[c-nsp] Cisco 2950s acting as hub?

David Freedman david.freedman at uk.clara.net
Tue Mar 27 05:57:11 EST 2007 

Is it possible you are seeing CAM overflow on your switched network?

When the CAM space is exhausted the switch can do no more than flood 
frames out of all ports (in the VLAN) which appears to be the same 
behaviour as if you had a hub in place.

With everything in VLAN1 the effect of this could be quite spectacular.

Dave.

Alex Cruz Farmer wrote:
> Hi,
> 
> I've been scratching my head over this issue I've got with a client network. They are
> seeing a strange issue where random packets are being broadcast across the network,
> but there's no hub in the network to be broadcast from (network being a single Vlan)?
> 
> After going through the network with a fine toothcomb there's just a 6500 terminating
> the Vlan (and, it's only 1 Vlan on the 6500 which is seeing this problem), then a
> whole load of 2950s terminating the servers.
> 
> MAC Usage is about ~400 addresses on that Vlan, as all the 2950s are in "dumb" state
> (i.e. not configured) I haven't been able to check them over for firmware versions yet.
> 
> I know one of the two "core" 2950s (see diagram below) is running an older firmware,
> but I've been unable to upgrade this, unless I'm provided with an outage window
> (ofcourse! :p).
> 
>           6500 (router)
>           /  \
>         2950 2950 (core)
>         ///  \\\
>        2950s 2950s (edge)
> 
> The config of the Vlan is rather simple...
> 
> interface Vlan961
>  ip address 192.168.97.1 255.255.255.0 secondary
>  ip address 192.168.98.1 255.255.255.0 secondary
>  ip address 192.168.99.1 255.255.255.0 secondary
>  ip address 192.168.100.1 255.255.255.0 secondary
>  ip address 192.168.101.1 255.255.255.0 secondary
>  ip address 192.168.96.1 255.255.255.0
>  no ip redirects
>  arp timeout 30
> end
> 
> Port configuration for the uplinks is just an access port to the edge 2950s, as
> there's only 1 Vlan needed for this part of the network.
> 
> After clearing the arp and mac-address tables on the 6500, the problem seemed to have
> disappeared and I thought all was back to normal, but, after about an hour, odd
> packets started to be seen. After adding an arp timeout entry in, and
> disabling/enabling a few Vlan bits and pieces it has improved quite a bit, and only a
> few packets are seen. So far, the only packets I've seen in dumps have been TCP
> packets, and more worryingly some of the packets have lots of content in them.
> 
> I was wondering whether the problem could be caused by all the switches just using a
> default configuration, (i.e. Vlan1) as after working with some Dells a while back,
> they seem to stick themselves into some funky hub mode if they're using Vlan1 and hit
> some limit.
> 
> Any help would be greatly appreciated.
> 
> Thanks in advance.
> 
> Kind regards,
> 
> Alex.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list