Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
6
Replies

Having issues with CE500 switches

oj88
Level 1
Level 1

‎03-26-2007 01:34 AM - edited ‎03-05-2019 03:05 PM

We're deploying a number of CE500's as part of my client's migration to Cisco switches. However, I am having some issues with trunking or port security (just can't pin point the problem), in that there are cases when two PCs can't see each other even if they're on the same VLAN but connected to different switches. Probably an example is a better way of explaining my problem.

1. I have two CE500 switches and two PCs in a lab environment.

2. I then configured a new VLAN on both switch named VLAN2. The VLAN ID is "2".

3. I configured all access ports to "Desktop" and made them members of VLAN2 on both switches.

4. Configured the Gigabit uplink ports to "Switch" and their native VLAN to "1". Connected the two switches using the uplink port.

5. I configured both PCs to be on the same subnet and connected one PC to each switch.

6. Performed continuous ping on both PCs to verify that they can see each other. Ping is successful.

7. Removed PC1 from SW1 and plugged it on an access port on SW2. Ping dies. Replace PC1 on SW1 and ping resumes.

8. I again put PC1 on SW2 and ping dies. I then remove and reinsert the uplink cable and the ping between workstations resume.

9. If I move either PCs to any port on the same switch, ping is successful. However, if I move any of the two PCs to another switch, ping dies and would only resume if I unplug and plug the uplink port (or if I reload any of the two switches).

Oh yeah, port security is set to default (LOW).

Configuring such on an IOS switch was a breeze. These CE500s are giving me a headache.

I hope someone can give me a clue on what's going on.

Labels:
0 Helpful
6 Replies 6

daswafford
Level 1
Level 1

‎03-27-2007 10:13 AM

Hi. In regards to moving the PCs around, are you waiting at least 45 seconds for the spanning tree process to complete before restarting your PING? I have one Express 500 switch deployed with a bunch of 2960s and a 4507 and I remember that the spanning tree delay was a lot more noticable on the Express line of switches.

David.

0 Helpful

daswafford
Level 1
Level 1
In response to daswafford

‎03-27-2007 10:25 AM

Spanning tree's status is shown via the link color, on a gig link--the port will be amber when its going through the stages of spanning tree's discovery and then it will be green when that's all done and traffic can start crossing.

David.

0 Helpful

oj88
Level 1
Level 1
In response to daswafford

‎03-27-2007 07:22 PM

Thanks for the replies. We waited like three to five minutes and the two PC's still can't see each other. This is cured by removing and reinserting the trunk connection or reload either one of the switch. We have to do this every time we transfer any PC to another switch (same VLAN).

Here's another way of putting it: It seems like if SW1 learns about PC1, you can't move PC1 to SW2. Same goes with PC2 that was initially learned by SW2; transferring PC2 to SW1 would severe the connectivity also. For the connectivity between PC1 and PC2 to resume, you either put them back to their respective switches, remove and reinsert the trunk connection, or reload either one of the switches.

If it's not port security issue, could it be a mac-address purging problem? (ie. the switch will retain the mac-address of the host even if it has long been disconnected).

I'll be doing further tests today including firmware upgrades to the latest version. I will update this thread of my findings later.

0 Helpful

daswafford
Level 1
Level 1
In response to oj88

‎03-27-2007 08:16 PM

What kind of port security setup are you using?

David

0 Helpful

oj88
Level 1
Level 1
In response to daswafford

‎03-27-2007 10:56 PM

Ok, I think I've licked the problem. I just upgraded using the latest firmware: ce500-lanbasek9-tar.122-25.SEG2.tar and the two switches I'm working on are working as they should. Before the upgrade, the installed firmware version was 12.2(25)FY

Anyway, I now have first hand info on what the problem was, and it's not due to port security. The problem was, as I've suspected earlier, mac-address ageing/purging problem.

So if PC1 is on SW1 and PC2 on SW2, SW1 would have the mac address of PC1 that he learned from Fa0/1, and PC2's mac address from Gi1.

SW2 on the other hand would have PC2's mac address learned from Fa0/1, and PC1's mac on Gi1.

Moving PC1 to SW2 (or PC2 to SW1), as I've said would kill the connectivity between the two PCs. Using the CE500 Troubleshooting and Debugging aid, I can still see PC1's mac learned on SW2's Gi1, instead of SW2's Fa0/2 (where it is now in).

To make a long story short, it takes exactly 5 mins. for the switch to age out the "old" mac-address from the Gi1 trunk port, even if the same mac address should have been learned from the switch's Fa0/2 access port.

Apparently, 12.2(25)SEG2 cured the problem.

0 Helpful

daswafford
Level 1
Level 1
In response to oj88

‎03-28-2007 11:48 AM

Thats interesting in regards to the mac timer, thanks for posting your final solution, this is great knowledge.

David.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card