Cisco Switching/Routing :: Configured Port Security On 2960 Switches
Feb 18, 2013
I configured port security on my 2960 switches with the following commands: [code]
The problem is that when I should change someone's PC, first I disable port-secirity, then I clear all the mac addresses learned on the interface, then I plug the new PC and enable port-security. The new PC couldn't connect to the network and it's mac address has not be learned on the interface. Why?Which commands should I use to clear an old mac address and enable port-security with the new mac address.
View 4 Replies
ADVERTISEMENT
Dec 15, 2009
One of my engineers issued a command to turn off port security on a number of ports using the range command. The command failed on the first attempt due to a tacacs auth failure which I suspect is due to a low tacacs timeout value. The engineer then reduced the number of ports in the range command and re-issued the config change after which the switch just crashed and rebooted.
The logging buffer on the switch displays the following:
000072: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: System previously crashed with the following message:
000073: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
000074: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Technical Support: [URL]
000075: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Copyright (c) 1986-2009 by Cisco Systems, Inc.
000076: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Compiled Wed 22-Jul-09 07:03 by prod_rel_team
000077: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED:
[Code]........
I have done some searching and this could be related to bug CSCsq71492. I have tried using the output interpreter but it is still down.
View 22 Replies
View Related
Aug 1, 2012
I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.
Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked
View 1 Replies
View Related
Sep 3, 2012
We have a DHCP SERVER implemented in a cisco router 2610.This router is connected to a switch cisco 2960 configured as DHCP SNOOPING. At the switch appear the next log message: [code] The ip address: 10.100.200.1 belongs to DHCP SERVER configured at router cisco 2610. What to do so these log messages does not appear any more? Do I need to do some configuration changes at some switch or router?
View 11 Replies
View Related
Oct 20, 2010
My group has recently started configuring traps on our switches to alert us of issues as they arise vs. waiting for the Helpdesk to receive user complaints and then responding.We have successfully configured the 2950 and 2960 switches to alert us when a port-security violation happens. However, the 3750 switches refuse to fire the port-security violation traps. The 3750's will fire an errdisable trap when the port goes down though.
Here is one of the port configurations:
interface FastEthernet1/0/45
switchport access vlan 5
switchport mode access
switchport port-security
switchport port-security mac-address sticky
[code].....
And here is the output of the port-security debug:
2522070: Oct 21 16:37:04: %LINK-3-UPDOWN: Interface FastEthernet1/0/45, changed state to down
2522089: Oct 21 16:37:05: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa1/0/45, putting Fa1/0/45 in err-disable state
2522100: Oct 21 16:37:05: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0012.3f07.95d3 on port FastEthernet1/0/45.
All of the 3750's are running C3750-IPBASEK9-M, Version 12.2(53) SE2. Wireshark also shows the errdisable traps, but no other traps so I've ruled out the traps being missed. All of the switches have been reloaded and power cycled.
View 3 Replies
View Related
Feb 7, 2012
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
View 12 Replies
View Related
Aug 19, 2012
I have two Cisco 4506's running cat4500-ipbase-mz.122-50.SG3.bin. Periodically, when attaching a new workstation to these switches the Mac Address of the device disappears off the port when the device is connected or the port is configured. The only way to correct the issue is to do a hardware reset on the blade or reboot the switch. After resetting the blade or rebooting the switch the devices will start showing up on the port and connect. This does not effect devices that are already connected to the switch, just newly added devices
Both switches are populated with WS-X4148-RJ45, WS-X4148-RJ45V and WS-X4248-RJ45V blades. It doesn't matter which blade the new device is being connected to. I believe that this may be a "Bug" but have been unable to locate one.
View 3 Replies
View Related
Apr 23, 2012
I would like to know how many port channel can i configured in the switch 3750 X ? and if there is a limitation by IOS ?
View 4 Replies
View Related
May 23, 2012
I has a issue about etherchannel beetwen 02 Catalyst 6500 switch, i need your comment about it. if you had any similar experience:
1.- On Catalyst Switch 6500-1: I configured interface port-channel 4 and associated it to G6/29 and G6/30 interface Port-channel4description IUU1_Gn1_HLIMSGSN01_Port_channel_6_29_6_30switchportswitchport trunk encapsulation dot1qswitchport trunk allowed vlan 406,408switchport mode trunkswitchport nonegotiatelogging event link-statusload-interval 30mls qos vlan-basedmls qos trust dscp!
2.- On Catalyst Switch 6500-2: I configured interface port-channel 4 and associated it to G6/29 and G6/30
interface Port-channel4
description IUU2_Gn2_HLIMSGSN01_Port_channel_6_29_6_30
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 407,409
[code]....
and i see output "show interface Po4A" up up on switch-1, "show interface Po4B" up up on switch-2
5.- In the show running-config not appear configured Po4A and Po4B. it only show on outputs
6.- Po4A and Po4 was not configured on neither switches, my question is why appear Po4A and Po4B on switch-1 and switch-2 respectively? and why Po4 appear in down down.
7.- I solved this issue by shutdown and not shutdown to the interfaces on both routers, currently all is OK.
View 4 Replies
View Related
Aug 13, 2012
I'm trying to enable port security on several 4507R's. When I try to configure a range of ports the switch will randomly put 1 or 2 in err-disable. It's different every time I apply the config to the same group of ports. However if I do them one at a time it seems to work. But I really don't want to configure 6 fully populated switches one port at a time. We also have a lot of 3750's and they gave me no problem using a port range. [code]
View 4 Replies
View Related
Nov 21, 2012
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
View 5 Replies
View Related
Mar 12, 2013
We have 3 layer LAN architecture, layer 1 of 6500(IP routing), layer 2 of 4500(L2 switch only), layer 3 of 2960(L2 Switch)In a Single (2960 and 4500) Switch Port Avaya IP phone and PC are connected.Now, the requirement is that, Qos need to be configured for Voice traffic and Data traffic should be in default class of service.We plan to use COS value in Switch 4500 and 2960. We made a sample configuration as below
### For 4500 Switch
class-map match-all VOIP-Access-2MB
match cos 3 5
class-map match-all VOIP-Uplink-20MB
match cos 3 5
[code].....
check these configurations are correct as per standard and if there is any other method of configuration?What need to be configured in L3 Switch(6500)??In 2960, it doesn't support ingress QoS, what impact it will make when compare to 4500? do users experiance any difference?
View 1 Replies
View Related
Jul 5, 2012
Are the non-S series 2960 switches stackable or are they only able to be uplinked?
View 6 Replies
View Related
Mar 18, 2013
I have Catalyst 2960 S (WS-C2960S-48FPS-L) Switch. I have plugged in SFP module but still interface is down and line protocol down. Is there any configuration to enable SFP module and make the interface up?
This port is connected to nexus 5 k.
View 11 Replies
View Related
Mar 5, 2012
I have a Cisco 2960 48-port switch. I enter "sh vlan" and it lists all the VLAN's. One of the VLAN's listed is "10" with the name "EPIC". What is the quickest way to find out what ports, if any, are assigned to this VLAN?
View 2 Replies
View Related
Aug 29, 2012
Our company bought a Cisco 2960-S to add to the network, We gave the interface VLAN 1 an IP address, and tried to attached the switch to a jack port on the wall to test if it gets a link or not. The status of the port blinks amber and stays contionous amber, I have searched the manual of the switch and it says that amber means that the port is being blocked by STP.
View 4 Replies
View Related
Jan 9, 2012
we have cisco 6500 series switch and configured port channel on both switches with 2 gig interfaces on both switches.
When we enable the port channel mode to as desirable to the interfaces on both side and applied the port channel to physical interfaces switch will go down and if we remove on any one side switch will come up. we have enabled globally the following commands. [code]
View 10 Replies
View Related
Sep 21, 2011
I've a network with 28 computers and 2 servers. Each server have a double Gbit port configured in Load Balancing & Fail Over.Now, I want to buy two Cisco's Switch SG 200-26 and I would know the best way to connect them and if it's possible to interconnect them with more than one cable to share the trafic.
1. Is this following solution a good one (does the link between swhitches will work when computers will access to servers) ?
2. Is this next solution possible ?
View 3 Replies
View Related
Mar 22, 2012
Company I work for just moved into a new location. We have two data closets which are patched as independent entities, with no Ethernet tie connection. These closets are roughly 100 feet apart.
There is a fiber connection that runs between both closets, that the previous tenant used to connect the switches. I have placed a Cisco 2960 switch in each location, and added one mini SFP gbic's to each switch. After attaching both sides, neither light up. I do a sh inter gig1/0/49 on each and shows 'down down' (not admin down).
What is the trick on getting these to communciate, do I need to configure these ports, and are they supposed to light up?
What I am trying to accomplish is to get the one closet that is completely cut off, communicating by logically stacking, or 'daisy chaining' via fiber.
I turned off the lights and popped the fiber out, and I do see a faint red light (I did not look straight into it), so I think the fiber is active.
View 2 Replies
View Related
Jul 21, 2012
I have 4506e core switch to which 10 other 2960 switches are connected.I want to upgrade thier IOS. how can upgrade it, can I upgrade it one by one or all at a time?
Is there any tool to perform this task?
View 7 Replies
View Related
Aug 12, 2012
I have a number of 2960 switches that have crashed without any reason
Under show version System returned to ROM by address error at PC 0x108971C, address 0x0
View 5 Replies
View Related
Mar 2, 2012
If I knew the IP address of a host, can we know on which port on the switch its connected. The switch model is 2960
View 6 Replies
View Related
Nov 5, 2009
To rate limit the 2960 switch port to 1 MB.I have made the specified chnages , how ever still it is reaching more tha 1 MB
Hard coded the bandwidth of port to 10 MB and have applied the specified command srr-queue bandwidth limit 10.
View 4 Replies
View Related
Mar 1, 2010
I have upgraded a couple of 2960G switches to 12.2.52SE and now discovered that TCP port 4786 is open on the switches.
I have looked in the document{URL}, trying to find a way to disable this function/port, but didn't find anything useful. Any way to disable this function/port?
View 3 Replies
View Related
Oct 22, 2011
I have a couple of Cisco 2960's sending syslog messages to a remote syslog-ng on port 514 (standard).
I need to set another Swtich so it sends traffic to the same syslog server but on another UDP port (such as 714),, is that possible,? I cannot find the option on the documentation.
View 9 Replies
View Related
Jul 21, 2011
I am testing rogue on wire using 5508 WLC and , I have a dedicated AP configured as rogue detector and configured the switch port where the Rogue detector is connected as trunk. I have plugged in an autonomous AP with open authentication to the same switch so that it can act as a rogue. On the WLC, I can see that Autonomous AP as rogue on Wire. But along with that I am seeing another AP as rogue on wire, even though i have plugged in only one Autonomous AP to the switch.
View 3 Replies
View Related
Nov 12, 2012
I am aware that private-vlans are not supported on edge switches like 2960 series - so my question is would it be possibel to ceate private vlans on say just the core switch which would be a 3570 or 4506 that supports private vlans and then just trunk these to the edge like normal vlans?what I need to achive is to have edge port not able to communicate to each other even across switches - which cannot be done using 'protected' port so need the private vlan feature?
View 1 Replies
View Related
Jun 14, 2012
I have a customer with Cisco 7940 and 7960 IP phones that they do not plan to replace. They do want a new LAN and are looking at the Catalyst WS-C2960S-48FPD-L and WS-C2960S-24PD-L as access layer devices.
these switches support the Cisco pre-standard PoE required by the 7940 and 7960 IP phones.
View 5 Replies
View Related
Apr 23, 2007
Any one who knows where I can find a documentation where it says the maximum switches per stack for the Catalyst 2960 family?
View 2 Replies
View Related
Feb 6, 2012
We ordered 4x cisco 2960 switch with LAN Lite software by mistake. Can we upgrade them to Lan Base?When I change boot image I get Error: hardware not supported by firmware.
View 3 Replies
View Related
May 25, 2013
I need to connect 4 Floor Building with 4 Cisco 2960 - 48 ports switch each other and it needs to be through a fiber. So all PCs connected to each switch would reach the LAN/WAN from the other switch. (attached is the image here with)
I see that the 2960 has 2 SFP ports each port of each switch should connect each other or how?
My simple question is:
1. What cable / patch code I have to use = Single-mode or Multimode? ( distance for each switch will not more then 25 mts)
2. Do I have to use SFP or SFP+ module?
3. What kind of SFP/SFP+ module I have to use = Single-mode or Multimode?
4. What kind of connector should patch code have = LC / SC or ?
5. How to connect each switch with redundancy like ...each switch should be interconnected with each other or I have to choose Cisco 3750G which has more then 2 SFP ports (option#1 & opetion#2 = attached here with) =
Best practice for connecting cisco switches over fiber.
View 10 Replies
View Related
Feb 28, 2012
We had core(4503), distribution(3750), and access switches(2960) in our environment. Currently we configured the clock manually in each switch, but a reboot of the switch resets the clock also. We are planning to make a single switch as a NTP servers and others are clients to synchronise the correct time even after a reboot of the access switches.
View 6 Replies
View Related
Jul 29, 2012
For a simple ether channel to work between 2 switches I have configured ports 1 and 2 on both cisco 2960 switches with the channel-group option like this:
interface FastEthernet0/1
channel-group 1 mode on
!
interface FastEthernet0/2
channel-group 1 mode on
I thought the port-channel 1 would get automatically created but it didn't, should it? And under the port-channel interface should I set this as a trunk or do I do this on the 2 fa interfaces on each switch?
View 3 Replies
View Related
