3750G & switch port lock outs

Unanswered Question
Dec 29th, 2009

Hello all,

            I have just started work with a company which has the 3750G deployed throughout it's buildings. I am having an issue that is really annoying, some computers are being locked out (red cross for network connectivity icon on sys tray), all the computers that this effects are HP's with a Realtec gig on board card. Now the switches concerned are not managed nor do they have an IP address (I will get round to doing it). The only solution seems to be to replace the card, or reboot the switch (not the most practicle), also most of the computers affected are setup for DHCP(from a server) and most of them aren't even on our domain !!!!. Some but not all when scanned have a fair amount of malware on them. Any suggestions would be appreciated.

Kind Regards

Alex.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Peter Paluch Tue, 12/29/2009 - 04:12

Hello Alex,

Cisco Catalyst switches can have a number of reasons when they deactivate a port so that it appears as disconnected to the end stations. Mostly, these reasons are a result of either security violation or indications of a network problem (traffic loops, excessive MAC address movements). If the port is deactivated for such a reason, its status is described as err-disabled in the show interfaces output. The interface can be reactivated by entering its configuration, then issuing the command shutdown, waiting a few seconds, and then entering the command no shutdown. However, this will only reactivate the port, not remove the reason for which it was disabled.

I strongly suggest going over the show logging output to see if there are any messages indicating the cause why the interface was brought down. Also, if it is permissible for you, perhaps it would be helpful to post here the entire sanitized configuration of one of your 3750G switches that experiences these problems, together with description which ports exhibit this problem.

Best regards,

Peter

Scotland1314 Tue, 12/29/2009 - 04:18

Peter,

        thanks very much for that, as I expected it looks like a PC NIC/Malware issue. Once I have a copy of the config of one our affected switches I will post the sanitised version on here.

Thanks again for your help mate.

Regards

Alex.

glen.grant Tue, 12/29/2009 - 13:32

  As Peter said they are probably being err-disabled.  On the trouble ports you need to verify the nic settings for speed and duplex and match them against the switchports. Your best bet is to leave the nics and the switchports as auto unless there is a specific reason to do otherwise. If the switch err-diables the port it will tell you why in the logg assuming logging is configured.

Scotland1314 Tue, 12/29/2009 - 23:52

Cheers Glen, will be taking a close look at the next lockout we have, next step is the major one of getting the switches managed

Actions

This Discussion