
 
%CONST_DIAG-SP-3-BOOTUP_TEST_FAIL: Module 6: TestVDB failed
 
A "show module" was showing this:
 
Mod  Online Diag Status
---- -------------------
  1  Pass
  3  Pass
  4  Pass
  5  Pass
  6  Minor Error
  7  Minor Error
  8  Minor Error

show diagnostic mod 7

Current bootup diagnostic level: complete

Module 7: SFM-capable 48 port 10/100/1000mb RJ45  SerialNo : xxxxxx

  Overall Diagnostic Result for Module 7 : MINOR ERROR
  Diagnostic level at card bootup: complete

  Test results: (. = Pass, F = Fail, U = Untested)

    1) TestLoopback:

   Port  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
   ----------------------------------------------------------------------------
         .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .

   Port 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
   ----------------------------------------------------------------------------
         .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .


    2) TestSynchedFabChannel -----------> .
    3) TestL3VlanMet -------------------> .
    4) TestIngressSpan -----------------> .
    5) TestEgressSpan ------------------> .
    6) TestAsicMemory ------------------> U
    7) TestFirmwareDiagStatus ----------> .
    8) TestEobcStressPing --------------> U
    9) TestAsicSync --------------------> .
   10) TestUnusedPortLoopback:

   Port  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
   ----------------------------------------------------------------------------
         U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U

   Port 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
   ----------------------------------------------------------------------------
         U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U


   11) TestErrorCounterMonitor ---------> .
   12) TestIntPortLoopback -------------> .
   13) TestPortTxMonitoring:

   Port  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
   ----------------------------------------------------------------------------
         U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U

   Port 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
   ----------------------------------------------------------------------------
         U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U  U


   14) TestVDB -------------------------> F
 
Basically from what I've found the TESTVDB means that the POE component on the blade has failed, and it will refuse to deliver power, at the time of writing this post, we don't know whether the whole chassis is fried, we assume it isn't as all the other blades and the data is working okay. And one of the other POE blades in the switch survived and still delivers power.
 
Fault to Cisco, cross fingers and hope the chassis isn't toast too.
 
Moral of the Story:
 
It doesn't matter how much UPS protection you add a direct lightning strike will cause significant damage and disruption to systems, the only protection you can have is to have enough staff to deal with the problems, and enough money to fix or replace the faulty kit.
 

How to Configure Ghostcasting across/between VLANs

posted 18 Jun 2011 07:49 by Tristan Self   [ updated 18 Jun 2011 07:58 ]

In this example the ghost server is on IP address 172.27.5.73/24 and is in vlan 205.

The ghostcasting clients (i.e. a workstation I want to re-ghost) is in vlan 240 on IP address: 172.27.240.10.

There are two DHCP servers also in vlan 205 on IP addresses 172.27.5.131 and 172.27.5.132.

We want the ghostcast client in vlan 240 to be able to be use both uni-cast and multi-cast (ghostcasting) sessions to the ghost server in vlan 205.

To do this the following is required on a cisco 6509 switch, however it should be the same for any other type of cisco switch running IOS.

interface vlan 1
 ip igmp snooping querier
!

interface Vlan205
 ip pim sparse-dense-mode
!

interface Vlan240
 ip helper-address 172.27.5.73
 ip helper-address 172.27.5.131
 ip helper-address 172.27.5.132
 ip pim sparse-dense-mode
!

Where 172.27.5.73 is the ip address of the ghost server.
The ip pim spare-dense-mode needs to go on each VLAN that ghostcasting will be used on.

Its also worth noting that the "ip helper-address" command is used to forward the broadcasts for DHCP addresses to the DHCP servers (131 and 132), but is also required if you want the ghost session to automatically detect where the ghost server is without you needing to enter the IP address manually.


Cisco VPN Client to PIX not Passing Traffic

posted 14 Jun 2011 11:21 by Tristan Self

Tried to connect up to a pix using a Cisco VPN Client, the connection connected fine, but when I tried to VNC or RDC to something had no joy. Checking the statistics of the vpn connection on my pc it showed sending traffic but not getting anything back.

This is caused by a problem with NAT-Traversal.

My VPN Connection was saying transparent tunneling "disabled" even though it is set to be active I was expecting it to say: "Active on UDP Port 4500"

To resolve this you need to make sure that Nat Transversal is eanabled on the PIX.

I'm not sure if everyone is trying to connect to a Cisco PIX firewall or Cisco Concentrator. Two different solutions, but I will assume a PIX firewall. Rather than dealing with Linksys, Netgear, or versions of code, it might be easier to configure the Cisco PIX firewall to provide a better VPN solution. Make sure the PIX is running version 6.3 or later and configure it NAT traversal (which is not on by default):

isakmp nat-traversal

Then on the client make sure Transparent Tunneling is enabled for UDP. Not TCP, the PIX doesn't understand TCP Transparent Tunneling (only the Cisco Concentrator does). The nat-traversal command allows ESP packets to pass throught a NAT device. You know when ESP packets are not being passed when you can make a VPN connection but nothing works.

This should sort out the problem, oh and a typical timeout time would be 20 seconds if you need that.

Cisco 4500 Series not Showing Ports Going Up or Down (with Terminal Montior)

posted 13 Jun 2011 07:40 by Tristan Self

On our Cisco 4500 series switches we could not see when ports where going up or down, even when using "terminal monitor." We use this technique to identify ports and has been useful in our VLAN project.
 
The problem was that on 4500 series switches, you need to manually enable this type of logging, to do this type the following commands:
 
# terminal monitor
 
# logging event link-status global
 
Then you'll be able to see these logged on the console.

ip helper-address Not working on Cisco 3750 Switch

posted 12 Jun 2011 05:27 by Tristan Self

I had a cisco 3750 switch that i wanted to enable some vlans for voice on, but only having one DHCP server on a completely seperate vlan to the voice vlans.

vlan 1 = data (dhcp server on this range)

vlan 266 = voice (phone dhcp clients on this range)

PROBLEM:

The switch for some reason had aload of dhcp server config on it before i started the exercise, so i removed the pools and ran the command: no service dhcp

This was the problem, running this command (no service dhcp) disables dhcp but also disables dhcp relay to, this stops the ip helper-address command from working too.

So even when i put the ip-helper address on the vlan as below it didn't relay the dhcp broadcasts from the 266 vlan to the dhcp server on vlan 1.

interface Vlan266
 description *** VOIP-BBlock ***
 ip address 172.29.66.1 255.255.255.0
 ip helper-address 172.19.5.131

Where 172.19.5.131 is the DHCP server address.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3550/software/release/12.2_25_seb/configuration/guide/swdhcp82.html#wp1122942

RESOLUTION:

So to fix it, i ran the command: service dhcp

(making sure any dhcp pool configuration has been removed, and this fixed the problem)

Confiuring VLAN and Etherchannel using Aruba 6000 with Cisco 3750 Switch

posted 12 Jun 2011 04:47 by Tristan Self

We were setting up an Aruba with a Cisco 3750 we are trying to allow trunking of VLANs to the aruba from the switch and also bonding both the NICs on the aruba to two ports on the cisco in an etherchannel to give us 2GB uplink.

heres how we did it, we didn't need to set any speed settings on the cisco, but did on the aruba end.

------------------------------------------------------------------
Aruba Config:

interface gigabitethernet  2/0
description "gig2/0"
trusted
trusted vlan 1-4094
speed 1000
duplex full
switchport mode trunk
no spanning-tree
!

interface gigabitethernet  2/1
description "gig2/1"
trusted
trusted vlan 1-4094
speed 1000
duplex full
switchport mode trunk
no spanning-tree
!

interface port-channel 1
add gigabitethernet 2/0
add gigabitethernet 2/1
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk allowed vlan 1,202
no spanning-tree
!

interface vlan 1
ip address 172.17.100.1 255.255.0.0
!

interface vlan 192
ip address 192.168.1.32 255.255.255.0
!

interface vlan 202
ip address 172.27.2.50 255.255.255.0
!

ip default-gateway 172.17.2.1

----------------------------------------------------------------
Cisco Config:

interface GigabitEthernet1/0/11
description *** Aruba 6000 Wireless Controller - NIC 1 ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,202
switchport mode trunk
channel-group 1 mode on
!
interface GigabitEthernet1/0/12
description *** Aruba 6000 Wireless Controller - NIC 2 ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,202
switchport mode trunk
channel-group 1 mode on
!

interface Port-channel1
description *** Etherchannel to Aruba 6000 Wireless Controller ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,202
switchport mode trunk

1-6 of 6

Sign in|Recent Site Activity|Report Abuse|Print Page|Remove Access|Powered By Google Sites