Question

Locked

Strange Cisco switch ports problem

By kbreiner ·
I have a Cisco 2960g 48-port switch. I've determined ports 25-28 are not functioning properly. Here is what works:

-I can get a DHCP address
-I can ping to/from a workstation connected to these ports.
-I can ping machines on the internet
-I can telnet from these ports to machines on my LAN.

Here is where it fails:

-I cannot access any windows file shares on other workstations in the domain
-I cannot establish HTTP connections to web sites (no web browsing).

The strange thing is that this is a layer 2 switch, and all my symptoms point to a layer 4 or above problem. But why is the problem specific to these ports?

I've checked the following on the switch:

-all ports are on the same VLAN (1).
-Problem ports 25-28 have no input, output, frame errors, etc. All 0.
-Tried issuing shut and no shut on the ports and it didn't help.
-port counters look normal. Everything looks normal from the switch's perspective.

The only thing I haven't tried is a switch re-boot (it's in production).

Anyone have any ideas or suggestions?

Thanx
Karl

This conversation is currently closed to new comments.

19 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Can you post a sanitized config

by NetMan1958 In reply to Strange Cisco switch port ...

Maybe it's a vlan-acl or NAC issue. If you post your config, I'll take a look.

Collapse -

config

by kbreiner In reply to Can you post a sanitized ...

NetMan,

Here is my running-config:

Current configuration : 13527 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname EDGE-SWITCH1
!
enable secret 5 $1$Jajj$lgsNQVdD/m4FEB3m9smM5.
enable password ***
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
no ip igmp snooping
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/4
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/5
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/6
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/7
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/12
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/13
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/14
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/15
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/16
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/17
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/18
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/19
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/20
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/21
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/22
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/23
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/24
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/25
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/26
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/27
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/28
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/29
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/30
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/31
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/32
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/33
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/34
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/35
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/36
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/37
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/38
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/39
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/40
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/41
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/42
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/43
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/44
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/45
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/46
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
interface GigabitEthernet0/45
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/46
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/47
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/48
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface Vlan1
ip address 192.168.1.105 255.255.255.0
no ip route-cache
!
ip http server
!
control-plane
!
!
line con 0
exec-timeout 0 0
line vty 0 4
password ***
login
line vty 5 15
password ***
login
!
end

Collapse -

Config Looks OK

by NetMan1958 In reply to config

I don't see anything in the config that would cause your issue. It makes me suspect something on the computers connected to those ports. Did the computers on those ports work OK previously? Just for the heck of it, if you haven't already done so, unplug the cable for one of your workstations that are able to fully access everything and plug that cable into one of the suspected ports and see if that computer then experiences the same problem.

Collapse -

it's not the computers

by kbreiner In reply to Config Looks OK

Yeah, well here's the strange thing. I initially went under the assumption that it WAS the computer, until I tried plugging several working computers into the 4 problem ports, and much to my surprse, I saw the same behavior. In fact, that's how I found the problem ports, since the switch gave me no indication of any errors. I tested each port manually on the switch until I identified the 4.

Collapse -

Switchport port security protect

by CG IT In reply to it's not the computers

will allow a computer to connect but their frames are dropped. Thus you will get a link light, but you can't pass frames.

If the switchport port-security maximum is 1
with the switchport port-security mac-address sticky

then any comp that connects that isn't the original one, frames will be dropped but you will get a link light.

If the running-config was not copied to the startup-config, you can reboot and the whole config is wiped. If it's been copied, then your out of luck. You can copy this config to a TFTP server, reboot and reload run-config from TFTP or make the switch look for a TFTP server to load a run-config so you can test your config, reload the old one.

note: the switch by default will allow all frames to be sent, so if you wipe out your config, you probably only lose the switchport security config,

Collapse -

Port Security

by NetMan1958 In reply to Switchport port security ...

If port security was causing frames to drop I don't think he would be able to ping and telnet from those ports as he said in the original post. That's what is wierd about this. Makes you think huh?

Edited to add:
You can check to see if there are any violations with the command:
"sh port-security"

Collapse -

port security seems ok

by kbreiner In reply to Switchport port security ...

I don't think it's a port security issue. There are no violations reported on ports 25-28. Also, I issued a..

no switchport port-security

..on interfaces 25-28. It did not help.

-----------------------------------------
EDGE-SWITCH1#show port
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Gi0/1 1 0 0 Restrict
Gi0/2 1 1 0 Restrict
Gi0/7 1 1 0 Restrict
Gi0/8 1 1 0 Restrict
Gi0/9 1 0 0 Restrict
Gi0/10 1 1 0 Restrict
Gi0/11 1 1 0 Restrict
Gi0/12 1 1 0 Restrict
Gi0/13 1 1 0 Restrict
Gi0/14 1 0 0 Restrict
Gi0/15 1 0 0 Restrict
Gi0/16 1 1 0 Restrict
Gi0/17 1 0 0 Restrict
Gi0/18 1 0 0 Restrict
Gi0/19 1 1 0 Restrict
Gi0/20 1 0 0 Restrict
Gi0/21 1 0 1375 Restrict
Gi0/22 1 0 0 Restrict
Gi0/23 1 0 0 Restrict
Gi0/24 1 1 0 Restrict
Gi0/25 1 0 0 Restrict
Gi0/26 1 0 0 Restrict
Gi0/27 1 1 0 Restrict
Gi0/28 1 0 0 Restrict
Gi0/30 1 0 0 Restrict
Gi0/31 1 0 0 Restrict
Gi0/32 1 1 0 Restrict
Gi0/33 1 0 0 Restrict
Gi0/34 1 1 0 Restrict
Gi0/35 1 0 0 Restrict
Gi0/36 1 0 0 Restrict
Gi0/37 1 1 0 Restrict
Gi0/38 1 0 4 Restrict
Gi0/39 1 0 0 Restrict
Gi0/40 1 1 0 Restrict
Gi0/41 1 1 0 Restrict
Gi0/42 1 0 15 Restrict
Gi0/43 1 0 0 Restrict
Gi0/45 1 0 0 Restrict
Gi0/46 1 0 0 Restrict
Gi0/47 1 0 0 Restrict
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 8192

Collapse -

humm.... so what mac address is associated with

by CG IT In reply to port security seems ok

the ports in question? are they the same as the comps.

Restrict will alert via SNMP of a violation and give you who did it.

If you can't pass packets, then I would say it's a security issue on the ports.

will go back and look at original post.

do a sh controllers and show the output for the ports your having problems with. don't need the others.

Collapse -

At this point

by NetMan1958 In reply to port security seems ok

I think I would setup a monitor session with one of those ports as the source and run a sniffer while you try to hit a web page from the computer on that port and see if that gives you any clue as to what's causing the problem.

Collapse -

system FCS error frames

by kbreiner In reply to Switchport port security ...

Interesting. Did a show controllers on port 25 and the thing that jumps out immediately is the high number of FCS errors (1591). Could this be a defect in the switch?

-------------------------------------
Transmit GigabitEthernet0/25 Receive
1857575 Bytes 696358 Bytes
2815 Unicast frames 2898 Unicast frames
1573 Multicast frames 62 Multicast frames
3839 Broadcast frames 79 Broadcast frames
0 Too old frames 679749 Unicast bytes
0 Deferred frames 7426 Multicast bytes
0 MTU exceeded frames 9183 Broadcast bytes
0 1 collision frames 0 Alignment errors
0 2 collision frames 0 FCS errors
0 3 collision frames 0 Oversize frames
0 4 collision frames 0 Undersize frames
0 5 collision frames 0 Collision fragments
0 6 collision frames
0 7 collision frames 761 Minimum size frames
0 8 collision frames 1283 65 to 127 byte frames
0 9 collision frames 557 128 to 255 byte frames
0 10 collision frames 61 256 to 511 byte frames
0 11 collision frames 247 512 to 1023 byte frames
0 12 collision frames 130 1024 to 1518 byte frames
0 13 collision frames 0 Overrun frames
0 14 collision frames 0 Pause frames
0 15 collision frames
0 Excessive collisions 0 Symbol error frames
0 Late collisions 0 Invalid frames, too large
0 VLAN discard frames 0 Valid frames, too large
0 Excess defer frames 0 Invalid frames, too small
4431 64 byte frames 0 Valid frames, too small
2760 127 byte frames
1161 255 byte frames 0 Too old frames
549 511 byte frames 0 Valid oversize frames
444 1023 byte frames 1591 System FCS error frames
473 1518 byte frames 0 RxPortFifoFull drop frame
0 Too large frames
0 Good (1 coll) frames
0 Good (>1 coll) frames

Back to Networks Forum
19 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums