2960S doesn't allow multiple devices on one port 1

[disturbedone]

A while back our AV guy connected a piece of AV equipment to a 2960S using a single cable. The AV equipment requires 2 IP addresses for different things but there is a single NIC. Whether it was using DHCP (one would get IP, one wouldn't) or static it would not allow both to work at once. I didn't think too much about it and put it down to a problem with the AV equipment.

But this week a contractor plugged in a dumb Netgear 5-port switch into the same 2960S with a single cable (because there was only a single wall outlet where it was needed). They then plugged in a couple of computers and the same thing happened - only one device would get DHCP and one one static device would work at a time.

Is there some setting in the 2960S that would stop this from working?

 

[baddos]

I can think of a couple of features that would cause you problems in that area. Post the configuration of the switch so we can see what features are enabled.

 

[disturbedone]

Hope this helps....

TMT_CGS8286#show run
Building configuration...

Current configuration : 10621 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname TMT_CGS8286
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$I7rP$qmIemGrk8q6.XEwZ8NKh61
enable password 7 070C285F4D064F5341
!
username cisco password 7 094F471A1A0A41445D
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
ip domain-name grammar.local
!
 --More--         !
crypto pki trustpoint TP-self-signed-2523170560
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2523170560
 revocation-check none
 rsakeypair TP-self-signed-2523170560
!
!
crypto pki certificate chain TP-self-signed-2523170560
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32353233 31373035 3630301E 170D3933 30333031 30303031 
  35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35323331 
  37303536 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100A49B 3396AF22 379A49C7 4531AFE9 01E8B7DD 44FD1CA2 1CB4009E 7D9A7F0B 
  A824C408 BF5C5402 365D8AB5 7980069A 939498DD 3746DE19 6848FC50 1D5B0637 
  8158E50B FDDDBBEF 265B1982 DB053C9B C2306AB4 96619038 18032C82 A027440C 
  8E654A6F 953913D4 47E0554B E1884B53 9E98417D 9FC5CC8D 42E6039C C9DBDFD8 
  90230203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 14CCC2D7 2B02AB0B 818AE9CD 7801EEBF 0C705D6E 28301D06 
  03551D0E 04160414 CCC2D72B 02AB0B81 8AE9CD78 01EEBF0C 705D6E28 300D0609 
  2A864886 F70D0101 05050003 81810070 36750891 F0879DDF E3EAB9CE 92B8F4EB 
 --More--           1EC857E6 44CD1F7E 06C7D77B D68DE686 759AC00C 57147D4F CC7EFCB4 F3354441 
  07B9CC22 A1033F57 A83ABAE2 817105A2 3C679720 E9BD1D59 5436FE9D 55D82BF0 
  D0D816EE B0881CBE 1A6EC2D5 FCE458D7 6414A677 C1FFA67F C7A06602 024A47E0 
  6D1EBAB5 9CF6C829 AA7914EE 1C686C
  	quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
errdisable recovery cause bpduguard
errdisable recovery interval 30
!
vlan internal allocation policy ascending
!
ip ssh version 1
!
!
!
!
!
interface FastEthernet0
 --More--          no ip address
 shutdown
!
interface GigabitEthernet1/0/1
 description BSS BLU-100 DSP
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 --More--          spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/4
 description PAC TMT AP433i
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 power inline consumption 29999
 macro description cisco-desktop
 spanning-tree portfast
 --More--          spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
 --More--         interface GigabitEthernet1/0/7
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/8
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/9
 description Crestron DMPS-300
 --More--          switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/10
 switchport access vlan 10
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/11
 switchport access vlan 20
 switchport mode access
 --More--          switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/12
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/13
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 --More--          switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/14
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/15
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 --More--          macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/16
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/17
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 --More--          spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/18
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/19
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
 --More--         interface GigabitEthernet1/0/20
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/22
 switchport access vlan 20
 --More--          switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/23
 switchport access vlan 20
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/24
 description Uplink PAC switch
 switchport trunk pruning vlan none
 switchport mode trunk
 --More--         !
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 10.10.82.86 255.255.0.0
!
ip default-gateway 10.10.32.88
ip http server
ip http secure-server
!
!
!
line con 0
line vty 0 4
 --More--          password 7 094F471A1A0A41445D
 login local
 transport input ssh
line vty 5 15
 password 7 094F471A1A0A41445D
 login local
 transport input ssh
!
end

TMT_CGS8286#exit

 

[ADB100]

Your issue is port-security is enabled:

 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity

With this configuration you will only be allowed a single MAC address per port. It is normally a good thing for typical user access ports and stops people bringing in hubs and switches to connect more devices. You can check the 'violations' count with the command 'show port-security'.
I would leave it enabled but increase the number of MAC addresses allowed on the ports you are trying to connect multiple devices to:

switchport port-security maximum X

where 'X' is the maximum number of MAC addresses that should be learned on the port.
You also have 'spanning-tree bpduguard enable' configured. This will stop switches that are running STP from being connected to ports as well as the 2960 if it detects STP on the port will disable it. You are probably OK with the Netgear switch as it probably either doesn't support STP or has it disabled by default.

Its not a bad config...

Andy

 

[disturbedone]

Thanks for that. It's basically a default config so those commands must be there by default as I definitely didn't add them. That's a good thing. I'll just modify it per port if required.

 

[whykap]

Port security is not a default command. Someone added it, not necesarily you, when it was deployed but definately not there out of the box.

 

[vipergg]

Whycap is correct , that is far from a default config and port security features have to be configured. Under your ports none of this is default.

switchport access vlan 20
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable

 

[disturbedone]

To quote myself "It's basically a default config". I never said "it IS a default config". Our switches are turned on then put through some basic commands (defined in a document) to configure some very basic things (including putting all ports on a particular VLAN) and that's about it hence which I said it was "basically" a default config. The command "switchport port-security" is NOT in the document that we follow when configuring new switches so no human has ever entered it.

 

[ADB100]

No human may have typed the commands however you are applying a smartport macro which is:

http://www.cisco.com/en/US/docs/swi...0/software/release/12.1_22ea/SCG/swmacro.html

Based on the 'macro description cisco-desktop' this is from an older IOS release as the current releases don't have the 'cisco-desktop' macro by default.

Also have a read here:

http://www.cisco.com/en/US/docs/swi...e/12.2_53_se/configuration/guide/swmacro.html

Andy

 

[VinceWhirlwind]

So it's your standard config, not a default config.