There is some very strange Problem which is driving me crazy
recently i bought a dozen of access switches most of them are 2960
when i updated the ios with 12.2(55) SE1 i encountered an error about licensing issues.
It said :
Error Message ILET-1-AUTHENTICATION_FAIL: This
Switch may not
manufactured by Cisco
authorization. This product may contain
I objected the seller that these are fake ones but he rejected and sent me the 12.2(58) SE2 ios
and with that ios the message above disappeared.
first of all i like to know your opinion about that
and second problem which is making me crazy
the switch interface vlan can not be pinged from not-direct connected devices.
Assume a very simple scenario
all in vlan 1 all up and all in one subnet
PC1 can ping int vlan 1 (on switch 1) and also PC2 but can not ping int vlan 1 ip address on sw2
PC2 can ping sw2 int vlan 1 ip and also pc1 but not sw1
and the switches can not ping int vlan 1 ip address of each other
i configured tens of switches but this is the first time i encounter with this
any thing missing or any strange point in that ?
I've just tried it and it is working without any problem.
did you wait for STP to converge ? ---> all links green
ip default-gateway <ip> solved my problem in my case. My topology was like:
RT (subints for vlan5,vlan10,vlan99)
TFTP = SW = PC
(vlan99) (access) (access) (vlan10)
int vlan 5 ip address on switch is 192.168.5.99
I wasn't pinging to SW from TFTP Server. I issued ip default-gw 192.168.5.1 and perfectly done.
I know you don't need it, but maybe have ip default-gateway configured on both switches ponting to each other.
Hope this helps
Thanks for your response but
There is not any STP issues
There is not any redundant link here
As you see in attached Packet Tracer File, This Scenario Should Work Very Easily But There is Something Wrong With My Switches I Think
And Also I Tried Default Gateway But I'm Sure It is Not Needed ! All On Same VLAN And Same Subnet and ...
So Setting Default Gateway Is Not Needed (As You See in PT File)
I Tried Manipulating ip route-cache and Faced Some Different Behaviors
Can it Be Related ?
Maybe try clear out the ip routes and arp cache, shutdown and open ports connecting switches, no shutdown on vlan interfaces?
Do you have default getway configured on PCs?
Int vlans are "no shut"
as i said pc1 can ping int vl 1 on switch 1 so certainly it is not shut
default gateway is set on pcs but as i said i think it is not necessary
caches are cleared cause i reloaded them
Certainly Yes !
First i tried it without setting dg because as i said i think it is unnecessary
but after that i tested all sorts of things to do the job but ...
just llok at the pkt file attached
i like to do the same simple scenario. as u see no dg is set on any devices and all is ok
i have done this on many switches before.
maybe my devices are fake !
Thats strange indeed.
I don't know what else to suggest unless you send me one of those "fake" switches to test.
Did you try creating different vlan than default and add those ports to it, maybe it doesn't like vlan 1.
Is the link between the switches configured as an access or trunk link? If trunk, do you have VTP pruning enabled? If so disable it. What does your CAM table look like on each swicth "show mac address-table" - does it have a correct MAC address for the next switch?
as seen in PT file they are all access links
in PT and all my previous switches it worked but now on these switches it does not !!
does ip route cache concerns here ?
i cleared no ip route cache on int vlan 1 of one switch and now i cant even ping it from a directly attached PC !
What switches are you using? I know with XL version (hardware) it will not allow Vlan 1 to work. Is this the lab found in Discovery 3 semester, chapter 3 by any chance? Little more info please. Finally, have done other vlans on these switches? sh vlan on both switches and make sure all ports are within the same vlan. If not, erase start, delete flash:vlan.dat and reload Maybe your ports are found in another vlan. Most instructors forget to delete the old vlan.dat. Hopefully this is your issue.
as i said i tried other vlans too and not worked
the pt file is built by myself in few minutes to show that this simple scenario should work and as u see it works in PT.
there is not any complicated thing here just access links between switches and clients and unfortunately switches can not each other interface vlans ..
Have you done this on each switch, at this prompt done:
# sh vlan brief (verify all ports are set to access, no trunks as no router)
# sh run (verify your vlan # have unique addresses, same subnet mask and a default-gateway*)
If this is basically the lab 3/3 in Discovery, except not using STP. My students also had an issue.
# conf t
fig)# ip default-gateway #.#.#.# same as your pc's (even though you don't use a router, this command should fix it)
Use the same on both switches.
i said on previous posts that although i think and i am sure setting DG is not necessary but i tested that and as i expected it did not fix the problem.
all the hosts and vlan 1 are on same subnet and pcs are directly connected to switches.
i should repeat again that the same scenario is done in the attached PT file and as u see it works
i will try it but just another thing that may help
one switches does not receive the others CDP packets !! and so does not show it as its neighbor
and the other switch which can send and receive cdp packests show arp : say incomplete for the other switch !
Let me understand your issue ...
You want to ping multiple IP address of multiple interface VLAN?
There's a little workaround. Upgrade to 12.2(55)SE3 (or later) and enable IP Routing.
Thanks But This is the issue. i do not need routing on 2960 (which i know can be done with changing SDM to lan routing and using IOS 12.2(55) and above
i just want one interface vlan to be pinged from another switch interface vlan (Assume Just are interface vlan 1)
as i upgraded to 12.2(58) se 2 the above message about "switch may has not been manufactured by cisco ...." went away
but the ping is still a problem (show arp is incomplete and ...)
Just an update :
I resetted 3 of switches to factory settings. two of them now can ping each other interface vlan but the third cant
again cdp is not received and the other switch shows incomplete in arp table
maybe the switches have a problem
I had the misfortune to be working on some 3560's that were found to be fake in our office in china, they gave odd issues too. Does the serial number look good? On one of ours the serial number was manipulated....
Sent from Cisco Technical Support iPad App
These Guys can even make fake serial numbers
i mean they copy some original serial number and print it on a lablle and stick it on a fake switch
but anyway can you tell me the best way to find if the switch is fake or not ?
anything in hardware any site for serial check or ...
Richard Pasztor 34 posts since Sep 26, 2010
Currently Being Moderated
I had a very disappointed experience today during the planned upgrade on my 2960 to IOS version 12.2(58)SE2 after business hours. We have a small office with 3x 2960 and a couple of 2950. There is a single 2960 called as the "central" as its the STP root, and most other switches are directly connected to the central. The remaining switches are conected to one of the switches conneting to the central.
I tested the aforementioned IOS on 2x 2960 las t week, but did not upgrade the central one. The 2x switches ran fine for a week, so I decided to upgrade the central one: basically it was a disaster. After the restart, the central became immediately unavailable via SSH (though admin IP pingable). I connected to the console, and realized that even console does not work, as I received the error message: "Low memory", and the console session could not be started. I restarted the switch once again (had to cut the power) and this time I managed to connect via the serial: the free memory was approx 2 MB, though its was over 5 MB if running 12.2(55)SE1. After 1-2 mins, free memory decreased down to 1.8 megs. SSH was still not functioning. At this time, fearing of a sudden memory leak during the night, I had to rollback to the previous version.
My config is quite simple: RSTP root, DHCP snooping, 1 LACP etherchannel, only 5x VLANs with VTP server, MOTD and BANNER (yeah I know its a risky feature since the previous IOS) I wonder what can be the problem here?
I have attached the running config of the central 2960 (removed some sensitive entries)
231 posts since
Jul 4, 2011
Currently Being Moderated
Sep 7, 2011 2:51 PM (in response to Richard Pasztor)12.2(58)SE2 on a 2960 cause memory leaks
There is a bug raised for this issue and it is in assigned to a Development engineer now.
As of now i cannot share the bug id with you, since it is internal to cisco.
When booting a 2960 with 64Mb of DRAM a low memory error can be observed under certain
circumstances when running 12.2(58)SE or later This will prevent acess to the console/ssh/telnet of the switch.
++ As a workaround we need to downgrade the IOS until the bug is fixed.
Hope this helps.
Rate helpful posts
Try a downgrade and see if it works. Also, how much memory do you have, both DRAM and flash?
Unfortunately My Problem Still Exists
It has run me completely mad
the seller does not accept that switches have a problem and the switches can not ping each other and one of them does not send cdp packets and ...
i am very mad with this
i will be thankful if anyone can help or one of cisco guys tell us if it is a bug and it is under research to solve it