add LAN switch, router stops

Cisco 1811 integrated services security...
April 18, 2011 at 21:45:25
Specs: CISCO IOS
We have a cisco environment. A small 1811 router acts as a firewall to two subnets. This works with the 2 or 3 windows machines on the (cisco) LAN switch connected to the 1811. "Works" means they can ping all interfaces and the machines behind it. TCP works too.

Then we add a second LAN switch, dell 6224 (smart, unconfigured, and presumably behaving like a plain dumb switch). It is connected to the uplink port on the cisco LAN switch. It has half-dozen PCs, and a router to off site. The 1811 stops working. It goes off-net. Pings no longer work. All the half-dozen PCs can still ping everything on their own switch and on the cisco switch, everything talks to everything *except* the 1811. Disconnect the Dell 6224, after about 20 seconds the 1811 comes back.

I have checked for dup IP addresses, routing, arp tables. The 1811 has only a default route afaik, no routing table entries.

Any suggestions why it would "go away"? Routing? Layer 2? How to diagnose?


See More: add LAN switch, router stops

Report •

#1
April 19, 2011 at 07:18:29
Dell makes switches?

If they perform as well as their desktops and laptops it's no wonder it's not working!

All sarcasm aside (no, I'm not kidding) you need to check the configuration on the dell switch. Every managed switch I've ever worked with has default factory settings that make it into a basic switch.

Questions:

What is the model of the cisco switch you're connecting the dell switch to?

Why are you daisychaining the dell switch to a cisco switch and not the cisco router?

Why aren't you configuring the dell switch?

Are you using VLAN's?

You said, "It is connected to the uplink port on the cisco LAN switch" Does this mean you have the port on the cisco switch configured as a trunk port? If so, did you confiure the uplink port on the dell as a trunk too?

It has half-dozen PCs, and a router to off site

What does, the dell switch or the cisco switch? When you say "offsite" do you mean an external internet connection, or a dedicated line to another physical location?

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#2
April 19, 2011 at 20:25:47
My, such cynicism.

This is a combination of stuff from three different organizations. So, yes, it could be done better, but while the three organizations are working on their own, before integration, they need their own switches etc. It gets combined at the end. We are now working on making the combination work.

As it turns out, moving the router/firewall to the Dell switch worked. That led me to investigate the Cisco switch (why did it drop traffic from the firewall?).

It is a Catalyst "junior", a Cat Express 500. And, being a cisco device, it needs a significant amount of configuration before it works properly. Turns out the organization that supplied it had setup the port used for the firewall as having the "Router" profile of the Cat 500. Seems OK, right? Wrong. When you plug in the other switch into a port configured as "other", well, "router" ports stop. The port for the other Dell switch needs to be configured with the "Switch" profile.

(The profiles configure things like fastpath, auto-config, auto-mdix, etc etc.)

A plain dumb switch would have been much easier. Like, oh, maybe a Dell switch.

So, to answer my own question, it was not "layer 2" or "layer 3", it was the "management layer".

(Yes, given a chance, we would eliminate the Cisco switch and use the Dell, but that would require another 6 cat5 cables at many dollars each....you know how that goes...)


Report •

#3
April 20, 2011 at 07:48:50
Cynicism.......LOL............No

I've been forced to use dell PC's and laptops at work for the last 4 years. My opinion of dell is not cynicism, it's experience. Dell sucks. Since PC's and laptops are their forte (or, are supposed to be) and they can't do that right, you wouldn't catch my buying their network appliances. It's not just dell, I wouldn't buy a network appliance from any company who does network appliances as an aside or afterthought.

It is a Catalyst "junior", a Cat Express 500. And, being a cisco device, it needs a significant amount of configuration before it works properly.

I'm not familiar with that model at all but if it's anything like the cisco products I've worked with it doesn't take any more configuration than any other managed switch. BUT, being a cisco it does mean it's a lot harder to configure than the majority of newer equipment. In fact, even though (as you already know) I'm not a fan of Dell, I suspect even their switch is easier to configure with a much nicer GUI.

I AM cynical about Cisco. They keep their equipment harder to configure in an attempt to force people to pay big bucks for their "Cisco Certifications" Even worse is how badly they gouge on service and support. Their gouging on support is one of the reasons we're moving away from Cisco. We've got a much better deal from the company supplying us with the Avaya (Nortel) products. Also, the equipment is just as good as Cisco but a whole lot easier to work with.

But I digress.................


As it turns out, moving the router/firewall to the Dell switch worked.

I'm glad to hear that. I suspected it might be the case. We've had issues in our environment too which is still a little mixed. I have one closet with two 3Com 4400's, and three closets with three Cisco 2900 XL's each. All the rest of my closets (there are 14 more her at our main location) which are all Nortel switches (including our dual redundant Nortel core switches). Avaya has bought out Nortel's network side of things but they're still the same switches. Anyhow, when connecting Cisco's to Nortels we found we had to disable Spanning Tree on them.

(Yes, given a chance, we would eliminate the Cisco switch and use the Dell, but that would require another 6 cat5 cables at many dollars each....you know how that goes...)

Why would you have to pull 6 more network cables? You can use a single network cable to uplink a switch. Just FYI, the average rate around here, and what I would charge, is about $150.00/drop (cable). That's terminated, tested and certified. So you could get 6 for around $1000.00 or slightly less.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Related Solutions

#4
April 21, 2011 at 20:24:56
Why would you have to pull 6 more network cables? You can use a single network cable to uplink a switch.

See second paragraph of the original post. This is what didn't work, and what led to the posting.

Simply eliminating the "wayy too smart cisco switch" would take a few cables, going from one rack to another. A few dollars each. But there are political obstacles, as in, if we modify the configuration supplied by that organization, we become responsible for all of it. etcetc.

A bit more info on the cisco switch: using the management GUI, and configuring the "uplink" port going to the Dell LAN switch to "switch", and the firewall device stops with complaints about unexpected STP (spanning tree protocol) packets. So, I'm concluding the firewall device has STP turned on. Of course, since it is cisco too, it requires appropriate configuration. And just trying to find the manual for that is a pita.

Good thing my employment benefits includes dental. My teeth are grinding.


Report •

#5
April 22, 2011 at 05:13:32
But there are political obstacles,

Ahhh yes, politics. You have my sincerest sympathy. I run into a lot of that myself and I don't "do" politics.

if we modify the configuration supplied by that organization, we become responsible for all of it.

I'm not very good at the politics game but if it's not your responsibility now, then shouldn't whomever IS responsible be setting this up and configuring it? That's about the extent of my political "game playing" If you tell me it's not my responsibility then I'm going to go limp on you and say "Fine, I'm not touching it."

With luck, you'll only have to turn STP off on the router interface you're connecting the dell on. At least, I'd do that first and if it doesn't fix the issue, then turn it off for the whole router.

I'm not familiar with that model Cisco router but I've always done all router work from the IOS. I can't remember offhand where to go to shut STP off.....likely in the global configuration.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Ask Question