10-08-2009 12:55 PM
I have an SR520 router connected to a CE520 switch. That switch is then daisy chained to a second CE520 switch via the Gig ports. All works great. I now need more connections than we have wiring for at one persons' desk. So I put a small 4-port Linksys switch at her desk and plugged her computer and printer into the Linksys switch. Does not work. The CE520 switch grabs which ever MAC address it sees first and rejects the other one. The log files with errors about the "invalid MAC" or whatever. I have set the port on the CE520 as a "trunk" port but still no go. Help???
10-11-2009 03:20 PM
Hi edisoninfo,
Sure sounds like there are fairly tight MAC address limits set on the switch ports ports :D.
Can't be adjusted from CCA2.1, or at least I couldn't alter port security from CCA V2.1, so we have to do this an alternate way.
Lets experiment and try to adjust the MAC learning limits on say, switch port number 1.
You will have to find out the IP address of the management interface of the CE520 switch and paste the following command into a Internet explorer screen. I found out mine by looking at the DHCP client list on my router, before and after I connected my CE520 onto my network. You could use CCA to find the IP address of the CE520.
(Remember to substitute your IP address for your CE520)
http://192.168.1.3/exec and login with user=cisco password=cisco
Then paste the following into the IE address, substituting your CE520 management IP address;
http://192.168.1.3/level/15/exec/-/show/run/CR
The switch port configuration looks like the following;
interface FastEthernet1
switchport mode access
switchport voice vlan 100
switchport port-security maximum 3
switchport port-security maximum 3 vlan access
switchport port-security maximum 3 vlan voice
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 35 45
srr-queue bandwidth shape 10 0 0 0
queue-set 2
macro description cisco-ipphone
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input voice-map
To test the theory that you have MAC limits set per port, I think we either have to remove port security or modify the number of MAC addresses allowed per port.
I chose to modify the number of MAC addresses allowed per port. But your result of the show run, should indicate how many MAC addresses are allowed per port.
I pasted the following commands onto the Internet explorer screen to allow me to alter the number of allowed MAC addresses per VLAN on switch port 1.
http://192.168.1.3/level/15/interface/FastEthernet1/-/switchport/port-security/maximum/6/CR
The three commands above will modify switch port 1, to give me a limit of 6 MAC addresses per VLAN, hanging off switch port 1.
Give it a try, and see if it allows increased number of MAC address for devices attached to switch port 1, don't forget to substitute your CE520 IP address.
If it works, you have a solution that will work for the other 23 ports.
Remember to run the following URL at the completion of any changes you make, it's a write memory command to save any changes you make.
http://192.168.1.3/level/15/exec/-/wr/mem/CR
Hope this works for you
regards Dave
10-12-2009 02:13 PM
Thanks Dave! I gave these commands a try today and tho they all worked (ie. the CE520 accepted them), I was still unable to access more than one device hanging off the 4 port Linksys switch.
NOTE: Port 24 is the port with the Linksys switch plugged into it.
Here is the IE version of the show run:
WS-CE520-24LC-K9-1
Home Exec Configure
--------------------------------------------------------------------------------
OutputCommand base-URL was: /level/15/exec/-
Complete URL was: /level/15/exec/-/show/run/CR
Command was: show run--------------------------------------------------------------------------------
Building configuration...
Current configuration : 15620 bytes
! THIS FILE HAS BEEN GENERATED BY THE GUI.
! ANY CHANGES TO THIS FILE MAY RESULT IN INCORRECT SWITCH BEHAVIOR.
!
! Last configuration change at 18:22:17 UTC Mon Oct 12 2009 by admin
! NVRAM config last updated at 18:20:22 UTC Mon Oct 12 2009 by admin
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service sequence-numbers
!
hostname WS-CE520-24LC-K9-1
!
username admin privilege 15 secret 5 mysecretpassword
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
system policy access host 1
system policy access
vtp mode transparent
ip subnet-zero
!
mls qos map policed-dscp 18 24 26 34 40 46 to 0
mls qos map cos-dscp 0 8 16 26 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 2 2
mls qos srr-queue output cos-map queue 3 threshold 3 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 2 18
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 19 20 21 22 23 32
mls qos srr-queue output dscp-map queue 3 threshold 3 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 2 8 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 16 8 24 52
mls qos queue-set output 2 buffers 16 6 17 61
no mls qos rewrite ip dscp
mls qos
!
!
!
!
errdisable recovery cause psecure-violation
port-channel load-balance src-dst-ip
no file verify auto
!
mac access-list extended nonip
permit any any 0x800 0x0
permit any any 0x806 0x0
permit any any 0x836 0x0
no mac authentication
mac authentication table version 0
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 100
name Cisco-Voice
!
class-map match-all VoIP-Control-class
match access-group 2142
class-map match-any guest-class
match access-group 2144
class-map match-any general-class
match access-group 2140
class-map match-any business-in-server-class
match access-group 2146
class-map match-any critical-in-server-class
match access-group 2145
class-map match-all VoIP-data-class
match access-group 2141
class-map match-any VoIP-non-voice-class
match access-group 2143
!
!
policy-map guest-port-map
class guest-class
set dscp cs1
police 30000000 800000 exceed-action drop
policy-map general-map
class general-class
set dscp 7
police 30000000 80000 exceed-action policed-dscp-transmit
policy-map voice-map
class VoIP-data-class
set dscp ef
police 3200000 8000 exceed-action policed-dscp-transmit
class VoIP-Control-class
set dscp cs3
police 640000 8000 exceed-action policed-dscp-transmit
class VoIP-non-voice-class
set dscp 7
police 30000000 800000 exceed-action policed-dscp-transmit
policy-map critical-server-map
class critical-in-server-class
set dscp af41
police 30000000 800000 exceed-action policed-dscp-transmit
policy-map business-server-map
class business-in-server-class
set dscp af21
police 30000000 800000 exceed-action policed-dscp-transmit
!
!
interface FastEthernet1
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-access-point
storm-control broadcast level 10.00
service-policy input general-map
!
interface FastEthernet2
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-access-point
storm-control broadcast level 10.00
service-policy input general-map
!
interface FastEthernet3
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-access-point
storm-control broadcast level 10.00
service-policy input general-map
!
interface FastEthernet4
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-access-point
storm-control broadcast level 10.00
service-policy input general-map
!
interface FastEthernet5
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet6
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet7
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet8
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet10
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet11
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet12
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet13
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet14
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet15
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet16
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet17
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet18
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet19
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet20
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet21
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet22
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet23
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 5 5 40 50
queue-set 2
macro description cisco-desktop
storm-control broadcast level 10.00
spanning-tree portfast
spanning-tree bpduguard enable
service-policy input general-map
!
interface FastEthernet24
description Link to SR520
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 45 35
srr-queue bandwidth shape 10 0 0 0
udld port aggressive
mls qos trust cos
macro description cisco-switch
spanning-tree link-type point-to-point
!
interface GigabitEthernet1
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 45 35
srr-queue bandwidth shape 10 0 0 0
queue-set 2
udld port aggressive
mls qos trust dscp
macro description cisco-router
storm-control broadcast level 10.00
!
interface GigabitEthernet2
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 45 35
srr-queue bandwidth shape 10 0 0 0
udld port aggressive
mls qos trust cos
macro description cisco-switch
spanning-tree link-type point-to-point
!
interface Vlan1
ip address 192.168.1.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.1
ip http server
ip http authentication local
ip http secure-server
access-list 2140 permit ip any any
access-list 2141 permit ip any any dscp ef
access-list 2141 permit ip any any dscp cs5
access-list 2142 permit ip any any dscp cs3
access-list 2142 permit ip any any dscp af31
access-list 2143 permit ip any any
access-list 2144 permit ip any any
access-list 2145 permit ip any any
access-list 2146 permit ip any any
!
control-plane
!
!
line con 0
line vty 0 4
login
length 0
line vty 5 15
login
!
end
!7F2F
--------------------------------------------------------------------------------
command completed.
--------------------------------------------------------------------------------
10-16-2009 08:33 PM
Hello and good evening.
Is the problem still occurring? I understand from Dave that you have an unmanaged Linksys switch.
Can you confirm how you have this switch plugged into the network? Does it plug directly into the CE520 switch or the back of the phone? We do not support or recommend having another switch plugged into the back of the phone.
Here is the config I see applied:
interface FastEthernet24
description Link to SR520
switchport trunk encapsulation dot1q
switchport mode trunk
srr-queue bandwidth share 10 10 45 35
srr-queue bandwidth shape 10 0 0 0
udld port aggressive
mls qos trust cos
macro description cisco-switch
spanning-tree link-type point-to-point
Having an unmanaged switch makes it hard to have any visibility and no config options; we are partly shooting in the dark here. Not much fun shooting in the dark ;-)
Any chance you can at least put in a managed switch? A suggestion would be the new ESW520P.
If you wish to proceed, then I would suggest setting this up using the smart ports utility. You can set the port role to cisco-switch or manually set it to a trunk port. Make sure that VLAN 1 is native / untagged and that VLAN 100 is tagged. As Dave mentions in his post, you need to hard code the phone to the appropriate voice VLAN.
Referencing the above configs, please remove the UDLD config. This is only applicable to Fiber ports and will not work properly in this config ...
In general, if the other configs are also not needed, then I would suggest removing them as well. It is best to start with a limited or clean state and then add configs to see which ones cause the problems.
HTH,
Andrew Lee Lissitz
10-16-2009 10:04 PM
Hi Andrew,
The linksys switch is a unmanaged switch, which was connected to switch port 24.
As such by default it will pass the VLAN tags with no problem.
I'm thinking ,it should also pass transparently Cisco discovery protocol (CDP) packets as well, but I always manually attach my 7965 IP phone to VLAN 100 when I use a Small business switch instead of the CE520, ESW500 or traditional Cisco switch..
For grins and giggles, it would be interesting to just see if, setting the attached VOIP phone management interface to VLAN 100 would make it join VLAN 100.
It would be interesting for the gentleman to try the following brief procedure;
step 1. Press the settings button on the IP phone
step 2. pressing **# , to unlock and allow setting changes
step 3 navigate to Network Configuration > Admin.VLAN Id and manually altering it to VLAN 100
Now, it would be interesting to see if the gentleman can see if a PC and IP phone can connect via the unmanaged linksys switch, which is connected to the CE520 switch port 24.
regards Dave
10-17-2009 05:48 PM
You are correct Dave, it is a generic switch. However I don't have a phone connected to it. Just a computer and a printer. Will the adjustments suggested by Andrew help?? I won't be onsite until later this week to test it if you think this will help.
10-18-2009 11:42 PM
It would be interesting to perform your tests on switch port 1 rather than 24, the UDLD config is not present on switch port 1. But i think it's about time we has a brief chat regarding this issue. Lets get in contact, i will email you via your community email contact, so I can facilitate approapriate support for you..
regards Dave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide