VLAN with 2 switch ESW - 520

For test I used 2 Switch that name "ESW X" and "ESW Y"
I have 2 network that I named "Network A" and "Network B"
I build 2 VLAN for each network that named Vlan 2 for Network A and Vlan 3 for Network B, I don't use Vlan 1 because it's the default Vlan
Configuration ESW X:
port e1 : ACCESS PORT on UNTTAGGED Vlan 2
port e2 : ACCESS PORT on UNTTAGGED Vlan 2
port e3 : ACCESS PORT on UNTTAGGED Vlan 3
port e4 : ACCESS PORT on UNTTAGGED Vlan 3
port g3 : TRUNK PORT with UNTTAGGED Vlan 1(default) and TAGGED Vlan 2 and Vlan 3
Configuration ESW Y:
port e1 : ACCESS PORT on UNTTAGGED Vlan 2
port e2 : ACCESS PORT on UNTTAGGED Vlan 2
port e3 : ACCESS PORT on UNTTAGGED Vlan 3
port e4 : ACCESS PORT on UNTTAGGED Vlan 3
port g3 : TRUNK PORT with UNTTAGGED Vlan 1(default) and TAGGED Vlan 2 and Vlan 3
I Use for test 2 computer with the same IP class adress.
Test Result :
Communication between ESW X e1 and ESW x e2 =>OK
Communication between ESW X e3 and ESW x e4 =>OK
Communication between ESW Y e1 and ESW Y e2 =>OK
Communication between ESW Y e3 and ESW Y e4 =>OK
Communication between ESW X e1 and ESW Y e1 or e2 =>NOK
Communication between ESW X e2 and ESW Y e1 or e2 =>NOK
Communication between ESW X e3 and ESW Y e3 or e4 =>NOK
Communication between ESW X e4 and ESW Y e3 or e4 =>NOK
Each Vlan can't communicate between the two switch, I think they're a problem in my vlan/port configuration, can you help me.

Hi Thibaud,
Thank you for the purchase of the ESW switches.
Just out of interest, are you using the latest  firmware on your ESW switch version 2.1.19 
But you sure sound like you have a great understanding of Tagged and untagged VLANs  from you posting description..great stuff.
I just tried your configuration, I can communicate between ESW540-24P switch and a SF300-48P switch.
Sorry,  I don't have two ESW switches handy. But it should not matter. Standards based  Ethernet is hopefully just standards based ethernet
My vlan configuration below for my ESW540-24P,  and it's working just fine.
I  just connected switch ports 24 between the two switches together, that's why port 24 is tagged in each of the screen shots below.
I would really really doubt you would have a problem, unless there is something fundimental or basic you have done such as not saving the running configuration to the startup configuration.  Obviously not backing up tjhe configuration before a power down will kill the configuration.
( saved your configuration within each switch)
Here is a copy of a section of my switch running  configuration, that resulted from me playing with the ESW configuration utility.
(note that my switch has all Gigabit ethernet ports;)
interface range ethernet g(1-2)
switchport trunk native vlan 2
exit
interface ethernet g24
switchport trunk allowed vlan add 2
exit
interface range ethernet g(3-4)
switchport trunk native vlan 3
exit
interface ethernet g24
switchport trunk allowed vlan add 3
exit
If you are still having issue, here is the contact URL  for the Small Business Support Center, maybe a fresh set of eyes can spot the issue;
http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
regards Dave

Similar Messages

  • Creating a VLAN on a ESW 520 PoE Switch

    Hi,
    we have two Catalyst Express 500 switches and a ESW 520 just purchased. the VLAN on the other two is 2. how do I change the Default to be 2 instead of 100 in the ESW Switch.

    Hi Prasanga,
    Just to clarify, are you trying to change the Voice VLAN, or Management VLAN?
    The Voice VLAN by default on the ESW is 100, and Management VLAN is 1.
    Thanks!
    Dave

  • ESW 520 give priority to IP addresses

    I've got a LAN with private IPs for the computers, and public, static IPs for the VoIP phones. They are a Hosted VoIP provider, and I want to give priority to the public IPs with my ESW-520-48P switch. How do I implement that in this switch?
    I have no roles assigned on the ports and no VLANs setup either. I had tried segregating the VLANs first, but eliminated that route. It's all VLAN 1 now in the switch again. For some reason when I implemented VLAN 100 for voice, voice stopped working on the phones, but data was still fine.

    Hi netguy,
    QOS by rewriting the DSCP  (Differentiated Services Code Point) of a  IP phone range by;
    1. creating a ACL that specifies the IP range with reverse masking
    2. Attaching that ACL to a advanced Class MAP and then
    3. attach a class map to a QOS policy table that is configured to  set the DSCP to a new value
    4. attaching a QOS policy to a interface
    5 But you have a default Advanced QOS configuration already in place, so that has to be modified or deleted.
    It's  tough if you have never played with Advanced QOS  before or understand the last five statements.
    I guess your hosted IP phones have  DSCP (Differentiated Services Code Point)  settings already set on the IP phones or settings that  you can set directly to each IP phone ?
    If that is possible, why not just put the switch into basic QOS mode and then tell the switch to trust DSCP.
    That's far the easiest thing to do.
    regards Dave

  • Support for WRT610N for ESW-520-24P-K9

    Hi to whom may concern,
    Can the following switches (ESW-520-24P-K9) x3 & ESW-520-48P-K9 able to support inline power for  74 x WRT610N  ?
    Thanks

    Hello batumibatumi,
    The ESW series does not have supported CLI feature. If you are looking for a CLI supported switch, please look into our Sx300 series.

  • Slow dhcp with ESW 520

    Hi ,
    it's probably a setting to do on ESW 520 but all my DHCP is slow when I use ESW 520.
    With an other switch, I haev no problem.
    Any Idea?
    Thanks

    Hi Thomas,
    I have already define the Profile type (Desktop, Switch,...) with the VLAN for all the port.
    But before make something wrong with the spanning tree configuration, I have one question, I learn that port fast negotiation shouln't be use with Switch Port Role but Only with Desktop Port Role. Can you say me if it's right?
    Thanks for your answer.

  • ESW 520 8-port PoE switch cannot ping

    Hello
    I have an ESW 520 8-Port switch with a management ip address of 192.168.10.2 /24
    After I reboot it, I can successfully ping it from a pc with an ip of 192.168.10.123 for about 50 consecutive times.
    After that, I get a "Destination host unreachable" (this icmp message is sent by my pinging pc (192.168.10.123).
    This obviously seems like a bug.
    Has anybody seen this before.
    Whenever I reboot it, it goes through the same sequence.
    Thanksj

    Hi David,
    I figured out what the problem was.
    The switch was obtaining an ip via dhcp, as it is a DCHP client by default.
    I am used to working with Enterprise level Cisco equipment, so this simple oversight was the cause of the problem.
    The ip that was obtained via dhcp was obviously different than the default ip of 192.168.10.2
    So when the switch was rebooted, it would start off with its default ip of 192.168.10.2.
    As soon as it obtained an ip via dhcp, I could not ping it of course
    Thanks for the  input though

  • ESW-520(s) and VLANs

    Hi guys,
    We have roughly 14 ESW-520 switches through out our network which connect wireless APs. We also have 3 VLAN (VLAN1 data; VLAN4 wireless; VLAN100 voice). The access points need to be getting an IP address from the DHCP server on VLAN4 but they end up getting VLAN1 IPs instead. I am guessing this is because the untagged VLAN1 is by default and we do need all 3 VLANs trunked to the access points because we have SSID for voice and one for data.
    Is there something I can do on the switches so that the APs get VLAN4 IPs?
    Many thanks,
    Dmitry

    Hello Dimawerks,
    On the switch you can only really change the untagged vlan to be 4. The option you are looking for should be available on the AP. Ideally you are wanting the management of the AP to be on vlan 4. The best way to set this is on the AP to have it's management vlan changed to 4 and to then to tag it on the AP and switch or untag it on both.

  • ESW 520 24port PoE Switch Crashes

    Hello,
      I have deployed a new ESW 520 24 port with a UC520 system at a new site. The switch has been crashing periodically. Here is the error from the logs:
    2147474387  11-Dec-2009 14:26:49   Emergency  %SYSLOG-F-OSFATAL:   FATAL ERROR: SW2M: ABORT DATA exception  ***** FATAL ERROR *****  SW Version  :  2.0.3 Version Date:  18-May-2009 Version Time:   19:32:29 Instruction            0x15F760 Exception vector       0x10 Program state register 0x20000013 0x0015f720 0x0091dfe0 0x06bf772c 0x014b6d0c %M NG_DIAG-E-DIAGATINIT: Init: Entries can't be created %MNG_DIAG-E-DIAGATINIT: Init: Wrong status received ***** END OF FATAL ERROR ***** 
    I have not had any luck finding anything on this. It seems to occur about every 2 weeks since we have placed it out there. Does anyone have any ideas on this ?

    Hi Rachel,
    Thank you for posting. You may need to change the Smartport role of the ESW switch port to match what you are connecting to. If you are connecting to another switch, the role should be switch. This is usually what causes the ports to block traffic.

  • Can't Console into ESW-520-24P Switch, Need help.

    Hi,
    We have 3 ESW-520-24P series switches.
    I can not console them because by default they have a security profile attached into it for "Console Only" and It is set as "Deny".
    I can't modify or delete it because it's a default security policy.
    We can do console into ESW-540-24P series switches without any problems.
    Can someone share any solutions to gain console access for these switches?
    Any one from Cisco TAC support?
    Thanks in advance.
    Mansur.

    Hi Devicarr,
    Thanks for your reply.
    I can set the VLAN and Management IP address using the web interfaces.
    But when I am trying to connect it via console it is not responding. I reset it to factory default and then found from the web control panel/interface that the switch has an "Access Authentication" under that it has a "Access Profile" and the profile has a default or built in profile attached says "Console Only" and it has a rule like "IP Source = 0.0.0.0/32 Permit = Deny".
    I tried to delete or modify it even I tried to add a new rule to allow the console access but failed.
    Does this switch series "ESW-520-24P" by default Console disabled when manufactured or ELSE? Please provide me your valuable suggestions.
    Thanks in advance.
    Mansur.

  • VLAN support on ESW 500 switch

    How many VLANs does the ESW 500 switch support?

    The ESW 500 switch supports a max of 256 VLANs and can accomodate upto 8000 MAC addresses in the CAM table.
    Note, by default on the POE switches, VLANs 1 (data) and 100 (voice) are enabled while on the non POE switches, only VLAN 1 (data) is enabled.

  • Problem in connecting ESW 520 POE switches

    Hi
    New on ESW 520 switches
    Need help to configure the ESW 520  24 POE switches
    How can i configure the last port of 24 to oonnect to another ESW 520 24 port switches ?

    Why not use the GE ports at the far right to chain the switches one to the other from the UC540/UC560?  They are best for this and gives you an extra port on the switch this way.  Use straight thru ethernet cables.

  • ESW 520 ARP Inspection Problem

    Hello,
    I have observed strange behavior on ESW 520 switches, with ARP Inspection operation.  ARP inspection is configured with static ip to mac bindings, and it work.Problem is with logs, switch generates tons of ARP inspection logs, during network normal operation, but network endpoints are working well. These logs are same witch are generated during ARP poisoning in network. This operation was observed in older and new firmware.
    Here is sample log:
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e9 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:5a:85:2e SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.18
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e1 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:03 SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.16
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:19:85:26 SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.15
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e1 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:03 SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.16
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e9 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:12:85:2e SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.18
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:11:85:26 SRC I
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.1
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e8 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:14:85:0c SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.14
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e3 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:3f SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.12
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e8 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:51:85:0c SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.14
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e5 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:80:f5:10 SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.10
    Informational %ARPINSP-I-PCKTLOG: ARP packet dropped
    from port e6 with VLAN tag 10 and reason: packet verification failed SRC MAC 13:71:05:57:85:26 SRC IP
    0.0.0.0 DST MAC 00 :00:00:00:00:00 DST IP 10.0.10.15
    It seems switch dont like ARP request which are going to local network addresses., but in that vlan all host can communicate which each other.
    Do you have any idea what can be the problem ?

    Hi ngtransge,
    I will first come to say I do not know the answer. But, I will suspect the log entries are indicating a MAC address that arrived on the interface that did not recognize the IP or MAC address. If the MAC or IP is not found in the inspection list, it would revert to the DHCP snooping table if that is enabled.
    I would suspect these entries are coming from an untrusted interface then goes through validation.
    Can you show the trusted interfaces and the MAC bindings?
    Are the MAC addresses on the log entry meaningful to you in any way?
    Are those MAC addresses supposed to be going to a particular destination? Or conversely, are the MAC addresses supposed to be seen on an untrusted interface?
    -Tom

  • ESW 520 802.1x MAB authentication problem

    Hello,
    I am having problem with 802.1x MAB authentication on ESW 520 switch, the authentication server is ACS 5.3.
    The Authentication method on ESW is 802.1x & MAC, and Host Authentication mode is Multi Session. When i plug ip phone it never authenticate the phone, and on ACS I get following error message:
    Radius authentication failed for USER: aa1effbb8fd4  MAC: aa-1E-FF-bb-8F-D4  AUTHTYPE:  Radius authentication failed
    RADIUS Status:Authentication failed    : 11509 Access Service does not allow any EAP protocols
    15004  Matched rule
    15012  Selected Access Service - MAB
    11507  Extracted EAP-Response/Identity
    11509  Access Service does not allow any EAP protocols
    11504  Prepared EAP-Failure
    11003  Returned RADIUS Access-Reject
    For that Access Service I have configured only Host Lookup.
    The same ACS configuration is working perfectly on Catalyst 3560G switche.
    It seems that ESW switch is not telling ACS that authentication is going to be by MAC address.
    Do you have any idea what can be the problem.

    Are you hitting the same selection rule? Also is "mab eap" configured globally on the switch, or on the port itself?
    Also can you post the port configuration and the show ver of the ESW?
    Thanks,
    Tarik Admani
    *Please rate helpful posts*

  • ESW 520 802.1x re authentication problem

    Hello
    I have problem with ESW 520, on 802.1x authentication. The problem is when host authenticates successfully it works about couple of minutes, after it truest too authenticate again but it lags. On network interface it shows notification that if Failed authentication. On ACS I see only one authentication attempt which is successful. This problem is happening on Win7 and Win XP. If I unplug and plug cable it authenticates successfully, but then about couple of minutes it again lags. Switch sees port as authenticated. On Win7 event viewer I have following error:
                    Reason: 0x70004
                    Reason Text: The network stopped answering authentication requests
                    Error Code: 0x0
    If I connect same hosts on Catalyst 2960 switch, they work successfully.

    Hi  ngtransge
    There are  tree possible explanations about  why the authentications  fails.
    A)the network interface is shut down after failed computer authentication. You can see this on the switch as line protocol down for that port.
    To verify the client has a domain certificate:
    1. Click Start and click Run.
    2. Type mmc, and then press ENTER.
    3. On the File menu, click Add/Remove Snap-in.
    4. Click Certificates, click Add, select Computer account, and then click Next.
    5. Verify that Local computer: (the computer this console is running on) is selected, click Finish, and then click OK.
    6. In the console tree, double-click Certificates (Local Computer), double-click Personal, and then click Certificates.
    On a domain joined client, you should see a certificate here with Intended Purposes of Client Authentication. Make sure this certificate is not expired. If it is expired, you will need to regain connection to your CA to request a new one.
    B) You should check your switch's configuration, perhaps a port or some ports could be blocked by an access-list and interrupt the re authentication.
    C) If this two solutions don't work, you have to try to change the authentication method (PEAP-MSCHAPv2 or PEAP-EAP-TLS)
    Greetings, Johnnatn Rodriguez Miranda

  • ESW 520 QoS questions

    Hello,
    just to put this out there, I am a noob to the world of Cisco, just got my CCNA, and am now working as an intern.
    Can you set esw 520 switches to use auto QoS?  We are putting the 520's into an environment of more configurable catalyst switches, and they all use auto QoS.  I am basically wondering how to get the QoS on the 520's to play nice with the auto qos on the nicer catalyst switches...
    I have tried just using basic QoS, but that wont work, because when I use the port wizard, I use the macro "ip phone + desktop"
    It insists on setting qos, but fails because voice-map does not exists.  The only way I have found to get the macro to work, is to set QoS to advanced, and create a policy map called "voice-map"  of course, after that the macro works, but then I am left with advanced QoS enabled, and hardly configured...how am I supposed to know how to configure it if the other switches ( catalyst series) are set to auto?
    Im sorry for the seemingly dumb question, but I know next to nothing about QoS other than it is used to prioitize traffic based on data types.

    Hey cole, typically with theses switches the smartports will do the QOS with the port role, however you can manually create the QOS for the switch, by creating a ACL to identify the specific traffic comming through the switch port.  Then Create a class map/ policy map/ and then bind it to the ports your wanting to setup QOS on.

Maybe you are looking for