I have a Cisco 2960g 48-port switch. I've determined ports 25-28 are not functioning properly. Here is what works:

-I can get a DHCP address
-I can ping to/from a workstation connected to these ports.
-I can ping machines on the internet
-I can telnet from these ports to machines on my LAN.

Here is where it fails:

-I cannot access any windows file shares on other workstations in the domain
-I cannot establish HTTP connections to web sites (no web browsing).

The strange thing is that this is a layer 2 switch, and all my symptoms point to a layer 4 or above problem. But why is the problem specific to these ports?

I've checked the following on the switch:

-all ports are on the same VLAN (1).
-Problem ports 25-28 have no input, output, frame errors, etc. All 0.
-Tried issuing shut and no shut on the ports and it didn't help.
-port counters look normal. Everything looks normal from the switch's perspective.

The only thing I haven't tried is a switch re-boot (it's in production).

Anyone have any ideas or suggestions?


here's some troubleshooting paper

nothing really jumps out.

humm what I would do in this case, since this is a production switch is copy/save the port configuration on this port [25], then reconfigure it with no security and as a dynamic access port. see if you've still got problems.

Run that sh controllers on all of the suspect ports and on 1 of the good ports and compare the FCS Errors seen on them. You might be on to something.

Well, I looked at the counters for all my other active ports (37 total), and NONE of them have even a single FCS error, and the counters have not been reset in months.

Ports 25-28, however, have generated these FCS error counts just from me testing today.

25 1956
26 217
27 4532
28 89

sh interface and choose the gigabyte port 25 interface.

post the results. you should have a # in the packets output and packets input.

Also want to see if you have any interface resets and output drops.

What your seeing on the show controllers looks to be your pinging

EDGE-SWITCH1#sh interface g0/25
GigabitEthernet0/25 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 001e.4940.ff19 (bia 001e.4940.ff19)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 3000 bits/sec, 3 packets/sec
5 minute output rate 3000 bits/sec, 3 packets/sec
94368 packets input, 20616472 bytes, 0 no buffer
Received 772 broadcasts (0 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 214 multicast, 0 pause input
0 input packets with dribble condition detected
5188703 packets output, 668333550 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out

on this switch. If so, this might ne a good time to call Cisco and tell them what's happening and about the FCS errors.

Collapse -

is the flow-control is off rather than unsupported. Everything else looks like the port is actually working properly.

The 3 resets looks suspicious. If you haven't rebooted the switch or changed the config recently you shouldn't have any resets on the port. [A reset might be necessary for a port security violation].

