Solved

Cisco 3560 ports stop working after cabeling change

Posted on 2012-12-21
18
468 Views
Last Modified: 2013-01-28
I have a Cisco 3560X switch that I have somehow disabled some of the ports by switching devices/cables. I was doing some wire management and durring the process some of the ports no longer switch. They negotiate and with the device at 1G but no longer actually connect anything to our network. I have looked at some articles about port security and this may be the issue. I really need to turn the security off or get some instruction on how to re enable the ports once a violation has occured

Any help would be apppreciated..
0
Comment
Question by:USGLOBAL
  • 9
  • 3
  • 2
  • +4
18 Comments
 
LVL 6

Expert Comment

by:traoher
ID: 38714711
show port-security and see if the ports in question has port security configured.  If sticky MAC has been configured with a maximum count of 1, mismatching cables/ports will give you your problem.

if you want to disable port security on an interface, goto interface configuration mode and type "no switchport port-security"

Here is a link to cisco docs.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_se/configuration/guide/swtrafc.html#wp1038552

good luck.
0
 

Author Comment

by:USGLOBAL
ID: 38714719
I did the "no switchport port-security" command on one of the ports in question and it didn't do any good.

Show port-security shows nothing..

SUB-10X#sh port-security
Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
                (Count)       (Count)          (Count)
---------------------------------------------------------------------------
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 6144
0
 
LVL 11

Expert Comment

by:gmbaxter
ID: 38714733
Try:

default int gig 0/x

where x is the interface number. This will clear all config from the port, so ensure that you know what vlans etc to apply.
0
 
LVL 6

Expert Comment

by:traoher
ID: 38714791
Strange, post a show run, delete anything you don't want us to see, but keep all the interfaces config information.
0
 

Expert Comment

by:rbarhoush
ID: 38715036
Hi

do you look at VTP configuration , if it is enabled it will over right the VLAN in the Switch ..

if this is the Case : Keep VTP in Transparent Mode (Recommended) in all switches.

(Delete Extra VLAN from Switch - Don't Keep them)

Also keep Switch Port Mode Access (not Dynamic) this may Cause Converting the Port to Trunk Mode .. ( Hard Code it if it is For Client Use ) ..


you can delete VLAN
0
 

Author Comment

by:USGLOBAL
ID: 38715703
I will post a sh run today
0
 

Author Comment

by:USGLOBAL
ID: 38715780
Here is the sh run.
The port i am working with is Gi0/20
sh-run.txt
0
 
LVL 6

Expert Comment

by:traoher
ID: 38715814
1.  There is no port security Enable
2.  You have two VLANs (the default vlan 1 and vlan10) configured
port 1-12 are in the default VLAN
ports 13-24 are in VLAN 10

Your DHCP server is in your default vlan 1 (192.168.1.23) and your default gateway for switch is 192.168.1.1

verify the following:
0.  Check to make sure you have dhcp scopes configured for both vlans
1.  All computers plugged into ports 1-12, make sure they have ip 192.168.1.x/24 with default gateway pointing to 192.168.1.2 (not 192.168.1.1 unless you have routes define for your vlan 10 sitting on the 192.168.1.1 device) --THIS IS A COMMON MISTAKE.
2.  all computers plugged into ports 13-24 have IP 192.168.10.x/24 with default gateway pointing to 192.168.10.1

When troubleshooting, always ping the close gateway to the host first then, ping the next hop, its next hop.

Good luck.
0
 

Author Comment

by:USGLOBAL
ID: 38716051
Well I did a reload command and the ports started working. Could this be a hardware issue since the reload fixed it?
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 11

Expert Comment

by:gmbaxter
ID: 38716674
If a reload fixed it, I would put it down to a config issue - something in the running config which was not written to the startup config.
0
 

Author Comment

by:USGLOBAL
ID: 38717136
I initiated a "wr" command before the reload.
0
 
LVL 21

Expert Comment

by:eeRoot
ID: 38717641
If a port is disabled (shows as err-disabled), you have to issue the "shut" and then "no shut" commands to re-enable it.  Rebooting the switch clears the err-disabled status as well.  The commands "sh int status" and "sh port-security" are handy for seeing the status of the ports.
0
 

Author Comment

by:USGLOBAL
ID: 38717673
I triesd the "shut" "no shut" commands without relief. That prompted my question about possibly having a faulty switch.

Strange issue... Strange issue indeed.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 38718281
I just thought I should bring this up just in case.

While switching cables, are crossover cables mixed with straight cables by accident. Crossover cables would connect switches to one another.

Thanks
0
 

Author Comment

by:USGLOBAL
ID: 38718369
No cross over cables are in play.
0
 

Accepted Solution

by:
USGLOBAL earned 0 total points
ID: 38810998
A reload command forcing a reboot of the device cured the issue.... odd.
0
 

Expert Comment

by:makarizo
ID: 38816633
I have seen this when there was a lightning strike.   I have only seen this a few times but each time was when there was probably a surge of power back to that port.  I tried nearly all the above suggestions and saw nothing out of the ordinary when doing a "show interface" and only a reload fixed it each time.  My guess is that it is a safety mechanism built into Cisco switches when the port senses a power surge.  

Now I know when a single port is down after a storm that a reboot will fix it and it has worked everytime for me.
0
 

Author Closing Comment

by:USGLOBAL
ID: 38826170
A reload of the switch was initiated out of desperation to correct this state. It corrected my problem.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now