Re: Hikvision NVR (DS-96XX) and WS-C2960+48TC-L

Jelani_DTE_PRO · ‎10-18-2020

Hello.

So, I have this little issue... Whenever, a recently purchased Hikvision NVR LAN port is configured with IP settings specific to a VLAN created on my WS-C2960+48TC-L switch and connected to a switchport that is configured as an access port for access to that VLAN, the NVR is able to successfully reply to ICMP request. Then, after several minutes, you can no longer communicate with it.

I believe, and I feel bad for not grabbing that information before now, but I believe the Hikvision NVR model is a DS-96XX.

Any ideas, as to what might cause the NVR to longer communicate? Oh! And, I've moved it to a different switchport; same results. Thanks!

Georg Pauwen · ‎10-18-2020

Hello,

where are you pinging from, that is, which device is doing the (inter) Vlan routing ? Is the port actually going down when you lose connectivity ?

One thing you could try is to configure the MAC address of the device as a sticky MAC, e.g.:

switchport port-security mac-address 0050.3e8d.6400 (<-- MAC address of the Hikvision)

Jelani_DTE_PRO · ‎10-18-2020

Hi, Georg.

I've actually had to disable port security and MAC sticky, on the switchport. Whenever it's enabled, the Hikvision connection causes an immediate port security violation...causing the port to shutdown. I was pinging, from the switch that the Hikvision connects to. I was able to successfully ping the IP address of the NVR from the switch and the vendor was able to ping it, from the command line of his laptop. Then, after about 5 minutes, we were no longer able to communicate with it...from both the switch or his laptop.

The port doesn't go down...the NVR just doesn't respond to ICMP request, after a short while.

paul driver · ‎10-18-2020

Hello
Is this access-port in an administrative mode of access?

Do you have any port-security or storm control set on the access-port?
sh interface xx switchport
sh spanning-tree interface xxx
sh port-security interface xxx
sh mac address interface xx
sh log

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Jelani_DTE_PRO · ‎10-18-2020

Hi, Paul.

Hmmm... Will you give me an example, of an administrative mode type of config on a switchport? Here's how the port, has been configured... Again, I was able to successfully ping the NVR for about 5 minutes from the switch. And, the vendor was able to ping the NVR from the command line of his laptop, during that window of time. After the 5 minutes, we were unable to successfully ping the NVR.

paul driver · ‎10-18-2020

Hello
The administrative mode of a port is set with the - switchport mode xx command as such that port is in an administrative mode of access.

It is interesting to see that you did have port-security initially enabled, so when you removed it did you shutdown/renable to the port that had mac-address sticky applied to this device?

int x/x
no switchport port-security mac-address sticky
no switchport port-security
shut
no shut
exit
show interface status err-disabled

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Jelani_DTE_PRO · ‎10-19-2020

Hi, Paul.

Gotcha! In the case of administrative mode, using switchport mode xx, I did. Thanks, for the explanation; haven't heard it like that, in a while. As for port security, it was removed before communication was tested and prior to port security becoming a problem. After, which, the NVR communicated for a solid 5 minutes. Then, fell off.