Cisco Switching/Routing :: WS-C3560-24PS / WS-C3560-48PS - Port With WAP Goes To Err-disable?
Oct 11, 2012
We have a Cisco switch in each office and every now and then the port that has the D-Link Wireless AP (DAP-1522) connected to it goes to err-disable state. Actually sometimes even a regular port that has a cisco phone connected may also go to err-disable state (less often). So I have to telnet into the switch and issue shut and no shut command on that interface to get it back to life, then it works for a few days or weeks until it happens again. Any suitable configuraiton for that interface, that would prevent that from happening or a workaround ?
Here's the info:
Model: cisco WS-C3560-24PS and cisco WS-C3560-48PS
Image:c3560-ipbase-mz.122-35.SE5.bin
This is the log from one switch:
31w5d: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/2, putting Fa0/2 in err-disable state
31w5d: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 74e2.f592.f7f2 on port FastEthernet0/2.
31w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
And from another, which is almost the same:
5d10h: %PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/3, putting Fa0/3 in err-disable state
5d10h: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address d8a2.5e31.2cf6 on port FastEthernet0/3.
5d10h: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
5d10h: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to down
Here's the configuration of fe interfaces (they are all alike):
interface FastEthernet0/2
description Voice & Data Combo Port
switchport access vlan 11
switchport mode access
switchport voice vlan 15
I have a c3560 that on Port 1 I can not get any device to talk to the DHCP server.Previously there was a client connected to this port however over the weekend he stated he lost connectivity.
In my troubleshooting I have connected that client to another port and now he is good to go...I connected my laptop and tried to connect to the network however I could not.I checked the logs and did not see anything that lead me to think it was having problems.
Is there another way to shut this down and hopefully start it back up without having to restart the entire switch?
I am having an issue with VoiP phones giving me an insufficient bandwidth message. I have three remote locations connected to our main building using 2 Mb point to point ethernet solutions through TWC. Each remote location has a Cisco WS-C3560-24PS running IOS C3560-IPBASE-M, version 12.2(25) and have the cable modems plugged into port 1 on them. The remote buildings are labeled 192.168.101.xxx, 192.168.102.xxx, and 192.168.103.xxx. There are 14-16 VoiP phones in each remote building. The main building being in the subnet of 192.168.100.xxx. I have the 3560s connecting to a single port on a 2801 in the main building, all using the subnet of 192.168.253.xxx The phone server sits in our network at 192.168.100.203. I have created the ACLs, class maps, and policy maps on all of the equipment.
For the remote buildings I have the following:
ACL =========== Extended IP access list VOIP permit tcp any host 192.168.100.203 dscp ef permit tcp any host 192.168.100.203 eq 5566
[Code]....
I have put a hub in to capture traffic via Wireshark to see if DSCP flags are being appropriately marked and I do see that all VoiP packets are getting marked with as EF. However, I have been receiving phone calls from people in the remote buildings stating that their phones will cut out, flash Insufficient Bandwidth on the LCD displays and then the call will cut back in. I am wondering if the 2801 is not applying QoS with the rate-limits in mind since it is set to 100 Mb, or is it an issue with trying to take 3 remote locations and bring them down into 1 port on the 2801?
I need to replace an older 3560 with a new 2960-S and am wondering if the SX SFPs I already have will be compatible with the 2960-S. [code] I cannot find any way to get the part numbers of the SFPs.
#sh run | inc user ! username USER0 secret 5 $1$passwordusername USER1 privilege 15 secret 5 $1$passwordusername USER2 privilege 15 secret 5 $1$password ! #sh run | inc aaa ! aaa new-modelaaa authentication login local_authen localaaa authentication login radius_authen group radius localaaa authorization consoleaaa authorization exec local_author localaaa authorization exec radius_author group radius localaaa session-id common ! #sh run | begin line vty ! line vty 0 4access-class 3 inexec-timeout 15 0authorization exec radius_authorlogging synchronouslogin authentication radius_authentransport input sshline vty 5 15!sh verCisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(55)SE6, RELEASE SOFTWARE (fc1)
the intent of the above is that management connections will only be accepted via SSH, and all of those will be authenticated via RADIUS, unless it's down, then it will use the local username/pw combinations, most of which are given Privledge level 15. Telnet should never work.SSH works as expected (authenticates via RADIUS), but the problem is that Telnet also works, will ONLY use the local database (never RADIUS), and, for some reason, leaves the users at Privledge level 1, instead of the configured 15.Essentially, it seems that at every point I have told it to do something that isn't the default with regards to telnet, it ignores me.Prior to a recent IOS upgrade, the switch didn't support SSH, so the previous config was Telnet with RADIUS, and that worked fine.
We have two switches of the same model (WS-C3560-48PS-S) that are not providing PoE. I'm trying to remotely determine what the cause of the issue is.
Here is some output.
Hostname#show power inlineAvailable:0.0(w) Used:0.0(w) Remaining:0.0(w) Interface Admin Oper Power Device Class Max (Watts)--------- ------ ---------- ------- ------------------- ----- ----Fa0/1 auto off 0.0 n/a n/a 15.4Fa0/2 auto off 0.0 n/a n/a 15.4Fa0/3 auto off 0.0 n/a n/a 15.4Fa0/4 auto off 0.0 n/a n/a 15.4Fa0/5 auto off 0.0 n/a n/a 15.4Fa0/6 auto off 0.0 n/a n/a 15.4Fa0/7 auto off 0.0 n/a n/a 15.4Fa0/8 auto off 0.0 n/a n/a 15.4Fa0/9 auto off 0.0 n/a n/a 15.4Fa0/10 auto off 0.0 n/a n/a 15.4(code)
I'm configuring AP in Hreap mode. Objective for me is th have a "plug & play" installation method for HREAP. I configure on HREAP AP, Native VLAN set to 1 and the WLAN and Vlan mapping for the current wlan is set to 1 too. WLC version is 7.0.230.0 and AP version is 12.4(23c)JA4
on my cisco switch (WS-C3560-24PS with 12.2(55)SE1), the port configuration is as below: switchport trunk encapsulation dot1q switchport trunk native vlan 45 switchport trunk allowed vlan 45,74 switchport mode trunk no logging event link-status no logging event power-inline-status no snmp trap link-status spanning-tree portfast trunk spanning-tree bpduguard enable
AP receives a DHCP IP in Vlan 45 and users connected in vlan 45 too. I would like to undestand why the AP is working properly because normally vlan 1 is not configured as allowed vlan on my switch and the native vlan is dedicated only to untagged ethernet packet.
I have a 3560-8PC in which the mgt vlan randomly (twice in one day or 2 weeks later) goes into the down state and will return w/o any interventaion 15-20 minutes later. Int G0/1 is the uplink to a 3750. I dont think its a layer1 issue at this time since i have seen it work just fine for over 2 weeks and drop again. I don't see any errors on the 3750 either.
WS-C3560-8PC 15.0(2)SE C3560-IPBASEK9-M LOG: ---------------------------------------- .Oct 20 19:34:37.533 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changeds tate to up
I have C3560 switches in my work environment. I want configure ssh on that switch but the IOS what they have 'c3560e-universal-mz.122-58.SE2' not support. As per advised I was triying to upgrade 'c3560e-universalk9-mz.122-58.SE2" for all my access switches.
I successfully upgraded for two switches.
I have two problems now
01. I upgraded the IOS successfully one Switch but the Poe is not working. What is the reason ?
02. After upgrade the IOS, the out put is as follows
I am in a doubt if the 3560-12-PC-S supports OSPF. Datasheet says we need IP Services image. But 3560-12PC doesn’t have the option with IP Services. Then I havigate to [URL] how?
So, any clues whether or not this box can run OSPF?
Switch .55 can ssh into Switch .57 but cannot ssh into Switch .56. Switch 56 can ssh into Switch 55 and ssh into Switch 57 Switch 57 can ssh into Switch 55 and ssh into Switch 56
The software on .56 is:
C3560 Software (C3560-IPBASEK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1)
I noticed on .56, when I do a show ip ssh I get: SSH Enabled - version 1.5. It doesn't say version 1.99 like the others even when I configure version 2. Is this a bug I am running into?
Had a switch die over the weekend, a c3560, per our normal procedure I pulled the hardware put a very basic config on it(vlans, portchannel, uplink ports, ip of management vlan, con and vty security, snmp, enable secret, and hostname). Then I use solarwinds orion to upload a copy of the old config to bring the switch back to the same state as the one that failed. Its a system that has worked for us 3 or 4 times in the past. But this time when the base config was on the box it couldnt ping across the network.I have tried clearing the arp cache and the dynamic mac tables, i verified the routing tables and even removed the 10.1.185.128/27 route and re-added it, saw the routing update go across to the other 65k, tried bouncing the edge switch(i cant bounce the 65k's), took down the po between the edge and 65k.
I have a c3560 switch that has two gig fiber modules in it. I need to uplink fiber to one of these at 100mb. This is because this port will be rate limited to 20mb and 10 percent is the lowest you can go with the rate limiting command. Is there a 100mb fiber module i can insert in the 3560
We are seeing output drops on a C3560 switchport, this port does not have QoS enabled -- application does not need special qos treatment, as long as packets are not droppd, so I suppose all traffic will share the same queue? then how should I read the output of "show platform port-asic stats drop" which indicates that it is queue 3 weight 2 drop? I am wondering what is the best way to fix this? enable mls QoS and increase queue 3 bandwidth share on this interface or just increase the output queue depth?
switch#sh mls qos interface gi0/1 GigabitEthernet0/1 QoS is disabled. When QoS is enabled, following settings will be applied trust state: not trusted
I have two layer 3 switches C3560 and C3750 Cisco switches with ios version "ipservices-mz.122-35.SE5".Now with the current ios version, these layer 3 switches are not supporting object group.so my question is , do i need to upgrade the ios, for this feature, if yes, which version ?
I need to configure the C3560-24TS, QoS control by IP or subnet.i tried to study books and videos many times but still feel i am not well known about QOs...
I have a C3560-24P PoE switch, running on a very small network with nothing special about the endpoints or the configuration (5 laptops connecting via 1 wireless AP, 1 firewall uplink, a networked printer and one conference room phone using PoE. That's it.) I actually have inline power turned off on all the non-PoE device ports.
We are encountering a very strangle anomaly where if a client attempts to send a print job through the switch, to the network printer, the printer makes a noise as it if's begun to initialize and then the switch immediately goes into a reboot. Also the reboot appears to immediately drain all he batter power from the UPS unit that it's connected to. The unit is an APC SmartUPS 750 (500W, 750VA) and when the switch reboots the load on the UPS jumps to well above 100% until the switch appears to 'level out'. Is that kind of power draw normal when rebooting a C3560?
I'm having some weird issues with our 3560 that's connected to an MPLS line. The speed of the port plugged into the providers equipment is 100Mb, but we're only allocated 10Mb of bandwidth from them, I tried to police our traffic out of the port using srr-queue bandwidth limit 10, however when I do that I get some really weird bandwidth results.
Using iperf I've run bandwidth tests with srr-queue bandwidth limit enabled and with it disabled, when it's disabled I get the full 10Mb as expected, however once I enable it I'm lucky to get 5Mb, and while the test is running connectivity between sites is almost useless (which is not the case if I disabled bandwidth limit). Is there anything special I should be doing when I have this enabled? I also have priority-queue out enabled with only one dscp marking placed in queue 1, with very little traffic hitting that queue, but regardless of what I do I can't get the expected bandwidth with the bandwidth limit command, even if I place my iperf traffic in that priority queue.
My clients switch is running out of Spanning-Tree instances (c3560 only supports 128 instances). I know that running RSTP with VSTP can mitigate this that all instances over 128 will be handeled by RSTP, but before I implement this are there any other thoughts out there on how to mitigate this. Would MSTP be able to handle more STP instances or MISTP perhaps?
Is it possible to reduce de recoveery time after an interface shutdown? Current interface configuration is as follows and it takes 1 second to recover from a shutdown. I need to decrease this time.(Cisco Catalyst C3560) [code]
I am not on site and I have not seen a WS-C3750V2-24PS-S. Customer has a stack of 6 x WS-C3750V2-24PS-S and one unit has failed. We do not have a WS-C3750V2-24PS-S spare. Can we replace it with a standard WS-C3750-24PS-S (not V2) switch and be part ofthe stack.
1. Are there any traps gotchas? 2. What about IOS versions - aren't they different for V2 switches 3. Are the stack ports and stack cables same for both WS-C3750V2-24PS-S and WS-C3750-24PS-S 4. What is the main reason for bringing out the V2 switches. What features do they have extra?
Cisco cannot login? Currently i cannot login to the two of my cisco 3560 with the password that i usually used to login. and it is strength to me that its Configuration register is 0xF.
[BEGIN] 10/4/2011 10:22:57 AMshoTC-NGN-C3560-1>show verTC-NGN-C3560-1>show version Cisco IOS Software, C3560 Software (C3560-IPSERVICES-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)Copyright (c) 1986-2007 by Cisco Systems, Inc.Compiled Thu 19-Jul-07 18:15 by nachenImage text-base: 0x00003000, data-base: 0x01300000 ROM: Bootstrap program is C3560 boot loaderBOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(25r)SEC, RELEASE SOFTWARE (fc4) TC-NGN-C3560-1 uptime is 50 weeks, 6 days, 9 hours, 34 minutesSystem returned to ROM by power-onSystem image file is "flash:c3560-ipservices-mz.122-35.SE5/c3560-ipservices-mz.122-35.SE5.bin"
I have got my ccna voice lab configured and is up and running, my switch is configured with 2 differents Vlans (Data & Voice) and the fa 0/1 is configured as trunk port connecting to the CME router. I can telnet or ssh to all the devices on the network but only the switch in not accepting the request the only message I am getting is "request timeout".
I was working with Opmanager software to monitor my network, and i downloaded the Netflow plugin, i tried to enable the netflow on my core switch c3560 but I was surprised that it does not support the NetFlow, after many resersh most of URL's say it does not support until i found another URL from Cisco Says that it support Flexble netflow now, but i think we should update the IOS.
I have some c3560 with system MTU set 1546 with interface VLAN10 whose MTU size is 1546 and there is no possibility to change it to another value. and we have some cisco 2600 where I can't set MTU bigger as 1500. I have a problem in establishing the OSPF adjacency between cisco 2600 abd 3560 , the command "ip ospf mtu-ignore" is set on both side but it doesn't work - the OSPF packets which are sent by c3560 are simply lager as 1500 bytes and are dropped by cisco2600.
the problem is that sometimes c7200 losses their BGP session, I would say in most cases it happens between NPE400 and NPE-G1/G2 whit error message like "session closed by a peer x.x.x.x" after some seconds BGP session goes again UP , and then after some minutes again DOWN .
it can be MTU problem, as the traffic passes those c35660 with MTU1500. The neighbour status showes that "transport tcp path-mtu-discovery" is enabled an all neighbours but it seems doesn't work. if I disable the path-mtu-discovery on the neighbours - the BGP session between them stays stable.
On my study lab I have got 2 switches a c3560 running IOS and a c2948g-ge-tx running CatOS. Both switches has SFP ports, I would like to configure ether channel between them switches using 2 SFP ports on each switch.
My question is if such configuration is possible and how to configure ether channel so that VLANS can travel between both switches running different operating system. I have tried but it's no working,
