mknaack
asked on
Interconnect Cisco 2960 and HP 5412
We are working on a Pix removal project. Time to retire the old pix and move to the hosted ASA at my ISP.
We are having an interconnect issue between the HP and the Cisco. My ISP is trying to hand me 2 ports on the 2960 (DMZ and Private)
We are connecting VLAN 2 (DMZ port L23) to port 6 on the Cisco with no problems.
We cannot get the VLAN3 (Private port L21) to port 5 on the Cisco to link. Starts amber 30 seconds, green for about 8 then back to amber. The light blinks like it is passing traffic but it is not. The HP is green and thinks it is up.
Vlan 2 DMZ on the HP side has no routes, just a simple class c with 5 devices.
VLAN 3 is routed and also has a seperate subnet on it. Internal routes stay up the entire time.
We have tried all the easy stuff. Patch cables, speeds, duplex, different ports, Different Cisco, Flow control, Spanning tree. Reboot, Clear Arps
These are not trunk ports. Untagged traffic only on both sides. If we hard IP a laptop and connect it to either port (Cisco or HP) it will talk to the network it is connected to. Link the HP and Cisco and nada.
Running configuration: (Ports are coded 100 full below since we are back on the old pix.)
; J8698A Configuration Editor; Created on release #K.14.60
hostname "ProCurve Switch 5412zl"
time timezone -300
time daylight-time-rule Continental-US-and-Canada
ip access-list extended "management"
10 permit ip 10.126.1.50 0.0.0.0 10.1.252.0 0.0.0.255
15 permit ip 10.1.252.0 0.0.0.255 10.1.252.0 0.0.0.255
20 deny ip 10.126.0.0 0.0.255.255 10.1.252.0 0.0.0.255
30 deny ip 10.128.0.0 0.0.255.255 10.1.252.0 0.0.0.255
exit
module 1 type J8702A
module 2 type J8706A
module 3 type J8702A
module 4 type J8702A
module 9 type J8702A
module 11 type J9307A
module 12 type J8702A
interface B1
name "SPED"
exit
interface B5
name "ANNEX"
flow-control
speed-duplex 1000-full
exit
interface B9
name "HIGHBAY"
flow-control
speed-duplex 1000-full
exit
interface B13
name "IT IDF"
flow-control
speed-duplex 1000-full
exit
interface B17
name "BAT IDF"
flow-control
speed-duplex 1000-full
exit
interface B20
name "CAD IDF"
flow-control
speed-duplex 1000-full
exit
interface B21
name "EE IDF"
flow-control
speed-duplex 1000-full
exit
interface B24
name "Admin Office"
flow-control
speed-duplex 1000-full
exit
interface A1
speed-duplex 100-half
exit
interface L19
name "8e6 reply"
exit
interface L20
name "8e6"
exit
interface L21
name "Firewall Inside"
speed-duplex 100-full
exit
interface L22
name "8e6 Mobile"
exit
interface L23
name "DMZ Firewall"
speed-duplex 100-full
exit
interface L24
name "VLAN1 MGMT"
exit
ip default-gateway 10.126.0.1
ip routing
vlan 1
name "Management"
untagged B1-B24,D1-D24,L24
ip address 10.1.252.5 255.255.255.0
no untagged A1-A24,C1-C24,I1-I24,K1-K2
ip access-group "management" out
exit
vlan 2
name "DMZ"
untagged A23,L12-L13,L22-L23
tagged B9,B13,B24
no ip address
exit
vlan 3
name "Private"
untagged A1-A22,A24,C1-C22,C24,I1-I
ip address 10.126.1.3 255.255.0.0
tagged B1,B5,B9,B13,B17,B20-B21,B
ip igmp
exit
vlan 4
name "HeadStart"
ip address 10.128.0.1 255.255.0.0
tagged B5,B13
ip igmp
exit
vlan 5
name "Video"
untagged L14-L18
tagged B1,B5,B9,B17,B24
no ip address
exit
vlan 6
name "Sobeske"
untagged C23
tagged B13
no ip address
ip igmp
exit
mirror 1 port L19
timesync sntp
sntp unicast
sntp server priority 1 10.126.1.101 3
ip authorized-managers 10.126.1.50 255.255.255.255 access manager
ip authorized-managers 10.126.1.51 255.255.255.255 access manager
ip authorized-managers 10.126.1.16 255.255.255.255 access manager
ip timep manual 10.126.1.25
ip route 0.0.0.0 0.0.0.0 10.126.0.1
ip route 10.129.0.0 255.255.0.0 10.126.0.1
ip route 172.31.252.0 255.255.255.0 10.126.0.1
interface L21
monitor all both mirror 1
exit
spanning-tree
no autorun
password manager
We are having an interconnect issue between the HP and the Cisco. My ISP is trying to hand me 2 ports on the 2960 (DMZ and Private)
We are connecting VLAN 2 (DMZ port L23) to port 6 on the Cisco with no problems.
We cannot get the VLAN3 (Private port L21) to port 5 on the Cisco to link. Starts amber 30 seconds, green for about 8 then back to amber. The light blinks like it is passing traffic but it is not. The HP is green and thinks it is up.
Vlan 2 DMZ on the HP side has no routes, just a simple class c with 5 devices.
VLAN 3 is routed and also has a seperate subnet on it. Internal routes stay up the entire time.
We have tried all the easy stuff. Patch cables, speeds, duplex, different ports, Different Cisco, Flow control, Spanning tree. Reboot, Clear Arps
These are not trunk ports. Untagged traffic only on both sides. If we hard IP a laptop and connect it to either port (Cisco or HP) it will talk to the network it is connected to. Link the HP and Cisco and nada.
Running configuration: (Ports are coded 100 full below since we are back on the old pix.)
; J8698A Configuration Editor; Created on release #K.14.60
hostname "ProCurve Switch 5412zl"
time timezone -300
time daylight-time-rule Continental-US-and-Canada
ip access-list extended "management"
10 permit ip 10.126.1.50 0.0.0.0 10.1.252.0 0.0.0.255
15 permit ip 10.1.252.0 0.0.0.255 10.1.252.0 0.0.0.255
20 deny ip 10.126.0.0 0.0.255.255 10.1.252.0 0.0.0.255
30 deny ip 10.128.0.0 0.0.255.255 10.1.252.0 0.0.0.255
exit
module 1 type J8702A
module 2 type J8706A
module 3 type J8702A
module 4 type J8702A
module 9 type J8702A
module 11 type J9307A
module 12 type J8702A
interface B1
name "SPED"
exit
interface B5
name "ANNEX"
flow-control
speed-duplex 1000-full
exit
interface B9
name "HIGHBAY"
flow-control
speed-duplex 1000-full
exit
interface B13
name "IT IDF"
flow-control
speed-duplex 1000-full
exit
interface B17
name "BAT IDF"
flow-control
speed-duplex 1000-full
exit
interface B20
name "CAD IDF"
flow-control
speed-duplex 1000-full
exit
interface B21
name "EE IDF"
flow-control
speed-duplex 1000-full
exit
interface B24
name "Admin Office"
flow-control
speed-duplex 1000-full
exit
interface A1
speed-duplex 100-half
exit
interface L19
name "8e6 reply"
exit
interface L20
name "8e6"
exit
interface L21
name "Firewall Inside"
speed-duplex 100-full
exit
interface L22
name "8e6 Mobile"
exit
interface L23
name "DMZ Firewall"
speed-duplex 100-full
exit
interface L24
name "VLAN1 MGMT"
exit
ip default-gateway 10.126.0.1
ip routing
vlan 1
name "Management"
untagged B1-B24,D1-D24,L24
ip address 10.1.252.5 255.255.255.0
no untagged A1-A24,C1-C24,I1-I24,K1-K2
ip access-group "management" out
exit
vlan 2
name "DMZ"
untagged A23,L12-L13,L22-L23
tagged B9,B13,B24
no ip address
exit
vlan 3
name "Private"
untagged A1-A22,A24,C1-C22,C24,I1-I
ip address 10.126.1.3 255.255.0.0
tagged B1,B5,B9,B13,B17,B20-B21,B
ip igmp
exit
vlan 4
name "HeadStart"
ip address 10.128.0.1 255.255.0.0
tagged B5,B13
ip igmp
exit
vlan 5
name "Video"
untagged L14-L18
tagged B1,B5,B9,B17,B24
no ip address
exit
vlan 6
name "Sobeske"
untagged C23
tagged B13
no ip address
ip igmp
exit
mirror 1 port L19
timesync sntp
sntp unicast
sntp server priority 1 10.126.1.101 3
ip authorized-managers 10.126.1.50 255.255.255.255 access manager
ip authorized-managers 10.126.1.51 255.255.255.255 access manager
ip authorized-managers 10.126.1.16 255.255.255.255 access manager
ip timep manual 10.126.1.25
ip route 0.0.0.0 0.0.0.0 10.126.0.1
ip route 10.129.0.0 255.255.0.0 10.126.0.1
ip route 172.31.252.0 255.255.255.0 10.126.0.1
interface L21
monitor all both mirror 1
exit
spanning-tree
no autorun
password manager
Garry Glendown
Amber sounds to me like an STP problem ... did you check the "show spanning-tree" output once the port is back to amber? Any other console/log output?
have you tried to set duplex and speed to auto on the HP ports that are connecting to the ASA?
Hi,
What is the configuration of the cisco port 5?
What is the configuration of the cisco port 5?
ASKER
We have disabled spanning tree on both sides and tried all speed settings. Since we can get the non routed Vlan (DMZ) on the HP to connect I am leaning towards a routing protocal or possibly a STP version issue. We tried this about 2 months ago when the ISP had a 9 year old 2950 at my site and had the same issue, we decided to wait for the new 2960 to arrive. Same issue.
We did insert a 3550 Between the HP and Cisco 2960 on the routed VLAN and the problem then moved from the ISP 2960 to the 3550 connection to the HP. It has to be a dissimalar protocal issue between the HP and Cisco brands...
I do not have access to the ISP side of the 2960 but I can ask them to send me the port/switch settings.
Thanks
We did insert a 3550 Between the HP and Cisco 2960 on the routed VLAN and the problem then moved from the ISP 2960 to the 3550 connection to the HP. It has to be a dissimalar protocal issue between the HP and Cisco brands...
I do not have access to the ISP side of the 2960 but I can ask them to send me the port/switch settings.
Thanks
yes, ask them to send you their configuration and switch logs.
ASKER
Here is the config for the 2960...
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname 2960
!
boot-start-marker
boot-end-marker
!
no logging console
!
switch 1 provision ws-c2960s-24td-l
!
!
no ip domain-lookup
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
!
spanning-tree mode pvst
spanning-tree extend system-id
auto qos srnd4
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
interface GigabitEthernet1/0/1
description Branch Firewall Outside Connection
switchport access vlan 19
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet1/0/2
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 24
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 215
switchport mode access
!
interface GigabitEthernet1/0/5
description BRISD Inside Connection
switchport access vlan 215
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet1/0/6
description BRISD DMZ Connection
switchport access vlan 216
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet1/0/25
description Fiber UPLINK to Coldwater
!
!
interface Vlan1
ip address
!
ip sla enable reaction-alerts
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname 2960
!
boot-start-marker
boot-end-marker
!
no logging console
!
switch 1 provision ws-c2960s-24td-l
!
!
no ip domain-lookup
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
!
spanning-tree mode pvst
spanning-tree extend system-id
auto qos srnd4
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 2
interface GigabitEthernet1/0/1
description Branch Firewall Outside Connection
switchport access vlan 19
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet1/0/2
switchport access vlan 19
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 24
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 215
switchport mode access
!
interface GigabitEthernet1/0/5
description BRISD Inside Connection
switchport access vlan 215
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet1/0/6
description BRISD DMZ Connection
switchport access vlan 216
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet1/0/25
description Fiber UPLINK to Coldwater
!
!
interface Vlan1
ip address
!
ip sla enable reaction-alerts
!
ASKER
Just a note, the speed mismatch is because the HP config I sent is the running config tied to the old pix.
When the HP is connected directly to the 2960 the speeds match, we have also taken them all the way down to 100 full etc.... Doesn't seem to matter.
When the HP is connected directly to the 2960 the speeds match, we have also taken them all the way down to 100 full etc.... Doesn't seem to matter.
I take it the switch is not connected currently ... can you get the STP infos from the Cisco switch some time and see if there's any usable infos there?
ask them to do,
show spanning-tree inconsistentports
when you've got the orange light.
show spanning-tree inconsistentports
when you've got the orange light.
and are you just using 2 ports on the cisco or are there any other ports connected?
ASKER
There are other ports connected to other devices (Spam Filter Port2, Linksys Router port 3), not the HP. We will have to wait for downtime to run any commands against it...
Thanks
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes I do. We have an old 2950 in the meost remote closet we have. When I knocked that switch down everything come up OK.
I need to keep that location running until next summer, we tried
no spanning-tree but that did not solve the issue.
How can I disable this on the remote swtich. It is just flat, no vlans etc.
Thanks
I need to keep that location running until next summer, we tried
no spanning-tree but that did not solve the issue.
How can I disable this on the remote swtich. It is just flat, no vlans etc.
Thanks
try changing the port on the 2950 that connects to the rest of your network to
switchport mode access
switchport mode access
ASKER
Awesome. As soon as we removed that switch the links came up.
Many Thanks
Many Thanks
You're welcome.