Cource Troubleshooting Switching
We have a switch in the middle and two computers that are
connected to it.
Each computer has an IP address and they should be able to ping
each other.
Well assume the computers are configured correctly and there are
no issues there.
Unfortunately our pings are not working. Whats the first thing
we should
check?
FastEthernet 0/1 is showing down. This could indicate a layer 1
problem like a broken cable, wrong cable (crossover instead of
straight-through) or maybe a bad NIC. This interface is running in
half duplex.
We get a duplex message through CDP that tells you that there is
a duplex mismatch.
But here interface goes down.
Keep in mind that a Gigabit interface doesnt support
halfduplex.
Change the interface to duplex auto
Still ping isnt working.
Interface fa0/3 that is connected to HostB is also down. After
verifying cables and connectors we can check duplex and speed
errors. Duplex is on auto so that shouldnt be a problem.
Speed has been set to 10Mbit however while this interface is a
FastEthernet
(100Mbit) link.
Lets change the speed to auto and see what happens
Now ping is working
Tshoot:2
Ping A to B:
HostA is unable to ping HostB.
1st start by checking the interfaces.
FastEthernet 0/3 is looking fine but something is wrong with
FastEthernet 0/1.
It showes err-disabled.
Use the show interfaces status err-disabled command to see why
the interface got into error-disabled mode.
1st check the port security configuration and see that only 1
MAC address
Is allowed.
The last MAC address seen on the interface is
000c.2928.5c6c.
Here see that another MAC address has been configured for port
security.
This is the reason that the port went into err-disabled
mode.
Solution:
Now A can send ICMP Information to B.
Note:
The default violation mode for port security is shutdown which
will put the
interface in err-disabled mode.
The restrict mode will keep the interface up but shows a log
message on the console.
Protect mode also keeps the interface up but doesnt show any
console messages.
So 1st we need to check wether the port security is enabled or
not.
Tshoot:3
Again same problem A cant communicate with B
Check interface details
There is no errors.
Port security is disabled on this switch as you can see
above.
At this moment we at least know that there are no interface
issues and port security isnt filtering any MAC addresses.
Next we need to check the VLAN information.
The interface is not in same VLAN.
So we need to move interface fa0/3 back to VLAN 1.
Now we can able to ping B from A.
Tshoot 4:
A cant communicate with B.
Check below condition:
1).Check interface status.
2).Check port security is enabled or not.
3).Check VLAN Info.
Interface status is OK becouse both interface shows UP/UP and
also there is no port security is enabled.
Then check VLAN status wsing show valn command.
See that FastEthernet 0/1 is in VLAN 10 but I dont see
FastEthernet 0/3 anywhere.
POSSIBLE CAUSESARE :
Something is wrong with the interface. We proved this wrong
because it shows up/up .
The interface is not an access port but a trunk.
Check switch port information status using show interface
fastethernat 0/3 switchport.
That interface fa0/3 is in trunk mode.So we need to change trunk
mode into access mode .
Finally check the fa0/3 into access mode using show vlan .
Now A can able to reach B.
Tshoot 5:
Same problem A cannot communicate with B
There is no issue in interface .
Both interfaces are in VLAN 10.
Theres no port security.
Check VLAN ACL Using SHOW VLAN FILTER.
Here VACL is applied so need to check VACL using SHOW VLAN
ACCESS-MAP.
There are two sequence numbers10 and 20. Sequence number 10
matches on access-list
1 and the action is to drop traffic.
Check access-list.
Change the action to forward.
Now A can reach B
