Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Mix of Switches & Hubs

In a special redundant environment (Extranet, Firewalls) we had to expand a Shared LAN with a Switched LAN.


2 Switches (C2924M-XL) with different links to Cisco Routers and Encryption Boxes (not Cisco) connected with one link each to a Hub (Cisco FastHub400), which only is connected to 1 Firewall. The 2 Hubs are also connected to each other.

Important: this connection is/has to be done (because of the FW High Availability design) like this: Switch---Hub---Hub---Switch

-Switch-Ports 100/H (before 100/F), link to Hub


-because of a feature weakness (Firewall, HA) we couldn't replace the hubs

-we had to add switches (mainly) because of having traffic reports (MRTG) from different customers

-the Shared LAN segemnt is Not oversized

-L2 is stable (no loops [are possible] or anything else)

-the hub don't have a load problem

-the links between hub and switch show healthy traffic: only we have lot of defferred frames


-we have seriuous instabilities for end-to-end connections through this environment (client---switch---hub---FW---server) with outages about 1 and more minutes (session failures)


Do we have a CAM table problem, because the switche receives also packets from the Shared LAN with the destination for the Firewall (connected to 1 of the hubs each) over the same link the switch has already an entry for this MAC address?

We know that this design is bad, but a the moment there's no workaround.

Any ideas?

New Member

Re: Mix of Switches & Hubs

You're probably going to want your Cisco SE/Design rep to come in with a network sniffer and see where the problem lies. This will be tough to troubleshoot offsite. Perhaps TAC would be usefull too.

New Member

Re: Mix of Switches & Hubs


Thanks for your input. I've forgotten to mention that we took/analysed a lot of sniffer traces. Especially was to see that after a bad frame (wrong CRC, jabber) with always(!?) 16 bytes length and a source address of the firewall nothing is coming from the FW about 1.5 minutes, but a lot (exspected) to the FW itself. We think that the FW probably produces this bad frame and there must be problem with the NIC drivers of the HA systems (both FW's seem to produce this frame and have 'link down' of only 5s). But what's the cause of this bad behaviour or frame is not already known. We'll check it out. Thanks.