[c-nsp] Cisco 2950s acting as hub?
Dale W. Carder
dwcarder at doit.wisc.edu
Tue Mar 27 08:56:07 EST 2007
Hi Alex,
Perhaps your unconfigured 2950's are not running portfast on the edge
ports or are otherwise generating a topology change notification every
time an end station connects/disconnects.
I seem to recall a bug in really old desktop switch software that tcn's
were generated even with portfast on.
Easy way to see this would be to run "show spann vlan 'vlan' detail" on
the 6500 and look for the # of topo changes and the last change time.
Another thing to tune would be the mac-address-table aging parameter.
By default I believe it is absurdly low (5 min). Change it to match
your arp timer (which is usually a bit too high). Try something like
1 hr for both.
Dale
----------------------------------
Dale W. Carder - Network Engineer
University of Wisconsin at Madison
http://net.doit.wisc.edu/~dwcarder
Thus spake Alex Cruz Farmer (alex.cf+c-nsp at netsumo.com) on Tue, Mar 27, 2007 at 08:50:42AM +0100:
> Hi,
>
> I've been scratching my head over this issue I've got with a client network. They are
> seeing a strange issue where random packets are being broadcast across the network,
> but there's no hub in the network to be broadcast from (network being a single Vlan)?
>
> After going through the network with a fine toothcomb there's just a 6500 terminating
> the Vlan (and, it's only 1 Vlan on the 6500 which is seeing this problem), then a
> whole load of 2950s terminating the servers.
>
> MAC Usage is about ~400 addresses on that Vlan, as all the 2950s are in "dumb" state
> (i.e. not configured) I haven't been able to check them over for firmware versions yet.
>
> I know one of the two "core" 2950s (see diagram below) is running an older firmware,
> but I've been unable to upgrade this, unless I'm provided with an outage window
> (ofcourse! :p).
>
> 6500 (router)
> / \
> 2950 2950 (core)
> /// \\\
> 2950s 2950s (edge)
>
> The config of the Vlan is rather simple...
>
> interface Vlan961
> ip address 192.168.97.1 255.255.255.0 secondary
> ip address 192.168.98.1 255.255.255.0 secondary
> ip address 192.168.99.1 255.255.255.0 secondary
> ip address 192.168.100.1 255.255.255.0 secondary
> ip address 192.168.101.1 255.255.255.0 secondary
> ip address 192.168.96.1 255.255.255.0
> no ip redirects
> arp timeout 30
> end
>
> Port configuration for the uplinks is just an access port to the edge 2950s, as
> there's only 1 Vlan needed for this part of the network.
>
> After clearing the arp and mac-address tables on the 6500, the problem seemed to have
> disappeared and I thought all was back to normal, but, after about an hour, odd
> packets started to be seen. After adding an arp timeout entry in, and
> disabling/enabling a few Vlan bits and pieces it has improved quite a bit, and only a
> few packets are seen. So far, the only packets I've seen in dumps have been TCP
> packets, and more worryingly some of the packets have lots of content in them.
>
> I was wondering whether the problem could be caused by all the switches just using a
> default configuration, (i.e. Vlan1) as after working with some Dells a while back,
> they seem to stick themselves into some funky hub mode if they're using Vlan1 and hit
> some limit.
>
> Any help would be greatly appreciated.
>
> Thanks in advance.
>
> Kind regards,
>
> Alex.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list