Cisco Switching/Routing :: Catalyst 2950G - Putting Fa0/2 In Error-disable State
Mar 28, 2012
I have a Catalyst 2950G when I activate the switchport port-security, but I want to empty the black list of mac address because every time I connect a device, the port is automatically désacative, here is the port configuration:
We have a number of 3750 stacks used as access layer switches connecting Siemens VOIP phones and then a PC that connects to the phone.
For example if I plug PC A to the phone that connects to port 13 I pick up an IP addressand all works as predicted now if I plug in PC A to any other VOIP phone that connect to another port on the same switch it goes in error disable state ITs like the switch is holding my PC mac address and locks it down with the port which in my case is Gi2/0/13.
Got 2 pcs. of C2950G-24-EI which are both running 12.1(9)EA1. Now I was thinking to upgrade them to the latest available (12.1.22-EA14), but before I do this task I'd like to know if there's a way to check in advance if those images will run. Any way to check about available memory or memory needs?
I am testing 2960 24 S with storm-control and Errdisable Port timer interval 60s , connected HUB on fa0/17 to make traffic / loop.After Strom Control detection the interface goes down thats ok after 60s they will try to recover the interface and going up although the loop is still there.For my understanding if the interface detect still a loop on that interface they will disable the port again for 60s and will check again. [code]
I am cascading one new switch 3750G (int Gi1/0/1) with an existing 3750G (int fa1/0/26) switch.. But the interface fa1/0/26 goes in err-disable state even after NO SH.. also i have diable Spanning treebpdu guard and disable spanning tree portfast. But still the issue is not resolved.
In my ongoing project i need to monitor cisco 3750-X port status (uplink/downlink) i.e. whenever there is some problem at a specific port. I need to monitor it through an OPC server and right now what i am doing is as follows: i am using Kepserver and i have added SNMP driver in it for that purpose i am not a networking expert but what i have learnt till now is that SNMP agent (that resides in switch) delivers the status of MIBs to SNMP manager ( which in my case is kepserver (opc server)) for the above purpose i am adding IF-MIB to monitor OID 1.3.6.1.2.1.2.2.1.8 (which shows port statuses) but when i add that in OPC server then it indicated that this OID is not available in the Switch ( it might be disabled) so i need to ask if there is any way to enable OID's in a switch,
I have a customers Catalsyt 2950 switch come in for the configuration to be cleaned to factoy default, using the link below removed the customers banner and login information whitch worked
[URL]
When i restart the switch and enter Enable mode I'm prompted with the password which i used when following the link above,
I want to remove all passwords so when the switch is redeployed to the next site who ever the engineer is that is going to be reconfiguring the switch is able to access privlage mode with out the password promt.
I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
Port Security - Port Is shut down Err-Disable - Port goes into err-disable state (securedown) HSRP - When HSRP standyby changes are detected
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.
getting radius to work on a 2950G switch with an older IOS of 12.1(22)EA1. I have radius setup on a windows 2k8 box and all of my other switches 2960's and above have no issues. I am unable to input the nas-identifier of 32 into the config using - radius-server 32 attribute 32 include-in-access-req format %h as well as the aaa session-id common commands. Doing a debug radius says that the radius server is not defined.
I have mounted a cisco 2950G series switch in the network. we are working on Multicasting so I have LAN connectivity from one location ot other.
Situation:- 1- we do not have to do anything at remote location. its already done with final configuration and working fine because we other location witch are connected with this same HP switch at remote site and working fine but problem is only with one location where I have changed switch(cisco2960). when i connect cable from MUx to the switch cisco switch (Local) on particular port its does not response (LED continuously glowing amber color and does not go to green color) and communication does not start.for fixing this issue I have done so many things, vlan, duplex, speed- done everything but response.
situation 2:-when I changed this cisco device and use any other vendor's switch whether its manageable not manageable its get start proper communication. so I am unable to figure out whats the issue with. is there new or latest switch are not compatible with other vendor.
We are running a small network business and as funs of ciscos we own a some of the 4948s.We are facing an issue with couple of them as we get the below error message
C4K_CHASSIS-3-INSUFFICIENTPOWERSUPPLIESDETECTED:Insufficient power supplies present for specified configuration
First thought to replace the power supply didn't actually work as we did that with no result.Power consumption is not an issue as well because all other 4948s work fine with 1 power supply (forgot to mention is 1 power supply in all of them).
I have a Cisco catalyst 6513 with sup720-3bxl and WS-X6724-SFP modules , the switch was working fine until yesterday ,but after a maintenance the modue WS-X6724-SFP failed to bring online , the error code is (Module Failed SCP dnld) does it mean the module has hardware problem or i need to replace it ?
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ios version s72033-adventerprisek9_wan-vz.122-33.SXH7.bin ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- show module Mod Ports Card Type Model
we have multiple Video production networks, with Video servers (AVID Unity ISIS) connected by 10GE fiber links to 4948-10GE switches. On almost every of these switches, I see more or less "Sequence-Err" interface errors. We do not currently have a known problem because this, and no other errors are seen. But I would like to understand the error, and therefore I would like to find out, what a sequence error means, what the cause is, and what the impact (to a frame) is?
By the way, it is well-known that the ISIS Video server does generate very excessive UDP data bursts. Maybe this matters? On Cisco doc I did not find an answer. The document "Troubleshooting Switch Port and Interface Problems" does unfortunately not refer to "sequence-err".
Here is an example output: WS-C4948-10GE#sh int t1/49 TenGigabitEthernet1/49 is up, line protocol is up (connected) [code].....
Today I'm going to be re-organzing my network, kind of and I just wanted to get a second opinon. Right now I have an ASA 5510 and a Cisco 2911 and a Cisco 2960 (and I have two more 2911s and 2960s that handles our phone network).
Router 2911 is on the edge Gi0/0 has the public IP and Gi0/1 is not used and then I have 5 individual VLANs (Gi0/1.100, 1.200, 1.300, 1.400, 1.500) VLAN 100 is our internal network 10.10.18.1/24 (router is 10.10.18.1)And the 2960 is used for swichport access, the ASA is on the side and only used as a VPN.
What I want to do is put the ASA on the edge so I can dump all the access-lists and everything then 2911 will only be used to route the traffic. Now I know I will have to reconfigure the VPN, which isn't a problem. My question is when putting the ASA on the edge do I just put the public IP on the ASA's e0/0 and then plug the 2911 into the e0/1 of the ASA and give the Gi0/0 of the 2911 the ip address of 10.10.18.1 or do I just shut it down? The reason behind this is because I would actually like to use the ASA for more than just the VPN passthrough.
I have a couple of WS-C3750X-48T-L and a couple of WS-C3750X-12S-S, I want to stack all four of them together into a single stack. WS- C3750X-12S-S are running c3750e-universalk9-mz.122-58.SE2 whereas WS-C3750X-48T-L are running c3750e-universalk9-mz.122-55.SE3.I have got a couple of queries as under:What are the options to achieve putting all these 4 switches into a single stack? Can the LAN Base switches upgraded to IP Base?
I have a number of existing 4506 chassis type switches (the older non -E version) that I would like to roll out IP phones to. Instead of replacing the entire chassis, I would like to just replace the line cards in the switches with WS-X4548-GB-RJ45V. What or how much power supplies should I have in each switch to be able to power the 5 poe line cards (each port per line card will power an ip phone)?
Currently it seems as our 3550's doesn't send traps when bpdu-guard sets a port in err-disable state. Or DFM doesnt recognize it.Is there a way to get a DFM alert when a 3550-port gets into err-disable state?
I would like to request assistance from all the gurus here for an issue i have with a Cisco 7513MX PSU. There probably arent many people who are aware of 7500 chassis as they are quite old.Isse: PSU 1 failed in chassis and we tried to replace it. Once replaced, we are getting the following output for it:
1#sh env all Arbiter type 2, backplane type 7513MX (id 2) Power supply #1 is TBD (id 0), Power supply #2 is 1200W AC (id 1)
We have been researching on the internet for answers but unfortunately due to the age of this model, there is very limited information available. We did find information which suggested to have BOTH PSU 1 & 2 with same revision. Right now the chassis is running only on PS2, we dont want to take down the chassis just to confirm the revision number on the PSU and there is no way to see that on the CLI. What we can do is get another pair of same revision PSUs, insert PSU1 first THEN take out PSU2 and then insert the same revision as PS1 in PSU2 slot but the moment we insert PSU1 in we get that TBD state which is not normal status and raises our doubts about putting the same revision PSUs with the method above, there is a chance that after we insert PSU1 in, the moment we take out PSU2, the chassis might not run on PSU1 due to its abnormal state.
We did an upgrade from NX-OS 5.1.5 to 5.2.4 and found all M1 line card interfaces were stuck in initializing state for long time.'show module' status says ok. And we cannot execute shut/no shut command under the interface. N7K-M108X2-12L & N7K-M148GT-11 are the two M series cards. Only option was to downgrade back for the time being.
N7K01# sh int e1/1 | in down Ethernet1/1 is down (initializing)
I have two Cisco 6500 switches connected via fiber, this is my small network. One end goes to a provider, and the other end goes to a server. My IT department wants some sort of link state propagation since the provider keeps going down, but the IT team is unaware until they contact me.
We provide a Layer2 point-to-point circuit, access ports at the ends. We use V LAN's to transport the traffic. Please let me know if there is anything I could do to support link state propagation.
indicate why my ethernet ports are in suspended state for some reason, i need an indication why this may be and what i can do to fix this issue. configuration below. I have a 7010 which i'm using to connect to two 5510's. I have one vPC connecting the two 5510's to the 7010. I have a vPC domain configured between the 5510's. and no issues at all. My Nexus 7010 port channel members are suspended for some reason.
We inserted a new module with 48 rj45 ports in a 4500 with just one supervisor module. We have two 4500, and we tried the new model in the other 4500 and it´s working properly and giving a OK status. Furthermore, the module´s LED status is green. We saw that there are 8 ports (from 17 to 24) that are in faulty state, so probably this is the cause for the faulty state for the module.
We tried already a Hw reset, replace/insert again the module...
We are almost sure that it can be a Hw failure. We are getting the following results different commands:
show module :
Mod Ports Card Type Model Serial No. 7 48 10/100/1000BaseT (RJ45) WS-X4548-GB-RJ45 JAXXXXXXXH M MAC addresses Hw Fw Sw Status
After a power problem at our data centre we find Module 11 of our Cisco 6513 Core Switch in PWR Down state.Show Module 11 returns: Status: PWRDownShow Power Status Module 11 returns: OperStatus Off (Module Reset due to an exception or user request).The command: Power enable Module 11 was issued and returned the following: %PM_SCP-SP-1-LCP_FW_ERR: System resetting module 11 to recover from error: Linecard received system exception. Errcode = 2509000001.%OIR-SP-3-PWRCYCLE: Card in module 11 is being powercycled Öff (Module reset due to exception or user request%C6KPWR-SP-4-DISABLED: Power to module in slot 11 set off (Module Reset due to exception or user request),We have restarted the switch twice. The module is currently not passing traffic causing downtime to services.
We have a pair of 6500 switches, each having a trunk going to each access switch. We set the spanning tree priority on Core1 so it is the root bridge for all VLANs. We have two different types of access switches:
-3550 setup as VTP client and ISL -2960 setup as VTP transparent and dot1q.
Pruning is disabled but we use "switchport trunk allowed vlan" to restrict which VLANs go through each trunk. When we need to permit a VLAN through a trunk, we simply run "switchport trunk allowed vlan add <VLANID>" on the access switch and both core switches. If it is a 2960 in VTP transparent mode, we must set the VLAN to active. Once this is done, a "show int trunk" will reflect the new VLAN in "Vlans in spanning tree forwarding state and not pruned" for Core1.
I recently went through this process to add VLAN 250 on a 3550 access switch, but the VLAN is not listed in STP forwarding state and not pruned. I tried removing the VLAN from the trunks and redoing it, but there is was no change. I tried adding VLAN 257, but the same behavior happened. I then tried trunking the same VLANs to a few other access switches. Three other 3550s experienced the same behavior, but I was able to trunk the VLAN to a few 2960 switches. At this point, I figured it might be related to some kind of limitation of VTP or the 3550 switches. I provisioned a new 3550 with the same IOS and settings (VTP client, ISL). To my surprise, all VLANs configured were in STP forwarding state and not pruned.
Running show spanning-tree on the core and access switch shows VLAN 250 as designated FWD. I confirmed we are not hitting the limits in "show spanning tree summary totals" on the Core or Access switches. I also confirmed we are not hitting the virtual port limit by running "show vlan virtual-port slot x."My next action might be to shut/no shut the uplink to Core1 from the access switch, but I'm not sure if that will fix it and even if it does, I have no clue what caused the issue.
I have catalyst 6500s with two VS-S720-10Gs, one is in Active and one is in Hot state. Both Sup cards have two 10G uplink ports. How does the traffic forwarding works in this case on the uplink ports? Do these uplink ports actively forward traffic or it is only the uplinks ports on Active that forward traffic? I see CDP neighbors on both Active and Hot SUPs uplinks ports - it indicates that packets are flowing on both cards.
I want all uplink ports on both SUPs to actively forward traffic. Does it work? What is the config for this?
Recently on two switches, both being same cisco WS-C3750E-24PD, running with same IOS c3750e-universalk9-mz.122-58.SE2.bin got noticed that the license state of one switch is showing incorrectly as shown below [code] I will not be able to execute any changes/modifications on switch as of now.
I have configured a SVI in my 4500 ( Sup 7-E 10GE,,,,,,and,,,,,cat4500e-universalk9.SPA.03.02.00.SG.150-2.SG.bin) switch and it is showing Down Down, because there were no active switch port in the vlan, I added one switch port to this vlan but this port also in the down state, so i added the SWITCH PORT AUTO STATE EXCLUDE command under this port, even after this also the SVI never came up, So i added one systen to the port so both the switch port and the SVI came up...So why SWITCH PORT AUTO STATE EXCLUDE command have no effect in this model of the switch..
The router 1841 is connected directly to the layer switch. the network diagram is below:
Office A --> Switch (L3) --> Router 1841 --> Internet --> Office B
However, when I transfer the file from Office A to office B, the speed very slow ( only around 40 kb/second), and there are an input error and CRC error:
Cisco-R1841#sh interfaces FA0/1 FastEthernet0/1 is up, line protocol is up Hardware is Gt96k FE, address is 0019.e02f.03dd (bia 0019.e02f.03dd)
I have implemented 802.1X with ACS 5.3 and switches 2960 without problem.The thing is that one port transitioned into err-disabled and I dont know why.I dont have any logs to see what caused this.Is there a command to see why this happenedWhat do you think could cause this?
I've browsed around to the other support strings to make sure I didn't miss anything, but I can't seem to get this to work. I have the latest sl_suspend_ports.tcl and tm_suspend_ports.tcl created by Joseph Clarke from strings that verified they worked as planned. Here are the commands I issued to register the scripts -
Directory of flash:/policies/ 9 -rwx 3101 May 3 2013 07:58:03 +00:00 sl_suspend_ports.tcl 10 -rwx 4669 May 3 2013 07:58:44 +00:00 tm_suspend_ports.tcl conf t event manager directory user policy flash:/policies event manager policy sl_suspend_ports.tcl event manager environment suspend_ports_days 1
[code].....
It doesn't appear to work though. Essentially, we have a need to make sure all computers are always on and all ports not active for >24 hours to be shutdown and moved to a designated vlan (I added the 'lappend' statement to the script to specify the additional command of assigning the vlan) I'm running 12.2(55)SE7 on Catalyst 3560s and 3750sIs there a way to manually run the script? Did I miss anything in the configuration?
What could cause this log message and put the port in errdisable?
15w2d: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on FastEthernet0/22. 15w2d: %PM-4-ERR_DISABLE: loopback error detected on Fa0/22, putting Fa0/22 in err-disable state 15w2d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to down
#sh run | inc user ! username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password ! #sh run | inc aaa ! aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common ! #sh run | begin line vty ! line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
