Trunk two 2950 switches

Similar Messages

• Etherchannel between two 2950 switches

  I have a etherchannel defined between 2 L2 switches using LACP as shown below. The etherchannel works fine, however when I hard code speed/duplex on both ends the etherchannel fails. What is causing this behaviour?
  SW02:
  interface Port-channel5
  interface GigabitEthernet1/0/1
  switchport mode trunk
  channel-group 5 mode active
  interface GigabitEthernet1/0/2
  switchport mode trunk
  channel-group 5 mode active
  SW02:
  interface Port-channel5
  interface GigabitEthernet1/0/1
  switchport mode trunk
  channel-group 5 mode active
  interface GigabitEthernet1/0/2
  switchport mode trunk
  channel-group 5 mode active

  Thank you for the rating.
  Regarding your replacement scenario, I'll give the standard engineering answer ("it depends"), but actually follow up with something I hope is more helpful.    I'm sincerely interested to see other's viewpoint on this as well, as it has changed over the years.
  Many years ago (let's say a decade) I ran into problems with some devices not being able to auto-negotiate properly.  There was a tendancy for devices to fail or negotiate to half-duplex mode when a full-duplex connection was warranted.  At the time, the problems we experienced were mainly with traffic shaping devices and some other gear.  There were others using fixed settings as a standard practice, and we did the same since we had verifiable issues.
  Fast forward to now.  I personally have not experienced auto-negotiation problems in a long time and am reading more from others in the field that auto-negotiation is the way to go (such as from the link provided).  Indeed, I've now run into the opposite scenario: I had a particular situation where a link between two devices defaulted to half-duplex EVEN THOUGH they were both set to 100/Full.  It turned out to be a race condition between a device and a Cisco router...the other device booted faster, didn't see anything on the link, and "helpfully" dropped down to half-duplex.  I confirmed the issue with the device vendor, who recommended setting ports to auto-negotiate as the fix (their software would not be updated for a bit of time).
  I would recommend auto-negotiate as a standard practice, with the exception of areas where you have encountered specific problems.  Those latter cases should be caught through your pre-deployment testing, and discussed with the respective vendors so that you fully understand why the devices are behaving the way they are so that the proper mitigation measures can be put in place (i.e. - It is going to act the same way every time, and you can work with that).
  Good luck!  -Ed

• Need Help Connecting (2) 2950 switches together, cant see each other

  Can anyone please help me get my switches talking?  I am currently in training for entry level certs and can't continue until i get these talking. 
  I have two 2950 switches connected via port 0/1 on both switches.  (tried both crossover and regular cat5 connections)
  I have both ports active and both VLAN 1s active and both ports set to switchport mode trunk
  There is no port security enabled.  Both switches have IP's assigned in the respective default VLAN 1.   
  IP address 10.1.10.10 for switch 1
  IP address 10.1.10.11 for switch 2
  VTP is set to server on both, ( I tried transparent on both as well )
  I cant get these switches to ping each other and or access telnet from each other.  If i connect an outside connection i can telnet individually to each but they wont see each other through ping or CDP Neighbors. 
  Any ideas?? Please help as i am trying to get my CCENT in a few weeks!
  THANK YOU!

   ******* SWITCH 1 LOGIN *******
  User Access Verification
  Password:
  SW1>en
  Password:
  SW1#show run
  SW1#show running-config
  Building configuration...
  Current configuration : 1884 bytes
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname SW1
  enable secret 5 $1$TIuw$zBOptQNhwsRgZ6Frv.PVx.
  ip subnet-zero
  ip ssh time-out 120
  ip ssh authentication-retries 3
  spanning-tree mode pvst
  no spanning-tree optimize bpdu transmission
  spanning-tree extend system-id
  interface FastEthernet0/1
   switchport mode trunk
  interface FastEthernet0/2
   switchport mode access
  interface FastEthernet0/3
   switchport mode access
  interface FastEthernet0/4
   switchport mode access
  interface FastEthernet0/5
   switchport mode access
  interface FastEthernet0/6
   switchport mode access
  interface FastEthernet0/7
   switchport mode access
  interface FastEthernet0/8
   switchport mode access
  interface FastEthernet0/9
   switchport mode access
  interface FastEthernet0/10
   switchport mode access
  interface FastEthernet0/11
   switchport mode access
  interface FastEthernet0/12
   switchport mode access
  interface FastEthernet0/13
   switchport mode access
  interface FastEthernet0/14
   switchport mode access
  interface FastEthernet0/15
   switchport mode access
  interface FastEthernet0/16
   switchport mode access
  interface FastEthernet0/17
   switchport mode access
  interface FastEthernet0/18
   switchport mode access
  interface FastEthernet0/19
   switchport mode access
  interface FastEthernet0/20
   switchport mode access
  interface FastEthernet0/21
   switchport mode access
  interface FastEthernet0/22
   switchport mode access
  interface FastEthernet0/23
   switchport mode access
  interface FastEthernet0/24
   switchport mode access
  interface Vlan1
   ip address 10.1.10.10 255.255.255.0
   no ip route-cache
  ip http server
  banner motd ^C ******* SWITCH 1 LOGIN ******* ^C
  line con 0
   logging synchronous
   login
  line vty 0 4
   password vty
   login
  line vty 5 15
   password vty
   login
  end
  SWITCH 2 BELOW
   ****** SWITCH 2 LOGIN ******
  banner motd
  User Access Verification
  Password:
  SW2>en
  Password:
  SW2#show run
  SW2#show running-config
  Building configuration...
  Current configuration : 1894 bytes
  version 12.1
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname SW2
  enable secret 5 $1$nSFY$umNCHgrkLGTwHyI.dkbJf.
  ip subnet-zero
  ip ssh time-out 120
  ip ssh authentication-retries 3
  spanning-tree mode pvst
  no spanning-tree optimize bpdu transmission
  spanning-tree extend system-id
  interface FastEthernet0/1
   switchport mode trunk
  interface FastEthernet0/2
   switchport mode access
  interface FastEthernet0/3
   switchport mode access
  interface FastEthernet0/4
   switchport mode access
  interface FastEthernet0/5
   switchport mode access
  interface FastEthernet0/6
   switchport mode access
  interface FastEthernet0/7
   switchport mode access
  interface FastEthernet0/8
   switchport mode access
  interface FastEthernet0/9
   switchport mode access
  interface FastEthernet0/10
   switchport mode access
  interface FastEthernet0/11
   switchport mode access
  interface FastEthernet0/12
   switchport mode access
  interface FastEthernet0/13
   switchport mode access
  interface FastEthernet0/14
   switchport mode access
  interface FastEthernet0/15
   switchport mode access
  interface FastEthernet0/16
   switchport mode access
  interface FastEthernet0/17
   switchport mode access
  interface FastEthernet0/18
   switchport mode access
  interface FastEthernet0/19
   switchport mode access
  interface FastEthernet0/20
   switchport mode access
  interface FastEthernet0/21
   switchport mode access
  interface FastEthernet0/22
   switchport mode access
  interface FastEthernet0/23
   switchport mode access
  interface FastEthernet0/24
   switchport mode access
  interface Vlan1
   ip address 10.1.10.11 255.255.255.0
   no ip route-cache
  ip http server
  banner motd ^C ****** SWITCH 2 LOGIN ******
  banner motd ^C
  line con 0
   logging synchronous
   login
  line vty 0 4
   password vty
   login
  line vty 5 15
   password vty
   login
  end

• Connecting two Cisco 2950 switches to a 2600 router

  Hello,
  I'm trying to have two LANs connected to 2950 switch each, connect to a 2600 router and have the two LANs communicate with each other...i can't seem to get it working...any help...thanks
  LAN 1 192.168.10.1/20
  LAN 2 192.168.12.1/21
  Thanks again

  Alright, these are only basic configs here:
  Router
  hostname Router
  int fastethernet0/0
  description Network 1
  ipaddress 192.168.10.65 255.255.255.192
  int fastethernet0/1
  description Network 2
  ip address 192.168.10.129 255.255.255.192
  end
  Switch 1 (the one connecting to f0/0)
  hostname SwitchNet1
  int f0/1
  description Host 1 Net 1
  no ip address
  no shut
  int f0/2
  description Host 2 Net 1
  no ip address
  no shut
  int f0/3
  description Host 3 Net 1
  no ip address
  no shut
  int f0/4
  description Host 4 Net 1
  no ip address
  no shut
  int range f0/5 - 23
  no description
  no ip address
  shut
  int f0/24
  description UPLINK to Router
  no ip address
  no shut
  int vlan 1
  ip address 192.168.10.66 255.255.255.192
  no shut
  default-gateway 192.168.10.1
  end
  Switch 2 (the one connecting to f0/1)
  hostname SwitchNet2
  int f0/1
  description Host 1 Net 2
  no ip address
  no shut
  int f0/2
  description Host 2 Net 2
  no ip address
  no shut
  int f0/3
  description Host 3 Net 2
  no ip address
  no shut
  int f0/4
  description Host 4 Net 2
  no ip address
  no shut
  int range f0/5 - 23
  no description
  no ip address
  shut
  int f0/24
  description UPLINK to Router
  no ip address
  no shut
  int vlan 1
  ip address 192.168.10.130 255.255.255.192
  no shut
  default-gateway 192.168.10.129
  end
  This config assumes only ports f0/1 - f0/4 will be used on each switch. If that is not the case, you will need to modify the interface configs accordingly. You may want to use descriptions more suited than to your network on the switchports. Also, this config assumes the router is connected to port f0/24 on each switch as well.
  The default-gateway for the hosts and the switches is going to be the router IP address for the subnet they are attached to. The hosts/switches attached to f0/0 use 192.168.10.65 as their gateway. The hosts/switches attached to f0/1 use 192.168.10.129 as their gateway.
  You do not need to configure a port on the switch as the default-gateway. The default-gateway is an IP address the host/switch uses to direct all traffic from itself out past the router. In fact, if you don't need the switch to talk to devices on the other subnet, you don't even need to configure a default-gateway on the switches (but I would anyway).

• Virtual tunnel between 2950 switches

  I would like to creat a virtual trunk between two 2950, both are far from each other i mean many switches install between them, how can i creat a tunnel between or Virtual trunk port.

  Hi Mansoor,
  Yes you have to establish new vlan but you should allow all the vlans from customer to pass through cause tunneling is done on 3550 till thee all vlans should be allowed. But I have not tested it with vlan restrictions.
  Also make sure the vtp domain name server and password does not matches the customer or else it will do disaster.
  Have a look at this link and the one I posted above for configuration guidelines
  http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/12_1e/swconfig/dot1qtnl.htm#wp1001228
  HTH, if yes please rate the post.
  Ankur

• Application timeouts w/ subnet devices using 2950 switching

  I am having problems with process critical PC workstations that access other workstations and servers.
  This consists of a standalone subnet network (static IP's) using a 2950 switch that is also part of a LAN domain.
  It appears when there is a LAN issue my subnet workstations experiences problems trying to access it's dedicated servers that are wired all within the subnet 2950 switch.
  Could this be that the 2950 switch is looking for the DCHP or domain controller, slowing down my standalone devices?

  No, it's not likely.
  The only thing affected by DHCP or domain info would be for managemnt (like being able to telnet into the switch).
  Switches see the frame, look at the MACs, and either forward or flood the frame. That's all they do (acting as yer basic plain ol' switch).
  Other features, such as broadcast/storm control, bad media (cabling), excessive broadcasts (broadcasts are also propagated out all ports and consume considerable bandwidth everywhere), and other things, like QOS settings, buffer parameters, spanning tree can also have a serious negative impact on your throughput, including many disappearing frames.
  SO ... let's start by taking a look at a Show Version, and (at least) a Show Run (sanitized, if necessary).
  It would also help if you could describe the nature of the traffic that is being dropped / lost / filtered (i,e., database, large graphics files, multicast streaming, file transfers, etc.
  What troubleshooting have you tried so far?
  Did it ever work, worked ... but not very well, worked well until you updated the IOS ....
  Have you checked your LAN for virus / worm / trojan traffic (getting back to huge broadcasts)?
  Are you getting any media errors? (Show interface)
  Do you run many-to-one, many-to-many, any trunks? any EtherChannel?
  Are you getting any "Duplex Mismatch" errors?
  Have you tried another switch (for diagnostics to rule out the workstations & media)?
  This ought to be enough to get started. get it collected and post it, then we can take another shot at it.
  Good Luck
  Scott

• Encrypting vlan-trunk traffic between switches

  Hi,
  Can anyone guide me to some papers or other resources on how to encrypt traffic between 2 switches. The switchces will be connected with fiber and use dot-1q tagging. And I wan't to encrypt all of the trunked traffic.
  I was thinking of L2TP, but I haven't found any good description on how to implement this. I have two 3750 switches I thought I might use.
  Thanks for any input,
  Regards,
  Oyvind Mathiesen
  mnemonic
  Norway

  Hi,
  Thanks for the response. I had a look at MACsec and it looks good. I would have liked to employ something P2P though, to also limit the ammount of MAC addresses broadcasted on the "wire". But let me first give you an understanding of the task:
  We have two sites, connected via fibre and we want to create a VLAN trunk across and order to expand the broadcast domains to te other site.
  The IDIOT carrier, has a limitation on the number of MAC addresses they allow on the fibre service, 100.
  We also need to encrypt the datatraversing this connectivity.
  MACsec wuold work 100% exept the source and dstination MAC addresses are still sent (at least according to https://docs.google.com/viewer?a=v&q=cache:LEf2qOmYZyYJ:www.ieee802.org/1/files/public/docs2011/bn-hutchison-macsec-sample-packets-0511.pdf+&hl=en&gl=za&pid=bl&srcid=ADGEESgmAHXpDOY0RBAE-Rv1HDpu_C_gkeSPN4cv6NGgyP0M1aXVu0UqzCfxo8t_P41ep6J37k4OLKnjfp1M9hoTDHxY22WGz2h7yB7YRLyPvRUbGS8TICzvEMlG92xqbhy6RWFugmnj&sig=AHIEtbTfu0LQIJejdYidE6yzq4lpPifxjQ
  And that would cause me to eat into the 100 MAC limit.
  Ridiculous I know, but we are looking for an out-of-the-norm plan...
  Thanks

• Apple wired Dot1X - on Cisco 2950 switches

  Hi, I have an issue with Apple desktop computers running 10.7 and 10.8 MacOS.
  The problem is that we have only 2950 switches and we are very limited with what we can do on them, so we wanted basic DOT1X user authentication and VLAN placement. Those two are working great, except when user logs off, Mac stops sending DOT1X and port becomes unauthenticated. We alleviated that issue by using guest-vlan for failed dot1x authentications, but now we have a problem that once user logs in, there is no session change on 2950 and it doesn’t even try to authenticate user until we bounce the port.
  Is there any way to fix this, on Cisco switch or Mac computer? One of the things that crossed my mind is bouncing port on Mac PC using some kind of logon script?
  Has anyone else had this issue and was able to solve it?
  Thanks.

  Hello Align,
  Cisco 2950 switch with 12.1(9) supports 802.1 x authentications. As you are saying that you already configured 802.1x authentication and its working fine. I think there is problem with your MAC OS configuration. Please follow the below link to configure 802.1x on Apple.
  http://support.apple.com/kb/ht3326

• UCS C 220 server teaming on two core switches.

  Hello Everyone,
  I am using UCS C 220 M3 server and it has 8 HDD. I created RAID for redundancy and installed call manager custom software on it. Now in the network topology there are two core switches. I connected the UCS server on first core switch from Gig port 1 of the server.
  Now client is Demanding to connect on other core switch also. I am aware of the concept of teaming and i did it many times on microsoft server but either on the single switch or on the VSS system
  Here the scenario is core switch 1 and cor switch 2 are two seperate device. Indeed there is a ether channel between them but these switches are not virtual.
  Kindly suggest the solution how i can achieve the redundancy for UCS 220 server.
  Thanks in Advance.
  Please reply.

  Hello again, Im stuck
  This is what I have done. I have created the vPC between my esx host and my two nexus 5000 switches, but it doesnt seem to come up:
  S02# sh port-channel summary
  Flags:  D - Down        P - Up in port-channel (members)
          I - Individual  H - Hot-standby (LACP only)
          s - Suspended   r - Module-removed
          S - Switched    R - Routed
          U - Up (port-channel)
          M - Not in use. Min-links not met
  Group Port-       Type     Protocol  Member Ports
        Channel
  4     Po4(SD)     Eth      LACP      Eth1/9(D)
  vPC info:
  S02# sh vpc 4
  vPC status
  id     Port        Status Consistency Reason                     Active vlans
  4      Po4         down*  success     success                    -
  vPC config:
  interface port-channel4
    switchport mode trunk
    switchport trunk allowed vlan 20,27,30,50,100,500-501
    spanning-tree port type edge trunk
    vpc 4
  interface Ethernet1/9
    switchport mode trunk
    switchport trunk allowed vlan 20,27,30,50,100,500-501
    spanning-tree port type edge trunk
    channel-group 4 mode active
  Im unsure what I must configure on the cisco 240M3(esx host) side to make this work. I only have the two default interfaces(eth0 and eth1) on the vic-1225 installed in the esx host, and both have the vlan mode is set to TRUNK.
  Any ideas on what I am missing?
  Message was edited by: HDA

• Make ports on two different switches look like physically wired

  I have two different switches in two different buildings and I need to make the ports look like there is a physical wire between them.
  I have two disjoint networks that can talk to each other through a firewall but I need to be able to easily pass multicast traffic. I have a single PC in one building on my network (network A) and it needs to look like it is wired into the other network (network B) that resides in another building. My biggest problem is that the subnets on Network B (10.129.x.x/24) overlap with the management vlan (10.x.x.x/8) on my network. I have attempted to put all of the ports on Network A and Network B on the same vlan, however I could get no traffic to pass and I believe this is a problem with the overlap. Any help would be appreciated.
  Sent from Cisco Technical Support iPad App

  So is there a current connection between switch 1 and switch 2 and what vlan is it in or is it a trunk link.
  If you want the PC to be in vlan 4 then -
  1) the connection between switch 1 and switch 2 needs to be in vlan 4 at both ends or if it is a trunk link then it needs to allow vlan 4
  2) the connection between switch 1 and the 6500 for both ends needs to be in vlan 4
  then it should work because the PC has a direct path in vlan 4 to the 6500. The fact that there is an overlap in IP addressing doesn't matter because the PC is not routing off switch 2 but off the 6500.
  Not sure how this relates to multicast traffic though. Do you mean there are multicast sources in vlan B and you need the PC to be able to receive them.
  Jon

• Some 2950 switch ports led turn amber even without cable connection

  Hello. Due to a likely NIC problem, after connecting my laptop to a port on the 2950 switch, the led turns amber even after disconnecting the cable.
  2 ports on the switch are having this problems. Ideally the led should be off when nothing is connected.
  Please, how can I correct this problem without restarting the switch because its in a production environment.
  Eddy

  Hello,
  which two switchports are amber? Try toggling the port LED modes by pressing the mode button.
  Have a look at
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_installation_guide_chapter09186a008007e889.html#xtocid41699
  for the different port modes meanings and their respective usage of port LEDs.
  It would also be helpful to see the port status from the switch CLI in case the procedure above didn´t solve the problem.
  Hope this helps
  Martin

• Trunks between 2950s stop working and wont come back

  I've seen this happen on 2 different 'pairs' of 2950s, so it's time to investigate. The scenareo:
  simple trunk (no vlan definitions) between 2 2950s. 1 switch looses power, when power is restored, the switch that didn't lose power doesn't pass any traffic. The interface is up (link and administrativly up) the logs don't show anything other than the interface went down and came back up. here's a sample port:
  interface FastEthernet0/23
  description new Feed from phone room switch
  switchport mode trunk
  no ip address
  I'm not using spanning-tree, there aren't any redunant paths. Its worked fine for months (until a ups failure), I set up a new port on the switch and swing the cable and it comes up. Any ideas?
  thanks!

  Hello,
  I know this is an old post... but I am posting here in case this is viewed by anyone with a possible solution.
  Our organization has multiple locations configured the same way:
  (x2) cross connected 2950 switches in trunk mode, configured the follwing way per each interface (fa0/19):
  interface FastEthernet0/19
  no ip address
  duplex full
  speed 100
  no cdp enable
  spanning-tree portfast
  Our problem is similar to the one explained in this initial post. The switches are auto-trunked via port #19.
  Let's call one switch "A" and one switch "B"
  Whenever power is removed from one of the switches (Switch A), and it has completed a restart, the opposite switch (Switch B ..the one which was not powered off) will not return to a "Trunked" state. When you run the "show int status" command, it shows that the port is "connected". Even though the switch which was initially restarted returns to "Trunked" mode.
  We have seen this with a few of our 2950's across the infrastructure.
  The bottom line is that restarting one of the switches causes the other to lose the trunked state. The only was to correct the issue is to restart the opposite switch as well.
  The IOS version is 12.1 (9) EA1d .. I know it's old, however we cannot upgrade it at this time due to policies within the organization.
  Could anybody shed some light on this?
  Thanks in advance..

• Configuring a port on a 2950 switch

  I have inherited a couple of Cat-2950 switches and noticed the following config on ports:
  interface GigabitEthernet0/1
  description blade1
  switchport access vlan 65
  switchport trunk native vlan 2
  switchport trunk allowed vlan 2-4094
  switchport mode access
  spanning-tree portfast trunk
  spanning-tree bpdufilter enable
  when I do a show port, the port is in static access mode, not the trunk mode. Can anybody please shed the light on why configure the trunking native vlan and trunk allowed vlan if the port is in access mode?
  thanks.

  Probably those could be configs that the previous owner forgot to take out, (first a trunk port, which was reconfigured as a access port).
  Unless
  switchport mode trunk
  switchport trunk encap dot1q, this will not become a trunk.

• Maintaining clock settings on a 2950 switch?

  I have set up external NTP synchronization on a 2950 switch which works fine while the switch is powered on. However if the switch is cycled with a "reload" command, the time established is way off once the switch comes back up. Is this the expected behaviour?
  Thanks.

  BTW:
  Also sometimes difficult finding mention whether the hardware supports an on-board calendar. I've found using the ntp update-calendar both often a fast method to help in determining this, and a great way to keep the calendar accurate across reboots/reloads (if you're using NTP).

• Can't open console to 2950 switch

  Howdy all,
  I'm after inheriting a cisco 2950 switch in my new job and I do not know the enable password for it. I went about following the "password recovery procedure" but am getting nowhere.
  http://www.cisco.com/warp/public/474/pswdrec_2500.html
  I have tried connecting to the switch after powering it up but cannot open a session over the console port. I've tried using both COM ports on my laptop with all the variations of the flow control setting but no joy.
  I took a look at an old config file that was saved on the network for the switch and found this at the end:
  LINE CON 0
  TRANSPORT INPUT NONE
  Is this stopping me from completing the password reset when the switch is booting up??? All advice welcomed.
  Regards,
  PaddyIrishman

  HI Paddy, [Pls Rate if HELPS]
  "Transport Input None" command will prevent you from accessing the Device.
  Refer link below for CISCO 2950 Swtich Password Recovery Procedure Document:
  http://www.cisco.com/warp/public/474/pswdrec_2900xl.html
  Refer step by step procedure (quick ref):
  1. Unplug the power cable
  2. Hold down the mode button while replugging the power cable
  3. Type flash_init over the console
  4. Type load_helper
  5. Type Dir flash:
  //make sure to type the semi-colons
  6. Type rename flash:config.tdt flash:config.old
  //the password is contained in the config.txt fil.e
  7. Type boot
  //this reboots the system
  8. Type n to skip the initial setup config
  9. Type enable
  //this takes you to the enable mode
  10. Type rename flash:config.old flash:config.txt
  11. Save config.txt to system
  #copy flash:config.txt system:running-config
  12. Enter config mode and change the password
  #cofig t
  #no enable secret
  //this applies only if the enable secret password was created
  13. Finally write the changes to memory
  #write memory
  PLS RATE if HELPS
  Best Regards,
  Guru Prasad R