No link light between cisco switch trunk ports, using crossover cable

No link light between cisco switch trunk ports, using crossover cable.  Please see below and thanks for your help.



48_port_switch#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.5.2     YES manual up                    up
Vlan10                 192.168.10.2    YES NVRAM  up                    up
Vlan20                 192.168.20.2    YES NVRAM  up                    down
FastEthernet0/1        unassigned      YES unset  down                  down

Open in new window


48_port_switch#sh int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,10,20
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Open in new window




TestSwitch#sh ip int brief
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES NVRAM  up                    down
Vlan50                 10.1.50.10      YES NVRAM  down                  down
Vlan100                10.1.100.10     YES NVRAM  down                  down
FastEthernet0/1        unassigned      YES unset  down                  down

Open in new window


TestSwitch#sh int fa0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: 1,10,20
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Open in new window

LVL 1
LB1234Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Don JohnstonInstructorCommented:
1) It would be helpful to see the configs for these ports. Could be a speed mismatch.
2) Is this a "known good" cable?  If not, either verify the cable or try a different cable.
3) Have you tried a straight-through cable? If not, try that.
LB1234Author Commented:
TestSwitch# sh run
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,10,20
 switchport mode trunk

Open in new window


48_port_switch# sh run
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,10,20
 switchport mode trunk
 switchport port-security

Open in new window


2) both done
3) yes, tried straight thru
Don JohnstonInstructorCommented:
Please post the output (for the 48_port_switch) of a "show port-security interface fastethernet 0/1"
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

LB1234Author Commented:
48_port_switch#sh port-security interface fastEthernet 0/1
Port Security              : Enabled
Port Status                : Secure-shutdown
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 000d.bdd1.3800:1
Security Violation Count   : 1

Open in new window

Don JohnstonInstructorCommented:
There's your problem...
Port Status                : Secure-shutdown

So do this:

conf t
int f0/1
shut
no port-security
no shut.

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LB1234Author Commented:
That worked!  Thanks!  Question.  Why did you include "shut" in there?  Wasn't it already shut down?  And why was turning off port-security necessary?
Don JohnstonInstructorCommented:
Wasn't it already shut down?
Kind of.  Usually when a port is in a secure violation, it's in what's known as errdisable state. Had you done a "show switchport status", it would have shown that.

To clear the condition, you can do a shut/no shut. But with port security enabled with only a single address being allowed, it would have just gone into a violation again.

As for turning off port security, I made an assumption that was not wanted. Especially since it had a one MAC address limit and it was configured on a trunk port. If you're only going to be allowing a single MAC address, it's pretty unlikely that you would need a trunk.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.