CISCO newbie 1

[sapper1]

We have a catalyst 6500 switch that is acting as the DHCP server for the 13 vlans that have been setup for our network (don't ask me why). I am unsure if these vlans are actullay configured on the 6500 or if they are configured on our outlying switches. I can telnet into the 6500 with no problem so how can I tell if the vlans are for sure setup through the 6500. I am afraid that the 6500 may fail and then we would be in a bit of pickle. I am working on a backup plan just in case the worst happens so any help would be greatly appreciated.

 

[burtsbees]

The 6500 is built for redundancy---people usually (my experience) have dual supervisors (that which configures the switch/route processor), one active and one standby, and sometimes multiple ethernet blades, one configured as a backup. If you have an actual core, distribution and access layer setup, then the vlans are likely configured in the distribution layer (outlying switches). To tell, just post a sh run, and we can tell you or you may be able to.

Burt

 

[sapper1]

Here is the results of the sh run command. I have altered the ip addresses for obvious reasons. I also ran the show vlans command and it returned "No Virtual Lans Configured". From this I beleive the vlans are configured on the outlying switches. but let me know what you all think

Current configuration : 6512 bytes
!
version 12.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 6506-Rtr1
!
boot system bootflash:c6msfc2-po3sv-mz.121-23.E2.bin
boot bootldr bootflash:c6msfc2-boot-mz.121-23.E2.bin
logging buffered 4096 debugging
enable password 7 1501090F142B3837
!
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
ip wccp web-cache
!
!
no ip domain-lookup
ip dhcp excluded-address xxx.xxx.0.235 xxx.xxx.0.254
ip dhcp excluded-address xxx.xxx.1.235 xxx.xxx.1.254
ip dhcp excluded-address xxx.xxx.2.235 xxx.xxx.2.254
ip dhcp excluded-address xxx.xxx.3.235 xxx.xxx.3.254
ip dhcp excluded-address xxx.xxx.4.235 xxx.xxx.4.254
ip dhcp excluded-address xxx.xxx.5.235 xxx.xxx.5.254
ip dhcp excluded-address xxx.xxx.6.235 xxx.xxx.6.254
ip dhcp excluded-address xxx.xxx.8.235 xxx.xxx.8.254
ip dhcp excluded-address xxx.xxx.9.235 xxx.xxx.9.254
ip dhcp excluded-address xxx.xxx.10.235 xxx.xxx.10.254
ip dhcp excluded-address xxx.xxx.11.235 xxx.xxx.11.254
ip dhcp excluded-address xxx.xxx.12.235 xxx.xxx.12.254
ip dhcp excluded-address xxx.xxx.8.20 xxx.xxx.8.21
ip dhcp excluded-address xxx.xxx.235 xxx.xxx.13.254
ip dhcp excluded-address xxx.xxx.15.200 xxx.xxx.15.254
!
ip dhcp pool VLAN10
network xxx.xxx.0.0 255.255.255.0
default-router xxx.xxx.0.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN11
network xxx.xxx.1.0 255.255.255.0
default-router xxx.xxx.1.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN12
network xxx.xxx.2.0 255.255.255.0
default-router xxx.xxx.2.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN13
network xxx.xxx.3.0 255.255.255.0
default-router xxx.xxx.3.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN14
network xxx.xxx.4.0 255.255.255.0
default-router xxx.xxx.4.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN110
network xxx.xxx.10.0 255.255.255.0
default-router xxx.xxx.10.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN19
network xxx.xxx.9.0 255.255.255.0
default-router xxx.xxx.9.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN101
network xxx.xxx.15.0 255.255.255.0
dns-server xxx.xxx.2.235 xxx.xxx.2.238
default-router xxx.xxx.15.254
!
ip dhcp pool VLAN15
network xxx.xxx.5.0 255.255.255.0
default-router xxx.xxx.5.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN16
network xxx.xxx.6.0 255.255.255.0
default-router xxx.xxx.6.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN18
network xxx.xxx.8.0 255.255.255.0
default-router xxx.xxx.8.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool VLAN112
network xxx.xxx.12.0 255.255.255.0
default-router xxx.xxx.12.253
dns-server xxx.xxx.12.238 xxx.xxx.2.235
!
ip dhcp pool VLAN113
network xxx.xxx.13.0 255.255.255.0
default-router xxx.xxx.13.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip dhcp pool vlan10
default-router xxx.xxx.0.253
dns-server xxx.xxx.2.235 xxx.xxx.2.238
!
ip multicast-routing
redundancy
high-availability
single-router-mode
!
!
!
interface Loopback0
ip address xxx.127.0.1 255.255.255.255
ip pim sparse-dense-mode
!
interface Vlan1
no ip address
shutdown
!
interface Vlan3
description Management VLAN
ip address xxx.xxx.0.254 255.255.255.0
!
interface Vlan10
description VLAN
ip address xxx.xxx.0.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan11
description VLAN
ip address xxx.xxx.1.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan12
description VLAN
ip address xxx.xxx.2.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan13
description VLAN
ip address xxx.xxx.3.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan14
description VLAN
ip address xxx.xxx.4.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan15
description VLAN
ip address xxx.xxx.5.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan16
description VLAN
ip address xxx.xxx.6.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan18
description VLAN
ip address xxx.xxx.8.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan19
description VLAN
ip address xxx.xxx.9.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan101
description VLAN
ip address xxx.xxx.15.254 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan102
description VLAN
ip address 192.168.xxx.xxx 255.255.255.0
!
interface Vlan103
description Firewall
ip address 192.168.xxx.xxx 255.255.255.0
ip wccp web-cache redirect out
!
interface Vlan110
description VLAN
ip address xxx.xxx.10.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan112
description VLAN
ip address xxx.xxx.12.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan113
description VLAN
ip address xxx.xxx.13.253 255.255.255.0
no ip redirects
ip pim sparse-dense-mode
!
interface Vlan200
description Voip VLAN
ip address xxx.xxx.0.253 255.255.255.0
no ip redirects
shutdown
!
interface Vlan201
description VoIP VLAN
ip address xxx.xxx.1.254 255.255.255.0
ip helper-address xxx.xxx.15.241
shutdown
!
interface Vlan202
description VoIP VLAN
ip address xxx.xxx.2.254 255.255.255.0
ip helper-address xxx.xxx.15.241
shutdown
!
interface Vlan203
description VoIP VLAN
ip address xxx.xxx.3.254 255.255.255.0
ip helper-address xxx.xxx.15.241
shutdown
!
interface Vlan204
description VoIP VLAN
ip address xxx.xxx.4.254 255.255.255.0
ip helper-address xxx.xxx.15.241
shutdown
!
interface Vlan300
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.xxx.xxx
no ip http server
ip pim send-rp-announce Loopback0 scope 16
ip pim send-rp-discovery Loopback0 scope 16

 

[lerdalt]

Looks like all your vlan interfaces at least are created on the 6500. However, not sure from the show run if that is where your VTP server is at.

If you do a "show vtp stat" you will see if your 6500 is the vtp server. Of course the VTP server is easy to move around as long as all of your vtp is in sync.

From what it looks like in the config though, if you were to lose the 6500, you would definitely be in some trouble and struggling to get things back online.

I like to not keep my eggs all in one basket. So, I'd consider trying to move your DHCP services off to another server. Personally, am not a fan of using my Cisco gear to provide DHCP services outside of my study labs. If you were to move the DHCP services off to say a linux box, then you could back up your dhcp configuration files and be able to just move them to another linux machine in the event of a failure. There are also commerical products out there that will allow you to setup primary/secondary dhcp services so they can fail over between the 2.

It also looks as if you were to lose the 6500, you'd lose all your internal routing between the vlans. This is where Burt brings up the dual sup option. Having redundant supervisors allows one sup to fail, and the other picks up almost instantly. There are still some draw backs from what I've found. Specifically with IOS upgrades. The failover is not as fast as I'd like, and still causes a service interruption when we upgrade IOS. Supposedly Cisco has this fixed, but I'm not sure if it's available with a SUP2.

My core here is a little different. I'm not running dual supervisors, but I have dual chassis. I have 2 6509's that are basically mirror images of each. Only slight differences in the configurations. Both are setup as VTP servers and have setup HSRP for each vlan. I can then drop an entire switch, and none of my users know about it.

Obviously having a complete 2nd chassis is expensive, and not an option for everyone.

 

[sapper1]

I looks like we have dual sups but I still need to confirm that. I have several windows servers that could act as a dhcp server so I thought about setting up a scope big enough to handle addressing for all of the different subnets, say a /16, and do away with the vlans all together. With that scope I should be able to bring everything up without much reconfiguring.

I ran "show vtp stat" and what I got was "invalid input detected". I ran "show vt" and received "Generic free access number: 0 .

 

[lerdalt]

I wouldn't get rid of the vlans altogether. Otherwise you will just end up with 1 scope of a 255.255.0.0 netmask.

The show vtp thing bothers me with the messages you get. What IOS are you running?

Another command to verify the dual sups is a "show module". Will give you an inventory of all the line cards in your chassis.

Then you can do a "show redundancy" to show the redundancy states.

 

[sapper1]

IOS is 12.1

I am having some trouble with "show module" but here are the results of "show redundancy".

6506-Rtr1#show redundancy
Designated Router: 1 Non-designated Router: 2

Redundancy Status: designated

Config Sync AdminStatus : enabled

Config Sync RuntimeStatus: enabled

Single Router Mode AdminStatus : enabled

Single Router Mode RuntimeStatus: enabled

Single Router Mode transition timer : 120 seconds

 

[lerdalt]

Ok..I think I know what's going on now and why I was confused.

Are you running the 6500 in hybrid mode?

 

[sapper1]

That's a good question. How do I find out if I am?

 

[lerdalt]

hmm...going to have to ask for help on that one myself. I don't have access to my CatOS switch right now.

 

[burtsbees]

One way is sh cdp nei det.

Burt

 

[sapper1]

Here is the output of that command.

6506-Rtr1#sh cdp nei det
-------------------------
Device ID: SAL0826AX8B(xxxxxx_6506Sw1)
Entry address(es):
IP address: xxx.xxx.0.1
Platform: WS-C6506, Capabilities: Trans-Bridge Switch IGMP
Interface: Vlan3, Port ID (outgoing port): 15/1
Holdtime : 130 sec

Version :
WS-C6506 Software, Version McpSW: 8.3(3) NmpSW: 8.3(3)
Copyright (c) 1995-2004 by Cisco Systems


advertisement version: 2
VTP Management Domain: 'xxxxxx'

 

[burtsbees]

Crap---forgot "sh mod" and "sh inventory". The "sh mod" should work. Looks like to me it is in hybrid mode, running CatOS (6506_sw1) and IOS (6506_rtr1) on the same sup.

Burt

 

[lerdalt]

show mod and show inventory would work from the switch side, but not the router.

sapper, can you connect to the switch side? Your prompt will be different.

 

[sapper1]

I connected to the switch side. Here are the results of show inventory

xxxxx_6506Sw1> (enable) show inventory
NAME: "Chassis", DESCR: "Cisco Systems WS-C6506 6 slot switch"
PID: WS-C6506 , VID: , SN: SAL0826AX8B

NAME: "Clock 1", DESCR: "Clock"
PID: WS-C6000-CL , VID: , SN: SMT0822H912

NAME: "Clock 2", DESCR: "Clock"
PID: WS-C6000-CL , VID: , SN: SMT0823A218

NAME: "VTT 1", DESCR: "VTT"
PID: WS-C6K-VTT , VID: , SN: SMT0824D774

NAME: "VTT 2", DESCR: "VTT"
PID: WS-C6K-VTT , VID: , SN: SMT0824D792

NAME: "VTT 3", DESCR: "VTT"
PID: WS-C6K-VTT , VID: , SN: SMT0824D781

NAME: "1", DESCR: "1000BaseX Supervisor 2 port WS-X6K-SUP2-2GE Rev. 5.0"
PID: WS-X6K-SUP2-2GE , VID: , SN: SAL08290H70

NAME: "submodule 1/1", DESCR: "L3 Switching Engine II"
PID: WS-F6K-PFC2 , VID: , SN: SAL0826AVMF

NAME: "15", DESCR: "Router Switch feature Card"
PID: WS-F6K-MSFC2 , VID: , SN: SAL0826AY42

NAME: "2", DESCR: "1000BaseX Supervisor 2 port WS-X6K-SUP2-2GE Rev. 5.0"
PID: WS-X6K-SUP2-2GE , VID: , SN: SAL08311CAY

NAME: "submodule 2/1", DESCR: "L3 Switching Engine II"
PID: WS-F6K-PFC2 , VID: , SN: SAL08301825

NAME: "16", DESCR: "Router Switch feature Card"
PID: WS-F6K-MSFC2 , VID: , SN: SAL0825ALAF

NAME: "3", DESCR: "1000BaseX Ethernet 16 port WS-X6516A-GBIC Rev. 4.1"
PID: WS-X6516A-GBIC , VID: , SN: SAL0827B7GM

NAME: "4", DESCR: "10/100/1000BaseT Ethernet 48 port WS-X6148-GE-TX Rev. 6.1"
PID: WS-X6148-GE-TX , VID: , SN: SAD08300932

NAME: "6", DESCR: "T1 8 port WS-X6608-T1 Rev. 1.5"
PID: WS-X6608-T1 , VID: , SN: SAD083105R2

NAME: "PS 1", DESCR: "2500 watt AC supply"
PID: WS-CAC-2500W , VID: , SN: ART0831E0BF

NAME: "PS 2", DESCR: "2500 watt AC supply"
PID: WS-CAC-2500W , VID: , SN: ART0831E09M

NAME: "Fan 1", DESCR: "Fan 1"
PID: WS-C6K-6SLOT-FAN , VID: , SN:

USD320_6506Sw1> (enable)

 

[sapper1]

Results of show mod.

xxxxxx_6506Sw1> (enable) show mod
Mod Slot Ports Module-Type Model Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
1 1 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes ok
15 1 1 Multilayer Switch Feature WS-F6K-MSFC2 no ok
2 2 2 1000BaseX Supervisor WS-X6K-SUP2-2GE yes standby
16 2 1 Multilayer Switch Feature WS-F6K-MSFC2 no standby
3 3 16 1000BaseX Ethernet WS-X6516A-GBIC no ok
4 4 48 10/100/1000BaseT Ethernet WS-X6148-GE-TX no ok
6 6 8 T1 WS-X6608-T1 no ok

Mod Module-Name Serial-Num
--- -------------------- -----------
1 SAL08290H70
15 SAL0826AY42
2 SAL08311CAY
16 SAL0825ALAF
3 SAL0827B7GM
4 SAD08300932
6 SAD083105R2

Mod MAC-Address(es) Hw Fw Sw
--- -------------------------------------- ------ ---------- -----------------
1 00-09-12-47-a9-aa to 00-09-12-47-a9-ab 5.0 7.1(1) 8.3(3)
00-09-12-47-a9-a8 to 00-09-12-47-a9-a9
00-11-5d-4a-58-00 to 00-11-5d-4a-5b-ff
15 00-11-21-6c-3c-80 to 00-11-21-6c-3c-bf 2.6 12.1(23)E2 12.1(23)E2
2 00-06-d6-5e-9b-2a to 00-06-d6-5e-9b-2b 5.0 7.1(1) 8.3(3)
00-06-d6-5e-9b-28 to 00-06-d6-5e-9b-29
16 00-11-92-87-69-80 to 00-11-92-87-69-bf 2.6 12.1(23)E2 12.1(23)E2
3 00-08-7d-cb-fa-c8 to 00-08-7d-cb-fa-d7 4.1 7.2(1) 8.3(3)
4 00-11-bb-34-9d-e0 to 00-11-bb-34-9e-0f 6.1 7.2(1) 8.3(3)
6 00-01-c9-de-81-e4 to 00-01-c9-de-81-eb 1.5 5.4(2) 8.3(3)

Mod Sub-Type Sub-Model Sub-Serial Sub-Hw Sub-Sw
--- ----------------------- ------------------- ----------- ------ ------
1 L3 Switching Engine II WS-F6K-PFC2 SAL0826AVMF 3.4
2 L3 Switching Engine II WS-F6K-PFC2 SAL08301825 3.4
USD320_6506Sw1> (enable)

 

[burtsbees]

You have 2 sup2's, one active and one standby, and you are running hybrid.

Burt

 

[sapper1]

Thanks everyone for all of the help I can now properly make a plan for our future network needs as well as put things in place should the 6500 fail. Especially since we do not have a smart net agreement for it.