CE 520 switch and generic Linksys switch

Unanswered Question
Oct 8th, 2009
User Badges:

I have an SR520 router connected to a CE520 switch. That switch is then daisy chained to a second CE520 switch via the Gig ports. All works great. I now need more connections than we have wiring for at one persons' desk. So I put a small 4-port Linksys switch at her desk and plugged her computer and printer into the Linksys switch. Does not work. The CE520 switch grabs which ever MAC address it sees first and rejects the other one. The log files with errors about the "invalid MAC" or whatever. I have set the port on the CE520 as a "trunk" port but still no go. Help???

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (1 ratings)
Loading.
David Hornstein Sun, 10/11/2009 - 15:20
User Badges:
  • Gold, 750 points or more

Hi edisoninfo,


Sure sounds like there are fairly tight MAC address limits set on the switch ports ports  :D.


Can't be adjusted from CCA2.1, or at least I couldn't alter port security from CCA V2.1, so we have to do this an alternate way.


Lets experiment and try to adjust the MAC learning limits on say, switch port number 1.


You will have to find out the IP address of the management interface of the CE520 switch and paste the following command into a Internet explorer screen. I found out mine by looking at the DHCP client list on my router, before and after I connected my CE520 onto my network.  You could use CCA to find the IP address of the CE520.


(Remember to substitute your IP address for your CE520)


http://192.168.1.3/exec        and login  with user=cisco password=cisco


Then paste the following into the IE address, substituting your CE520 management  IP address;


http://192.168.1.3/level/15/exec/-/show/run/CR


The switch port configuration looks like the following;


interface FastEthernet1
switchport mode access
switchport voice vlan 100
switchport port-security maximum 3
switchport port-security maximum 3 vlan access
switchport port-security maximum 3 vlan voice
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 35 45
srr-queue bandwidth shape  10  0  0  0
queue-set 2
macro description cisco-ipphone
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input voice-map


To test the theory that you have MAC limits set per port, I think we either have to remove port security or modify the number of MAC addresses allowed per port. 


I chose to modify the number of MAC addresses allowed per port.  But your result of the show run, should indicate how many MAC addresses are allowed per port.


I pasted the following commands onto the Internet explorer screen to allow me to alter the number of allowed MAC addresses per VLAN on switch port 1.


http://192.168.1.3/level/15/interface/FastEthernet1/-/switchport/port-security/maximum/6/CR


http://192.168.1.3/level/15/interface/FastEthernet1/-/switchport/port-security/maximum/6/vlan/access/CR


http://192.168.1.3/level/15/interface/FastEthernet1/-/switchport/port-security/maximum/6/vlan/voice/CR



The three commands above will modify switch port 1, to give me a limit of 6 MAC addresses per VLAN, hanging off switch port 1.


Give it a try, and see if it allows increased number of MAC address for devices attached to switch port 1, don't forget to substitute your CE520 IP address.


If it works, you have a solution that will work for the other 23 ports.


Remember to run the following URL  at the completion of any changes you make, it's a write memory command to save any changes you make.




http://192.168.1.3/level/15/exec/-/wr/mem/CR


Hope this works for you


regards Dave

edisoninfo Mon, 10/12/2009 - 14:13
User Badges:

Thanks Dave! I gave these commands a try today and tho they all worked (ie. the CE520 accepted them), I was still unable to access more than one device hanging off the 4 port Linksys switch.


NOTE: Port 24 is the port with the Linksys switch plugged into it.


Here is the IE version of the show run:



WS-CE520-24LC-K9-1

Home Exec Configure

--------------------------------------------------------------------------------




OutputCommand base-URL was: /level/15/exec/-

Complete URL was: /level/15/exec/-/show/run/CR

Command was: show run--------------------------------------------------------------------------------

Building configuration...


Current configuration : 15620 bytes

! THIS FILE HAS BEEN GENERATED BY THE GUI.

! ANY CHANGES TO THIS FILE MAY RESULT IN INCORRECT SWITCH BEHAVIOR.

!

! Last configuration change at 18:22:17 UTC Mon Oct 12 2009 by admin

! NVRAM config last updated at 18:20:22 UTC Mon Oct 12 2009 by admin

!

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

service sequence-numbers

!

hostname WS-CE520-24LC-K9-1

!

username admin privilege 15 secret 5 mysecretpassword

no aaa new-model

clock timezone UTC -5

clock summer-time UTC recurring

system policy access host 1

system policy access

vtp mode transparent

ip subnet-zero

!

mls qos map policed-dscp  18 24 26 34 40 46 to 0

mls qos map cos-dscp 0 8 16 26 32 46 48 56

mls qos srr-queue input bandwidth 90 10

mls qos srr-queue input threshold 1 8 16

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 67 33

mls qos srr-queue input cos-map queue 1 threshold 2  1

mls qos srr-queue input cos-map queue 1 threshold 3  0

mls qos srr-queue input cos-map queue 2 threshold 1  2

mls qos srr-queue input cos-map queue 2 threshold 2  4 6 7

mls qos srr-queue input cos-map queue 2 threshold 3  3 5

mls qos srr-queue input dscp-map queue 1 threshold 2  9 10 11 12 13 14 15

mls qos srr-queue input dscp-map queue 1 threshold 3  0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3  32

mls qos srr-queue input dscp-map queue 2 threshold 1  16 17 18 19 20 21 22 23

mls qos srr-queue input dscp-map queue 2 threshold 2  33 34 35 36 37 38 39 48

mls qos srr-queue input dscp-map queue 2 threshold 2  49 50 51 52 53 54 55 56

mls qos srr-queue input dscp-map queue 2 threshold 2  57 58 59 60 61 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31

mls qos srr-queue input dscp-map queue 2 threshold 3  40 41 42 43 44 45 46 47

mls qos srr-queue output cos-map queue 1 threshold 3  5

mls qos srr-queue output cos-map queue 2 threshold 3  3 6 7

mls qos srr-queue output cos-map queue 3 threshold 2  2

mls qos srr-queue output cos-map queue 3 threshold 3  4

mls qos srr-queue output cos-map queue 4 threshold 2  1

mls qos srr-queue output cos-map queue 4 threshold 3  0

mls qos srr-queue output dscp-map queue 1 threshold 3  40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3  24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3  48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3  56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 2  18

mls qos srr-queue output dscp-map queue 3 threshold 3  16 17 19 20 21 22 23 32

mls qos srr-queue output dscp-map queue 3 threshold 3  33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 2  8 9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3  0 1 2 3 4 5 6 7

mls qos queue-set output 1 threshold 1 138 138 92 138

mls qos queue-set output 1 threshold 2 138 138 92 400

mls qos queue-set output 1 threshold 3 36 77 100 318

mls qos queue-set output 1 threshold 4 20 50 67 400

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

mls qos queue-set output 2 threshold 3 41 68 100 272

mls qos queue-set output 2 threshold 4 42 72 100 242

mls qos queue-set output 1 buffers 16 8 24 52

mls qos queue-set output 2 buffers 16 6 17 61

no mls qos rewrite ip dscp

mls qos

!

!

!

!

errdisable recovery cause psecure-violation

port-channel load-balance src-dst-ip

no file verify auto

!

mac access-list extended nonip

permit any any 0x800 0x0

permit any any 0x806 0x0

permit any any 0x836 0x0

no mac authentication

mac authentication table version 0

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 100

name Cisco-Voice

!

class-map match-all VoIP-Control-class

  match access-group 2142

class-map match-any guest-class

  match access-group 2144

class-map match-any general-class

  match access-group 2140

class-map match-any business-in-server-class

  match access-group 2146

class-map match-any critical-in-server-class

  match access-group 2145

class-map match-all VoIP-data-class

  match access-group 2141

class-map match-any VoIP-non-voice-class

  match access-group 2143

!

!

policy-map guest-port-map

  class guest-class

   set dscp cs1

    police 30000000 800000 exceed-action drop

policy-map general-map

  class general-class

   set dscp 7

    police 30000000 80000 exceed-action policed-dscp-transmit

policy-map voice-map

  class VoIP-data-class

   set dscp ef

    police 3200000 8000 exceed-action policed-dscp-transmit

  class VoIP-Control-class

   set dscp cs3

    police 640000 8000 exceed-action policed-dscp-transmit

  class VoIP-non-voice-class

   set dscp 7

    police 30000000 800000 exceed-action policed-dscp-transmit

policy-map critical-server-map

  class critical-in-server-class

   set dscp af41

    police 30000000 800000 exceed-action policed-dscp-transmit

policy-map business-server-map

  class business-in-server-class

   set dscp af21

    police 30000000 800000 exceed-action policed-dscp-transmit

!

!

interface FastEthernet1

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-access-point

storm-control broadcast level 10.00

service-policy input general-map

!

interface FastEthernet2

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-access-point

storm-control broadcast level 10.00

service-policy input general-map

!

interface FastEthernet3

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-access-point

storm-control broadcast level 10.00

service-policy input general-map

!

interface FastEthernet4

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-access-point

storm-control broadcast level 10.00

service-policy input general-map

!

interface FastEthernet5

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet6

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet7

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet8

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet9

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet10

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet11

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet12

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet13

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet14

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet15

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet16

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet17

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet18

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet19

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet20

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet21

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet22

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet23

switchport mode access

switchport port-security

switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

srr-queue bandwidth share 5 5 40 50

queue-set 2

macro description cisco-desktop

storm-control broadcast level 10.00

spanning-tree portfast

spanning-tree bpduguard enable

service-policy input general-map

!

interface FastEthernet24

description Link to SR520

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

udld port aggressive

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

!

interface GigabitEthernet1

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

queue-set 2

udld port aggressive

mls qos trust dscp

macro description cisco-router

storm-control broadcast level 10.00

!

interface GigabitEthernet2

switchport trunk encapsulation dot1q

switchport mode trunk

srr-queue bandwidth share 10 10 45 35

srr-queue bandwidth shape  10  0  0  0

udld port aggressive

mls qos trust cos

macro description cisco-switch

spanning-tree link-type point-to-point

!

interface Vlan1

ip address 192.168.1.2 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.1.1

ip http server

ip http authentication local

ip http secure-server

access-list 2140 permit ip any any

access-list 2141 permit ip any any dscp ef

access-list 2141 permit ip any any dscp cs5

access-list 2142 permit ip any any dscp cs3

access-list 2142 permit ip any any dscp af31

access-list 2143 permit ip any any

access-list 2144 permit ip any any

access-list 2145 permit ip any any

access-list 2146 permit ip any any

!

control-plane

!

!

line con 0

line vty 0 4

login

length 0

line vty 5 15

login

!

end

!7F2F

--------------------------------------------------------------------------------

command completed.

--------------------------------------------------------------------------------

alissitz Fri, 10/16/2009 - 20:33
User Badges:
  • Silver, 250 points or more

Hello and good evening.


Is the problem still occurring?  I understand from Dave that you have an unmanaged Linksys switch.


Can you confirm how you have this switch plugged into the network?  Does it plug directly into the CE520 switch or the back of the phone?  We do not support or recommend having another switch plugged into the back of the phone.  


Here is the config I see applied:


interface FastEthernet24
description Link to SR520
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 45 35
srr-queue bandwidth shape  10  0  0  0
udld port aggressive
mls qos trust cos
macro description cisco-switch
spanning-tree link-type point-to-point


Having an unmanaged switch makes it hard to have any visibility and no config options; we are partly shooting in the dark here.  Not much fun shooting in the dark ;-)


Any chance you can at least put in a managed switch?  A suggestion would be the new ESW520P.       


If you wish to proceed, then I would suggest setting this up using the smart ports utility.   You can set the port role to cisco-switch or manually set it to a trunk port.  Make sure that VLAN 1 is native / untagged and that VLAN 100 is tagged.  As Dave mentions in his post, you need to hard code the phone to the appropriate voice VLAN.


Referencing the above configs, please remove the UDLD config.  This is only applicable to Fiber ports and will not work properly in this config ...


In general, if the other configs are also not needed, then I would suggest removing them as well.  It is best to start with a limited or clean state and then add configs to see which ones cause the problems.


HTH,


Andrew Lee Lissitz

David Hornstein Fri, 10/16/2009 - 22:04
User Badges:
  • Gold, 750 points or more

Hi Andrew,


The linksys switch is a unmanaged switch, which was connected to switch port 24.


As such by default it will pass the VLAN tags  with no problem.


I'm thinking ,it should also pass transparently Cisco discovery protocol (CDP) packets as well, but I always manually attach my 7965 IP phone to VLAN 100 when I use a Small business switch instead of the CE520, ESW500 or traditional Cisco switch..


For grins and giggles,  it would be interesting to just see if, setting the attached VOIP phone management interface to VLAN 100 would make it join VLAN 100.


It would be interesting for the gentleman to try the following brief procedure;


step 1. Press the settings button on the IP phone


step 2.  pressing **# , to unlock and  allow setting changes


step 3   navigate to Network Configuration > Admin.VLAN Id  and manually altering it to VLAN 100



Now, it would be interesting to see if the gentleman  can see if a PC and IP phone can connect via the unmanaged linksys switch, which is connected to the CE520 switch port 24.


regards Dave

edisoninfo Sat, 10/17/2009 - 17:48
User Badges:

You are correct Dave, it is a generic switch. However I don't have a phone connected to it. Just a computer and a printer. Will the adjustments suggested by Andrew help?? I won't be onsite until later this week to test it if you think this will help.

David Hornstein Sun, 10/18/2009 - 23:42
User Badges:
  • Gold, 750 points or more

It would be interesting to perform your tests on switch port 1 rather than 24, the UDLD config is not present on switch port 1. But i think it's about time we has a brief chat regarding this issue. Lets get in contact, i will email you via your  community email contact, so I can facilitate approapriate support for you..


regards Dave

Actions

This Discussion