WS-C2960L-SM - Unable to ping or access GUI after some time

FP9876 · ‎01-17-2021

Hello everyone,

I am facing a strange problem and after some unsuccessful research, I would like to request the help and advise from the community. I have looked for similar issues around the web but didn't find the solution so far.

My switch is configured as a MDF for my network with a .253 ip making the link between my router (.254) and the rest of the network.

The equipment is working very well but for some reasons, it becomes impossible to ping it or to access the GUI after some time : it varies from a few hours up to a few days after a boot.

Then the only way is to restart the switch physically or through the console port and ping & GUI will work back as normal for some time.

There is nothing in the log that would explain that the switch becomes unreachable.

During the time when the switch is unreachable : ALL the equipment connected to it are still working as normal (clients can access Internet, client can ping a server or another AP going through the switch...)

The configuration of the switch is very basic and I didn't find what can cause it.

What I have tried so far :

- Physical reboot

- Reboot through console

- Reset the switch to factory default and reconfigure from scratch

- Update to the last software version

Please see below the different details, if anyone has idea or input, feel free to share !

The switch is a :

WS-C2960L-SM-16PS

Switch version :

Spoiler

Cisco IOS Software, C2960L Software (C2960L-UNIVERSALK9-M), Version 15.2(7)E3, RELEASE SOFTWARE (fc3)

Config :

Building configuration...

Current configuration : 3460 bytes
!
! Last configuration change at 09:53:53 UTC Sun Jan 17 2021 by smartm
! NVRAM config last updated at 10:03:16 UTC Sun Jan 17 2021 by smartm
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW-LG-MDF
!
boot-start-marker
boot-end-marker
!
enable secret 9 *******************
!
username smartm privilege 15 secret 9 ***********************
no aaa new-model
clock timezone UTC -23 0
system mtu routing 1500
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4191928320
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4191928320
 revocation-check none
 rsakeypair TP-self-signed-4191928320
!
!
crypto pki certificate chain TP-self-signed-4191928320
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 34313931 39323833 3230301E 170D3231 30313137 31373238 
  35315A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31393139 
  32383332 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100ABFF EB2AC68F 111456B0 409AAD31 2967C116 58F4DFF3 E30C4C71 ABF8FE62 
  B71E1000 4467D499 C6EA5B7E BB81D4B7 18A89A34 DAF27E7F E4C7C655 B4ABBE38 
  9528D5B7 BF21BBCF 3F53E9C3 380D5772 DAD5D710 B3433B00 F3A540E8 897F5628 
  43C6C2AE 880C7C40 D30CB99D 8C90E9A7 473CB416 EAC9BE82 47DE42A4 053151E2 
  7EDD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 14339C55 C2F2E71E 93D4DDEC 287391BA D08B8CF6 16301D06 
  03551D0E 04160414 339C55C2 F2E71E93 D4DDEC28 7391BAD0 8B8CF616 300D0609 
  2A864886 F70D0101 05050003 81810058 949DE681 EFE5329A A71747A8 35B77EA1 
  93D338DC 5FCF1527 B4E0C96E D2901AB5 E190BBDE DB114892 038925BB 536F5BA8 
  0278590D EBBD64A1 93F53848 9481CCCF 79FC105F 2789590A E5105DDD 4A758C11 
  036FA65E 7926F205 84CB9D9A 611CC5D7 99303D82 DBFABFD8 1CB86710 9F66EAD8 
  20D97961 A5F773EC 75A2688D 9A304A
  	quit
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Bluetooth0
 no ip address
 shutdown
!
interface GigabitEthernet0/1
 description AP-LG-1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
 description AP-LG-4
!
interface GigabitEthernet0/5
 switchport mode access
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
 switchport mode access
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
 description RTR
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface Vlan1
 ip address 192.168.1.253 255.255.255.0
!
ip default-gateway 192.168.1.254
ip http server
ip http banner
ip http authentication local
ip http secure-server
ip scp server enable
!
!
!
!
line con 0
 password ********
line vty 0 4
 privilege level 15
 login local
 transport input none
line vty 5 15
 privilege level 15
 login local
 transport input none
!
end

Regards

Frank

marce1000 · ‎01-17-2021

- Check current software being used. Consider upgrading to a recent and or advisory or gold-starred release , if applicable available and feasible. Verify the problem afterwards.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

marce1000 · ‎01-17-2021

- Also , use a syslog-server as a log collector. Keep an eye on messages from the device, als when everything is normal. Also enable all snmp-traps and idem ditto use a trap receiver and follow-up on snmp-trap-alerts.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

FP9876 · ‎01-18-2021

Hello,

Thank you for the feedback & advise. I had the issue with 3 different software releases and the last one is a gold release so I would rather look at your suggestion to work on a log collector and see if I can find anything through the snmp as well.

Will keep in touch if I have any findings.

Regards

Frank

Georg Pauwen · ‎01-18-2021

Hello,

check the interfaces connecting the switch and the router for anything such as input/output/drops (sh interfaces x). Actually, post the output of these commands:

show interfaces x

show buffers

s.hellman · ‎02-19-2021

We have similar problems. We have alot of 2960L with different software 15.2(7)E0, E2 and E3, sometimes a switch loses connection on SVI (Vlan1). It is not possible to connect to the switch with Telnet/SSH/Web or Ping. If we connect with console to the switch, it is not possible to telnet or ping anything else. Cant see anything special in the log and the SVI says UP and no STP blocking. If we do a "shutdown" and then a "no shutdown" on interface vlan 1 everything is good again. Traffic through the switch works all the time, it is just not possible to connect to the SVI.

We have a few C1000-switches to with latest software, 15.2(7)E3, and it has happend once on one of them too.

I have not found anything in the bug search tool, that could explain this, but I guess it is a bug.

Richard Burts · ‎02-19-2021

It is interesting that the switch works ok for a while and then the problem develops. When I hear about things where a problem develops over time I tend to look for issues like memory leaks. Unless you have a syslog server looking at logs after the problem occurs is not helpful because log messages that are generated as the problem is developing are gone when the switch reboots. I would suggest that you check the logging level of messages on the switch itself - and the level of log messages sent to the server if a server is used. It would be good if the level were informational (and perhaps debug on the switch itself). If you can get access on the switch console while the problem is occurring then look in the logs for messages about the problem (especially any messages about memory allocation etc). It might also be interesting to see the output of show ip route and of show arp from the switch when the problem is occurring.

HTH

Rick

FP9876 · ‎03-05-2021

Hello every one,

I am coming back to this strange issue here.

Since the initial post, I have made several tests trying to follow your advises, what I have covered :

Set up a syslog server to try to catch errors messages from the switch => I have not been able to see anything when the switch was becoming unreachable / unpingable
I have made a factory reset of the switch and restart the config from scratch => I was still getting the same issue with the switch becoming unreachable after some time
Finally, I think what seems to have solved the problem is to have the ports going to the APs using dynamic auto mode instead of any other modes (trunk...) => This is the only thing I have changed

Might be some luck but since this change, the switch is running perfectly and the WUI is reachable. It has been 6 weeks in a row for now.

I will keep you posted if anything new on this side.

Regards

Frank

Richard Burts · ‎03-05-2021

Frank

Thank you for the update. Glad that the change that you made seems to have improved the situation. If there are any more developments in this please let us know.

HTH

Rick