Solved: Re: Cisco switch C9300 intermittently disconnects from multiple testers

Rockiez · ‎08-13-2019

Hi Cisco Team,

I'm an amateur and interesting the Cisco switch so would like to bring the issue here to get the advice for next steps. pls refer to details below. Thanks in advance.

Problem statement:

I have a Cisco C9300-48T that is connecting 30 ports including 10 PCs Tester I (10.250.0.1 ->10.250.0.10) and 10 PC Tester II (10.250.1.1 ->10.250.1.10) and 10 PC Tester III (don't use). The cisco is just using 10 PCs Tester I and 10 PCs Tester II. Those PCs are facing the network intermittently disconnection issue. Once the Cisco disconnected from PCs, the containment action is users have to restart those PCs to reconnect to Cisco as temporary action so far.
There is a Netgear switch that connects to our company network and main PC to Cisco 9300-48T switch.
There are 2 new machines have been using this Cisco C9300-48T that facing the issue
The other machine has been using Cisco WS-C3560X-48 that have never met the problem.
I have checked physical condition for all LAN cables & ports, but there is no problem with all ports & cables.

Note : The attachment files is #show tech-support of both cisco WS-C3560X-48 and C9300 48T that obtained by Putty thru USB console cable.

Help needed:

What is the difference between 3560 and 9300 current configuration? Any configuration impacts to the interrupted connection?
I can log in 3560 by Putty on PC main thru Telnet with login and password local but I can't log in 9300 by Putty on PC main thru Telnet. Once I tried to access, the command log showed "Password required but none set". Could you help to show me how to set up login and password as local? This may help to login thru Putty without using USB console cable.

Giuseppe Larosa · ‎08-19-2019

Hello Rockiez,

on the new C9300 under

line vty 0 4

login local

line vty 5 15

login local

you need the command login local to use a username/password pair locally defined on device to be able to telnet to it.

This works until you have AAA new-model disabled.

That means the following global command:

>> no aaa new-model

About your issues with specific PCs on the new switch try to upgrade their NIC drivers.

This can make the difference.

Edit:

you are using the feature that makes DHCP to assign a single IP address to a switch port

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/dhcp-prt-bsd-aa.html

The C3560 port have no configuration at interface level for this

! C3560

interface GigabitEthernet0/1
switchport access vlan 10
!

on the new C9300 the command is reported in interface configuration mode

interface GigabitEthernet1/0/1
description vlan-10
switchport access vlan 10
switchport mode access
>> ip dhcp server use subscriber-id client-id

This may be related to different IOS running on the two switches.

According to the document linked above the interface level command is not necessary (optional)

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎08-19-2019

Hello Rockiez,

on the new C9300 under

line vty 0 4

login local

line vty 5 15

login local

you need the command login local to use a username/password pair locally defined on device to be able to telnet to it.

This works until you have AAA new-model disabled.

That means the following global command:

>> no aaa new-model

About your issues with specific PCs on the new switch try to upgrade their NIC drivers.

This can make the difference.

Edit:

you are using the feature that makes DHCP to assign a single IP address to a switch port

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/15-sy/dhcp-15-sy-book/dhcp-prt-bsd-aa.html

The C3560 port have no configuration at interface level for this

! C3560

interface GigabitEthernet0/1
switchport access vlan 10
!

on the new C9300 the command is reported in interface configuration mode

interface GigabitEthernet1/0/1
description vlan-10
switchport access vlan 10
switchport mode access
>> ip dhcp server use subscriber-id client-id

This may be related to different IOS running on the two switches.

According to the document linked above the interface level command is not necessary (optional)

Hope to help

Giuseppe

Rockiez · ‎08-19-2019

Hi Giuseppe,

Thanks for the recommendation. As per C9300 configuration, is the following command necessary for the switch or just optional because the IOS XE version is 16.10.1 which requires to config DHCP as compulsory. Any configuration failed whether I remove that one :)

"ip dhcp server use subscriber-id client-id"

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9300/software/release/16-11/configuration_guide/ip/b_1611_ip_9300_cg/configuring_dhcp.html#concept_52F0E91C4D7E4E08BD7A375818C801DD

Regards,

Van Hai

Giuseppe Larosa · ‎08-19-2019

Hello Van Hai,

yes in the document you have provided the configuration command under the interface looks like necessary and not an optional command anymore. This sometimes happens with new IOS versions some commands can change their meaning.

In this case, you should keep the command configured under each interface in use.

As I have noted in my first post in this thread you should look at upgrading NIC drivers of the PCs with issues to see if this can fix them.

Hope to help

Giuseppe

Rockiez · ‎08-20-2019

Regarding your method on NIC driver upgrade, we can't implement upgrade for all the PCs because of cisco 9300. There are a lot of PCs which also are running with cisco 3560 without intermittently disconnecting. Besides your method, any thing else to check the connection performance such file logging in the real time that can monitor. Tks

Rockiez · ‎08-26-2019

Hi sir,

Any method or command to get the log message from cisco by real time for C9300 ?

Thanks

Rockiez