Vlan Instability

sudermaniak · ‎11-17-2009

Hello,

Today I had a major incident in our LAN.

One of our wi-fi Vlans that is routed on Cisco L3 3750 switch has been paralysed. Devices were able to connect but when You try to ping them 75-90 % of the packets were lost.

After few hours it turned out that two linksys wifi-eth. converters were accidentally linked together with it's eth. interfaces. The effect was that entire Vlan within entire Cisco switched network was almost cutted off.

On our L3 Cisco switch logs I saw plenty of entries like this:

14w0d: %IP-4-DUPADDR: Duplicate address xxx.xxx.xxx.xxx on Vlan6, sourced by 0004.23aa.9eb5

How two little devices linked together could paralyse entire Vlan ?

Do You know how to protect from such situations in the future ?

Thanks.

Peter Paluch · ‎11-17-2009

Hello Tomasz,

My first guess is that your network does not seem to properly utilize the Spanning Tree Protocol. By interconnecting the two Linksys devices, you have probably created a Layer2 loop in your VLAN, resulting in frames looping in it. The STP would have at least partially blocked it.

Regarding the duplicate address warning, that is something different. The switch is telling you that some other device has the same IP address as the switch itself in the VLAN 6. According to the MAC address, the other device with the duplicate IP address uses an Intel network card according to the OUI index at the IEEE webpages (the 00-04-23 OUI has been assigned to Intel).

I suggest strongly verifying the STP configuration on all your devices and making sure that all of them support it and actually have it activated. Regarding the IP address, well, that is up to you as an administrator to prevent such duplicates from occuring.

Best regards,

Peter

Giuseppe Larosa · ‎11-20-2009

Hello Peter, Tomasz,

the two devices have been able to create a L2 vlan loop on that vlan by connecting them with an ethernet back to back.

As Peter suggests they probably have STP disabled and both should have a second ethernet connecting to the wired infrastructure.

messages about overlapping ip address are layer3 and so they should be unrelated to the L2 issue.

Hope to help

Giuseppe

sudermaniak · ‎11-20-2009

Hello,

thanks for Your quick answer,

concerning the duplicate address warning:

"14w0d: %IP-4-DUPADDR: Duplicate address xxx.xxx.xxx.xxx on Vlan6, sourced by

I cannot aggree becouse MAC addreesses that appeared in the warning belonged to the conflicting devices.

Other fact is that both conflicting devices had enabled clone mac address feature what practically means that each have cloned the other one.

After We have disconnected the devices warnings have stopped appearing.

Concerning Spanning-Tree what Do You mean saying that the network is not properly utilizing STP ?

I think We have enabled STP on all Vlans (basing on sh spanning-tree command) and is working on other occasions like managing redundant paths.

Maybe We should enable other features like Storm Control or LoopGuard?

What else can I check concernig STP ?

Thanks.

Giuseppe Larosa · ‎11-20-2009

Hello Thomasz,

the question is the following:

are the two linksys running STP?

they were the devices creating the problem so it is on them that you should investigate.

broadcast storm-control on wired infrastructure devices can be of help in containing the effects of a bridging loop.

Edit:

I have reviewed the message error this can be a symptom of a bridging loop in action

14w0d: %IP-4-DUPADDR: Duplicate address xxx.xxx.xxx.xxx on Vlan6, sourced by 0004.23aa.9eb5

So I agree on this

Hope to help

Giuseppe

sudermaniak · ‎11-20-2009

Hello Giuseppe,

These two linksys devices are WET54G Ethernet bridge.

This is very simple equipment. No Spanning tree or other advanced features.

Best regards.

Giuseppe Larosa · ‎11-20-2009

Hello Tomasz,

if they don't run STP at all there is nothing you can do about them.

verify if they run an STP instance even mono instance legacy 802.1D otherwise there are no other options

Hope to help

Giuseppe