cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1619
Views
0
Helpful
7
Replies

Cisco 3560's freaking out because of unmanaged switches beneath them.

mking52903
Level 1
Level 1

Hello,

I'm hoping someone in this community might have a hint or answer for a very odd issue I've been having with our network. Our network is primarily made up of catalyst 3560 switches. Since having Ruckus wireless equipment installed, I've been having an issue with some of our switches freaking out if they are serving unmanaged switches in one of their ports. For instance, in a technology room we have a plain jane Netgear gigabit switch connected to a Mac Mini server running netboot and hosting image files. This is linked up to the rest of our network via a drop so it can load imaging data and submit logs. Everything goes fine until we've imaged somewhere in the 150 range, then the switch "freaks out" and begins dropping the access points and not passing traffic through some ports while others work fine, and sometimes it will stop servicing the other  layer 3 switches beneath it. It's almost like the trunk starts malfunctioning after too many MAC addresses come and go. The switch port for the gigabit switch is configured with a very simple vlan configuration. I've contacted the guys who've installed the Ruckus gear but they are not entirely sure what's up. He suggested I set up the port as a trunk and only allow my desired vlan through. Any truth to that? Sounds like an odd configuration to me. I'm not sure if this problem existed before, but it's definitely apparent now. The problem is easily corrected by rebooting the switch. At first I thought it was maybe a switch going bad, but I've had this happen in two locations where the 3560's are serving the simpler unmanaged switches. I would love for us to have all managed switches but sometimes in education budget doesn't allow us to have all we want. Any tips or things to look for woud be greatly appreciated! I'm not the most knowledgeable in networking but I know enough to follow directions and be dangerous. Thanks!

7 Replies 7

Leo Laohoo
Hall of Fame
Hall of Fame

Sounds like someone's put switchport security to limit up to 150 MAC addresses.

It's either than or you've got a full-blown STP loop going on.

Can you check if "spanning-tree portfast" is enabled on the links to your different switches?  If so, disable.

Thanks for the reply. I've tried with and without spanning-tree portfast and it doesn't seem to make much difference. I did notice this interface was blank except for a description like this:

!

interface FastEthernet0/14

description NetBoot 1

!

It was probably left this way because our network was originally a flat network with no additional VLAN's. Perhaps adding switchport mode access and switchport access vlan 1 would help? Maybe I should move NetBoot to a new VLAN? (although the old VLAN 1 is still in place) I also did a show port-security on the interface and it's saying port security is disabled.

What are your spanning tree settings? Are you running ieee, pvst, etc...? A helpful command to determine a stp loop is

mac address-table notification mac-move

A diagram of your setup would help as well.

One other thing. You mention the addtion of the wireless but also the imaging of machines. Are these things both new or have you been imaging for a while with no issues?

The config for our main switch shows that we are running "spanning-tree mode pvst".

Before these new Ruckus wireless access points, we had been using NetBoot to image Mac machines for a while with no major problem. However, at our elementary campus I noticed this behavior a couple of times in one cabinet where standard layer 2 switches were hooked into layer 3 switches. It was never this frequent, though. And I never noticed problems at our high school campus when imaging before these came along. Our old wireless points were simple, antiquated access points with a PoE switch hooked into our Cisco switch with its port in a single vlan. The new Ruckus gear has their switchports in the trunk with access to a management VLAN and the VLAN with the wireless DHCP scope. I'm really blown away by this problem as this imaging setup is practically no different than our previous wireles setup that worked across the whole district before it. (Apart from the old wireless gear itself crashing under load )

What kind of diagram would be most useful? I think I have some stuff from the people who set up our VLAN's but I would have to add to it. Thanks.

Michael,

Can you post the output of

show int f0/14 sw

Also which vlans are required to and from the NETBOOT 1

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

The output of that command is as follows:

Name: Fa0/14

Switchport: Enabled

Administrative Mode: static access

Operational Mode: static access

Administrative Trunking Encapsulation: negotiate

Operational Trunking Encapsulation: native

Negotiation of Trunking: Off

Access Mode VLAN: 1 (default)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk private VLANs: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

As for which vlan's are required, it all sits in VLAN 1. The Mac Mini server running NetBoot and hosting image files is on that Netgear gigabit switch as well, so all we need is a DHCP scope from the network as well as a link to the network for configuration and logging submission.

A layer2 and layer3 diagram would be helpful with trunk port identified as well as the ports the wireless ap's are plugged into.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: