that command is what i type - portfast is added and we write mem

"switchport host" is a maco

once done you get this -

int g1/0/1

switchport mode access

spanning-tree portfast

we tried all variants i should add of having a "default port" - default switch vs. anything we could think to throw on the interfaces or in global config.

this all started with "the switch just not working" once it was powered on and devices connected

thanks

Hello

This all stems from a switch replacement correct?

Are these 3850's in a stack?
Does it have a managment ip address -If so, is it using the old switch ip address
What are they connecting to? (a router/L3 switch/anohter switch- cisco-HP etc..)
How are they connected( L3 interface/L2 trunk/access port)
Are thse switches performing inter-vlan routing or just acting as host switches?
Is ip routing enabled?
Do you have multiple vlans in your network and if so ar ethe being propergated to these new switches?

Your 7 pcs = are they just client pcs not servers?
can you confirm something like ICS isnt enabled (Internet connection sharing)  on any of them?

Are the just using one NIC each?


Can you post the running config of theses two switches

Also
sh switch
sh int trunk
sh vlan brief
sh vtp status
sh cdp neighbours
sh ip route

res

Paul


 

thanks for replying - i'm not onsite (its a standalone network) - but here is what it is -

Answers in line -

This all stems from a switch replacement correct?

yes a 10 year old Allied Telesyn switch was replaced that had no config - like a hub, just used for connectivity.

Are these 3850's in a stack?

>yes, tested all aspects of the stack many times.

Does it have a managment ip address -If so, is it using the old switch ip address

>old switch had no ip - i made a "management interface" on vlan 1 - BUT no ip on the built-in management interface on the switch.

What are they connecting to? (a router/L3 switch/anohter switch- cisco-HP etc..)

>various other devices - only 1 link back to a single 3750x stack. that switch is "hardened" so to speak to reveal or propagate very little by design.

How are they connected( L3 interface/L2 trunk/access port)

>all ports are left in trunk mode with vlan 1 as the active and untagged port. this was the workaround done to ever get the switch going. in "out of the box" or default mode as we initially wanted (no config) links to windows 7 PC's didnt work. links to linux or other devices non-windows did work!

Are thse switches performing inter-vlan routing or just acting as host switches?

>dumb flat network, no routing.

Is ip routing enabled?

>not unless enabled on 3850 by default. I didnt type "ip routing"

Do you have multiple vlans in your network and if so ar ethe being propergated to these new switches?

Your 7 pcs = are they just client pcs not servers?

client PC's - no servers OS per say.

can you confirm something like ICS isnt enabled (Internet connection sharing)  on any of them?

>yes not enabled.

Are the just using one NIC each?

> one machine is dual homed - but we know where its "second nic" goes - to another cisco network which is NOT connected back to this one. we traced all our ports a few times thinking even perhaps some small hub was "reflecting" traffic back to us - like a blackbox. Strangest thing -

default config out of the box - with ALL ports SHUTDOWN EXCEPT the single windows 7 facing port - the windows 7 machine STILL registered an IP CONFLICT when connected to the 3850 - even when it had NO SVI's!!! (i know mind numbing). if you disconnected the pc and connected it to an old cisco switch - it worked fine!!! wow.

sh switch

2 identical 3850's in working stack. power and network stacked. both at same version, etc - upgraded each time with "software install file flash:<long ios name>.bin

tested all power and general 3850 stacking. saw no issues.

sh int trunk

>all ports are now trunks (hence the workaround used to get it up).

has 20 trunks to PC's and some single connected switches (far away on fiber) - all allow only vlan 1 - no other vlans were created - very very simple network. vlan 1 is native

sh vlan brief

>just vlan 1 - no vlans created, checked this many times - had vlan 100 at one point - made sure it was gone over a period of hours.

sh vtp status

not setup - left complete default; no vtp domain set - connected to all switches in transparent model if a switch connection exists.

sh cdp neighbours

cant post (for god and country LOL) but there is one link back to our "core" so to speak - that switch is hardened not to allow any settings to slip over to new switches so hence no vtp, cdp is one to help troubleshooting.

sh ip route

just the L and C routes for the vlan 1 ip address 192.168.17.1/24

no static routes

no vlan interfaces other than int vlan 1

no ip address on g0/0/0 -> the default 3850 management interface hard assigned to the 3850 VRF you cant remove.

int g0/0/0

ip vrf forwarding Switch_Mgmt

i can get over there if you think of anything else key to show the group.

thanks,

Joe

Are you saying in your original post that the problem manifests with both IOS-XE 3.3.5 and 3.7.0?

We have recently deployed a large number of 3850s (~400 scattered across single switch and stack deployments), all running IOS-XE 3.3.5 and have not encountered this problem. We have held off on IOS-XE 3.7.0 since it is a very new major release.

The client ports are a broad mix of devices, including many Windows 7 and Windows 8 PCs with both static and (mostly) DHCP-assigned addresses. The interfaces don't have any special setup or workaround - mostly just "switchport mode access", "switchport access vlan nn" and spanning-tree portfast".

The last time I saw a problem anything like yours, it was due to some newer ASA code needing me to turn off proxy ARP for the interface connecting towards the clients ("sysopt noproxyarp <interface>" in the ASA config).

they came out of the box brand new Wednesday with 3.2.3SE (Sept 2013)

we tried 3.3.35SE and then 3.7.0 to (desperately) try and resolve this issue.

our main facilities have 3.2.2 SE (June 2013) but no windows 7 access ports.

this is very strange - we are opening a tac case and we will post that # here shortly.

I'd be very curious to see how far you get with this. I was getting hit by random duplicate IP errors for machines with static IPs over a year ago. Back then I found a thread on here that said to use nmsp attach suppress on all the physical interfaces and things have been better since. I'm on 3.3.3 right now and when I do a show run, I do see the nmsp attach suppress in the config.

There's been a 4500X tossed into the mix and the nmsp attach suppress doesn't work on there, i had to put device tracking max to 0 on all ports.

Right now my biggest problem is VMs reporting false duplicate IPs (not often but it happens occasionally) but the physical machines seem fine.

Thanks for the insight.

we voted to hold off our customer 3850 upgrades for a year and explore other switch vendors... 

there should not need to be a "work around" to simply unboxing the switching and using it at its simplest level - a layer 2 switch with 1 vlan.

Cisco has done a "Pete carroll passing on the 1 yard line with Marshawn Lynch" and out thinked itself with this ip device tracking. i hope that feature was worth upsetting a loyal client base.

not cool