cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2253
Views
0
Helpful
13
Replies

2960 Switches IOS 15.0(2) SE5: no telnet http ssh ...

After some months about 100 switches of 120 have loosen the possibility of telnet http etc.

No way to manage the switches. A hardware reset needed!!!

Regards

  Donato

13 Replies 13

Jay Vivas
Cisco Employee
Cisco Employee

Can you telnet to the router and then from there telnet to the switch? Can you ping the switch from it's gateway? How do you know that these services are down but the switch is up?

I can ping the switch but telnet ssh http either locally or remote don't work.

The switching functions are operative.

I am assuming you have had access to these switches before, ie the vty line password is set, since you can ping we don't have to worry about the switch having lost it's config. Are you local or remote? I ran a bug search but didn't see any issues on this firmware. Has anything changed lately? Any new ACLs maybe?

My problem is described here:

https://supportforums.cisco.com/discussion/11812636/memory-leak-catalyst-2960-2960s-similar-bug-cscts52797

It seems there is no solution except the hardware reset!

 

 

That bug is said to have been resolved in 15.0.1(SE1) only affecting 15.0.1 and earlier. Are you sure the version you are running is 15.0.2? Also this happens when the switch runs out of RAM. Does your network have a large number of VLANs, trunkports w/o pruning, ect...?

Absolutely sure that the version I am running is 15.0(2) SE5-UNIVERSALK9.

My switches have 4 VLANs and 2 trunports: a simple configuration.

 

Sorry,

I went to the link you sent and cross referenced them with our internal documents and apparently you are correct, this bug has popped back up in 15.0.2(SE5). So the fix is a hard reboot and then to downgrade to 15.0.2(SE4).

How can you do that without someone on site? Without a PDU connected to your switches I don't think this is possible. Sorry I don't have better news for you.

As far as your configuration goes, 4 VLANs and 2 trunkports (per switch?). This is an easy network to configure, however it is not an easy network for your switches to support. If 120 switches all share 4 VLANs, and these VLANs are on every switch, this means every packet(e.g. ARP, DHCP, HTTP) will go to every switch. This not only clogs the trunk ports but as you are seeing now it bogs down the CPU and RAM. Cisco suggests you localize the VLANs on your access switches.

Sorry I can't be of more help. I hope you have a great day after all this settles down.

My switches are spread over 30 locations, different subnets each with its own router connected trough a WAN.

What about upgrading to 15.0.2(SE6) ?

The downgrade to 15.0.2(SE4) is straightforward?

Thanks

 

Are these 2960x series switches?

Can you post the output of "sh ver" from one of them?

 

gmti-anto-serr-h-052>sh ver
Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.0(2)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Fri 25-Oct-13 13:41 by prod_rel_team

ROM: Bootstrap program is C2960S board boot loader
BOOTLDR: C2960S Boot Loader (C2960S-HBOOT-M) Version 12.2(55r)SE, RELEASE SOFTWARE (fc1)

gmti-anto-serr-h-052 uptime is 1 day, 44 minutes
System returned to ROM by power-on
System restarted at 16:15:48 UTC Tue Mar 3 2015
System image file is "flash:/c2960s-universalk9-mz.150-2.SE5/c2960s-universalk9-mz.150-2.SE5.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C2960S-24PS-L (PowerPC) processor (revision H0) with 131072K bytes of memory.
Processor board ID FOC1750W66Q
Last reset from power-on
3 Virtual Ethernet interfaces
1 FastEthernet interface
28 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 6C:99:89:51:89:00
Motherboard assembly number     : 73-11908-09
Power supply part number        : 341-0393-02
Motherboard serial number       : FOC17505L3P
Power supply serial number      : LIT1744048M
Model revision number           : H0
Motherboard revision number     : A0
Model number                    : WS-C2960S-24PS-L
Daughterboard assembly number   : 73-11933-04
Daughterboard serial number     : FOC17500QDP
System serial number            : FOC1750W66Q
Top Assembly Part Number        : 800-30945-04
Top Assembly Revision Number    : C0
Version ID                      : V04
CLEI Code Number                : COMGE00ARD
Daughterboard revision number   : A0
Hardware Board Revision Number  : 0x01


Switch Ports Model              SW Version            SW Image                 
------ ----- -----              ----------            ----------               
*    1 28    WS-C2960S-24PS-L   15.0(2)SE5            C2960S-UNIVERSALK9-M     


Configuration register is 0xF

gmti-anto-serr-h-052>

 

Here is the bug search link you can use:

https://tools.cisco.com/bugsearch/bug/cscts52797

I didn't see any thing on 15.0.2(SE6) but I did see something connected to this bug on15.0.2(SE7)

It seems that 15.0.2(SE4) is the most stable. I would suggest using this firmware.

As far as downgrading, the process would be the same as upgrading.

This is the experience of other users:

I was hoping to resolve a memory leak issue that we've had on 2960S'es running 15.0.2-SE4. Unfortunately, this didn't help. Memory usage gradually ramps up until it's impossible to log into the switch anymore, so I have to monitor the memory usage and schedule reboots periodically. I'll have to open a TAC case to see if there's a workaround or if they can get a fix into the 15.0 train.

I have the same problem with another version, 15.0(2)SE7. Can someone help me and let me know if have experienced this issue with the version 15.0(2)SE7?

 

So at the moment it seems that the periodic reload is the only avalaible workaround. Any other solution from cisco?

 

 

15.0.2-SE4 is a firmware I was told was working fine here in our lab but like you this may be due to not much going through the switch. Here is a list of firmware that Cisco has approved as Known fixed releases. I have not put most of these into a lab that would resemble your production environment, but if Cisco approved it this means someone has done some testing for this issue. I hope this helps. Also you might consider going down to 12.2.(55).

This was the solution for SR627156829 which is a high traffic/high memory network.

Again, sorry about the misinformation about 15.0.2-SE4

If you want to track the status of this bug here is the link:

https://tools.cisco.com/bugsearch/bug/cscts52797

15.0(1)EY2
15.0(1)SE1
15.0(1)SE2
15.0(1)SE3
15.0(2)EA
15.0(2)EB
15.0(2)EC
15.0(2)EH
15.0(2)EK
15.0(2)EK1
15.0(2)EX
15.0(2)EX1
15.0(2)EX3
15.0(2)EX4
15.0(2)EX5
15.0(2)SE
15.2(1)E
15.2(1)E1
15.2(1)E2
15.2(1)E3
15.2(1)EY
15.2(2)E

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: