[c-nsp] Cisco 4900M and Layer2 Broadcasts

Ivan cisco-nsp at itpro.co.nz
Sun Jun 29 00:38:35 EDT 2014 

Thanks for the response.  The layer 3 traffic is unicast.  I have poked 
around further and found the counters from the command "show platform 
software drop-port" for "InpL2AclDrop" are increasing with my missing 
packets.

4900M#show platform software drop-port | in Drop Event 
Reason|InpL2AclDrop|Time
Time source is NTP, 16:35:59.675 NZST Sun Jun 29 2014
Drop Event Reason            Packets Dropped
  InpL2AclDrop                    1433452028
4900M#show platform software drop-port | in Drop Event 
Reason|InpL2AclDrop|Time
Time source is NTP, 16:36:02.843 NZST Sun Jun 29 2014
Drop Event Reason            Packets Dropped
  InpL2AclDrop                    1433496091
4900M#show platform software drop-port | in Drop Event 
Reason|InpL2AclDrop|Time
Time source is NTP, 16:36:07.020 NZST Sun Jun 29 2014
Drop Event Reason            Packets Dropped
  InpL2AclDrop                    1433539406

So far I haven't been able to find any additional details about this.  I 
am guessing it is some kind of inbuilt L2 ACL.

Cheers

Ivan

On 29/Jun/2014 2:33 p.m., Justin Krejci wrote:
> Is the layer 3 traffic multicast? Your indication of HA makes me suspect
> it is and perhaps you have a multicast snooping/filtering on the Cisco
> or some other related limiter setting.
>
> Just a total guess without any configs or other pertinent data.
>
>
>
> -----Original Message-----
> *From:* Ivan [cisco-nsp at itpro.co.nz]
> *Received:* Saturday, 28 Jun 2014, 5:10PM
> *To:* cisco-nsp [cisco-nsp at puck.nether.net]
> *Subject:* Re: [c-nsp] Cisco 4900M and Layer2 Broadcasts
>
> Sorry to respond to my own post but I have some further thoughts that
> may be useful.  The traffic ends up being broadcast at layer 2 (dest MAC
> address ff:ff:ff:ff:ff:ff) but the IPv4 payload is generally unicast.
> So I am thinking perhaps the 4900M could be "getting upset" with these
> packets.  Not really expecting the 4900M to look higher than layer 2 of
> these packets though as vlan does not have SVI.
>
> Ivan
>
> On 28/Jun/2014 10:17 p.m., Ivan wrote:
>> I am hoping someone may have come across an issue I am seeing on a Cisco
>> 4900M running 15.1(2)SG3.
>>
>> I have a device connected to an interface sending traffic from it's own
>> MAC address to MAC address ff:ff:ff:ff:ff:ff.  When the layer 3 protocol
>> is IPv6 I see this going out other port in the same vlan as the source -
>> all good.  When the layer 3 protocol is IPv4 the frames seem to go into
>> a black hole - very bad.  I have confirmed all this with packet captures.
>>
>> I have poked around but cam find any indication of the issue.  I will be
>> logging a TAC case in the next day or two for this but would be
>> interested to hear if anyone else has seen this.
>>
>> Thanks
>>
>> Ivan
>>
>> PS.  Not really looking to get into the details of the connected devices
>> etc - just some HA type traffic using layer 2 over a vlan.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list