Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
0
Helpful
2
Replies

Catalyst Tried to Take over as Core?

deaseechris
Level 1
Level 1

‎02-22-2016 08:24 AM - edited ‎03-08-2019 04:40 AM

My office is running a dual nexus 5k core, with catalyst 4506 closet switches at the user level. Today, I applied the following commands on one of the 4506s:

no switchport trunk native vlan 64
no switchport trunk allowed vlan 64,68
no switchport block unicast
no ip access-group ACL-ALLOW in
no authentication event fail action next-method
no authentication event server dead action authorize vlan 64
no authentication event server alive action reinitialize
no authentication host-mode multi-auth
no authentication order dot1x mab
no authentication priority dot1x mab
no authentication port-control auto
no authentication periodic
no authentication timer reauthenticate server
no authentication violation restrict
no mab
no snmp trap mac-notification change added
no snmp trap mac-notification change removed
no dot1x pae authenticator
no dot1x timeout quiet-period 300
no dot1x timeout tx-period 8

This resulted in the core losing all connection to several, "core" vlans that are not associated within the catalyst switches. After consoling into the core (due to the radius being no longer reachable), it appeared to take on only the vlans that were within the switch I applied the commands to. Given that the commands were only to user switchports, and they were only in reference to ise configuration, i believed them to be inoculate. Has anybody seen or experienced this before? If so, what was the problem?

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-23-2016 01:19 AM

My first guess is it must have touched a trunk port to another switch.

Are you running up to date software on the 4506?

0 Helpful

deaseechris
Level 1
Level 1
In response to Philip D'Ath

‎02-23-2016 06:14 AM

that was my first thought too, but each of our 4506s (closets) only have dual fiber runs back to the n5ks (core). The 4506s are not interconnected and there are no other connections, outside of users. I also verified that the core is the only ones running vtp server. all of the catalysts are running vtp transparent. 

the vlan interfaces never went away, but a sh vlan did not list them on any port channels or ports. From the global config on the cores, the, "vlanXXX" was given and the vlans came back up. I was half-hoping that the problem would have happened again so i could recreate it, but it has yet to do it again. As I have 5 more 4506s to do this to, i'm nervous that it has no pattern. I cannot tell what caused it, so i don't do it again. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card