cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1915
Views
5
Helpful
2
Replies

SG300-20 Bonjour Packets being Sent after Bonjour deactivated

barry
Level 1
Level 1


I have a Cisco SG300-20 Small business switch, and the IPv4 interfaces
continue to create mDNS broadcast traffic even after Bonjour has been
disabled globally.

Packets originate from the interface IP: 172.16.xx.254:5353 and have a
destination IP that is a broadcast address 224.0.0.251:5353

I have three interfaces that generate a packet about once every 10 seconds. 
This is creating alerts in other equipment that is filling up my logs.

This is a small network that is in one physical location and configuration is
static so I have no need of discovery services for anything running on the
SG300 switch.

Other than disabling Bonjour, there is nothing in the manual that seems
to relate to it.

Am I missing something, or if this is a bug?

Detailed backup information follows:

Product/Software Version Info

NAME: "1" DESCR: "SG300-20 20-Port Gigabit Managed Switch" 
PID: SRW2016-K9 VID: V04 SN: PSZ202xxxxx

SW version 1.4.7.6 ( date 07-Dec-2016 time 18:37:03 )
Boot version 1.3.5.06 ( date 21-Jul-2013 time 15:12:10 )
HW version V04

#show bonjour

Bonjour global status: disabled
Bonjour L2 interfaces port list: none

Service Admin Status Oper Status
------- ------------ -----------
csco-sb enabled enabled
http enabled enabled
https enabled enabled
ssh enabled enabled
telnet enabled disabled

Sample packet captured by wireshark:

Frame 60: 362 bytes on wire (2896 bits), 362 bytes captured (2896 bits) on interface 0
Interface id: 0 (enp0)
Encapsulation type: Ethernet (1)
Arrival Time: Mar 3, 2017 16:14:17.875849274 EST
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1488575657.875849274 seconds
[Time delta from previous captured frame: 1.461698815 seconds]
[Time delta from previous displayed frame: 4.999822643 seconds]
[Time since reference or first frame: 43.461018609 seconds]
Frame Number: 60
Frame Length: 362 bytes (2896 bits)
Capture Length: 362 bytes (2896 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:mdns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: 00:9e:1e:xx:xx:x1 (00:9e:1e:xx:xx:x1), Dst: IPv4mcast_fb (01:00:5e:yy:yy:yb)
Destination: IPv4mcast_fb (01:00:5e:yy:yy:yb)
Address: IPv4mcast_fb (01:00:5e:yy:yy:yb)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
Source: 00:9e:1e:xx:xx:x1 (00:9e:1e:xx:xx:x1)
Address: 00:9e:1e:xx:xx:x1 (00:9e:1e:xx:xx:x1)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 172.16.xx.254, Dst: 224.0.0.251
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0xe0 (DSCP: CS7, ECN: Not-ECT)
1110 00.. = Differentiated Services Codepoint: Class Selector 7 (56)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 348
Identification: 0x2e4f (11855)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 1
[Expert Info (Note/Sequence): "Time To Live" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)]
["Time To Live" != 255 for a packet sent to the Local Network Control Block (see RFC 3171)]
[Severity level: Note]
[Group: Sequence]
Protocol: UDP (17)
Header checksum: 0xca52 [validation disabled]
[Good: False]
[Bad: False]
Source: 172.16.xx.254
Destination: 224.0.0.251
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 5353 (5353), Dst Port: 5353 (5353)
Source Port: 5353
Destination Port: 5353
Length: 328
Checksum: 0x6346 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
[Stream index: 0]
Multicast Domain Name System (response)
Transaction ID: 0x0000
Flags: 0x8000 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...0 .... = Non-authenticated data: Unacceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 0
Answer RRs: 1
Authority RRs: 0
Additional RRs: 0
Answers
VSDPb45501._csco-sb-vsdp._mdns._udp.local: type TXT, class IN
Name: VSDPb45501._csco-sb-vsdp._mdns._udp.local
Type: TXT (Text strings) (16)
.000 0000 0000 0001 = Class: IN (0x0001)
0... .... .... .... = Cache flush: False
Time to live: 25
Data length: 255
TXT Length: 6
TXT: type=0
TXT Length: 9
TXT: version=1
TXT Length: 21
TXT: refresh-age-timeout=0
TXT Length: 10
TXT: priority=0
TXT Length: 14
TXT: refresh-flag=0
TXT Length: 34
TXT: root-mac-address=00:9e:1e:xx:xx:x1
TXT Length: 6
TXT: cost=0
TXT Length: 26
TXT: transm-address=172.16.xx.254
TXT Length: 23
TXT: transm-interface=100049
TXT Length: 16
TXT: voice-vlan-id=10
TXT Length: 16
TXT: voice-vlan-vpt=5
TXT Length: 18
TXT: voice-vlan-dscp=46
TXT Length: 43
TXT: md5-auth=01af9cba5ed0218b0848195834e6a878ae

2 Replies 2

chrullrich
Level 1
Level 1

The original post is a bit old now, but: To fix this, disable the Voice VLAN feature; "voice vlan state disabled".

Just take care when applying this command remotely on SG350XG switches, because it erases trunk configurations on enabled by default smart ports.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X