Urgent helps needed

I'm setting up a lab for a school. I recently got a 2960 48 port switch from another department. I'm trying hook up all the computers in the lab to it but for some reasons it couldn't get an IP address. I've checked the switch and there's not port security running on it. Someone please help me troubleshoot this. Thanks

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

NightShade03

Are you talking about the computers themselves not getting IP addresses? Are all the ports in the same VLAN? Where is you DHCP server? Also in the same VLAN?

choobysoo

NightShade03 wrote: »

Are you talking about the computers themselves not getting IP addresses? Are all the ports in the same VLAN? Where is you DHCP server? Also in the same VLAN?

Yes, the computer doesn't get an IP address, it gives me 169.254.176.97 as the IP address. I assume they are on the same Vlan because the switch hasn't been configured. I also did a "show running-config".

NightShade03

run a "show vlan" and ensure all the ports are in the same VLAN (should be VLAN 1 which is the default if this switch has a default config).

If they are in different VLANS make sure the DHCP server and a client are on the same VLAN and try again. Let me know the results.

choobysoo

VLAN Name Status Ports
----

1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/47, Fa0/48
Gi0/1, Gi0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

Whenever I boot up the switch, it said Vlan1 is administratively down, I go in Vlan1 and try to do a "no shutdown" but it gives me this "Command is only allowed on VLAN 2..1001."

NightShade03

You can't do a "no shutdown" on vlan 1 because it is the default.

What port is the DHCP server plugged into? Have you tried a packet capture on the client side to see if there is a reply from the DHCP server?

choobysoo

NightShade03 wrote: »

You can't do a "no shutdown" on vlan 1 because it is the default.

What port is the DHCP server plugged into? Have you tried a packet capture on the client side to see if there is a reply from the DHCP server?

I don't know which port is DHCP server is plugged in, this is being managed by higher up levels. I can't install packet capture on these computers because it is against their "rules". I'm not a network person here, just a contractor trying to get this working so I don't have that many privileges.

NightShade03

You will need to find out where the DHCP server is...if there is no DHCP server plugged into this switch then nothing will receive an IP address. If this switch uplinks to another switch there is a chance they haven't allowed down stream DHCP requests to go through.

choobysoo

How do I find out where the DHCP server? Sorry i'm very noob at this. We have been using this drop with another switch and it have been working find, but the old switch is nothing fancy as this. It was just a regular 16 port netgear switch.

NightShade03

You'd have to ask the "higher ups" they will have to tell you which port DHCP requests come through (should be all if they are just default switches). Chances are they don't have a DHCP server hooked into the network you are querying an IP address for.

Bl8ckr0uter

Did you put a helper address on the switch?

choobysoo

I don't get it, I'm using the same drop as the old switch, same wire coming from outside of the building and everything. If it works before it should work now right?

Did you put a helper address on the switch?
No, I don't know how to set up one. And how would this help?

cyberguypr

The only different element is the 2960. What's the story with it? Where was it before? Same building? Same network? Did you change anything in the config? Could you post the config without compromising anything?

SdotLow

The first question is where did you get the switch from? If it is not a brand new, out of the box switch it could very well have configurations on it that are preventing it from working properly. Without seeing the configurations, we can't really say.

Where does the drop come from? Another switch somewhere? A router? Do you have access to the settings on that switch/router?

Shanman

If you don't care about the previous settings just do a write erase on it and delete the vlan.dat file. You will still need to find the DHCP server tho.

choobysoo

SdotLow wrote: »

The first question is where did you get the switch from? If it is not a brand new, out of the box switch it could very well have configurations on it that are preventing it from working properly. Without seeing the configurations, we can't really say.

Where does the drop come from? Another switch somewhere? A router? Do you have access to the settings on that switch/router?

I have no idea where is the drop comes from. It worked with a dummy switch, you know those cheap one, I dont think it is a layer 3 switch. I do have access to the settings to the switch, the current switch that is. I deleted the startup configuration on the switch so it should have no settings on it.

Update: I have the DHCP port and default gateway now. It is just a matter how to put it in right now. Any help would be appreciate.

THis is how I tried to configure the DHCP:
From global config mode: "int vlan 1" then "ip dhcp" , however it gives me a client and a relay option.. Don't know what to do now

choobysoo

Switch#show running-config
Building configuration...
Current configuration : 1920 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
no ip route-cache
!
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 5 15
!
end

Should there be an indicating light for the port that connect from the switch to the drop? I do a "show int fa 0/43" for that particular port but its state is down/down ( no connection)

SdotLow

The port (fa 0/43 I guess?) that the drop line is going into should be up/up.

With it being down/down that means there's a problem with whatever it's connecting to or the cable itself. It has nothing to do with DHCP at this point. Do you have access to what the switch is being connected to? Another switch or router? I think the problem might be with that.

If it's connecting to a switch, I'm wondering if port security might have been set up and the connection is being shut down because a different mac address is now being used?

Can you connect a computer directly to the drop cable, and does it get a connection?

It's hard to say without knowing what this cable is running to, and what the config is on that piece of hardware. It doesn't sound like it's a direct issue with that 2960 switch you're playing with, but a config to whatever it's going to or maybe a cable issue. Are you certain the plug is clicking in? Does the port light go to orange and then to green when you plug the cable from the drop in?

choobysoo

Called the WAN department, it ended up that the switch has STP and everytime it plugs into a port, it will shutdown that port. I don't understand why, I thought STP only kicks in if you have a loop in your network. Well, now the uplink port like is amber, still no connection.

Solved::

Disable STP and everything working fine. (still don't understand why that is a problem, does it have something to do with network's setting?)

Chris_

It basically means that the 'WAN' dept. have your drop set up as an access port and are not really expecting you to be plugging a. Switch into it. The port at the other end of the drop must have something called BPDU guard configured on it, this is a tool that will shut down the interface if it receives a BPDU.
BPDUs are the language of spanning tree. I imagine you got away with the cheap and nasty switch as it probably didn't run spanning tree.

Forsaken_GA

choobysoo wrote: »

Called the WAN department, it ended up that the switch has STP and everytime it plugs into a port, it will shutdown that port. I don't understand why, I thought STP only kicks in if you have a loop in your network. Well, now the uplink port like is amber, still no connection.

Solved::

Disable STP and everything working fine. (still don't understand why that is a problem, does it have something to do with network's setting?)

Are you sure the old switch was actually a switch? This all makes perfect sense if the old device was a hub.

As far as the why, it's because the upstream switch has STP protections in place. They want the switch you've plugged in to act like it's just another node on the network.

If you didn't do any preconfiguration of the switch to make sure it had no possibility of becoming the STP root, then they're doing the right thing.

choobysoo

Yes Chris, it is a cheap little 16 port switch like those little 4 port switch. It is not a managed switch. The person that I called told me it is mainly to prevent from looping, but I guess it also has other uses.

Are you sure the old switch was actually a switch? This all makes perfect sense if the old device was a hub.

Or was that a hub, I will look that up tomorrow at work

, but i'm pretty sure it is a cheap switch.

pham0329

choobysoo wrote: »

Solved::

Disable STP and everything working fine. (still don't understand why that is a problem, does it have something to do with network's setting?)

err, that may not be the solution you want. Well, I guess which ports or vlan you disabled STP for, but do you really want to risk having some kid/teach connect that switch to another data jack, and potentially causing a loop?

If you meant the "WAN" department disabled the BPDU guard on the port your switch is connecting to, then that's fine, ignore this post!

Forsaken_GA

pham0329 wrote: »

err, that may not be the solution you want. Well, I guess which ports or vlan you disabled STP for, but do you really want to risk having some kid/teach connect that switch to another data jack, and potentially causing a loop?

If you meant the "WAN" department disabled the BPDU guard on the port your switch is connecting to, then that's fine, ignore this post!

I seriously doubt they disabled the edge protections. I certainly wouldn't disable them on an edge port so someone could hook up a switch that I had no administrative control over. Nor would I allow such a switch to participate in my STP domain.

I'd be willing to bet storm control is active on the port as well, so the only risk that a loop might cause is taking out the lab he's currently in.

pham0329

Forsaken_GA wrote: »

I seriously doubt they disabled the edge protections. I certainly wouldn't disable them on an edge port so someone could hook up a switch that I had no administrative control over. Nor would I allow such a switch to participate in my STP domain.

I'd be willing to bet storm control is active on the port as well, so the only risk that a loop might cause is taking out the lab he's currently in.

Going from his earlier post, the port has BPDU guard enabled as it shuts down whenever the switch is plugged in. If their WAN department didn't disable that, the switch wouldn't be able to connect unless the OP disabled STP on his switch. If that's the case, and a kid decides to connect that switch, to another port on the network (maybe going to a different switch), wouldn't that create a loop?

choobysoo

I disabled the whole Vlan 1 which contains all 48 ports. Could a student take out the whole network if he creates a loop?

Forsaken_GA

pham0329 wrote: »

Going from his earlier post, the port has BPDU guard enabled as it shuts down whenever the switch is plugged in. If their WAN department didn't disable that, the switch wouldn't be able to connect unless the OP disabled STP on his switch. If that's the case, and a kid decides to connect that switch, to another port on the network (maybe going to a different switch), wouldn't that create a loop?

It depends. Given from what the OP has shared so far, I'm assuming that lab only has one drop into the upstream network that's really accessible. If someone has to run a drop from another room or building to cause a loop, chances are pretty good that's no longer accidental.

Now you could loop the OP's local switch in that lab and kill connectivity, but the upstream network will be just fine if they were smart enough to enable storm control.

The tradeoff is that you let the OP's switch participate in STP, and if the upstream guys don't have administrative control over it, that's a much more likely to suck scenario than a loop in one lab.