04-22-2014 10:10 AM - edited 03-07-2019 07:10 PM
I have a Cisco 3560 (Switch B) switch I just introduced into my network. The gigabit ports are trunked from another switch (Switch A) to a Cisco 6509 WS (Main Switch).
crpf4bsw3#show cdp neighbors
Device ID Local Intrfce Holdtme Capability Platform Port ID
crpf4bsw2.mdch.com
Gig 0/1 124 S I WS-C3560-4Gig 0/4
crpcorsw1.mdch.com
Gig 0/4 127 R S I WS-C6509-EGig 2/8
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,19,124,150,160,164,168,224
switchport mode trunk
mls qos trust dscp
spanning-tree link-type point-to-point
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,19,124,150,160,164,168,224
switchport mode trunk
mls qos trust dscp
spanning-tree link-type point-to-point
The trunk ports are working just fine. I have configured all necessary remote management with no issues. However, my access ports are not working. I have set them up exactly the same as the adjacent switch A and it works just fine, but the same configuration on the new switch has not been able to pull IP information. I have provided information as to how the switch access ports are configured on both Switch A (working) and Switch B (not working). I should note that I tried this with a Cisco 7940 phone and it got stuck on "configuring IP" then I tried it with my laptop and it pulled a 169 IP address. Both were direct connections into switch B. When I run a show mac-address-table, neither device shows up in the table. Only the gig port MACs. Any thoughts? Please let me know if you need any more information.
interface FastEthernet0/3
switchport access vlan 124
switchport mode access
switchport voice vlan 224
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
Solved! Go to Solution.
04-22-2014 11:50 AM
Hi Paul,
I note you have port-security enabled on the access port, have you had a look at the output of show port-security interface [interface], for the interfaces you have configured as access-ports which something connected to it.
Also you need to post the output of show spanning-tree vlan 224 on both switches, you should be see an identical device mac address as the spanning-tree root bridge for this vlan. If you don't see the same mac address, it means you have a disconnect between the switch trunks for this vlan.
Finally - I assume there is a dhcp server either in the vlans you need, or you have the 'ip helper-address' command configured on an svi for the relevant vlans?
Best wishes
Mike
Lastly - have you had a look in the switch logs?
04-22-2014 10:38 AM
When I run a show mac-address-table
can you try:
show mac address-table
HTH
04-22-2014 11:43 AM
Here is the entire table. I currently have a 7940 plugged into port fa0/2 (and it's recognized as up) and I had my laptop plugged into the same port prior to that.
crpf4bsw3#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
1 0012.44cc.6800 DYNAMIC Gi0/4
1 0013.60aa.741c DYNAMIC Gi0/1
1 00d0.c0cf.a1e3 DYNAMIC Gi0/4
crpf4bsw3#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 10.11.1.143 YES NVRAM up up
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset down down
04-22-2014 01:47 PM
I figured out the issue. My VTP password was incorrect. Switch is fully online. Thanks for the help!
04-22-2014 11:50 AM
Hi Paul,
I note you have port-security enabled on the access port, have you had a look at the output of show port-security interface [interface], for the interfaces you have configured as access-ports which something connected to it.
Also you need to post the output of show spanning-tree vlan 224 on both switches, you should be see an identical device mac address as the spanning-tree root bridge for this vlan. If you don't see the same mac address, it means you have a disconnect between the switch trunks for this vlan.
Finally - I assume there is a dhcp server either in the vlans you need, or you have the 'ip helper-address' command configured on an svi for the relevant vlans?
Best wishes
Mike
Lastly - have you had a look in the switch logs?
04-22-2014 12:13 PM
Hi Mike,
It looks like you're guiding me in the right direction. I did a "show port security interface fa0/2" on the new switch and nothing was out of the ordinary with the exception of the 0 MAC addresses learned. But then I did a "show spanning tree vlan 224" Here's what I found:
Switch A (existing switch):
crpf4bsw2#show spanning-tree vlan 224
VLAN0224
Spanning tree enabled protocol rstp
Root ID Priority 4096
Address 0012.44cc.68e0
Cost 8
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32992 (priority 32768 sys-id-ext 224)
Address 0013.60aa.7400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.1 P2p
Fa0/1 Desg FWD 19 128.3 Edge P2p
Fa0/2 Desg FWD 19 128.4 Edge P2p
Fa0/3 Desg FWD 19 128.5 Edge P2p
Fa0/4 Desg FWD 19 128.6 Edge P2p
Fa0/5 Desg FWD 19 128.7 Edge P2p
Fa0/6 Desg FWD 19 128.8 P2p Peer(STP)
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/7 Desg FWD 19 128.9 Edge P2p
Fa0/8 Desg FWD 19 128.10 Edge P2p
Fa0/9 Desg FWD 19 128.11 Edge P2p
Fa0/10 Desg FWD 19 128.12 Edge P2p
Fa0/11 Desg FWD 19 128.13 Edge P2p
Fa0/12 Desg FWD 19 128.14 Edge P2p
Fa0/13 Desg FWD 19 128.15 Edge P2p
Fa0/15 Desg FWD 19 128.17 Edge P2p
Fa0/19 Desg FWD 19 128.21 Edge P2p
Fa0/20 Desg FWD 19 128.22 Edge P2p
Gi0/4 Desg FWD 4 128.28 P2p
Fa0/29 Desg FWD 19 128.33 Edge P2p
Fa0/30 Desg FWD 19 128.34 Edge P2p
Fa0/31 Desg FWD 19 128.35 Edge P2p
Fa0/32 Desg FWD 19 128.36 Edge P2p
Fa0/33 Desg FWD 19 128.37 Edge P2p
Fa0/34 Desg FWD 19 128.38 Edge P2p
Fa0/35 Desg FWD 19 128.39 Edge P2p
Fa0/37 Desg FWD 19 128.41 Edge P2p
Fa0/38 Desg FWD 19 128.42 Edge P2p
Fa0/39 Desg FWD 19 128.43 Edge P2p
Fa0/40 Desg FWD 19 128.44 Edge P2p
Fa0/41 Desg FWD 19 128.45 Edge P2p
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/42 Desg FWD 19 128.46 Edge P2p
Fa0/43 Desg FWD 19 128.47 Edge P2p
Fa0/44 Desg FWD 19 128.48 Edge P2p
Fa0/45 Desg FWD 19 128.49 Edge P2p
Fa0/46 Desg FWD 19 128.50 Edge P2p
Switch B (new switch):
Spanning tree instance(s) for vlan 224 does not exist.
So with this new information, and with my trunk configurations above, what did you mean by a disconnect on the trunk?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide