Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Two Cisco 2950's fighting on my network?

Status
Not open for further replies.

leadacid44

Technical User
Jan 20, 2011
13
US
Hi folks. I hope I have a simple problem to fix. First things first, I am not a CCNA, but I like to think I have the gist of simple Cisco switch configuration.

Now, we recently ran low on network ports, so I went to take one of our old Cisco 2950 24-port switches out of the closet. We have another 2950 running on the network already, and we use HP Procurve for everything else.

Anywhoo, what happens is that when I plug my 2nd 2950 into the network, the "first" one goes offline! I'm just connecting them via copper CAT5 on one of the FastEthernet ports. At that point I can no longer ping it or anything on it. The second switch is ping-able once the VLAN comes up. If I disconnect the second switch, the first switch comes back online in a minute or two. The two switches are not directly connected, but connected through the HP Procurve switches.

I admit that I don't have the event log of the switch that goes offline.

The switches are using identical configurations and the same firmware, so this really has me stumped.

Could someone take a look and see if I'm doing something obviously wrong?

Thanks Everyone!

Code:
!
! Last configuration change at 17:08:20 CST Tue Nov 13 2012 by <username>
! NVRAM config last updated at 17:08:21 CST Tue Nov 13 2012 by <username>
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cisco2950g24-2
!
aaa new-model
aaa authentication login local_auth local
aaa authorization exec local_auth local
enable secret 5 <password>
!
username <username> password 7 <password>
username <username> password 7 <password>
clock timezone CST -6
clock summer-time CDT recurring
ip subnet-zero
!
no ip domain-lookup
ip domain-name <domain name>
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 2
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
 switchport mode dynamic auto
!
interface GigabitEthernet0/2
 switchport mode dynamic auto
!
interface Vlan1
 ip address <IP Address> 255.255.255.0
!
ip default-gateway <IP Address>
ip http server
ip http access-class 50
ip http authentication aaa
logging trap notifications
logging <IP Address>
logging <IP Address>
access-list 50 remark +------------------------------------------------------+
access-list 50 remark |    ACL 50 controls line vty 0 4 login access         |
access-list 50 remark +------------------------------------------------------+
access-list 50 permit <IP Address> 0.0.0.255
access-list 50 deny   any log
access-list 60 permit <IP Address>
access-list 60 remark +------------------------------------------------------+
access-list 60 remark |    ACL 60 controls SNMP public RO access             |
access-list 60 remark +------------------------------------------------------+
access-list 60 permit <IP Address>
snmp-server community public RO 60
banner motd ^C
=============================================================================
PROPRIETARY INFORMATION
All content of this system and its associated sub-systems are PROPRIETARY
INFORMATION and remain the sole and exclusive property of this company.
This system may be accessed and used by authorized personnel only.
Authorized users may only perform authorized activities and may not exceed
the limits of such authorization. Disclosure of information found in this
system for any unauthorized use is *STRICTLY PROHIBITED*. All activities on
this system are subject to monitoring. Intentional misuse of this system
can result in disciplinary action or criminal prosecution.

UNAUTHORIZED ACCESS
Unauthorized access to this computer system and software is prohibited by
Title 18, United States Code, Section 1030, Fraud and Related Activity in
Connection with Computers. This system is for the use of authorized users
only. Individuals using this  computer system without authority, or in
excess of their authority, are subject to having all of their activities
on this system monitored and recorded by system personnel. In the course
of monitoring individuals improperly using this system, or in the case of
system maintenance, the activities of authorized users may also be
monitored. Anyone using this system expressly consents to such monitoring
and is advised that if such monitoring reveals possible evidence of criminal
activity, system personnel may provide the evidence of such monitoring to
law enforcement officials.
=============================================================================
^C
!
line con 0
 exec-timeout 5 0
 authorization exec local_auth
 login authentication local_auth
line vty 0 4
 access-class 50 in
 exec-timeout 5 0
 authorization exec local_auth
 login authentication local_auth
 transport input ssh
line vty 5 15
 access-class 50 in
 exec-timeout 5 0
 authorization exec local_auth
 login authentication local_auth
 transport input ssh
!
ntp server <IP Address>
ntp server <IP Address>
!
end
 
leadacid44 said:
At that point I can no longer ping it or anything on it
So just to make sure I am reading this correctly, you are saying that all of the clients connected to first 2950 become unreachable?

 
==> The switches are using identical configurations and the same firmware...

Are you using different IP addresses? Along with what unclerico asked, if the clients attached to the switch are also not pingable, does the uplink port stay up or go down?

Stubnski
 
I assume it's not an IP address conflict, or you wouldn't say you can't ping "anything on it".
So I think you really should look at the logs on both Cisco 2950s otherwise you're wasting time.
Also the log on the Procurve that connects them - I'd be interested in spanning-tree events, myself.
I'd also like to factory-reset the 2950 if it's an old one out of the cupboard - you never know what somebody might have done to it.
 
Folks,
Thanks for offering your help! This has been very annoying as the switches are very far apart, so its hard to get to both of them. Plus I have the day job as well!

To answer the questions:
1) Yes, that is correct. When the second switch is connected to the network and when the connected port goes up, the first switch seems to drop out entirely. I can't ping it, nor any of the devices that are connected to it.
2) Yes, different IP addresses, hostnames, and passwords are being used. Otherwise, the switches use an identical configuration (which I posted above). I haven't checked to see what happens to the uplink port on the first switch. I will check tomorrow.
3) Yes, I also don't believe it's an IP conflict, as when I bring up the switches independent of each other, I can ping them uniquely. I'll try to pull the logs of what's happening tomorrow; I agree, hard to tell otherwise. I'll see if I can get the Procurve log as well. Spanning tree may be something, I hadn't thought of that. As for the reset, I could try it, but the config that you see above is what is running on both switches (minus the mandatory differences).

Now, a interesting wrinkle to the whole mix. As I said, I have two 2950 24-port switches that are fighting. I have a 48-port 2950 that I also configured with an identical config (changed as necessary) that works! It does an intersting thing though. When I bring it onto the network, it takes down the other 2950, but only for a little bit, perhaps 30 seconds, before both switches then come online. If I watch the console, it doesn't say anything (except for the port being up, then down, then up again) but I could probably turn up the log detail level and get some more information.

Anyway, I hope to post some more information tomorrow. Thanks folks!
 
Spanning tree is recoverging and a new root is being selected. I also suspect that the DTP frames the Cisco 2950's generate are being forwarded through the HP switches and a trunk is being formed which is then causing more issues. If all you need is more ports then make sure the interface you use is configured correctly..
Turn off DTP and make the port a fixed access port. Raise the STP priority for VLAN 1 on the new switch to make sure it doesn't become root. That should be enough I think?

In my experience inter-mixing Cisco and other vendors switches at layer-2 is always dangerous - spanning-tree being the main culprit.

Andy
 
I would like to see a diagram of your network and where these 2950's are placed. Include any redundant links and identify your current STP root. Out of curiosity are you running a flat network using VLAN1 end to end?

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top