Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4716
Views
10
Helpful
9
Replies

Config Suggestions for Catalyst 9200 Switch

giorivera
Level 1
Level 1

‎03-13-2021 09:12 PM

Hello! Wondering if you guys can assist a newbee. I have a 9200 switch with a C9200-NM-4X, where te1/1/1 and te1/1/2 have 1Gig SFP. I wanted to use the switch to sit at the edge where it will replace an aging Allied Telesis switch. Looking at topology: ISP --> c9200 --> Firewall --> LAN

 

Interface te1/1/1 is connected to ISP and te1/1/2 is connected to the firewall. Issue during tests: did not get a connection to ISP, where interfaces at both ISP router and my c9200 te1/1/1 were not lit. All interfaces are member of default VLAN1, and interface vlan1 is set with an IP/Mask. IP Route is set as well. Interface te1/1/2 (firewall link) is lit at both 9200 and firewall, but does not show up on the "#sh cdp nei" also cannot ping the firewall IP. Any suggestions on configuration for the 9200 interfaces? Would be greatly appreciated. Thank you so much!

0 Helpful
9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

‎03-14-2021 12:54 AM

You need to post what is the configuration applied now on Cat 9200.

 

Cat 9200 uplink ports  -4x 1G/10G network module capable - what kind of SFP you using to connect.

 

Options :

 

configure on ISP side port -try no speed nonegotiate

 

or post below output :

 

show run

show interface ten 1/1/1

show interface ten 1/1/1 trans

 

but does not show up on the "#sh cdp nei" also cannot ping the firewall IP.

 

you can configure cdp run globally or interface level - make sure other device should also be configured and supported.

most case FW block all traffic by default including ICMP, do you have IP address on switch? ( what FW is this ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎03-14-2021 04:34 AM

Hello

Are the ports running the correct speed/duplex, you have 10gb ports on the switch with I assume installed  1/10GB copper SFPs but do the ISP and Fw support devices support 10GB, Also are the SFP's compatible with he 9200 switch.

sh int x/x
sh int x/x transceiver properties detail


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎03-14-2021 01:03 PM

It might be helpful to see the output of the command show interface status

HTH

Rick
0 Helpful

giorivera
Level 1
Level 1

‎03-14-2021 02:44 PM

Thank you all for the replies, I truly appreciate them. Sorry I wasn't able to include the configs on my post as we had to rollback quickly to our old Allied Telesis Rapier24i switch. Our shop has a division that operates 24/7 and maintenance windows are hard to schedule and window when given is short, hence I failed to copy the results during troubleshooting and therefore was only able to post the symptoms and not the actual results. But I have one scheduled for next week as we still have to finish this deployment so I will make sure to apply all the queries and copy all results.

So to give you an idea of hardware in use, Firewalls are Palo Alto; our 9200 switch has a network module C9200-NM-4X which accommodates 1G/10G SFP and SFP+ respectively; I currently have Cisco 1Gig SFP using LCU-LCU fiber cable on te1/1/1 (link to ISP) , te1/1/2 (link to FW-Primary) and te1/1/3 (link to FW-Backup); our ISP, I was told, has a Juniper Router, and the same SFP transceiver module as we do and same speed of 1Gig. 

*************************************************
Config considerations/questions: should this be applied to the interfaces
#int te1/1/1
#switchport mode access
#switchport access vlan 1

or

#no switchport
*************************************************

I have been experimenting some configs since then but of course I would not know if it's going to work until next week. See my original config. Keep in mind though that when I connected the 9200 to the ISP, the tech at the ISP side told me the interface at his end is not showing links, same on the 9200 te1/1/1. So we connect back to Allied Telesis.

 

9200 Original Config (during the first test with ISP), plus results of commands:
#sh run
#sh ip int br
#sh vlan
#sh ip int vlan 1
#sh int te1/1/1 trans

***********************************************************************************************

sw.edge#
sw.edge#
sw.edge#sh run
Building configuration...

Current configuration : 9606 bytes
!
! Last configuration change at 20:22:35 UTC Tue Feb 16 2021
!
version 16.11
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
no platform punt-keepalive disable-kernel-core
!
hostname sw.edge
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 9 $9$
!
!
!
!
no aaa new-model
switch 1 provision c9200-24t
!
!
!
!
!
!
!
!
!
ip arp entry learn 10240
!
!
!
!
!
no ip domain lookup
!
!
!
login on-success log
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
!
no device-tracking logging theft
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-3588999635
enrollment selfsigned

!
!
license boot level network-advantage addon dna-advantage
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
memory free low-watermark processor 87534
!
!
username netadmin privilege 15 secret 9 $9$nFMCP
redundancy
mode sso
!
!
!
!
policy-map system-cpp-policy
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.10.4.2 255.255.255.0
speed 1000
negotiation auto
!
interface GigabitEthernet1/0/1
description Link to FingerPrint Router
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
description WAN Link to ISP OTN
!
interface TenGigabitEthernet1/1/2
description LAN Link to PA3220-PRI
!
interface TenGigabitEthernet1/1/3
description LAN Link to PA3220-BU
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
ip address 10.162.2.7 255.255.255.192
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
snmp-server group
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
!
!
!
!
!
!
end

sw.edge#sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 10.162.2.7 YES manual up up
GigabitEthernet0/0 10.10.4.2 YES NVRAM up up
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down
GigabitEthernet1/0/4 unassigned YES unset down down
GigabitEthernet1/0/5 unassigned YES unset down down
GigabitEthernet1/0/6 unassigned YES unset down down
GigabitEthernet1/0/7 unassigned YES unset down down
GigabitEthernet1/0/8 unassigned YES unset down down
GigabitEthernet1/0/9 unassigned YES unset down down
GigabitEthernet1/0/10 unassigned YES unset down down
GigabitEthernet1/0/11 unassigned YES unset down down
GigabitEthernet1/0/12 unassigned YES unset down down
GigabitEthernet1/0/13 unassigned YES unset down down
GigabitEthernet1/0/14 unassigned YES unset down down
GigabitEthernet1/0/15 unassigned YES unset down down
GigabitEthernet1/0/16 unassigned YES unset down down
GigabitEthernet1/0/17 unassigned YES unset down down
GigabitEthernet1/0/18 unassigned YES unset down down
GigabitEthernet1/0/19 unassigned YES unset down down
GigabitEthernet1/0/20 unassigned YES unset down down
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset down down
GigabitEthernet1/0/24 unassigned YES unset down down
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
Te1/1/1 unassigned YES unset down down
Te1/1/2 unassigned YES unset up up
Te1/1/3 unassigned YES unset up up
Te1/1/4 unassigned YES unset down down


sw.edge#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/23, Gi1/0/24
Te1/1/1, Te1/1/2, Te1/1/3
Te1/1/4

 

sw.edge#
sw.edge#sh ip int vlan 1
Vlan1 is up, line protocol is up
Internet address is 10.162.2.7/26
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing Common access list is not set
Outgoing access list is not set
Inbound Common access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP Null turbo vector
Associated unicast routing topologies:
Topology "base", operation state is UP
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled

sw.edge#sh int te1/1/1 trans
Transceiver monitoring is disabled for all interfaces.

ITU Channel not available (Wavelength not available),
Transceiver is internally calibrated.
If device is externally calibrated, only calibrated values are printed.
++ : high alarm, + : high warning, - : low warning, -- : low alarm.
NA or N/A: not applicable, Tx: transmit, Rx: receive.
mA: milliamperes, dBm: decibels (milliwatts).

Optical Optical
Temperature Voltage Current Tx Power Rx Power
Port (Celsius) (Volts) (mA) (dBm) (dBm)
--------- ----------- ------- -------- -------- --------
Te1/1/1 18.5 3.24 21.0 -4.3 -40.0

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to giorivera

‎03-14-2021 04:21 PM

 

Config considerations/questions: should this be applied to the interfaces
#int te1/1/1
#switchport mode access
#switchport access vlan 1

If this pure layer 2 port - above config should work as expected.   try adding this command to the interface -no speed nonegotiate

 

since you mentioned and critical for business, keep 2 or 3 combination configuration to quickly resolve the issue, rather than role-back.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎03-15-2021 02:38 AM

There are several things to address:

- you tell us " Interface te1/1/2 (firewall link) is lit at both 9200 and firewall, but does not show up on the "#sh cdp nei"". In a subsequent post you tell us that the firewall is Palo Alto. Consider that cdp is a Cisco proprietary protocol and so it would be expected that Palo Alto would not respond to CDP.

- you ask if you should use no switchport on Te1/1/1. If I understand the topology correctly your switch is acting as a layer 2 switch (not as L3 switch) and that ports connecting to ISP and to firewall should be in the same vlan. If that is correct you should NOT use no switchport. No switchport would remove the interface from vlan 1 and would expect some routing logic to use with the routed port. That is not what you want. Leaving it as an access port is the right thing to do.

- the fundamental problem is related to this "Te1/1/1 unassigned YES unset down down". Why is the interface down/down? I wonder if it is that you have a 1Gig SFP connected to a ten G port. What would happen if you connect the ISP to G1/0/1?

HTH

Rick
0 Helpful

giorivera
Level 1
Level 1
In response to balaji.bandi

‎03-15-2021 07:07 AM

@balaji.bandi Thank you for your thoughts on this. I will try your suggestions on the speed. And thank you for your thoughts on the int1/1/1. I made changes to the interface config after it failed on the first test, and one of them is the switchport command. Thank you again.

giorivera
Level 1
Level 1

‎03-15-2021 06:38 AM

Once again, I thank you guys for all your thoughts and comments on this, truly appreciated them. @Richard Burts, subconsciously I knew it about CDP but it didn't register during the maint window when I was issuing "cdp nei" (nerves i guess coz i don't want to prolong the down time), thank you for reminding me. "switchport" on te1/1/1 - as I've mentioned on my previous post that I have made some config changes since the initial test and issuing "switchport mode access" and "switchport access vlan 1" on te1/1/1 are one of them. Thank you for your comments in regards to this and I will make sure to leave it as it is.

 

On the C9200-NM-4X, according to the data sheet:
************************************************
C9200-NM-4X
This module has four 10G SFP module slots. Each port supports a 1G or 10G connection. Any combination of standard SFP modules is supported.
This module is supported on both 1G and Multigigabit Ethernet switch models of C9200 switches.
************************************************

I will try the speed and cap it to 1gig if the default will not work.

 

Unfortunately I cannot use gi1/0/1 inteface to connect to ISP as they have an SFP at the other side, and we are linked through our LIU which only accommodates LC/UPC fiber connectors.

 

My next Maint Window is Thursday, so I will make sure to copy configs and results of troubleshoot commands and will post them. Thank you all again for your thoughts and comments, I truly appreciate them.

0 Helpful

edsge teenstra
Level 1
Level 1

‎02-06-2023 05:37 AM - edited ‎02-06-2023 05:38 AM

Hi

Giorivera did you solve this issue ? 

We have a customer with similar issue. Only with them the 1G BX SFP work on C9200-48T with C9200-NM-4X , but Cisco SFP-10G-SR do not work in two stacked switches. 

Please I look forward toy your reply! 

Cheers 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card