Cource Troubleshooting Switching

We have a switch in the middle and two computers that are connected
to it.
Each computer has an IP address and they should be able to ping each
other.
Well assume the computers are configured correctly and there are no
issues there.

Unfortunately our pings are not working. Whats the first thing we should
check?

FastEthernet 0/1 is showing down. This could indicate a layer 1

problem like a broken cable, wrong cable (crossover instead of straightthrough) or maybe a bad NIC. This interface is running in half duplex.
We get a duplex message through CDP that tells you that there is a
duplex mismatch.
But here interface goes down.
Keep in mind that a Gigabit interface doesnt support halfduplex.

 Change the interface to duplex auto

Still ping isnt working.

Interface fa0/3 that is connected to HostB is also down. After verifying

cables and connectors we can check duplex and speed errors. Duplex
is on auto so that shouldnt be a problem.
Speed has been set to 10Mbit however while this interface is a
FastEthernet
(100Mbit) link.

Lets change the speed to auto and see what happens

Now ping is working

Tshoot:2

Ping A to B:

HostA is unable to ping HostB.

1st start by checking the interfaces.

FastEthernet 0/3 is looking fine but something is wrong with

FastEthernet 0/1.

It showes err-disabled.

Use the show interfaces status err-disabled command to see why

the interface got into error-disabled mode.

1st check the port security configuration and see that only 1 MAC
address
Is allowed.
The last MAC address seen on the interface is 000c.2928.5c6c.

Here see that another MAC address has been configured for port
security.
This is the reason that the port went into err-disabled mode.

Solution:

Now A can send ICMP Information to B.

Note:
The default violation mode for port security is shutdown which will
put the
interface in err-disabled mode.
The restrict mode will keep the interface up but shows a log message
on the console.
Protect mode also keeps the interface up but doesnt show any
console messages.
So 1st we need to check wether the port security is enabled or
not.
Tshoot:3

Again same problem A cant communicate with B

Check interface details

There is no errors.

Port security is disabled on this switch as you can see above.

At this moment we at least know that there are no interface issues and
port security
isnt filtering any MAC addresses.
Next we need to check the VLAN information.

The interface is not in same VLAN.

So we need to move interface fa0/3 back to VLAN 1.

Now we can able to ping B from A.

Tshoot 4:

A cant communicate with B.

Check below condition:
1).Check interface status.
2).Check port security is enabled or not.
3).Check VLAN Info.

Interface status is OK becouse both interface shows UP/UP and also

there is no port security is enabled.
Then check VLAN status wsing show valn command.

See that FastEthernet 0/1 is in VLAN 10 but I dont see FastEthernet 0/3
anywhere.

POSSIBLE CAUSESARE :

Something is wrong with the interface. We proved this wrong

because it shows up/up .
The interface is not an access port but a trunk.
Check switch port information status using show interface
fastethernat 0/3 switchport.

That interface fa0/3 is in trunk mode.So we need to change trunk mode

into access mode .

Finally check the fa0/3 into access mode using show vlan .

Now A can able to reach B.

Tshoot 5:

Same problem A cannot communicate with B

There is no issue in interface .

Both interfaces are in VLAN 10.

Theres no port security.

Check VLAN ACL Using SHOW VLAN FILTER.

Here VACL is applied so need to check VACL using SHOW VLAN

ACCESS-MAP.

There are two sequence numbers10 and 20. Sequence number 10 matches on access-list
1 and the action is to drop traffic.
Check access-list.

Change the action to forward.

Now A can reach B