Cisco – Reasons for missing network access on Cisco switch

ciscoswitch

I'm having problems with a Cisco Catalyst 2950 switch, specifically I'm unable to connect to the router/get internet access through it. The setup is as follows:

WAN connected to Router (MikroTIK model, no actual server here)
Router connected to Switch 1
Switch 1 connected via fiber to switches 2 and 3, also Catalyst 2950 models

Connections over switches 2 and 3 work, as far as I can tell, quite well. When attempting to patch a new client on switch 1, however, all I get is an "Unidentified Network" and no DHCP lease. Setting a static IP and the router's IP as DNS server and gateway also does not give network access. This behaviour is consistently showing whether the client runs Windows 7, 8.1 or Ubuntu.

The physical connection seems to be working fine, Wireshark shows me ARP packets aplenty flying around. That is the only thing I see, though. Since several different client OS show the same problem, I'm thinking the cause is somewhere in the network. Is there any way a user could introduce such an error? It does, however, only seem to affect new clients, since I have no angry mob of tenants lynching me for this (recently was volunteered to administrate the network of a housing unit, little prior experience in the field).

I also tried adding ARP entries for clients on the router and vice versa, to no avail. Right now I'm looking to gain access to the switch configuration, and would be grateful for any answer as to which settings might cause it.

Best Answer

[Not sure how much experience you have with switches or Ciscos, so this is a detailed answer just in case. I'm also guessing from a common case, it's possible there's something more advanced and different happening.]

NB. You can gain access to the 2950 by resetting the password without losing the configuration, if you do not know the password - but it requires rebooting the switch so there is some downtime, and it involves a serial connection using a Cisco style console cable. Instructions:

http://www.cisco.com/c/en/us/support/docs/switches/catalyst-2950-series-switches/12040-pswdrec-2900xl.html

When you have access, use enable to put it in administration mode, and run show running-config. It will list all the settings.

Look for the ports, like:

interface FastEthernet0/1
    switchport access vlan 50
    ...

interface FastEthernet0/2
    switchport access vlan 50
    ...

Compare the existing working interfaces with the ones you are trying to use that don't work. e.g.

The working interfaces have switchport access vlan *n* and you need to add that to the ones you are using:
- configure terminal
- interface FastEthernet0/*number*
- switchport access vlan *number*
- end
or the "broken" interfaces have switchport mode trunk and you need to remove that command from them:
- configure terminal
- interface FastEthernet0/*number*
- no switchport mode trunk
- end
There may be other commands, e.g. relating to port security, which are causing it, but by comparing the working ports and the not-working ports, you should be able to see what's different - and then either add missing lines, or use no xyz to remove extra lines.

Remember to write at the end to save the config changes, or it will be lost when you reboot.

Related Solutions

Cisco Lab Network – Setup with 2 Routers and 1 Switch

If you're configuring router on a stick then why do you have L3 interfaces defined on the switch?

If you're just looking for the 2950 to provide L2, then the configurations would properly look something like:

interface FastEthernet0/1
 switchport trunk allowed vlan 10,20
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast disable

While the router interfaces would be something like

interface fastethernet0/0.10 (guessing on main iface)
   encapsulation dot1q 10
   ip address <IP in VLAN10>
interface fastethernet0/0.20
   encapsulation dot1q 20
   ip address <IP in VLAN20>

The native VLAN setup isn't really meaningful for what you've described, but the usual recommendation is that it be set to something otherwise not in use. You should be able to use the two routers as inter-VLAN gateways while simply assigning your server's ports to the appropriate VLAN with switchport host and switchport access vlan <x>

BTW - The 3810 is a very strange old beast and I recall there being some limitations as to the total number of live interfaces concurrently up in the box (among other things). It should be OK as long as you don't try to venture much past 1999 as far as features go.

Cisco – VLAN Tagging Traffic on Cisco Switch

Assuming that all the equipment attached to the student lab switch (the 2950) is supposed to be on the student network, and you never have a need to put staff computers on it, it's actually much simpler than that.

Leave the 2950 alone - no configuration of VLANs. Everything runs untagged. The advantage here is when they upgrade it they can just plug in a new switch, no need to configure any VLANs on it.

On the SG200, set the port that connects the 2950 as an access port on VLAN 200. Set the rest of the ports to be access ports on VLAN 100 for the staff computers.

Set the port of the SG200 that connects to the pfsense box as a trunk with both VLANs.

Best Answer

Related Solutions

Cisco Lab Network – Setup with 2 Routers and 1 Switch

Cisco – VLAN Tagging Traffic on Cisco Switch

Related Topic