Showing results for 
Search instead for 
Did you mean: 

Switch port problems 2960

Level 1
Level 1

Hi all.


Had some very strange issues this evening.


I have a 2960 Switch that only seems to like certain devices being plugged into it.


For example, I tried plugging two different laptops into a few different ports, namely port 4, 5, 6,  but no link is established.  Link reports that ports are down via console SSH.    Both laptops report that the Ethernet is unplugged.


Yet.....if I plug a Cisco phone into these ports, or a WAP,  or trunk link, the ports work fine.


One of the laptops was working fine this afternoon, then all of a sudden the switch appeared to reject it, as well as the second laptop that we used to test/troubleshoot it.






service password-encryption
username XXXXXXX privilege 15 secret 5 XXXXXXXXX
no aaa new-model
system mtu routing 1500
vtp mode off
ip domain-name XXXXXX


spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 7
vlan internal allocation policy ascending
vlan 2-3,5-8
interface FastEthernet0/1
switchport access vlan 2
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface FastEthernet0/2
switchport access vlan 6
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface FastEthernet0/3
switchport access vlan 3
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface FastEthernet0/4
switchport access vlan 6
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface FastEthernet0/5
switchport access vlan 6
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface FastEthernet0/6
switchport access vlan 6
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface FastEthernet0/7
switchport access vlan 7
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface FastEthernet0/8
switchport access vlan 8
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface GigabitEthernet0/1
switchport mode trunk
no cdp enable
spanning-tree portfast
spanning-tree bpduguard enable
spanning-tree guard root
interface Vlan1
ip address
no ip route-cache
interface Vlan7
no ip address
ip default-gateway
no ip http server
no ip http secure-server
no cdp run
line con 0
line vty 0 4
login local
transport input ssh
line vty 5 15

8 Replies 8

Reza Sharifi
Hall of Fame
Hall of Fame


Can you hard set the speed and duplex for the ports that are not functioning correctly and test again?




also, try and remove:


spanning-tree bpduguard enable
spanning-tree guard root


from the ports, and check if that makes a difference.



This problem resolved it's self when I arrived at this site to fix the problem.


I'm rather confident it's being hacked.


We have had quite alot of people playing games on our system, possibly some kid down the road with a long range WiFi antenna.


Another problem is they keep hacking a security CCTV system attached to this switch on vlan 3.

I've tried adding soo many security ACL's on the 2811 router connected to it to make sure that the only IP that can remotely access the cameras is from our main site over our site to site vpn.  Some how they keep gaining access to it.


Try reapplying vlan 6 even when ports 4/5/6 are already assigned to it.
What is the reason spanning-tree is disabled for vlan 7




conf t

spanning-tree vlan 7


vlan 6


interface GigabitEthernet0/1
no spanning-tree bpduguard enable
no spanning-tree guard root


interface Vlan1
ip route-cache


no interface Vlan7
no vstack ( only is your not using this feature)


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards

Hi Paul,

VLAN7  is assigned to a port that heads to a WAP.


This is the only switch being used as router on a stick, GIG0/1 goes to the router as the trunk link.



I'm confident now that our switch is being hacked.  Possibly through backwards through our WAP.  





This is the version running


Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 15.1(4)M12a, RELEASE SOFTWARE (fc1)
Technical Support:
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Tue 04-Oct-16 03:37 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

Switch1 uptime is 6 hours, 46 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-advipservicesk9-mz.151-4.M12a.bin"
Last reload type: Normal Reload



I had a look on the Cisco firmware downloads and apparently from what I can tell, this is the latest firmware version.  

Despite multiple security and CVE releases stating that new versions had been released late this year.


Cisco Employee
Cisco Employee

Could you please share the output of command show port-security of interface that you tried to connect your laptop?

not sure how to do it for a specific port.....


Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 8192




Review Cisco Networking for a $25 gift card