Solved: Hi Mike, It looks like you're

Paul Saddy · ‎04-22-2014

I have a Cisco 3560 (Switch B) switch I just introduced into my network. The gigabit ports are trunked from another switch (Switch A) to a Cisco 6509 WS (Main Switch).

crpf4bsw3#show cdp neighbors
Device ID            Local Intrfce         Holdtme   Capability    Platform   Port ID
crpf4bsw2.mdch.com
                    Gig 0/1               124            S I      WS-C3560-4Gig 0/4
crpcorsw1.mdch.com
                    Gig 0/4               127           R S I     WS-C6509-EGig 2/8

interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,19,124,150,160,164,168,224
switchport mode trunk
mls qos trust dscp
spanning-tree link-type point-to-point

interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,19,124,150,160,164,168,224
switchport mode trunk
mls qos trust dscp
spanning-tree link-type point-to-point

The trunk ports are working just fine. I have configured all necessary remote management with no issues. However, my access ports are not working. I have set them up exactly the same as the adjacent switch A and it works just fine, but the same configuration on the new switch has not been able to pull IP information. I have provided information as to how the switch access ports are configured on both Switch A (working) and Switch B (not working). I should note that I tried this with a Cisco 7940 phone and it got stuck on "configuring IP" then I tried it with my laptop and it pulled a 169 IP address. Both were direct connections into switch B. When I run a show mac-address-table, neither device shows up in the table. Only the gig port MACs. Any thoughts? Please let me know if you need any more information.

interface FastEthernet0/3
switchport access vlan 124
switchport mode access
switchport voice vlan 224
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable

luckymike33 · ‎04-22-2014

Hi Paul,

I note you have port-security enabled on the access port, have you had a look at the output of show port-security interface [interface], for the interfaces you have configured as access-ports which something connected to it.

Also you need to post the output of show spanning-tree vlan 224 on both switches, you should be see an identical device mac address as the spanning-tree root bridge for this vlan. If you don't see the same mac address, it means you have a disconnect between the switch trunks for this vlan.

Finally - I assume there is a dhcp server either in the vlans you need, or you have the 'ip helper-address' command configured on an svi for the relevant vlans?

Best wishes

Mike

Lastly - have you had a look in the switch logs?

View solution in original post

Reza Sharifi · ‎04-22-2014

When I run a show mac-address-table

can you try:

show mac address-table

HTH

Paul Saddy · ‎04-22-2014

Here is the entire table. I currently have a 7940 plugged into port fa0/2 (and it's recognized as up) and I had my laptop plugged into the same port prior to that.

crpf4bsw3#show mac-address-table
Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
All    0100.0ccc.cccc    STATIC      CPU
All    0100.0ccc.cccd    STATIC      CPU
All    0180.c200.0000    STATIC      CPU
All    0180.c200.0001    STATIC      CPU
All    0180.c200.0002    STATIC      CPU
All    0180.c200.0003    STATIC      CPU
All    0180.c200.0004    STATIC      CPU
All    0180.c200.0005    STATIC      CPU
All    0180.c200.0006    STATIC      CPU
All    0180.c200.0007    STATIC      CPU
All    0180.c200.0008    STATIC      CPU
All    0180.c200.0009    STATIC      CPU
All    0180.c200.000a    STATIC      CPU
All    0180.c200.000b    STATIC      CPU
All    0180.c200.000c    STATIC      CPU
All    0180.c200.000d    STATIC      CPU
All    0180.c200.000e    STATIC      CPU
All    0180.c200.000f    STATIC      CPU
All    0180.c200.0010    STATIC      CPU
All    ffff.ffff.ffff    STATIC      CPU
   1    0012.44cc.6800    DYNAMIC     Gi0/4
   1    0013.60aa.741c    DYNAMIC     Gi0/1
   1    00d0.c0cf.a1e3    DYNAMIC     Gi0/4

crpf4bsw3#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  10.11.1.143     YES NVRAM up                    up
FastEthernet0/1        unassigned      YES unset down                  down
FastEthernet0/2        unassigned      YES unset up                    up
FastEthernet0/3        unassigned      YES unset down                  down

Paul Saddy · ‎04-22-2014

I figured out the issue. My VTP password was incorrect. Switch is fully online. Thanks for the help!

luckymike33 · ‎04-22-2014

Hi Paul,

I note you have port-security enabled on the access port, have you had a look at the output of show port-security interface [interface], for the interfaces you have configured as access-ports which something connected to it.

Also you need to post the output of show spanning-tree vlan 224 on both switches, you should be see an identical device mac address as the spanning-tree root bridge for this vlan. If you don't see the same mac address, it means you have a disconnect between the switch trunks for this vlan.

Finally - I assume there is a dhcp server either in the vlans you need, or you have the 'ip helper-address' command configured on an svi for the relevant vlans?

Best wishes

Mike

Lastly - have you had a look in the switch logs?

Paul Saddy · ‎04-22-2014

Hi Mike,

It looks like you're guiding me in the right direction. I did a "show port security interface fa0/2" on the new switch and nothing was out of the ordinary with the exception of the 0 MAC addresses learned. But then I did a "show spanning tree vlan 224" Here's what I found:

Switch A (existing switch):

crpf4bsw2#show spanning-tree vlan 224

VLAN0224
Spanning tree enabled protocol rstp
Root ID    Priority    4096
             Address     0012.44cc.68e0
             Cost        8
             Port        1 (GigabitEthernet0/1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32992 (priority 32768 sys-id-ext 224)
             Address     0013.60aa.7400
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Root FWD 4         128.1    P2p
Fa0/1            Desg FWD 19        128.3    Edge P2p
Fa0/2            Desg FWD 19        128.4    Edge P2p
Fa0/3            Desg FWD 19        128.5    Edge P2p
Fa0/4            Desg FWD 19        128.6    Edge P2p
Fa0/5            Desg FWD 19        128.7    Edge P2p
Fa0/6            Desg FWD 19        128.8    P2p Peer(STP)

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------

Fa0/7            Desg FWD 19        128.9    Edge P2p
Fa0/8            Desg FWD 19        128.10   Edge P2p
Fa0/9            Desg FWD 19        128.11   Edge P2p
Fa0/10           Desg FWD 19        128.12   Edge P2p
Fa0/11           Desg FWD 19        128.13   Edge P2p
Fa0/12           Desg FWD 19        128.14   Edge P2p
Fa0/13           Desg FWD 19        128.15   Edge P2p
Fa0/15           Desg FWD 19        128.17   Edge P2p
Fa0/19           Desg FWD 19        128.21   Edge P2p
Fa0/20           Desg FWD 19        128.22   Edge P2p
Gi0/4            Desg FWD 4         128.28   P2p
Fa0/29           Desg FWD 19        128.33   Edge P2p
Fa0/30           Desg FWD 19        128.34   Edge P2p
Fa0/31           Desg FWD 19        128.35   Edge P2p
Fa0/32           Desg FWD 19        128.36   Edge P2p
Fa0/33           Desg FWD 19        128.37   Edge P2p
Fa0/34           Desg FWD 19        128.38   Edge P2p
Fa0/35           Desg FWD 19        128.39   Edge P2p
Fa0/37           Desg FWD 19        128.41   Edge P2p
Fa0/38           Desg FWD 19        128.42   Edge P2p
Fa0/39           Desg FWD 19        128.43   Edge P2p
Fa0/40           Desg FWD 19        128.44   Edge P2p
Fa0/41           Desg FWD 19        128.45   Edge P2p

Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------

Fa0/42           Desg FWD 19        128.46   Edge P2p
Fa0/43           Desg FWD 19        128.47   Edge P2p
Fa0/44           Desg FWD 19        128.48   Edge P2p
Fa0/45           Desg FWD 19        128.49   Edge P2p
Fa0/46           Desg FWD 19        128.50   Edge P2p

Switch B (new switch):

Spanning tree instance(s) for vlan 224 does not exist.

So with this new information, and with my trunk configurations above, what did you mean by a disconnect on the trunk?

MAC Addressess not showing on my new 3560 switch