cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5144
Views
5
Helpful
2
Replies

Access Layer switch ports showing AMBER on active ports

M Talha
Level 1
Level 1

Hello Everyone,

Well i am encountering a problem where i am unable to connect through the the internet from my ACCESS layer switches which are connected to a DISTRIBUTION switch i.e Cisco 3550 , Where as all other distribution & Access layer switches connected to them are working properly on my network. Everything is running perfectly on this 3550 switch and i am able to ping the google public DNS 8.8.8.8.8 from this DISTRIBUTION and further ACCESS layer switches connected to this DISTRIBUTION shows proper connectivity as trunk ports shows green light and continuous blinking but active ports on the access layer shows AMBER and users are not been able to browse the INTERNET. Please Help me in this regard and any help would be greatly appreciated.

2 Replies 2

Mark Malone
VIP Alumni
VIP Alumni

Hi so all other access switches can reach the internet yes just 1 effected that's linked to the 3550 ?

Can you post the logs from the access switch effected along with its show int trunk and show run if its layer 2

Can this effected switch reach other switches in the lan without issues?

Have you the same gateway set as the other access switches ?

Are these user ports DHCP are they getting an address and DNS information ?

Peter Paluch
Cisco Employee
Cisco Employee

Hi Muhammad,

An amber color indicates that the port is blocked because some error condition has been detected. These are some (though not all) reasons for a port to be indicated as amber:

  • A port being blocked by STP (this needs to be further inspected by show spanning-tree and show spanning-tree interface interface-name to precisely identify the cause why STP blocked the port)
  • A port assigned to a non-existent VLAN. This can often happen when a VLAN is deleted after ports have been assigned to it. To verify that, check the configuration of the port, looking for switchport access vlan commands and then verifying in the show vlan brief output whether the particular access VLAN exists.
  • A port assigned to a VLAN that is suspended or locally shutdown. To verify that, check the output of the show vlan brief and note the Status column in the output. It must show active; it must not show suspended or lshut.
  • A port that is a trunk but on which all VLANs are disallowed/pruned. To verify that, check the output of the show interfaces trunk and check the lowmost section of the output showing VLANs that are active and STP forwarding on a particular VLAN

Best regards,
Peter

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco