Changing Lives One Smile At A Time!

Switch Stuff


Auto negotiation

Ports, Ports, Ports

By default, Cisco Switch ports are set to automatically negotiate port speed and duplex with the connected partner.

Basically the port and the connected device have a conversation about the highest level of speed and duplex each can support, and then come to an agreement about the speed and duplex to be used when data is transmitted.

So they’re going to have an agreement on the speed as you can see in the picture ( one is 10 and one is 100)

The result of the negotiation:

  • The highest speed supported by both is used.
  • The highest level of duplex services is used, with full (port can send and receive simultaneously) preferred over half (can send or receive at any given time, but can’t do both at the same time)

Auto-negotiation originally worked so badly that Cisco itself had a best practice of not using auto-negotiation, but recently it’s working so well that it’s actually the default setting on our Cisco switchboards.

If you have one end that is set for auto-negotiation and one end of the connection that is not, that’s where you end up with the problem. An it’s a problem that can actually be pretty difficult to spot.

Cisco switches have a leg up in this case since they can detect the connected device’s speed without auto-negotiation. You might read that and think  “Well, Cisco switches can’t detect the duplex of the connected host, and that’s where trouble rides into town.

If the Cisco switch detects a speed of 100 Mbps or less and is unable to detect the device’s duplex, the switch will set its port to half duplex. Hello, duplex mismatch!

Duplex mismatches are disgusting!  and really hard to spot because they don’t make the link go down, they just make it ineffective.

Let’s visit a device here and actually it’s  switch1 and I’ve already got it on that info we need,

and I’ve got that info highlighted because of course when we are troubleshooting, that’s going to be first thing we check.

What’s the status of the port?

We know the first part of that. Fastethernet0/1 is up. Line protocol is up. The first half of that refers to physical state of the interface, the second half to the logical state.

We’ll see some situations later where the line protocol might be down but the reason I’m showing it to you now is that we could have a duplex mismatch right here, and the thing is the link would still be up and up, which is usually what we want. It would just be ineffective as far as transmission and receiving.

So you can go in here and say “Well OK physically the interface is up so we know the cable is seated correctly. We know the interface is up. We know if we saw administratively down here, we would just need to open the port. Everything would be beautiful.

If you have ‘line protocol is down’ , that’s a logical issue that could be something where a clock rate is not set correctly (we’ll go over it later) and there is nothing physically affecting the line protocols.

Here is the problem with the duplex mismatch. This is what you’re going to see when you have one and you’re just going to (maybe) get a vague report that it seemed a little slow and all of a sudden it stopped working, and if you don’t know what you’re looking for, a duplex mismatch can be very very difficult to spot. That’s why we want to avoid this situation at all costs and there’s no reason to have that unless you hard code it.

So again, the biggest problem with all in negotiation is when it’s running on one end and not running on the other, then you’re going to have a duplex mismatch. Otherwise it’s going to work so smoothly you’re not even going to think about it.

Slashes, Console Ports, and Descriptions

A few quick and important info bits for you, including the answer to the otf-asked question, “Why do the switch interfaces have names like ‘FastEthernet 0/1, 0/2, etc.? Why aren’t they just numbered Fast 0, Fast 1, fast 2, etc.?”

These names follow the naming convention Slot#, Port# (Slot number followed by Port number). On switches that only have fixed ports (not that there’s nothing wrong with that), those ports are on Slot 0.

Modular switches and routers (devices that allow you to add ports via expansion slots) have their fixed ports on Slot 0 as well.

When you add a module to such a device, the actual slot number depends on the specific device and the physical slot to which you add the module. Because you might have a modular router that has three expansion slots on or two or four, and maybe doesn’t matter which one of those you’re putting a particular module into(or maybe it does). But once you put it in, that’s where the slot number is going to come from. It depends on which slot you put that module in.

(modular devices and slot numbers are NOT on your exam.)

About this console port, this picture is not the only kind of connector you may see with a console port.

When you do see this one, you may need a little extra equipment to make that connection, and what’s you’re going to need if you’re connecting  your laptop directly to a console port?

In this case with that RJ45 connector there, you’re going to need this:

You’re going to need a rollover cable and we call it that because every wire in the cable rolls over and I’ll show you the numbers here soon but it’s usually a distinctive blue cable that’s a good one to keep around. It’s a great one to have it in your bag and especially if you’re traveling admin, and you might want to keep two because every once in a while they have a habit of disappearing!

So to connect directly to the console port, the first thing you need is this rollover cable. They’re called “rollover” since every wire in the cable rolls over to another pin. 1-8, 2-7, 3-6, 4-5, 5-4, 6-3, 7-2, and 8-1, to be precise.

If we’re looking at that rollover cable, you might look at that and say: “OK, on the right side I see what we call an RJ 45 connector and we see exactly where that would go in, and you put it in, and you hear a little snap when the top tab goes all the way in, and everything is fine.

However, rare is the laptop that has a DB-9 connector on it! What you’re going to need there, is an adapter and you can find them online(a DB-9 to USB adapter)

So why don’t they just make USB ports? Well, some switch models do have that.

You can see those on the back of the switch right next to the console port and other times you’re going to see the USB port on the front of the switch and the classic RJ45 on the back.

Description Command (And Interface Range)

If you have ports performing a specific task, like traffic monitoring, or they lead to particularly important or sensitive hosts, it’s a good idea to note that in the port config with description. ( to label that and let the other network admins know)

I’m going to show you another use for it here along with the interface range command because on our Cisco switches where the ports are open by default, we may want to close the unused ports for security purposes. As a matter of fact that’s a great best practice to go with.

So let’s say that on the switch we’re on right now, I want to close ports 12 through 24 all Fastethernet ports, and I also don’t want them opened unless someone gets authorization from me. That sounds like the description command would come in handy because someone could come in a week later or a month later when these ports are closed, and opens them without your authorization. If you put a description line in there that says ‘you have to get authorization from Person X before opening these ports’, that would be a good thing to do.

Let’s use the interface range command here because we don’t want to do a lot of typing for each port. ( or a lot of cutting and pasting!) and what if I wanted to put a certain description on 64 ports on a 64 port switch !

  • Conf t > int ?

We can see all of these interface types… and at the very bottom, we see ‘range’

Then again it’ll give you a list here. (We can use ios help to illustrate each one)

With the comma, you can add extra ports.

If I was doing every other port (12, 14, 16, etc.) then I could use my comma(,) instead of the dash(/) and just indicate each individual port that you would need.

On some ios’s, you’ve got to leave a space between the 12 and the dash and the 24. So if you run into that and you put this command in that we have on the screen right now without the spaces in it, and it comes back to you and says ‘unrecognized command’ and the carrot would be pointing right after the 12 space you don’t have, it’s really easy and that’s where people used to get frustrated with the command like that and say:’ what do you mean by ‘incorrect ‘ or incomplete ‘ command?”. Well the thing is it was just asking for a space. Most ios’s do not require that space.

Here you can see now that I dropped into ‘config-if-range’ (Config Interface Range)

So everything I do from here on out, is going to apply to all of the ports in that range, and I’m just going to put description.

Then I’m going to do a ‘shut’

As a result, we’ll see a lot of shut down… and there they go

So looks like the range command worked and we see ‘changed state to administratively down’ as we expect with the shut down port.

Also if you take a look at the config:

You’ll notice you see that description next to every port that we saw in that range. So that’s a good thing to note especially again with ports that are leading to non end users that may need a little special treatment in ccase there is a problem or you need someone notified before a change is made. You can do just like that with the description command and use interface range to make it all happen at one time.

Leave a Reply

Your email address will not be published. Required fields are marked *