Broadcast storms applicable on layer 3 switches?

Similar Messages

• 3com and cisco switches (802.1q)vlan integration problem - broadcast storm?

  Hi forum,
  we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.
  my questions:
  1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?
  2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?
  3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?
  4) is there a way on the design side to effectly counter this problem?
  Kind regards,
  paul

  It sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.
  As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.
  P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do.

• Loop - broadcast storm in network

  Good day to you all, i'm with some problem and i can't seem to find the right solution.
  at our company we have arround 300 2960 switches, also in some areas of the factory they are using 3com hubs or other hub devices.
  i am trying to take them all out, but the factory is to big and there are more then 100 on places i dont know.
  My problem is that many times we have a broadcast storm or loop in the network.
  users just put in 2 cables in a hub, or the cisco phone both cables in the hub.
  the hub is connected to a 2960 switch.
  My port configuration is:
  interface FastEthernet0/3
  switchport access vlan 27
  switchport mode access
  switchport voice vlan 244
  spanning-tree portfast
  spanning-tree bpduguard enable
  end
  the STP settings global are:
  spanning-tree mode pvst
  spanning-tree loopguard default
  spanning-tree portfast bpduguard default
  no spanning-tree optimize bpdu transmission
  spanning-tree extend system-id
  in my opinion the port that have the 3com connected should go in to err-disable when a loop is created because it receive BPDU packets.
  unfortuinatly this does not happens and my whole network goes down.
  the logging in the switch only indentify that there is mac flapping.
  Mar  1 07:28:02: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
  Mar  1 07:28:18: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
  Mar  1 07:28:38: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
  Mar  1 07:28:42: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
  Mar  1 07:28:50: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
  Mar  1 07:28:50: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
  Mar  1 07:29:03: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
  Mar  1 07:29:06: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
  Mar  1 07:29:16: %SW_MATM-4-MACFLAP_NOTIF: Host 0026.18d6.e3d6 in vlan 27 is flapping between port Fa0/2 and port Gi0/1
  Mar  1 07:29:18: %SW_MATM-4-MACFLAP_NOTIF: Host e05f.b9e5.acba in vlan 27 is flapping between port Fa0/45 and port Gi0/1
  Does someone have an idea to prefent this from happening ??
  Thanks a lot!

  Hello
  My question is should i only set on the interface "storm-control broadcast level ??"
  or do i also need to set multicast and unicast ? - All depends on what traffic you have traversing your links you need to be sure you dont set the levels to low has to prohibit legitimate IGP/broadcast/mulitcast/unicast traffic this includes any bespoke application traffic that utilzies any of the above
  and why is the 3 to 5 %, so it will drop the storm when reach 95 % on interface ? - 5% of an 100mb link would be reached at 5 mb utilization of whatever traffic you define, the higher rate the less effective stom controll is.
  To protect against layer 1 devices such are hubs and say access ports with attached switches(managed/unmanaged) you can also apply port-security running along side your current stp bpduguard.
  switchport nonegotiate ( disables DTP)
  switchport port-security ( enables port security)
  switchport port-security aging type inactivity ( ageing of mac- address)
  switchport port-security aging time xx  ( mins the mac address will age out)
  Switchport port-security violation restrict| shutdown ( violation action of port-security)
  Switchport port-security max xx ( number of mac- address allowed on port)
  res
  Paul
  Please don't forget to rate any posts that have been helpful.
  Thanks.

• Intel i217-LM NIC Causes Broadcast storm and High CPU

  Wanted to post this here to help others that may be experiencing issues with broadcasts.   
  If you have PC's with the Intel i217-LM NIC if you don't have the latest driver from Intel the NIC will cause an IPV6 broadcast storm when the computer goes into sleep/hibernate.  You have to have at least two PC's on your network in sleep/hibernate mode.  It causes the same affect as a network loop.  In my network it would cause the MDF CPU to go to 100% and basically shut the network down.  
  We have Lenovo M93 desktops that have this NIC and I know that there are other PC's that have his same NIC and experience the same problem.
  When the broadcast storm is happening you can issue the command 
  show interfaces | include is up|line|broadcast on your MDF switch to find which interfaces have high broadcasts.  You may have to trace it through your uplinks to your IDF's.  You can then shut those interfaces to stop the broadcast storm.
  Your long term solution will be to get the latest NIC driver from Intel and update your PC's.

  It's connected IPV4 but because of the faulty NIC driver it starts broadcasting IPV6 when in sleep/hibernate mode.
  https://supportforums.cisco.com/discussion/12291431/ipv6-broadcast-storm-caused-hp-eliteone-800-intel-i217-lm-nic-how-find-hosts
  https://forums.lenovo.com/t5/A-M-and-Edge-Series-ThinkCentre/M83-and-M93p-ipv6-storms-intel-i217-LM-NIC/td-p/1600686

• VPLS level Broadcast storm

  If we have broadcast storm in the VPLS
  will it be CPU processed,I mean to say like in a normal L2 switch scenario
  whenever there is a brodcast storm the cpu of L2 switch will go high but in the
  case of VPLS lets say in 7600 will the cpu also spike.

  The SUP of the 7600 has two CPU. Basically one for the L3 activities (RP CPU) and one for L2 activities (SP CPU).
  Without L3 interface, broadcast are not punted and flooded in hardware. There are special cases where some specific broadcast packets may be punted to the SP CPU (we are only L2 here) like if it's an IGMP packets and IGMP snooping is enabled.
  So a storm of such packets could overload the CPU.
  HTH
  Laurent.

• Broadcast Storm Control

  Hi everybody,
  I’m suspected about broadcast storm control feature on switch. Could anyone please advice me?
  1. When the broadcast storm control is triggered, can normal data packets (not broadcast packets) pass the switch?
  2. If the network looping is occurred at unmanaged switch that doesn’t support spanning tree protocol and it connects to the managed switch that broadcast storm control is turned on, does it help this issue?
  Managed switch
  |
  |
  Unmanaged switch
  ||
  \/<--- network looping
  Thanks for advance,
  Nitass

  1. Unicast packets and multicast packets are not affected when u enable broadcast storm control. Multicast packets will be affected only if you enable multicast storm control on the switchport.
  2. I have no experience in a setup such as this but the behavior of the storm-control broadcast level command suggests that the switch port will drop all broadcasts headed through the port (in both directions) for a specified period of time.
  This however, still does not stop the source of the broadcast (i.e. the multiple links running to the un managed switch) so I would presume that the broadcasts might die down for a small period of time but they will resurface as the unmanaged switch would continue generating broadcast packets.
  Thus the port on the managed switch would come back to normal state, only to go back into broadcast storm control state and stop all broadcasts all over again.
  HTH
  Please rate posts that help.
  Regards
  Arvind

• Broadcast Storm

  We host an annual LAN gaming event with about 3500 BYOC spots.  Last year we suffered a massive broadcast storm.  So this year we made each row its own subnet to prevent broadcasts from affecting the rest of the LAN.  This had an unintended side effect.  Many people hosting games on their systems were unable to announce their presence to the whole LAN, just their subnet.  It angered quite a few gamers.  What are some options to prevent broadcasts storms but still allow genuine game broadcasts?

  BPDU guard is often used to prevent end systems from introducing switches or hubs that could potenatilly casue a loop (and broadcast storm). Reference.

• Will this cause a broadcast storm/loop?

  I have 3 2960g switches that each have about 40 devices (pc's, printers, etc..) attached to them.  Each of these 2960 switches has one port connected to a port on a  "core" switch, which is a 3950g.  The 3950 has 3 switches and all of our servers (12) conected to it's ports.  The network seems to be running alright, however most, if not all, of the port lights on ALL switches blink wildly(at least I consider it "wildly").  Am I doing this wrong?  Is there a better way to connect all these switches?
  Also, this configuration is for our first floor.  The second floor has the exact same configuration, and the two 3950's (one upstairs, one downstairs) arec connected via fiber.
  Thanks for any help.

  Hi Scott,
  I think I like yours comments and  leolaohoo reaction .
  We don't know your Layer 3 setup, but broadcasts will stay in a broadcast domain. A broadcast will cause activity LEDs to flicker. 
  I would expect to see on a regular basis multicast and broadcast  packets that make the activity lights flicker in unison.  A bit daunting at the time, as your rack of switches flashed in unison like a christmas tree but as you said "the network seems to be running all right"
  To ease your mind, you could look at a wireshark capture  and see if you can coordinate looking at a activity LED flash  and the wireshark capture to see the types of packets that might be worrying you.
  I just did a wireshark capture  on my PC that you can see below.  I captured only  20 packets.  It was interesting that  just about every packet is a broadcast packet that will cause all port LEDs  in my layer 2 switch network to flicker.  But I know my layer 2 network is just fine.
  Never hurts to be cautious, and monitor switch MIB variables and wireshark capture to see what is really happening on your network.
  One positive thing to do if you are feeling like you would like better monitoring on your network,  and you reside in the USA or Canada  is to look at the new onplus appliance with included service   we are offering  for our partner community.
  check out the URL below and  the cost of appliance p/n  ON100-K9
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5734/ps11792/datasheet_c78-680690.html
  regards Dave

• Broadcast storms

  Hello,
  I currently have 4 HP 2610 switches alongside a Cisco SG 300 28 Port POE.  I have a few laptops that when I look on the old 2610's I can plainly see they are pushing out what may be excessive traffic (AKA broadcast storms) from the login page on the GUI...I am investigating this with the laptops in question by updating drivers, checking for malware etc..hopefully the nics aren't bad as that would be a board replacement.  Anyways, if these laptops were on the Cisco is there a area that I can plainly see what ports or Macs are pushing out what may be a broadcast storm.  Under logs I see I have a flash log etc...but where would I see who is actually in plain english pushing bad traffic similar to the old HP switches?  The reason why I ask is I am retiring the old HP's over time and I want to be "in the know" how to see issues like this without having to go through alot of hoops.
  Don

  Hi Don
  I know HP 2610 switches and thus remember about what messages are you talking about. Neither of Cisco switches (Small business or Enterprise) provides same kind of output in regards identification of unexpected traffic pattern on ports.
  But on the other side they have options how to avoid and identify loops in switched networks. This means that instead of receiving "Excessive broadcasts received on the port X" you will get something like "STP Loopback Detection." in case there is really switching loop in network. Moreover with releasing firmware 1.4.0.88 new feature was introduced for avoiding loops in network: Loopback detection – Detects network loops using non-BPDU frames, and usually used where spanning tree cannot be used.
  There is also Storm control feature on SG300 switches, but it is like prevention mechanism instead. More here.
  I.e. in another words, Small business switches have resources and options how to detect switching loops with blocking of switch ports from where storms are coming from.
  One more thing: "Excessive broadcasts received on the port X" on HP not always pointed to broadcast storms, but yes is usually caused by a network topology loop, but can also be due to a malfunctioning device, NIC, NIC driver, or software application.
  hope this helps..

• ARD broadcast storms?

  Recently our entire 1000 node network was crippled by the repeated use of the ARD to push software to multiple clients (one at a time was fine) In reading online it appears to me that ARD is designed to deliver UDP datagrams to the endstations by means on sending them as Broadcast packets meaning all ports on all switches are immediately flooded by the traffic that is really only important to the 2 or more clients being pushed to. If this app is designed this way, what on earth is Apple thinking? Our host Mac is connected to a Gig port and the rate at which broadcasts were being sent was off the scale until the broadcast storm throttles on the switches kicked in but by that time, and even at the throttled rate, the harm was widespread. Can someone explain to me why any app would use the process of a broadcast to deliver content? Is something misconfigured?
  Thank you

  I think you can reduce the impact of the storm on a switch by setting a maximum number on UDP broadcast packets. Unfortunately, with UDP packets there is no error correction, so packets that arrive after the maximum has been met are dropped, which will cause your Remote Desktop session to fail.
  Another point to consider is that it does not matter what version your servers or clients are running as far as OS X. You can run the Remote Desktop Application from a workstation or server, as long as it meets the OS X requirements. The broadcast packets are spawned from the application, not the underlying OS.
  So far, no word from Apple on this. We have been limping along, having to manually run our updates one computer at a time. We support about 100 Macs at our company, and have updates for various applications about once a month.
  Maybe Santa is just late bringing me what I wished for?

• Cisco Asa 5505 and Layer 3 Switch With Remote VPN Access

  i got today a new CISCO LAYER 3 Switch .. so here is my scenrio
  Cisco Asa 5505
  I
  Outside  == 155.155.155.x
  Inside  =      192.168.7.1
  VPN POOL Address =   10.10.10.1   -   10.10.10.20
  Layer 3 Switch Config
  Vlan 2
  interface ip address =  192.168.1.1
  Vlan 2
  interface ip address =  192.168.2.1
  Vlan 2
  interface ip address =  192.168.3.1
  Vlan 2
  interface ip address =  192.168.4.1
  Vlan 2
  interface ip address =  192.168.5.1
  ip Routing
  So i want My Remote Access VPN clients to access all this Networks. So Please can you give me a helpfull trick or Link to configure the rest of my routing
  Thank You all

  When My Remote VPN is Connected , it reaches 192.168.7.2 of the Layer 3 VLan that's Connected to The ASA 5505 ,
  But i can't reach the rest of the VLAN - example
  192.168.1.1
  192.168.1.2
  192.168.1.3
  192.168.1.4
  192.168.1.5
  But i can reach the Connected Interface Vlan to My ASA ..
  So here i think iam miss configuration to my Route
  Any Help Please this is urgent

• Multi-layer/layer3 switch VS. Router

  Multi-Layer Switch or Layer3 switch vs. router; How they are different?
  1.7

  In a router the route calculation and packet processing take place in the software on layer 3. This means that packets need to be moved from the layer 2 hardware interface to layer three and so it takes some time. In a layer 3 Switch Routing calculations takes place at layer 3 in hardware or software, while the actual packet processing takes place at layer 2. The speed gain is accomplished by reducing the amount of features supported and moving as much logic as possible into hardware.

• How do you take information from one layer and switch it to another?

  I am trying to figure out how to take pictures and text that I have already placed on one layer and switch it to another layer. I have like 50 pages worth of information and I am trying to look for the easiest way to do this. In illustrator and Photoshop, its pretty easy. Wanting to know if it is the same because I have been trying but it is not there. Just in case it matters, Im using CS5 on a pc. Help is greatly appreciated.

  Hi Martin,
  Please follow the below steps.
  Step 1
  Create the separate layer. Select the content you want to move.
  Step 2
  Go to check layer panel, near the pen symbol icon, the below box drag to move up to the image layer, see sample
  Step 3
  This option use spread wise content, it will complete the task with fast. If more faster, please raise as question to Scripting Forum, they can suggest the tool.

• Dynamic VLAN assignment and Layer 3 switching on 300 series

  I have a SG300-28P switch. I just read in the Administration Guide that, when in Layer 3 mode, the switch doesn't support MAC-based VLAN or Dynamic VLAN Assignment.
  So, in order to assign a client to a VLAN based on their MAC or based on the response of a RADIUS server, we have to disable layer 3 features. Without layer 3 switching, the switch is unable to act as a default gateway and forward packets between VLANs. As a result, the VLANs can't communicate in any way, or access the internet, unless a separate router is connected to every VLAN. Right?
  I'm new to VLAN configuration and layer 3 switching so I wanted to check my understanding. Doesn't this limitation significantly reduce the usefulness of the DVA feature?
  I may well be confused and missing something regarding how this is typically used..

  Hello Glenn,
  Your concept about packet forwarding is correct. With a layer 2 switch, there must be something directing traffic with multiple subnets for intervlan communication or something that provides an IP route to give the request a path back for the request.
  The usefulness for the DVA feature, is not particularly limited to the switch as the switch will correctly assign the VLAN for you, as VS the L3 switch mode, you're dealing with IP addresses. In any scenario, you're going to require a router to get to the internet since the switch does not support NAT.
  Additionally, if you're router does not support VLAN, the L3 switch feature would still be the solution since you should be able to make a static route pointing back to the switch to allow any subnet to traverse the single media. It would still beg the question, how to assign VLAN dynamically.
  The answer, although (in my opinion is terrible) would be GVRP.  But, this application would require ALL of your network cards to be GVRP Enable / Capable which most likely is not the scenario for you (or most anyone else for that matter).

• Multiple VLANs through to layer 2 switch

  So long as each switch supports VLANing (which most manageable switches do), then yes. Some model numbers on the switches would help here though to be sure.
  Also, keep in mind that assigning VLANs is a layer 2 function, not layer 3. So long as you tag the VLANs you need to pass between the switches on the feed ports between them, you should be able to have them running without issue.
  Could you provide a little more detail as to what you're trying to accomplish so that we can better advise you how to proceed?

  Hello,
  Is it possible to send multiple vlans across a layer 3 dell powerconnect to a Meraki layer 2 switch and configure the ports to access the different vlans? 
  Is it also multiple vlans across a layer 3 dell powerconnect to a layer 2 dell powerconnect switch and configure the ports to access the different vlans? 
  I've been playing aound with this and I can't seem to get it done.
  Thanks for any help in advance.
  This topic first appeared in the Spiceworks Community