Cisco Switching/Routing :: Monitoring Port-Security Error-Disable And HSRP With 1921 And 2960
Aug 1, 2012
I am looking to simply monitor Port-Security , Error-Disable and HSRP. I would like to receive an email when any of these are triggered.
Port Security - Port Is shut down
Err-Disable - Port goes into err-disable state (securedown)
HSRP - When HSRP standyby changes are detected
I need to receive emails with any of the able are triggered. What is the easiest way to do this? I know SNMP is the main option but I have never worked with SNMP and dont understand it too much.
Equipment:
2x Cisco 1921 series routers
3x Cisco 2960 POE switches stacked
View 1 Replies
ADVERTISEMENT
Jan 16, 2012
In s SPAN session , normally the destination prt is used for monitoring purpose only. But could destination port be used to access the equipement or PC connected to that port , for a 2960 LAN BASE image switch .
View 2 Replies
View Related
Mar 1, 2010
I have upgraded a couple of 2960G switches to 12.2.52SE and now discovered that TCP port 4786 is open on the switches.
I have looked in the document{URL}, trying to find a way to disable this function/port, but didn't find anything useful. Any way to disable this function/port?
View 3 Replies
View Related
Jan 25, 2012
I am testing 2960 24 S with storm-control and Errdisable Port timer interval 60s , connected HUB on fa0/17 to make traffic / loop.After Strom Control detection the interface goes down thats ok after 60s they will try to recover the interface and going up although the loop is still there.For my understanding if the interface detect still a loop on that interface they will disable the port again for 60s and will check again. [code]
View 7 Replies
View Related
Jun 29, 2012
We have a number of 3750 stacks used as access layer switches connecting Siemens VOIP phones and then a PC that connects to the phone.
For example if I plug PC A to the phone that connects to port 13 I pick up an IP addressand all works as predicted now if I plug in PC A to any other VOIP phone that connect to another port on the same switch it goes in error disable state ITs like the switch is holding my PC mac address and locks it down with the port which in my case is Gi2/0/13.
interface GigabitEthernet2/0/13
switchport access vlan 726
switchport mode access
[Code].....
View 7 Replies
View Related
Aug 2, 2012
I have several SF300 switches deployed (SF300-08, SF300-24P). They are connected to IP Telephones (NEC) which communicate with the switch for auto voice VLAN on LLDP. The problem I am experiencing is that periodically the IP telephones are rebooted by the telephone vendor and when they do the switch puts that port into "Locked" port security mode and discards all traffic to the port. The IP telephones of course do not work. In other switch models, I have seen the ability to enable / disable port security switch wide or on a port by port basis. This model does not appear to have this feature. How to disable or why the phones would cause the switch ports to "lock"? There is usually one PC attached to each phone.
View 1 Replies
View Related
Jul 13, 2012
I have configured HSRP with InterVlan routing. All communication is flowing properly between the vlan's on Router A but when I test failover to Router B I cant ping ANYWHERE. I cannot ping any of the VLANS.
Also, From the primary router I cannot ping any of the interfaces on the secondary router.
I have 2 Cisco 1921 Routers configured for HSRP. Both the G0/1 ports plug into a Cisco 2960S 48 port POE switch (STACKED) (port 1 and port 2 which are trunked and allowing all vlans to pass through. And both of the G0/0 ports are plugged into a Cisco ASA5510.
I have attached a diagram of the setup and the interface configs of the routers.
View 1 Replies
View Related
Dec 15, 2009
One of my engineers issued a command to turn off port security on a number of ports using the range command. The command failed on the first attempt due to a tacacs auth failure which I suspect is due to a low tacacs timeout value. The engineer then reduced the number of ports in the range command and re-issued the config change after which the switch just crashed and rebooted.
The logging buffer on the switch displays the following:
000072: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: System previously crashed with the following message:
000073: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE3, RELEASE SOFTWARE (fc1)
000074: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Technical Support: [URL]
000075: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Copyright (c) 1986-2009 by Cisco Systems, Inc.
000076: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED: Compiled Wed 22-Jul-09 07:03 by prod_rel_team
000077: *Mar 1 00:03:00 GMT: %PLATFORM-1-CRASHED:
[Code]........
I have done some searching and this could be related to bug CSCsq71492. I have tried using the output interpreter but it is still down.
View 22 Replies
View Related
Feb 18, 2013
I configured port security on my 2960 switches with the following commands: [code]
The problem is that when I should change someone's PC, first I disable port-secirity, then I clear all the mac addresses learned on the interface, then I plug the new PC and enable port-security. The new PC couldn't connect to the network and it's mac address has not be learned on the interface. Why?Which commands should I use to clear an old mac address and enable port-security with the new mac address.
View 4 Replies
View Related
May 10, 2013
Disable ports looping Users connect the network cable at two points in the network generating looping. which command to disable two ports of a Cisco 2960 when they are connected at the same time with the same network cable?
View 2 Replies
View Related
Nov 16, 2011
I have configured ssh on a 2960 to use public key authentication. Now that I can securely log into ssh without a password Is it possible to disable password authentication so that it is impossible to login without the key?
View 2 Replies
View Related
Jun 25, 2012
I have port on cisco 3560 goes to error-disable,what is the cause of this issue,pls be noted this interface has BPDU Guard enable
View 3 Replies
View Related
Nov 15, 2012
What should the duplex mode to be set on a routed port gi0/21 that are running HSRP ? I try setting the gi0/21 to full, but it caused the port to be down. The only way for the port to be up is setting it to half duplex.
Cisco 3750 Switch
==============
interface GigabitEthernet0/21
no switchport
ip address 10.200.104.34 255.255.255.248
[Code].....
View 2 Replies
View Related
Mar 28, 2012
I have a Catalyst 2950G when I activate the switchport port-security, but I want to empty the black list of mac address because every time I connect a device, the port is automatically désacative, here is the port configuration:
!
interface FastEthernet0 / 2
switchport access vlan 17
switchport mode access
switchport voice vlan 51
[code]....
I tried the following commands to clear the blacklist mac address of that port, but the problem is still relevant:
# Clear mac-address-table dynamic int fa0 / 2
# clear port-security all int fastethernet 0/2
# clear errdisable interface fa0 / 2 vlan
View 17 Replies
View Related
Nov 14, 2012
What the different between using hsrp on vlan interface and on physical port (routed port) on Cisco 3750 Switch? Wha the benefits?
View 3 Replies
View Related
Feb 29, 2012
How can I implement this with Zone-based Firewall on my 1921?
I'm looking for something as simple as the port triggering function on a Linksys or Netgear router.
View 4 Replies
View Related
Oct 7, 2012
I have a network with 3 segments and a 2921 router.v172.16.5.0/24, 172.16.0.0/27 and 172.16.2.0/23 .
I want to block all 135 TCP traffic from/to IP 172.16.5.5 to any host in other segment, but only TCP port 135 and only to the specified IP.
View 2 Replies
View Related
Apr 1, 2013
What could cause this log message and put the port in errdisable?
15w2d: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on FastEthernet0/22.
15w2d: %PM-4-ERR_DISABLE: loopback error detected on Fa0/22, putting Fa0/22 in err-disable state
15w2d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to down
View 19 Replies
View Related
Jul 26, 2012
I have always done my port monitoring (SPAN) on Cisco layer 3 switches with no issues. This time I am trying to do this on a Cisco 2901 router:
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M2, RELEASE SOFTWARE (fc1)
System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M2.bin
I need to have the source port gig0/0 and destination port gig0/1. There is something about the gig port enumeration (slot/port#) that makes the command rejected. It is self explanatory:
#sh ip int brie
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 xxx.xxx.xxx.xxx YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up up
Serial0/0/0:0 unassigned YES unset up up
[code]....
It doesn't matter what slot or port number I use, it is always rejected. The command is rejected for Both destination and source gig interfaces. I tried a wide variety of slot/port numbers. To my best understanding the complete port names are: GigabitEthernet0/0 and GigabitEthernet0/1, so why does it think there has to be another digit after 0/0 or 0/1? Does it have anything to do with the Embedded-Service-Engine0/0 being administratively down?
View 4 Replies
View Related
Nov 11, 2012
I'm facing a problem where certain port on my swtich keep grant and remove poe.
Nov 12 07:02:43.639: %ILPOWER-5-POWER_GRANTED: Interface Gi1/0/18: Power granted
Nov 12 07:02:44.399: %ILPOWER-5-IEEE_DISCONNECT: Interface Gi1/0/18: PD removed
[Code].....
View 2 Replies
View Related
Apr 1, 2012
i have enabled error disbled recovery with time interval of 600 seconds on my 2960 switch.
What exactly this command does? Pls explain
View 5 Replies
View Related
Feb 22, 2013
I have a switch connect to 2 backbone(BB).
Now i saw the lights when connect to BB1 is not light but i do not know which command will show the root cause or troubleshooting.
I want to know its caused by hardware, physical port or whatever. Any on can sharing the experiences how to show and troubleshooting this issue?
I also checked the connection and port 1g is fine. Show tech-support is alread here.
View 10 Replies
View Related
Apr 29, 2013
I am trying to copy IOS from my TFTP server which is on my laptop to cisco 2960 switch
I am able to ping to switch from my laptop, connectivity is fine, tftp server is running
Current Image on Switch --> C2960-LANBASE-MZ.122-25.SEE3.bin --> trying to upgrade to --> c2960-lanbasek9-mz.122-53.SE2
I am getting below error when trying to upgarde IOS:
2960-SW#copy tftp: flash:
Address or name of remote host []? 10.1.x.x
Source filename []? c2960-lanbasek9-mz.122-53.SE2
[Code].....
View 6 Replies
View Related
Dec 28, 2011
when I want to recover my 2960 switch in rommon mode with xmodem command, It shows me these errors. when I reset the switch, still shoes these errors:
Unknown cmd: 1;2c1;2c[?1;21;2c[?1;21;2c[?1;2;21;2c[?1;2[
switch: ?1;2c[?1;21;2c[?1;21;2c
switch: ccknown cmd:
*** line too large *****tch: c1;2[?1
switch:
Unknown cmd: cc?1;2c[?1;21;2c[
[code]....
View 1 Replies
View Related
Jan 18, 2012
Ask this question, if someone came across a 6513, one of the RJ45 ports are constantly falling.The question is how to disable logging on a specific portno logging event link-status does not work.
View 1 Replies
View Related
Jun 20, 2012
I have a Cisco 2960G switch and one of the ports was configured with srr-queue bandwidth limit 90 - I need to remove this bandwidth limiting from this interface. [code]
View 2 Replies
View Related
Dec 6, 2011
I have stacked WS-C3750E-24PD with Ten Gigabit Ethernet ports configured under ether-channel. It has c3750e-universalk9-mz.122-55.SE1.bin IOS installed on it. One of the Ten Gigabit Ethernet ports, goes to err-disable mode with following errors on that specific ports.
%SFF8472-5-THRESHOLD_VIOLATION: Te1/0/2: Tx power low alarm; Operating value: -31.0 dBm, Threshold value: -9.0 dBm.
%SFF8472-5-THRESHOLD_VIOLATION: Te1/0/2: Tx power low alarm; Operating value: -31.0 dBm, Threshold value: -9.0 dBm. (DROmx-1-1)
I have gone through some of CSC forums like {URL}. The workaround is to "Remove the X2 or SFP from the inactive up link port" which is not in my case.
View 9 Replies
View Related
Sep 11, 2011
How do I disable the USB port in the 881 router?
881router#show usb port
Port Number: 0
Status: Disabled
Connection State: Disconnected
Speed: Full
Power State: ON
View 3 Replies
View Related
May 10, 2013
In our company 3nos Cisco 3750 (WS-C3750-48P) access switch in stake mode. All port are assigned with voice and data Vlan also Avaya IP connected with this switches. From last few days tow port 2/0/7 and 2/0/8 is showing amber and status is showing err-disable. At Avaya end it is showing a message “ETHERNET WAITING” in phone dispaly. I try to connect laptop directly with these ports but it is showing "Cross Connectivity". [code]
View 4 Replies
View Related
Aug 13, 2012
I'm trying to enable port security on several 4507R's. When I try to configure a range of ports the switch will randomly put 1 or 2 in err-disable. It's different every time I apply the config to the same group of ports. However if I do them one at a time it seems to work. But I really don't want to configure 6 fully populated switches one port at a time. We also have a lot of 3750's and they gave me no problem using a port range. [code]
View 4 Replies
View Related
Oct 5, 2012
We want to puchase new Cisco ISR 1921/K9 . i want to know does it support the following sample IP-SLA commands
ip sla 2icmp-echo 172.16.1.2timeout 500frequency 1ip sla schedule 2 life forever start-time now
track 10 rtr 1 reachability
delay down 1 up 1
!
track 20 rtr 2 reachability
delay down 1 up 1
ip route 0.0.0.0 0.0.0.0 192.168.1.2 track 10ip route 0.0.0.0 0.0.0.0 172.16.1.2 track 20
Im asking above question because we will need to enable ip-sla on the mentioned router. as i read on the cisco webside, it says Cisco-ISR-1921/K9-IP Base support only IP-SLA RESPONDER feature nothing else. If Cisco-921/K9 does not support the above commands , should i go for ordering Cisco-1921-SEC/K9 ?
View 4 Replies
View Related
May 29, 2013
After reboot WLC , the switch port was err-disable , the cause is link flap after we reboot 3 times , the switch port link flap err-disable every time? We don't know why the WLC rebboot will cause it , it just normal action on device the WLC version is 7.4.100.0 link switch with access port , no port channel , no portfast.
View 11 Replies
View Related
Mar 18, 2013
I have Catalyst 2960 S (WS-C2960S-48FPS-L) Switch. I have plugged in SFP module but still interface is down and line protocol down. Is there any configuration to enable SFP module and make the interface up?
This port is connected to nexus 5 k.
View 11 Replies
View Related
