Re: Cat 2924

On Sep 8, 6:38 pm, "Peter" <SOME...@xxxxxxxxxxxx> wrote:
Greetings,

IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC10,
RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Fri 28-May-04 09:52 by antonino
I have a few questions;

... chop ...

Note, be careful with any searches you do, the C2924 is a DIFFERENT
BOX in both H/W and S/W, compared to a C2924-XL Switch... The XL tail
is important!



1: Is this a layer 3 switch,

No, the C2924-Xl is a Layer 2 ONLY switch. However it DOES have Layer
3 operations available for MANAGEMENT functions only. It does not
PROCESS any Layer 3 traffic...

2. Question on sho post; Below means ports 1 - 4 are dead right? The 4
lights are solid. But I've not tried to plug in to them

internal_sw#sho post
POST FAILED: FastEthernet0/1 failed front-end loopback test
POST FAILED: FastEthernet0/2 failed front-end loopback test
POST FAILED: FastEthernet0/3 failed front-end loopback test
POST FAILED: FastEthernet0/4 failed front-end loopback test

Yes... From memory, I think 4 adjacent ports are all handled by one
chip, so it sounds like that chip has failed.

can I replace the entire bank ? or is that just how it is..

The C2924-XL is a single motherboard box, so I doubt it as that would
require changing the chip on the motherboard (no user pluggable
parts).

3. For each port, I need to issue switchport access vlan 1; or it
seems like the port cant ever pass traffic; even though the command
never shows up (which implies a default setting), is this normal ? Can
I do it via a range of ports?

The DEFAULT VLAN for a switch is VLAN 1, although this can be changed.

As a layer 2 Switch, the ports can have 2 main Modes, TRUNK mode and
ACCESS mode. The default is ACCESS mode, however its not obvious, but
to make the port configuration "visible", you need to apply 2 commands
-
switchport mode access
to select the port operating mode, then
switchport access vlan 1
to say which vlan it is to use. Without these the switch tries to
determine things automatically (look up BPDU and Spanning-Tree).

I don't think the C2924-XL supported it but you can see if the command
-
interface range fa0/1 - 24
is accepted to change a range of ports in one command... Possibly not
on these series switches.

4. Is there any way to preform a stress/hardware test on the ports,
see if any others are ready to fail?

The POST (Power On Self Test) is usually fairly good at finding these,
however you can also start the POST tests manually if you wish (I
can't remember the exact command just now). You need to request this
during the IOS startup if I remember correctly... Search Cisco on
running IOS POST for C2924-XL There are 2 main Cisco Switch OS's for
the C2924-XL series available, IOS and CATOS. I never saw CATOS on a
C2924-XL, but did on other Cisco Switches. Make sure you specify IOS
for your searches as the syntax is very different.

5. Does anyone have a current IOS image for this thing I can bum?

You should still be able to pick up the latest IOS version for this
device from the Cisco Web Site, HOWEVER you would need a Smartnet
Contract to do this legally....;-) Providing a different IOS is
"against the rules", HOWEVER the 2924-XL series have been EOL for a
while now so your current version [12.0(5)WC10] is still pretty near
the latest........;-)

6. Suggestions, I need to learn this thing in and out, I plan to move
some policy-maps from my 4700 to this thing to limit traffic for the 3
servers I have jacked into it,

You will be severely limited in what you can do here, the C2924-XL was
a fairly basic level of switch. Its one redeeming feature is that it
can do both ISL and Dot1Q trunking (if you still need ISL), the
replacement C2950 series cannot do ISL...

I was also thinking of setting up that
mac port security deal, so that if you connect an un-trusted PC it
shuts down the port.

I can confirm that Port Security works fine on these, too well for
some people.......;-) You need to READ the manual carefully to
understand the various Security "modes" otherwise you may get
frustrated............;-)

Again I just need to learn, would love for some
suggestions, again I have a wireless network, 3 servers and 6 PC's
(servers and PC's are in the same network), could not do vlan because
the upstream 4700 only has a 10 meg con and doesn't support the
encapsulation type.

Cisco did enable Trunking on some 10MB ports, but you needed specific
H/W and IOS versions for this. These days its just easier to go
100Mb...

This was 50$ on ebay, I don't care about the 4 dead ports, If I can
verify the others are good ill probably leave at my house. It blows
away my netgear.

If they don't fail POST then they are probably fine. My only other
warning is to watch out for Port Auto-Negotiation. Cisco does it by
the book, and many early H/W suppliers skimped on what they
implement...

Again this is for learning, breaking something is not a problem and
almost welcome so I can learn.

In its day the 2924-XL was good for what it was, but these days it is
severely lacking things like decent QoS for IPT (VoIP).

Cheers.............pk.

--
Peter from Auckland.

Thank you so much for the answers..

You gotta love it man, I have a layer 2 switch to learn on here and 3
layer 3 switches on the way to work.... I love my boss.

I did get the port security working on one single port here, granted I
spent 2 hours with no internet here, but it works!. LOL I cant see the
value in it, you can just plug into an alternate port.
So you're stuck configuring every port.... yay.. There is no range
command in this router, i've tried every combo I found, no biggie.

I did see policy-map is available, I "assume" class-map is as well,
which means I can do LLQ (QoS) on ports ? I hope.. Yeah service-policy
is available on each interface. What QoS functions are missing? rate-
limit ? It almost doesnt matter, I use policy-maps in our router at
work, I can't wait to move them to a switch ( well a few anyway ).

Can I trunk 2 ports into my 4700 ?

cerberus(config)#exit
cerberus#sho ver
Cisco Internetwork Operating System Software
IOS (tm) 4500 Software (C4500-IK2S-M), Version 12.1(5)T9, RELEASE
SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2001 by cisco Systems, Inc.
Compiled Sat 23-Jun-01 08:58 by cmong
Image text-base: 0x60008968, data-base: 0x60DD0000

ROM: System Bootstrap, Version 5.3(16) [richardd 16], RELEASE SOFTWARE
(fc1)
BOOTFLASH: 4500 Software (C4500-BOOT-M), Version 11.2(18), RELEASE
SOFTWARE (fc1)

cerberus uptime is 8 weeks, 4 days, 13 hours, 34 minutes
System returned to ROM by power-on
System image file is "flash:c4500-ik2s-mz_121-5_T9.bin"

cisco 4700 (R4K) processor (revision E) with 32768K/4096K bytes of
memory.
Processor board ID 03460126
R4700 CPU at 133Mhz, Implementation 33, Rev 1.0, 512KB L2 Cache
G.703/E1 software, Version 1.0.
Bridging software.
X.25 software, Version 3.0.0.
8 Ethernet/IEEE 802.3 interface(s)
4 Serial network interface(s)
128K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)
4096K bytes of processor board Boot flash (Read/Write)

Configuration register is 0x2102

bridge-group on the router is there, but not encap.. That seems like
you make one interface (BVI1) out of two (router side). Yeah in
looking the encap function is not there on the Ethernet interfaces,
just serials. Oh well...
I've got 8 ethernet ports, if I take 4 and make 2 nested bridges out
of them BVI1 & BVI2, can I then trunk them up to the switch ?

These are stupid questions, I know... I am someone who has never
learned cisco; I was hired as a Solaris/Linux admin and then then I
had 2 routers dumped in my lap, 1 for a T1 and point to point T1 link,
1 for the other end of the point to point, then I had to do ip nat,
traffic policies, snmp and access-lists. It was a real blast heh..

It looks like on the 4500-4700 it's supported if I have a 10/100 card,
which sucks. Those are not cheap.
After owning a 4000 series, setting up those 2 2600's was easy.. The
T1's gave me a little trouble, but we got through it...

It's too bad man, I would have loved to use this to learn.. After
setting up port security; I am at a loss, other then trunking 2 ports
into my server here, I got no more ideas. I'd love to link the router
and the switch, but it sounds like that just wont happen. Which means
I am at an end of my learning with this switch.

Bridging 2 enets into 1 is not a bad idea. I just might do that.
Otherwise, This sucks; I kinda wish I had more I could do with this
switch..

Thank you so very much for the reply. It helped a lot.

.

Relevant Pages

  • Re: Cat 2924
    ... Copyright 1986-2004 by cisco Systems, ... BOX in both H/W and S/W, compared to a C2924-XL Switch... ... FastEthernet0/1 failed front-end loopback test ... to make the port configuration "visible", you need to apply 2 commands ...
    (comp.dcom.sys.cisco)
  • Re: Enterasys D.I.R Vs. Cisco
    ... Dragon IDS detecting attacks and, when integrated with NetSight Atlas, ... applying restrictions to the attacker's switch port. ... Cisco does have a similar solution but it ...
    (Security-Basics)
  • Re: VLAN question
    ... cisco side of things. ... 1)At the switch port, can each port be configured to belong to ... If you are doing multiple VLANs on a port, then you need to be in Trunk ...
    (comp.dcom.sys.cisco)
  • RE: Hub vs. Tap vs. SpanPort
    ... > On the 4000 and 6000 Cisco switches, ... > performace at all due to architecture. ... > the device if the traffic levels are high on the mirrored port. ... We've managed to impact switch ...
    (Focus-IDS)
  • Re: IOS exploit: please disclose vehicle, not mechanism
    ... > Know the difference between an IP protocol and a TCP/UDP port! ... router ACL citing an explicit IP protocol. ... acls provided by Cisco mitigated the problem. ...
    (comp.security.firewalls)