08-05-2013 11:17 AM - edited 03-07-2019 02:45 PM
Hello,
I'm hoping someone in this community might have a hint or answer for a very odd issue I've been having with our network. Our network is primarily made up of catalyst 3560 switches. Since having Ruckus wireless equipment installed, I've been having an issue with some of our switches freaking out if they are serving unmanaged switches in one of their ports. For instance, in a technology room we have a plain jane Netgear gigabit switch connected to a Mac Mini server running netboot and hosting image files. This is linked up to the rest of our network via a drop so it can load imaging data and submit logs. Everything goes fine until we've imaged somewhere in the 150 range, then the switch "freaks out" and begins dropping the access points and not passing traffic through some ports while others work fine, and sometimes it will stop servicing the other layer 3 switches beneath it. It's almost like the trunk starts malfunctioning after too many MAC addresses come and go. The switch port for the gigabit switch is configured with a very simple vlan configuration. I've contacted the guys who've installed the Ruckus gear but they are not entirely sure what's up. He suggested I set up the port as a trunk and only allow my desired vlan through. Any truth to that? Sounds like an odd configuration to me. I'm not sure if this problem existed before, but it's definitely apparent now. The problem is easily corrected by rebooting the switch. At first I thought it was maybe a switch going bad, but I've had this happen in two locations where the 3560's are serving the simpler unmanaged switches. I would love for us to have all managed switches but sometimes in education budget doesn't allow us to have all we want. Any tips or things to look for woud be greatly appreciated! I'm not the most knowledgeable in networking but I know enough to follow directions and be dangerous. Thanks!
08-05-2013 03:56 PM
Sounds like someone's put switchport security to limit up to 150 MAC addresses.
It's either than or you've got a full-blown STP loop going on.
Can you check if "spanning-tree portfast" is enabled on the links to your different switches? If so, disable.
08-06-2013 06:18 AM
Thanks for the reply. I've tried with and without spanning-tree portfast and it doesn't seem to make much difference. I did notice this interface was blank except for a description like this:
!
interface FastEthernet0/14
description NetBoot 1
!
It was probably left this way because our network was originally a flat network with no additional VLAN's. Perhaps adding switchport mode access and switchport access vlan 1 would help? Maybe I should move NetBoot to a new VLAN? (although the old VLAN 1 is still in place) I also did a show port-security on the interface and it's saying port security is disabled.
08-06-2013 06:40 AM
What are your spanning tree settings? Are you running ieee, pvst, etc...? A helpful command to determine a stp loop is
mac address-table notification mac-move
A diagram of your setup would help as well.
One other thing. You mention the addtion of the wireless but also the imaging of machines. Are these things both new or have you been imaging for a while with no issues?
08-07-2013 06:15 AM
The config for our main switch shows that we are running "spanning-tree mode pvst".
Before these new Ruckus wireless access points, we had been using NetBoot to image Mac machines for a while with no major problem. However, at our elementary campus I noticed this behavior a couple of times in one cabinet where standard layer 2 switches were hooked into layer 3 switches. It was never this frequent, though. And I never noticed problems at our high school campus when imaging before these came along. Our old wireless points were simple, antiquated access points with a PoE switch hooked into our Cisco switch with its port in a single vlan. The new Ruckus gear has their switchports in the trunk with access to a management VLAN and the VLAN with the wireless DHCP scope. I'm really blown away by this problem as this imaging setup is practically no different than our previous wireles setup that worked across the whole district before it. (Apart from the old wireless gear itself crashing under load )
What kind of diagram would be most useful? I think I have some stuff from the people who set up our VLAN's but I would have to add to it. Thanks.
08-06-2013 06:48 AM
Michael,
Can you post the output of
show int f0/14 sw
Also which vlans are required to and from the NETBOOT 1
Regards,
Alex.
Please rate useful posts.
08-07-2013 06:20 AM
The output of that command is as follows:
Name: Fa0/14
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
As for which vlan's are required, it all sits in VLAN 1. The Mac Mini server running NetBoot and hosting image files is on that Netgear gigabit switch as well, so all we need is a DHCP scope from the network as well as a link to the network for configuration and logging submission.
08-07-2013 07:43 AM
A layer2 and layer3 diagram would be helpful with trunk port identified as well as the ports the wireless ap's are plugged into.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: