Hello! our company is currently using two 500 series switch connected to eachother using the g1/1000mbits port, a cisco router is also plugged in to one of the switches for broadband internet access. After deployment the following problems came up, we are unable to use our wireless access point even when the port is set up as being "access point" using the smartports feature, we simply cant ping the access point no matter what port type we set on the switch and we keep having the error message on the router that it has denied connection from that device, my feeling is that for some reason i'm not aware of the router is blocking certain devices to transfer data no matter what type of port we define on the smartports feature. I cant find anyway or option on the router software to disable this blocking or filtering of the data in order to connect any devices i want normally without any restrictions. for some reason the switch is not accepting connections from the access point...
Any help would be much appreciated.
Fernando - London - UK
could you give us more detail on the actual configs?
Do you have layer 3 connectivity? can you ping both between these devices?
do you have routes to the WAP?
is there any ACL configured?
please let us know,
Hi Vlad, I'm unable to ping the access point, I've also checked the security level on both switches and they're set to "low level", the error message i get from the switch where the AP is connected is " This port is blocked by Spanning Tree Protocol", should i disable STP ?? ...
you can use show spantree command to verify the states of the ports. Before disabling spantree you should be sure that you have a loop free environment, becasue if somehow a loop arises ur network will die and you will face the music.
* Please rate the helpful posts.
Hi, well, i did disabled STP but it didnt help, i'm going to post the network topology more exactely and the settings being used so its easier to get any help as i think i missed some points about our network :) ....so here it goes :
1. All the devices and client computers are using fixed ip addresses on the range 192.168.254.x
2. Topology :
Switch number 1 connected devices:
17 client computers connected
1 cisco router (with dhcp disabled and using fixed ip too)
1 Netgear AP using set with DHCP
Switch number 2 connected devices:
10 client computer connected
Switch 1 and 2 are connected using the G1/1000mbits uplink port
Settings being used on BOTH switches (they are both catalyst 500,same software version) :
- default vlan1 is set and enabled
- STP enabled
- IGMP snooping enabled
- all ports are enabled and set to auto mode for speed and duplex
- port Gi1 that is used to connect both switches is set as "Switch" type with smartports.
- gateway (cisco router) ip address set
- security set to "low"
- STP settings on switch 1:
currents roots: VLAN1 , priority:32768 , root port: fa24 (where the router is connected), route path:38
- STP settings on switch 2:
currents roots: VLAN1 , priority:32768 , root port: Gi1 (uplink to switch 1), route path:42
switch 1 specific settings:
- the port where the AP is connected is set using smartports as "Access Point" and the port where the printer is connected is set as "Printer" also using smartports on the switch device manager software.
- the port where the cisco router is connected is set as "router" with smartports
- I am able to ping all the devices on the network from any computers connected to both switches.
- I am able to ping the printer from any computer connected to both switches as well.
- When AP is connected directly to the cisco router wireless clients have access to internet with no problems
- all wired client computers on both switches connect to the internet using the router without problems.
- Cannot ping the AP from any client computer on the network
- When printing from Switch 1 clients everything goes well, but when i print from clients on Switch 2 i am unable to print as its unable to connect to the printer, however i can ping the printer on the command-line !
- When i try to plug in the network cable from the AP to its designated port on Switch 1 the network crashes !
When trying to print from clients on Switch 2 or when try to connect and use AP on switch 1 i get or "access denied to device connecting to portxx" or i get an STP blocking error .
Hope the picture is clearer now.
thanks once more.
It seems as if your Router is acting as root bridge for your network. Personally I would configure the switch actually connected to the router as RB, to do this change the bridge priority to something low, say 4096 and the second switch to 8192. Just let the router 'route'.
Also, I wonder if your printer has one of them new fangled wireless interfaces built in. I wonder if it is connecting to the Wirless AP, getting a DHCP address on the same vlan as your wired clients, causing the switch to see its mac address in two places (the wired connection and via the AP).
In this case the switch would put either the AP or printer port into blocking as it would assume a layer 2 loop.
The printer may be aquiring 2 addresses on the same vlan, which is not a problem, but it depends onwhat it is doing as regards mac addresses.
I would check out the arp tables on the router and the machines which can and cant print. Compare them and see if they differ.
You may also be getting ping replies on switch 2 from a machine with a duplicate address. Worth just checking out the basics.
Perhaps check this out and let us know.
Hope this is of some help.
Hi Shaun, the printer is actually using a fixed IP address and it does not have a wireless interface builted in, in any case how do I change the bridge priority on the switch? can I use the built-in software on the switch or should I have to use telnet ?
I recently have the chance to deploy a number of CE500 and had some experience with the smartport roles.
The essential ones are : Desktop (which basically will do a IOS "switchpor host" equivalent) and switch (which will automatically perform a dot1q trunk). Other than that all my printers, AP point (if you do not need PoE) I've configured them to be "Others" which convert the port back to a normal switch port with the standard behaviour.
try changing the Printer and AP point to "Others" and see if that help at all.
Having had a dig around, I cant find any documents which outline how to change the bridge priorities on the 500 series. normally it would be something like
spanning-tree vlan 1 priority 4096
from the IOS commandline, but these boxes dont support a command line. Perhaps you could have a dig around on the normall web based management console and see if you can find it. (I dont have one to try myself).
Also try as the previous post suggests, try the 'other' option, this will give you more config options i suspect.
Hello Shaun, well I did try changing the ports to "other" using smartports but still no working...
Would it help just to turn off STP on both switches just to make them act like a "normal" switch ??