[c-nsp] Cisco 2950s acting as hub?

Alex Cruz Farmer alex.cf+c-nsp at netsumo.com
Tue Mar 27 02:50:42 EST 2007 

Hi,

I've been scratching my head over this issue I've got with a client network. They are
seeing a strange issue where random packets are being broadcast across the network,
but there's no hub in the network to be broadcast from (network being a single Vlan)?

After going through the network with a fine toothcomb there's just a 6500 terminating
the Vlan (and, it's only 1 Vlan on the 6500 which is seeing this problem), then a
whole load of 2950s terminating the servers.

MAC Usage is about ~400 addresses on that Vlan, as all the 2950s are in "dumb" state
(i.e. not configured) I haven't been able to check them over for firmware versions yet.

I know one of the two "core" 2950s (see diagram below) is running an older firmware,
but I've been unable to upgrade this, unless I'm provided with an outage window
(ofcourse! :p).

          6500 (router)
          /  \
        2950 2950 (core)
        ///  \\\
       2950s 2950s (edge)

The config of the Vlan is rather simple...

interface Vlan961
 ip address 192.168.97.1 255.255.255.0 secondary
 ip address 192.168.98.1 255.255.255.0 secondary
 ip address 192.168.99.1 255.255.255.0 secondary
 ip address 192.168.100.1 255.255.255.0 secondary
 ip address 192.168.101.1 255.255.255.0 secondary
 ip address 192.168.96.1 255.255.255.0
 no ip redirects
 arp timeout 30
end

Port configuration for the uplinks is just an access port to the edge 2950s, as
there's only 1 Vlan needed for this part of the network.

After clearing the arp and mac-address tables on the 6500, the problem seemed to have
disappeared and I thought all was back to normal, but, after about an hour, odd
packets started to be seen. After adding an arp timeout entry in, and
disabling/enabling a few Vlan bits and pieces it has improved quite a bit, and only a
few packets are seen. So far, the only packets I've seen in dumps have been TCP
packets, and more worryingly some of the packets have lots of content in them.

I was wondering whether the problem could be caused by all the switches just using a
default configuration, (i.e. Vlan1) as after working with some Dells a while back,
they seem to stick themselves into some funky hub mode if they're using Vlan1 and hit
some limit.

Any help would be greatly appreciated.

Thanks in advance.

Kind regards,

Alex.

More information about the cisco-nsp mailing list