ZD3000 and Cisco 3750 Trunk port with native vlan question

I have typical network topology ISPROUTERL3_SWITCHL2_SWITCHES

L3_SWITCH = WS-C3750X-12S-S   does Inter-vlan routing.

My Ruckus ZD3000 is directly connected to L3_SWITCH

ZF Access Points are connected to L2_SWITCHES = WS-C2960S-48FPS-L

Lets say i have 3 VLANs:

254 - IT_MANAGEMENT

10 - WIRELESS_GUEST

11 - WIRELESS_STAFF

I would like to configure port as trunk with allowed vlan 10,11 and native vlan 254 on L3_SWITCHZD3000

trunk with allowed vlan 10,11 and native vlan 254 on L2_SWITCHESZF AP`s

The idea is to manage ZF`s via ZD3000 trough vlan 254 and send regular "user" traffic over vlans 10 and 11.

As of right now when i do trunk with allowed vlan 10,11 and native vlan 254 on L3_SWITCHZD3000 - i and not getting any connection to ZD3000. only if cisco`s port is in access "mode".

I think you are not able to access the ZD WebUI from your laptop is what you mean when you say "not getting any connection to ZD 3000". Am I correct? Also, I believe that APs are able to connect to the ZD..right?

Can you confirm that the native VLAN on each port that is connected to the AP's and the ZD is the management VLAN and also that WS-C3750V2-48PS-S  each port has trunk enabled?

cisco 3560 router or switch!

Opmanager 7 (fresh install, latest version, plenty of server power) has decided to randomly categorise my cisco WS-C3560X-48T-L   series switches as either 'router' or 'switch' depending on its mood.

The ones classed as router come up as 'cisco device' even though in the description field below that box it says 'cisco 3560...blah blah'.

If i then go and change the device type to 'cisco 3560 series switch' i either get page that says 'error' or 'device cannot be found'.. if its the latter its been deleted from the database and i can't re-add it as its partially there....

we will match the sysoid on the device template and based on it, the device type will be applied. So if there are no templates for the device it might be associated wrongly. So to make the cisco 3560 device fall under the right category, create a new template by following the steps in this LINK. Now you can apply the template to all the 3650 devices and it should work fine.

For the device being partially added, follow the steps in this LINK which will remove the device completely from the database. Now add the device again and it should be fine. We will make this template available out of box soon.

If you have the device template already, then you don't have to create one. You can go to the particular template under Admin --> Device templates and apply it to all the cisco 3560 devices. While discovery, if you have multiple credentials selected or if the response for the SNMP request from the device is slow, then it might get timed out and fall under the general cisco  WS-C3560X-48T-S   device category. Applying the right template all the devices will move to the correct category.

Cisco 3750 series SNMP scans not working

While trying to add a couple of Cisco WS-C3750X-12S-S   x's in SW, half of them got pulled in, and the others were not; marked as unknowns needing http creds.

So i tested the switches from the same server, with different snmpwalk apps. Worked perfectly fine. After an onslaught of testing; including a different version of SW on another server. It seems if you have http enabled on the switch, SW cannot connect using SNMP and will time out.....even though specified in the network scan.

I even deleted the entries, and re-created network scans just with that single IP. The work around was to put the http creds, and I was able to pull the data. Just kind of weird. I am sure if i disabled http it work would.. but i technically cannot X_x

maybe their SNMP communities aren't set to public? I would check the community settings and match them to the credentials in SW

The read and write strings have an access list of a subnet where the server sits. The same config was pasted on all the switches, regarding syslogs, snmp and access lists.

Another reason why I know its public is because all other snmp apps work from that same server worked. I even tried using the RW string, no luck.

That is very peculiar. I have 2 stacks of 3750x's I can with Spiceworks using SNMP and they work just fine. I do have HTTP enabled as well. I do not use default community strings, I have Read Only strings setup and have the switches access list set to support SNMP traffic from our Spiceworks server.

Do you have custom SNMP Strings?

Are they set to Read Only?

Have you tried using the Spiceworks test feature to test just SNMP connection with the configured SNMP in version 1, 2 (or 3 if you use it)?

Its a custom Read Only and Read Write string, not the default "public".

I tried testing with SNMP v1 and v2 [never tried V3] both unsuccessful in SW, worked fine with both versions in other apps...

I was thinking it was an IOS version issue too, but than I found out they are all running the same IOS version

12.2(55)SE3-UNIVERSALK9

It could be a bug, just weird though, it only affected the ones with http enabled. Just odd the other programs get an  WS-C3750V2-48PS-S    answer immediately while SW times out. I even increased the snmp timeout as a test, no change.

3750-X to 2960-X strange PortChannel behaviour

We have a problem with stacked 2x WS-C3750V2-24TS-S    's ethernet links bundled to port channel to 2960-X access switches (there are multiple of 2960-X's).

The setup is as follows:

Cat3750-X_1 GE 1/0/3 <--------> Cat2960-X GE 1/0/47

Cat3750-X_2 GE 2/0/3 <--------> Cat2960-X GE 1/0/48

Configuration:

3750-X side:

!

interface Port-channel23

description Trunk to sw-access3

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

end

!

interface GigabitEthernet1/0/3

description Trunk to sw-access3

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

channel-group 23 mode active

end

!

interface GigabitEthernet2/0/3

description Trunk to sw-access3

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

channel-group 23 mode active

end

2960-X side:

!

interface Port-channel1

description Trunk sw-core

switchport mode trunk

switchport nonegotiate

end

!

interface GigabitEthernet1/0/47

description Trunk sw-core

switchport mode trunk

switchport nonegotiate

channel-group 1 mode active

end

!

interface GigabitEthernet1/0/48

description Trunk sw-core

switchport mode trunk

switchport nonegotiate

channel-group 1 mode active

end

Port Channel config to the other 3 access switches is identical.

Everything was working great for the last 5 weeks and now we have these problems:

Logs:

3750-X:

Nov 29 10:30:30.434 CET: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/3, changed state to down

Nov 29 10:30:30.711 CET: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/1, changed state to down

Nov 29 10:30:32.044 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/2, changed state to down

Nov 29 10:30:33.806 CET: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/2, changed state to down

Nov 29 10:31:18.716 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/3, changed state to down

Nov 29 10:31:18.733 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel23, changed state to down

Nov 29 10:31:19.748 CET: %LINK-3-UPDOWN: Interface Port-channel23, changed state to down

Nov 29 10:31:20.050 CET: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/3, changed state to down

Nov 29 10:31:22.054 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/2, changed state to down

Nov 29 10:31:22.071 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel22, changed state to down

Nov 29 10:31:23.086 CET: %LINK-3-UPDOWN: Interface Port-channel22, changed state to down

Nov 29 10:31:23.388 CET: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/2, changed state to down

Nov 29 10:32:25.286 CET: %PM-4-ERR_RECOVER: Attempting to recover from loopback err-disable state on Gi2/0/21 (sw-core-2)

Nov 29 10:32:29.747 CET: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/21, changed state to up

Nov 29 10:32:32.666 CET: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/3, changed state to up

Nov 29 10:32:35.744 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/21, changed state to up

Nov 29 10:32:35.946 CET: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/2, changed state to up

Nov 29 10:32:38.730 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/3, changed state to up

Nov 29 10:32:39.653 CET: %LINK-3-UPDOWN: Interface Port-channel23, changed state to up

Nov 29 10:32:40.685 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel23, changed state to up

Nov 29 10:32:42.195 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/0/2, changed state to up

Nov 29 10:32:42.874 CET: %LINK-3-UPDOWN: Interface Port-channel22, changed state to up

Nov 29 10:32:43.914 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel22, changed state to up

Nov 29 10:33:22.584 CET: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/3, changed state to up

Nov 29 10:33:25.939 CET: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/2, changed state to up

Nov 29 10:33:29.386 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/3, changed state to up

Nov 29 10:33:31.702 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/2, changed state to up

2960-X:

Nov 29 10:56:08.535 CET: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/48.

Nov 29 10:56:08.535 CET: %PM-4-ERR_DISABLE: loopback error detected on Gi1/0/48, putting Gi1/0/48 in err-disable state

Nov 29 10:56:09.538 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/48, changed state to down

Nov 29 10:56:10.548 CET: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/48, changed state to down

Nov 29 10:58:08.551 CET: %PM-4-ERR_RECOVER: Attempting to recover from loopback err-disable state on Gi1/0/48

Nov 29 10:58:13.378 CET: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/48, changed state to up

Nov 29 10:58:20.096 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/48, changed state to up

Nov 29 11:29:49.744 CET: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/48.

Nov 29 11:29:49.747 CET: %PM-4-ERR_DISABLE: loopback error detected on Gi1/0/48, putting Gi1/0/48 in err-disable state

Nov 29 11:29:50.754 CET: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/48, changed state to down

Nov 29 11:29:51.768 CET: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/48, changed state to down

Nov 29 11:29:59.744 CET: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/47.

Nov 29 11:29:59.748 CET: %PM-4-ERR_DISABLE: loopback error detected on Gi1/0/47, putting Gi1/0/47 in err-disable state

No errors on any interfaces...:

GigabitEthernet1/0/48 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is c025.5c64.c8b0 (bia c025.5c64.c8b0)

  Description: 802.1Q Trunk sw-core

  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:02, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 241000 bits/sec, 154 packets/sec

  5 minute output rate 146000 bits/sec, 67 packets/sec

     328302508 packets input, 249207555791 bytes, 0 no buffer

     Received 27119257 broadcasts (14200187 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 14200187 multicast, 0 pause input

     0 input packets with dribble condition detected

     193253722 packets output, 34501328920 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     2 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 pause output

     0 output buffer failures, 0 output buffers swapped out

Has anyone encountered similar problems? Any help/ideas appriciated.

The updated logs about the flapping MAC very strongly suggest that a switching loop exists in your network. I wonder why STP has not prevented it from occuring. Is there perhaps some server, perhaps MS Windows, using aggregated links? Sometimes a misconfigured station with multiple NICs can cause switching WS-C3750X-48T-S    loops (if some kind of bridging or link bundling is activated on it).

Router vs. firewalls at Internet edge

I’m looking at a design for an Internet connection consisting of a Cisco 2921 price  router as the Internet hand-off device (Ethernet), with an HA pair of ASA 5525-X firewalls sitting behind it. I’m looking for any justification whatsoever for why we’d need to have that ISR in front, vs. just Ethernet into a local Layer 2 switch feeding the ASA HA pair.  I know that we could accomplish the firewall piece with the ISR Itself (using the Security license), but the ASAs are also providing IPS services. Plus, the ASAs were sized based on their IPS capacity (which is documented at up to 600-Mbps).  Having said all of that:

The 2921 is generally positioned as being able to support 50-75-Mbps WAN throughput with services (far below the capacity of these firewalls). I know it has GigE ports in it, but they do not provide line rate performance.  The 2921 build they’ve provided does include an EHWIC-4ESG, which provides line rate Gigabit performance at Layer 2, so that could be used to handle the incoming handoff and switching to the firewalls. However, the router build does also include the Security license, so clearly it was being positioned as having some role in securing the connection.  (Again, if all they needed was a Gigabit switch to front the ASAs, they could find a lot less expensive option than a 2921 w/ add-on EHWIC module.)

Assuming that the Internet connection is being provided via Ethernet (as opposed to a T1/DS3, etc., that would require a router to terminate), is there any other GOOD reason for having a router front the ASA pair?  I can’t see one, and it’d represent a serious bottleneck anyway.

Although both can do each other's job, but result often becomes same if you make a singer play football. In small env, it does not matter, but in larger throughputs, it becomes difficult.

You must be knowing what will be the throughput to your internet and accordingly you can select the device which will support that. Else, there will be drops.

If you need basic FW features, then 2900 would be fine compared to the cost involved in ASA's. Often people deploy firewall and it ends up in a overkill. Purchase only that much which you need.

Please note down the features you are looking for in routing (like bgp or internal routing) and security features you are looking for. Then just tally it with $$$ worthiness and you can add/drop features required and your hardware selection becomes easy.

Please keep in view of the scalability i.e what will be your requirement in the next 5 yrs and there should be some investment protection while purchasing e.g they do not have BGP now but what happens if they want to have their own AS and manipulate routes 3 yrs down the line or add up a few offices which need routing?

Please note there is nothing called a best design. It just needs to be technically correct and can be deployed in any manner. The sole factor driving designs is Cisco 2951  and business requirement.

Cisco 3750-X dropping IP cameras

Dealing with an issue of widespread failure of primarily Vivotek FD8134 IP (PoE) powered cameras spontaneously failing on a shared stack of Cisco WS-C3750V2-24PS-S .

These switches handle flow and distribute power to IP cameras, VoIP handsets, and WAPs.

The issue is that cameras at one point worked as expected, but have dropped off and not come back online.  Simply moving a camera to another port doesn't bring the camera up.

However, if I independently power a camera from a PoE midspan injector, the camera comes up just fine and data even flows back through the previously dead port such that I can see the camera as normal.   All affected cameras work normally once excluded from the 3750-x stack.

Affected cameras are not limited to just one type of camera, but all the same brand - Vivotek.

Also, if I take another brand of camera (different MAC) and plug it into the switch, power and data flow normally.

I am inclined to think I have some sort of power problem relating to the switch, but I'm not a Cisco VAR and haven't serviced this type of switches before.

My questions:

1. If my cameras are IEEE 802.3 af compliant, and this switch is capable of pushing IEEE 802.3at power, does the switch 'autosense' the appropriate wattage and supply my devices with that?

2.  Is there some form of 'MAC address' or 'Access Control List' filtering in these switches that could be prohibitting my devices from being granted power by these switches?

Try adding these lines to a port with an attached camera

description POE Camera

power inline static max 15400

power inline consumption default 15400

Also, after attaching a camera, use these commands WS-C3750X-24P-S   to shut down, and then restart then port.  Having the port come up with the camera already attached may trigger a POE sync

Cisco 3750 stacking fast Link light issues please help

so i have a two WS-C3750X-48T-L   switches that i have stacked, my issue is i have set up cross switch port channeling on the stack. in my case i have ports gi1/0/1, gi1/0/2, gi2/0/1, gi2/0/2 in a single port-group. this port group is connected to a single 6509 that i have on the other end. all link lights look fine on the 6509 side but on the 3750 side if i connect even one port on the 3750 the link light starts blinking green very fast. every thing iv learns stays that is either a loop or a duplex miss match. note there are no computers besides an APC transfer switch plugged in to the 3750 stack on sw2. is this link light a product of the stacking and is it normal. if it isn't which im thinking its not... how would i troubleshoot something that has a loop in it by design. connectivity to the APC works great but there is not much traffic on the switch yet. i have span the port-channel and don't see any STP traffic in wireshark. only a bit of broadcasts and multicast from servers around the network.  if there is any command or additional info that is needed to help TS this issue let me know ill get it.

xxx-3750-Rack_B#sh switch

Switch/Stack Mac Address : 000f.f75c.e300

                                           H/W   Current

Switch#  Role   Mac Address     Priority Version  State

----------------------------------------------------------

*1       Master 000f.f75c.e300     1      0       Ready

 2       Member 000f.f75d.0e80     1      0       Ready

xxx-3750-Rack_B#sh int gi2/0/1

GigabitEthernet2/0/1 is up, line protocol is up (connected)

  Hardware is Gigabit Ethernet, address is 000f.f75d.0e81 (bia 000f.f75d.0e81)

  Description: portchannel to 6509-Swi#2

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive not set

  Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP

  input flow-control is off, output flow-control is unsupported

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:43, output 00:00:38, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 151000 bits/sec, 123 packets/sec

  5 minute output rate 1000 bits/sec, 1 packets/sec

     7317390 packets input, 1127298799 bytes, 0 no buffer

     Received 5103412 broadcasts (3787915 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 3787915 multicast, 0 pause input

     0 input packets with dribble condition detected

     6863 packets output, 1536552 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 PAUSE output

     0 output buffer failures, 0 output buffers swapped out

xxxx-IOS-6509-Swi1#sh int gi3/7

GigabitEthernet3/7 is up, line protocol is up (connected)

  Hardware is C6k 1000Mb 802.3, address is 0009.11e6.cafe (bia 0009.11e6.cafe)

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 1000Mb/s, media type is SX

  input flow-control is off, output flow-control is off

  Clock mode is auto

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:08, output 00:00:13, output hang never

  Last clearing of "show interface" counters 2y25w

  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 135000 bits/sec, 133 packets/sec

     6904 packets input, 1545692 bytes, 0 no buffer

     Received 3478 broadcasts (3354 multicasts)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog, 0 multicast, 0 pause input

     0 input packets with dribble condition detected

     7330192 packets output, 1128728395 bytes, 0 underruns

     0 output errors, 0 collisions, 1 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier, 0 PAUSE output

     0 output buffer failures, 0 output buffers swapped out

these are the only interfaces int the port channel that are connected. note even if i connect all memebers of the port channel i still get very fast blinking link lights.

Found the answer.... Wow I'm dumb ... WS-C3750X-48T-S   gig ports blink fast to show they are running at gig speeds maybe I will read the documentation next time...

VTP config cisco 3750

How does a VTP database need to configured on a Cisco WS-C3750X-24P-L    stack, and on a ie3000 connected to it?

I read a cisco article that told me to create a vTP server on the stack and a VTP client on the IE3000.  I assigned the same VTP domain name to both switches on the stack (connected together via etherlink) and on the ie3000.

On the Cisco 3750 I configured 8 VLANS all with unique IP addresses. (1,100-107)

On the Cisco ie3000 i configured 2 vlans (1 and 103). I assigned an IP address to vlan1 but not to vlan 103.

I cannot ping a device connected to VLAN103 from within the console or from my PC. The device is not a PC and does not have a firewall.

What am I missing?

Deleted by WhackAMod, no points refunded:  4/8/2011 2:17:20 PM

Don't forget that on newer switches, just creating an interface in a vlan does not create the vlan itself. Older WS-C3750X-24P-S     switches used to do this, but newer ones require explicit creation of the vlan itself. i.e.

#conf t

(config)#vlan 100

(config-vlan)#name "name if you choose to add one"

etc

if you do a sh vlan, do they exist in the list? or for a specific vlan >sh vlan id 107

etc

VLANS connection between two cisco catalyst 3750 switches

I have two cisco catalyst WS-C3750V2-24TS-S    switches

both have vlans 100 and 200

how do I configure the switches to allow vlan 100 from switch A to connect with vlan 100 in switch B and vice versa (and the same for vlan 200) ?

VTP - Vlan trunking protocol is your friend!

show vtp stat - this will show you what your current vtp settings are.

e.g

3750a#sh vtp stat

VTP Version                     : running VTP1 (VTP2 capable)

Configuration Revision          : 33

Maximum VLANs supported locally : 1005

Number of existing VLANs        : 23

VTP Operating Mode              : Client

VTP Domain Name                 : CISCO_LAB_Domain

VTP Pruning Mode                : Disabled

VTP V2 Mode                     : Disabled

Next, set vtp domain (exact same on both devices, is case sensitive)

(config)#vtp domain CISCO_LAB_Domain

(each other connected switch in a vtp default state should automatically pickup this new vtp domain, otherwise, you may need to individually set it.)

next thing you want to do is set your vtp operating mode for each device. One should be client, one should be a server.

(config)#vtp mode client  <or> #vtp mode server

Next, if needed (and it rarely is) a vtp domain password on each device

(config)# vtp password 12345cisco

vtp is set, now edit vlans by changing them on the server and they will then propogate to the client devices.

!Warning! - if you put a new device onto your network in 'vtp server' mode AND it has a higher revision number, it will wipe out and re-write your vlans to whatever it has in its vlan database!

Before adding a new switch, always make sure of its vtp settings before bringing it online!

It is considered best practice to only edit vlan data on the vtp 'server' which you usually only have one or two of i.e. your core switch.

It is not necessary to set up VTP, although it makes managing VLANs easier:  If you create a VLAN on one switch (the server), it is automatically created on the other switch as well.  But VTP will not automatically set up trunk interfaces between the switches, which is required to carry more than one vlan on the same physical link.

You will have to set-up trunking on the link between the two WS-C3750V2-48TS-S    switches.  Run the following commands on both switches, on the interfaces that connect to each other:

conf t

int <Type&Number>

 switchport trunk encapsulation dot1q

 switchport mode trunk

Cisco Stack incompatible software 3750

Tried to add aWS-C3750V2-24PS-S    to an existing 3750 stack got a message like: "A switch with incompatible software has been added to the stack. Scanning found no software to make all 3 compatible..."

Switch         Ports  Model                     SW Version                        SW Image           

------   -----  -----              ----------              ----------         

*    1   12      WS-C3750G-12S       12.2(25)SEB4            C3750-IPSERVICES-M 

     2   12      WS-C3750G-12S       12.2(25)SEB4             C3750-IPSERVICES-M 

     3   0        WS-C3750-48TS        12.2(25)SEE2             C3750-IPBASEK9-M   

Switch#  Role      Mac Address     Priority     State

--------------------------------------------------------

*1       Master    0015.fa23.2500     1         Ready              

 2       Slave     0015.fa23.3600     1         Ready              

 3       Slave     0018.19b3.6280     15        Version Mismatch

Crypto software causing the problem? or is it IP base vs IPservices?

You can mix and match software types in a stack, but not versions. In my office I have a stack of 6. 2 with IPSERVICES and 4 with IPBASE, but all are running the same SW version.

In your stack 1 and 2 are using 12.2(25)SEB4 and 3 is using 12.2(25)SEE2. These all need to match for the stack WS-C3750X-24P-S     to work correctly.

Cisco Stack incompatible software 3750

Tried to add aWS-C3750V2-24PS-S    to an existing 3750 stack got a message like: "A switch with incompatible software has been added to the stack. Scanning found no software to make all 3 compatible..."

Switch         Ports  Model                     SW Version                        SW Image           

------   -----  -----              ----------              ----------         

*    1   12      WS-C3750G-12S       12.2(25)SEB4            C3750-IPSERVICES-M 

     2   12      WS-C3750G-12S       12.2(25)SEB4             C3750-IPSERVICES-M 

     3   0        WS-C3750-48TS        12.2(25)SEE2             C3750-IPBASEK9-M   

Switch#  Role      Mac Address     Priority     State

--------------------------------------------------------

*1       Master    0015.fa23.2500     1         Ready              

 2       Slave     0015.fa23.3600     1         Ready              

 3       Slave     0018.19b3.6280     15        Version Mismatch

Crypto software causing the problem? or is it IP base vs IPservices?

You can mix and match software types in a stack, but not versions. In my office I have a stack of 6. 2 with IPSERVICES and 4 with IPBASE, but all are running the same SW version.

In your stack 1 and 2 are using 12.2(25)SEB4 and 3 is using 12.2(25)SEE2. These all need to match for the stack WS-C3750X-24P-S     to work correctly.