Broadcast suppression
we had an a issue last night where a server started sending a broadcast storm and caused latency in the network. (this was an email migrantion and we expected that type of broadcast) but problem started when Cisco4507 (where server is connected) started sending broadcast to every host in the network and spiked the CPU, in my understanding switch is not supposed to forward this traffice and should have supressed it but I think it acted as a hub and not switch. My question is what can I do to stop/limit a host to send this type of broadcast or tell the switch not to process it to other hosts. I found an interface level command
storm-control broadcast level
storm-control action shutdown/trap
Has anyone tried this? Or if someone has other suggestions?
Thanks you all in advance.
It's broadcast nature to "broadcast" traffic. When compared to a hub only unicast traffic will be isolated from other ports. Broadcast and multicast frames WILL enter ALL switchports except the origination port.
You can configure a threshold (with the storm-control command)on the troubled port. However use this with great caution. Apply it to one port at a time, because you can lock up your switch with this.
Similar Messages
-
Switches are running VOIP and Data traffic(mostly) and we had the settings for ages. With couple of issues - some caused by end-users creating a loop on the floor ports - we never had problems with network. No login delays, no phone quality issues.
Not sure how the others see it but in our case these settings do work.Hi Guys,
Just wondering what is the best ratio for broadcast suppression on our network switches. I have read multiple places that 20% is a good place to start. Others state that 40% willl prevent storms.....
Just wondering what others have it set to and success stories.....
Cheers
Caoibhin
This topic first appeared in the Spiceworks Community -
3com and cisco switches (802.1q)vlan integration problem - broadcast storm?
Hi forum,
we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.
my questions:
1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?
2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?
3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?
4) is there a way on the design side to effectly counter this problem?
Kind regards,
paulIt sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.
As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.
P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do. -
storage-vdc(config-if)# show module
Mod Ports Module-Type Model Status
2 32 1/10 Gbps Ethernet Module N7K-F132XP-15 ok
sw1-gd78(config-if)# sh module
Mod Ports Module-Type Model Status
2 48 1/2/4/8 Gbps FC Module DS-X9248-96K9 ok
4 8 10 Gbps FCoE Module DS-X9708-K9 ok
7 0 Supervisor/Fabric-2a DS-X9530-SF2AK9 active *
8 0 Supervisor/Fabric-2a DS-X9530-SF2AK9 ha-standby
10 22 4x1GE IPS, 18x1/2/4Gbps FC Module DS-X9304-18K9 ok
Mod Sw Hw World-Wide-Name(s) (WWN)
2 5.2(2) 1.1 20:41:00:0d:ec:fb:8a:00 to 20:70:00:0d:ec:fb:8a:00
4 5.2(2) 0.107 --
7 5.2(2) 1.8 --
8 5.2(2) 1.8 --
10 5.2(2) 1.3 22:41:00:0d:ec:fb:8a:00 to 22:52:00:0d:ec:fb:8a:00
sw1-gd78(config-if)# sh run int ethernet4/6
!Command: show running-config interface Ethernet4/6
!Time: Mon Feb 20 22:56:12 2012
version 5.2(2)
interface Ethernet4/6
no shutdown
sw1-gd78(config-if)# no shut
sw1-gd78(config-if)# speed 1000
ERROR: Ethernet4/6: Configuration does not match the port capability.
sw1-gd72# sh int ethernet4/6 capabilities
Ethernet4/6
Model: DS-X9708-K9
Type (SFP capable): 10Gbase-SR
Speed: 1000,10000
Duplex: full
Trunk encap. type: 802.1Q
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off/on/desired),tx-(off/on/desired)
Rate mode: dedicated
QOS scheduling: rx-(2q4t),tx-(1p3q4t)
CoS rewrite: yes
ToS rewrite: yes
SPAN: yes
UDLD: yes
Link Debounce: yes
Link Debounce Time: yes
MDIX: no
Port Group Members: none
TDR capable: no
FabricPath capable: yes
Port mode: Switched
sw1-gd72# sh int ethernet4/6 transceiver details
Ethernet4/6
transceiver is present
type is 10Gbase-SR
name is CISCO-FINISAR
part number is FTLX8571D3BCL-CS
revision is C
serial number is FNS12090EMJ
nominal bitrate is 10300 MBit/sec
Link length supported for 50/125um OM2 fiber is 82 m
Link length supported for 50/125um OM3 fiber is 300 m
Link length supported for 62.5/125um fiber is 26 m
cisco id is --
cisco extended id number is 4
SFP Detail Diagnostics Information (internal calibration)
Alarms Warnings
High Low High Low
Temperature 36.21 C 75.00 C -5.00 C 70.00 C 0.00 C
Voltage 3.29 V 3.63 V 2.97 V 3.46 V 3.13 V
Current 8.11 mA 11.80 mA 4.00 mA 10.80 mA 5.00 mA
Tx Power -2.65 dBm 1.49 dBm -11.30 dBm -1.50 dBm -7.30 dBm
Rx Power -2.21 dBm 1.99 dBm -13.97 dBm -1.00 dBm -9.91 dBm
Transmit Fault Count = 0
Note: ++ high-alarm; + high-warning; -- low-alarm; - low-warningAnkit,
You are trying to set speed 1000 on a 10g sfp.
type is 10Gbase-SR
You will need to insert a 1gig sfp and then you will be able to set the speed.
Also, I noticed that you posted first with interface 2/6 and the output you gave me was for 4/6. Are you sure you're in the right interface? -
ME 6524 LLQConfiguration Help Required
I am having hard time in configuring LLQ on a ME 6524. I am getting following error:
priority command is not supported in output direction for this interface
Configuration failed!
I am new to this platform, kindly suggest....
Below is required info and my QOS policy:
mls qos
ip access-list extended VC-IPs
permit ip host 10.110.210.144 host 10.158.227.15
exit
class-map match-any RTP
match protocol rtp
exit
class-map match-any VC
match access-group name VC-IPs
exit
policy-map VC-QOS
class RTP
priority 2000000
set ip dscp ef
exit
class VC
bandwidth 2000000
set ip dscp af41
exit
class class-default
fair-queue
random-detect
exit
int gi1/2
service-policy out VC-QOS
exit
end
priority command is not supported in output direction for this interface
Configuration failed!
DEL-6524-01#sh int gi1/2 capabilities
GigabitEthernet1/2
Model: ME-C6524GT-8S
Type: 10/100/1000BaseT
Speed: 10,100,1000,auto
Duplex: half,full
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: none
Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)
Membership: static
Fast Start: yes
QOS scheduling: rx-(1q2t), tx-(1p3q8t)
QOS queueing mode: rx-(cos), tx-(cos)
CoS rewrite: yes
ToS rewrite: yes
Inline power: no
Inline power policing: no
SPAN: source/destination
UDLD yes
Link Debounce: yes
Link Debounce Time: no
Ports on ASIC: 1-12
Remote switch uplink: no
Dot1x: yes
Port-Security: yes
DEL-6524-01#sh int gi1/2
GigabitEthernet1/2 is up, line protocol is up (connected)
Hardware is C6k 1000Mb 802.3, address is 5475.d066.2936 (bia 5475.d066.2936)
Description: SPECTRANET 70 Mbps Link from Delhi BSZ to Mumbai CST - 10.10.100.2
Internet address is 10.10.100.2/30
MTU 1500 bytes, BW 71680 Kbit, DLY 100 usec,
reliability 255/255, txload 14/255, rxload 16/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseT
input flow-control is off, output flow-control is off
Clock mode is auto
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 3w6d
Input queue: 0/75/3/3 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 4760000 bits/sec, 3585 packets/sec
30 second output rate 4122000 bits/sec, 3441 packets/sec
L2 Switched: ucast: 1993601 pkt, 247523714 bytes - mcast: 1 pkt, 64 bytes
L3 in Switched: ucast: 8796674958 pkt, 2056594112735 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 9305831488 pkt, 2381278643432 bytes mcast: 0 pkt, 0 bytes
8829433964 packets input, 2059985043121 bytes, 0 no buffer
Received 40007 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
9341111134 packets output, 2384759833734 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
DEL-6524-01#sh ip int gi1/2
GigabitEthernet1/2 is up, line protocol is up
Internet address is 10.10.100.2/30
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: Ingress-NetFlow
Output features: IP Post Routing Processing, Post-Ingress-NetFlow, Egress-Netflow, HW Shortcut Installation
Post encapsulation features: MTU Processing, IP Protocol Output Counter, IP Sendself Check, HW Shortcut Installation
Sampled Netflow is disabled
IP Routed Flow creation is enabled in netflow table
IP Bridged Flow creation is disabled in netflow table
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
IP multicast multilayer switching is disabled
DEL-6524-01#sh version
Cisco IOS Software, s6523_rp Software (s6523_rp-ADVIPSERVICESK9-M), Version 12.2(33)SXH7, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Fri 12-Mar-10 04:46 by prod_rel_team
ROM: System Bootstrap, Version 12.2(17r)SX3, RELEASE SOFTWARE (fc1)
DEL-6524-01 uptime is 1 year, 12 weeks, 6 days, 4 hours, 5 minutes
Uptime for this control processor is 1 year, 12 weeks, 6 days, 4 hours, 7 minutes
Time since DEL-6524-01 switched to active is 1 year, 12 weeks, 6 days, 4 hours, 5 minutes
System returned to ROM by power cycle at 12:26:40 UTC Tue Oct 11 2011 (SP by power-on)
System restarted at 17:18:48 IST Thu Jun 6 2013
System image file is "sup-bootflash:s6523-advipservicesk9-mz.122-33.SXH7.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
cisco ME-C6524GT-8S (R7000) processor (revision 1.6) with 983040K/65536K bytes of memory.
Processor board ID SAL1443XPW1
R7000 CPU at 300Mhz, Implementation 0x27, Rev 3.3, 256KB L2, 1024KB L3 Cache
Last reset from power-on
1 Virtual Ethernet interface
32 Gigabit Ethernet interfaces
1915K bytes of non-volatile configuration memory.
65536K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102Hey Deepak,
Regarding the error message, check the configuration guide for 12.2SX release. It looks like priority command is not supported under policy map. Check the following link:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/qos.html#wp1581702
HTH.
Regards,
RS. -
Is there a GBIC to sfc patch cable?
I believe the currently installed fiber is GBIC, but the switch converter is mini-GBIC. Is there a way to get these to work together?
Thanks.I'm not really sure what you mean, GBIC is a type of interface convertor and usually has SC Fibre connectors, the mini-GBIC you are referring to may be an SFP which is a smaller type of interface convertor and usually has LC Fibre connectors.
GBICs and SFPs will work together as long as they are the same type ie Single Mode or Multi Mode and you also need to make sure the TX and RX Optical Power levels are within the specified limits at both ends of the link.
On some switches the command "show inventory" may show the type of interface convertor installed.
SITE-A-CAT#show inventory
NAME: "SITE-A-CAT", DESCR: "Cisco Catalyst c2950 switch with 24 10/100 BaseTX ports and 2 GBIC (Gigabit Interface Converter) slots"
PID: WS-C2950G-24-EI , VID: L0 , SN: FCZ1041Y0KJ
NAME: "GigabitEthernet0/1", DESCR: "longwave fiber gigabit ethernet port adapter"
PID: GBIC_LX , VID: 30 30 30 30, SN: AGS094801V1
Or try the command "show interfaces gi/x/x/x capabilities" (where gix/x/x) is the interface number.
PE-CAT-A#show interfaces gi1/1/1 capabilities
GigabitEthernet1/1/1
Model: ME-C3750-24TE
Type: 1000BaseLX SFP
Speed: 1000
Duplex: full
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),tx-(4q2t)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
Hope this helps -
Speed/Duplex between two different switchs & SFP
Hi everybody,
I'm sorry about my poor english... I'm French (but it is not contagious)
I need your help (or TAC Help ) about speed and duplex problems.
My network :
[C2960G-24TC-L with sfp GLC-FE-100LX on Gig 0/23] <--> (Singlemode Fiber 9/125µ) <--> [Cisco SF200-24 with sfp MFELX1 on Gi1]
Autonegociation everywhere...
My problem :
%CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on GigabitEthernet0/23 (not full duplex), with f02929f97095 gi1 (full duplex).
- I can't force speed/duplex on MFELX1 (actually a-full a-100)
- I can't force speed/duplex on GLC-FE-100LX (actually a-half a-100)
Is there an incompatibility between this equipements ?
Configuration detail :
WS-C2960G-24TC-L 12.2(58)SE2 C2960-LANBASEK9-M
Cisco SF200-24 Firmware Version (Active Image): 1.2.9.44
#sh int gig 0/23 capabilities
GigabitEthernet0/23
Model: WS-C2960G-24TC-L
Type: 100BaseLX-FE SFP
Speed: 100
Duplex: half,full
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),
tx-(4q3t) (3t: Two configurable values and one fixed.)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
Multiple Media Types: rj45, sfp, auto-select
#show int gigabitEthernet 0/23 transceiver properties
Diagnostic Monitoring is not implemented.
Name : Gi0/23
Administrative Speed: auto
Administrative Duplex: auto
Administrative Auto-MDIX: on
Administrative Power Inline: N/A
Operational Speed: 100
Operational Duplex: half
Operational Auto-MDIX: on
Media Type: 100BaseLX-FE SFP
Configured Media: auto-select
Active Media: sfp
Thank you so much for yor help !Thank you Leo,
It doesn't work, but I found an solution !
A strange solution...
I forced the C2960G-24TC-L to work with SFP :
media-type sfp
When I do that, I have the possibility to force the duplex (but not the speed... ok why not... ) :
duplex full
It is not very clean but my link is up and full-100 both sides.
Not very clean because :
C2960 side = force duplex, auto speed
SF200 side = auto duplex, auto speed
No errors... the link is clean.
Anyone known the reason or a better solution ? -
Hello,
I am trying to setup a dot1q-tunnel on a Catalyst 6506 running IOS 12.2 and am running into trouble. I have followed everything in the manual and from other's examples, but I continually get the error:
Command rejected: Gi1/1 doesn't support 802.1q tunneling.
To get there I have done:
Router(config)#vlan dot1q tag native
Router(config)#interface range gig 1/1-48
Router(config-if-range)#spanning-tree bpdufilter enable
Router(config-if-range)#spanning-tree portfast
Router(config-if-range)#switchport mode dot1q-tunnel
and it says command rejected for all 48 ports.
If anyone has any insight it would be greatly appreciated. Thank you for your timeif you can't make tunnel with dot1q, check the capability of the module using follow command..
[example]
Swith#show interfaces gigabitEthernet 0/1 capabilities
GigabitEthernet0/1
Model: WS-C3550-24
Type: unknown
Speed: 1000
Duplex: full
Trunk encap. type: 802.1Q,ISL <<<--- capability
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)
Fast Start: yes
QOS scheduling: rx-(1q0t),tx-(4q2t),tx-(1p3q2t)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes -
2960 will not allow "switchport trunk encapsulation dot1q" CLI
I have a Cisco 2960 switch that is not allowing me to setup switchport trunk encapsulation dot1q on a trunking interface.
The show capabilities shows that the interface can use 802.1q, but when I try to CLI the command the work encapsulation is not an option.
Please advise with a solution.
Thanks, S
Model - WS-C2960G-24TC-L
SW Version - 12.2(44)SE6
SW Image - C2960-LANBASEK9-M
S1#
S1#sh int gi0/23 capabilities
GigabitEthernet0/23
Model: WS-C2960G-24TC-L
Type: 1000BaseLX SFP
Speed: 1000
Duplex: full
Trunk encap. type: 802.1Q
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(none)
Fast Start: yes
QoS scheduling: rx-(not configurable on per port basis),
tx-(4q3t) (3t: Two configurable values and one fixed.)
CoS rewrite: yes
ToS rewrite: yes
UDLD: yes
Inline power: no
SPAN: source/destination
PortSecure: yes
Dot1x: yes
Multiple Media Types: rj45, sfp, auto-select
S1#
S1#
S1#
S1(config-if)#switchport ?
access Set access mode characteristics of the interface
backup Set backup for the interface
block Disable forwarding of unknown uni/multi cast addresses
host Set port host
mode Set trunking mode of the interface
nonegotiate Device will not engage in negotiation protocol on this
interface
port-security Security related command
priority Set appliance 802.1p priority
protected Configure an interface to be a protected port
trunk Set trunking characteristics of the interface
voice Voice appliance attributes
S1#
S1#
S1#
S1(config-if)#switchport trunk ?
allowed Set allowed VLAN characteristics when interface is in trunking mode
native Set trunking native characteristics when interface is in trunking
mode
pruning Set pruning VLAN characteristics when interface is in trunking mode
S1#
S1#
S1#Newer devices don't support ISL so you can only run 802.1Q. That means that there is no need for an encapsulation command because only one encapsulation is supported. If the device had support for ISL then you would also have that command.
Daniel Dib
CCIE #37149
Please rate helpful posts. -
Does N2K-C2232PP-10GE supports SFP Transceiver 1000BaseSX ?
Dear All,
Does N2K-C2232PP-10GE supports SFP Transceiver 1000BaseSX ?
Ethernet111/1/1
Model: unavailable
Type (SFP capable): unknown
Speed: 1000,10000
Duplex: full
Trunk encap. type: 802.1Q
FabricPath capable: yes
Channel: yes
Broadcast suppression: no
Flowcontrol: rx-(off/on),tx-(off/on)
Rate mode: dedicated
Port mode: Routed,Switched
QOS scheduling: rx-(8q1t),tx-(1p8q1t)
CoS rewrite: yes
ToS rewrite: no
SPAN: yes
UDLD: no
MDIX: no
TDR capable: no
Link Debounce: yes
Link Debounce Time: yes
FEX Fabric: no
dot1Q-tunnel mode: no
EFP: no
Num Rewrites Allowed: 0
Pvlan Trunk capable: yes
Port Group Members: none
EEE (efficient-eth): no
PFC capable: yes
Breakout capable: no
ThanksFor future users, as the question is couple months old.
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-2000-series-fabric-extenders/data_sheet_c78-507093.html
Table 5. Cisco Nexus Fabric Extender Transceiver Specifications
-Kenny -
Can I join Layer 2 MEC port channel with 10G SR and LR together?
We are thinking of using VSS setup.
VSS with Server Farm switches.
VSS sw1 and sw2 are in different building.
in order to save cost..
Server farm 1 with VSS sw1 will use 10G SR.
Server farm 1 with VSS sw2 will use 10G LR.
But I need to bundle that 10G SR and LR together to form L2 MEC..
Thanks,
Johnhi John,
yes you can
one thing you need to check is that the qos scheduling match on the interfaces , they can differ depending on what cards they are on .....ie below (in bold)
even if they dont match -- there is a command to ignore this in etherchannel formation -- i can dig up if you need.
#sh int te 1/5/2 capabilities
TenGigabitEthernet1/5/2
Model: WS-X6708-10GE
Type: 10Gbase-SR
Speed: 10000
Duplex: full
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on),tx-(off,on)
Membership: static
Fast Start: yes
QOS scheduling: rx-(8q4t), tx-(1p7q4t)
QOS queueing mode: rx-(cos,dscp), tx-(cos,dscp)
CoS rewrite: yes
ToS rewrite: yes
Inline power: no
Inline power policing: no
SPAN: source/destination
UDLD yes
Link Debounce: yes
Link Debounce Time: yes
Ports-in-ASIC (Sub-port ASIC) : 2-3,6,8 (2)
Remote switch uplink: no
Dot1x: no
Port-Security: yes -
Nexus / link fail / autonegotiation
This summer, we replaced a pair of Catalyst 4500s with a pair of Nexus 5010s, dangling a FEX off each (N2K-C2248TP-1GE). No cabling change -- just swapped electronics.
Since then, the operational staff have been struggling to persuade our APC gear to connect (APC 9606, 9617, and 9630 cards, inserted into a range of PDUs, EMUs, and UPSes).
I spent an hour in the room this morning with a Fluke NetTool (Series II), putting in-line with a couple of APC PDUs plus one of the tech's laptops, watching log messages from the Nexi. playing around.
I think I'm seeing autonegotiation issues. But perhaps you can see something else.
Here's a PDU -- link comes up briefly (though notice the 10 Mb/s speed ... I didn't think that the 2248T supported 10Mb!?) -- and then drops.
Nov 22 09:24:26 dfsr-a-esx : 2010 Nov 22 09:24:26 pst: %ETHPORT-5-SPEED: Interface Ethernet100/1/40, operational speed changed to 10 Mbps
Nov 22 09:24:26 dfsr-a-esx : 2010 Nov 22 09:24:26 pst: %ETHPORT-5-IF_DUPLEX: Interface Ethernet100/1/40, operational duplex mode changed to Full
Nov 22 09:24:26 dfsr-a-esx : 2010 Nov 22 09:24:26 pst: %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet100/1/40, operational Receive Flow Control state changed to off
Nov 22 09:24:26 dfsr-a-esx : 2010 Nov 22 09:24:26 pst: %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet100/1/40, operational Transmit Flow Control state changed to on
Nov 22 09:24:26 dfsr-a-esx : 2010 Nov 22 09:24:26 pst: %ETHPORT-5-IF_UP: Interface Ethernet100/1/40 is up
Nov 22 09:24:30 dfsr-a-esx : 2010 Nov 22 09:24:30 pst: %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet100/1/40 is down (Link failure)
Nov 22 09:24:40 dfsr-a-esx : 2010 Nov 22 09:24:40 pst: %ETHPORT-5-SPEED: Interface Ethernet100/1/40, operational speed changed to 10 Mbps
Nov 22 09:24:40 dfsr-a-esx : 2010 Nov 22 09:24:40 pst: %ETHPORT-5-IF_DUPLEX: Interface Ethernet100/1/40, operational duplex mode changed to Full
Nov 22 09:24:40 dfsr-a-esx : 2010 Nov 22 09:24:40 pst: %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet100/1/40, operational Receive Flow Control state changed to off
Nov 22 09:24:40 dfsr-a-esx : 2010 Nov 22 09:24:40 pst: %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet100/1/40, operational Transmit Flow Control state changed to on
Nov 22 09:24:40 dfsr-a-esx : 2010 Nov 22 09:24:40 pst: %ETHPORT-5-IF_UP: Interface Ethernet100/1/40 is up
Nov 22 09:24:30 dfsr-a-esx : 2010 Nov 22 09:24:30 pst: %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet100/1/40 is down (Link failure)
Here's another try with the PDU -- negotiates to 1Gbps (the APC9630 card in the PDU contains a 10/100 chipsset), but in the end drops link also:
Nov 22 09:25:15 dfsr-a-esx : 2010 Nov 22 09:25:15 pst: %ETHPORT-5-SPEED: Interface Ethernet100/1/40, operational speed changed to 1 Gbps
Nov 22 09:25:15 dfsr-a-esx : 2010 Nov 22 09:25:15 pst: %ETHPORT-5-IF_DUPLEX: Interface Ethernet100/1/40, operational duplex mode changed to Full
Nov 22 09:25:15 dfsr-a-esx : 2010 Nov 22 09:25:15 pst: %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet100/1/40, operational Receive Flow Control state changed to off
Nov 22 09:25:15 dfsr-a-esx : 2010 Nov 22 09:25:15 pst: %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet100/1/40, operational Transmit Flow Control state changed to on
Nov 22 09:25:15 dfsr-a-esx : 2010 Nov 22 09:25:15 pst: %ETHPORT-5-IF_UP: Interface Ethernet100/1/40 is up
Nov 22 09:25:16 dfsr-a-esx : 2010 Nov 22 09:25:16 pst: %ETHPORT-5-IF_DOWN_LINK_FAILURE: Interface Ethernet100/1/40 is down (Link failure)
Here is the laptop succeeding (the laptop succeeded reliably, although sometimes it would autonegotiate to 10/full, rather than 1000/full):
Nov 22 09:47:21 dfsr-b-esx : 2010 Nov 22 09:47:21 pst: %ETHPORT-5-SPEED: Interface Ethernet100/1/25, operational speed changed to 1 Gbps
Nov 22 09:47:21 dfsr-b-esx : 2010 Nov 22 09:47:21 pst: %ETHPORT-5-IF_DUPLEX: Interface Ethernet100/1/25, operational duplex mode changed to Full
Nov 22 09:47:21 dfsr-b-esx : 2010 Nov 22 09:47:21 pst: %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet100/1/25, operational Receive Flow Control state changed to off
Nov 22 09:47:21 dfsr-b-esx : 2010 Nov 22 09:47:21 pst: %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet100/1/25, operational Transmit Flow Control state changed to on
Nov 22 09:47:21 dfsr-b-esx : 2010 Nov 22 09:47:21 pst: %ETHPORT-5-IF_UP: Interface Ethernet100/1/25 is up
The NetTool reported the following:
Nexi advertised: 10/100/1000
APC advertised: 10/100
Nexi negotiated to 100/full
APC negotiated to 100/half
Link stays down / ping does not work
Nexi advertised: 10/100/1000
Laptop advertised: 10/100/1000
Nexi negotiated to 10/full
Laptop negotiated to 10/full
[Sometimes, both would negotiate to 1000/full]
Link comes up / ping works
For grins, the Ops staff have schlepped two of the PDUs and one of the EMUs to another location, plugged them into Catalyst 4500s, link comes up immediately; they can configure the appropriate IP address and then ping successfully. Most of the NICs in the room, ~60 devices, work fine, including most of the APC NICs. However, some of the gear has never worked (since the Nexi went in), some have worked intermittently. I have visibility into the APC stuff, because our group manages it; I don't know how much, if any, of the more conventional end-stations (Dell, Sun, and IBM servers) have been affected.
I lived through the broken-negotiation era in the 1990s, with buggy NIC drivers, admins hard-coding one side to full-duplex and leaving the other side auto-negotiating (blech), and even trying to run 10/100 autonegotiation over Type 1 cabling using baluns (failed spectacularly -- had to hard-code both sides). But I haven't seen auto-negotiation issues ... in many years. All ~13,000 Ethernet ports at our company are configured to auto-negotiate, except for four feeding old Compaq Alpha machines.
Am I on the right trail? Or can someone see another avenue of inquiry?
--sk
Stuart Kendrick
FHCRC
dfsr-a-esx# sh fex
FEX FEX FEX FEX
Number Description State Model Serial
100 FEX0100 Online N2K-C2248TP-1GE JAF1416BLMR
dfsr-a-esx#
Software
BIOS: version 1.2.0
loader: version N/A
kickstart: version 4.2(1)N1(1)
system: version 4.2(1)N1(1)
power-seq: version v1.0
BIOS compile time: 06/19/08
kickstart image file is: bootflash:/n5000-uk9-kickstart.4.2.1.N1.1.bin
kickstart compile time: 4/29/2010 19:00:00 [04/29/2010 19:38:04]
system image file is: bootflash:/n5000-uk9.4.2.1.N1.1.bin
system compile time: 4/29/2010 19:00:00 [04/29/2010 20:51:47]
Hardware
cisco Nexus5010 Chassis ("20x10GE/Supervisor")
Intel(R) Celeron(R) M CPU with 2074284 kB of memory.
Processor Board ID JAF1342AMFG
Device name: dfsr-a-esx
bootflash: 1003520 kB
Kernel uptime is 39 day(s), 5 hour(s), 17 minute(s), 22 second(s)
Last reset
Reason: Unknown
System version: 4.2(1)N1(1)
Service:
plugin
Core Plugin, Ethernet Plugin
dfsr-a-esx#And if I hard-code the port to 100Mb, then link comes up:
dfsr-a-esx# config t
dfsr-a-esx(config)# int eth100/1/40
dfsr-a-esx(config-if)# speed 100
dfsr-a-esx(config-if)#
Nov 22 16:18:09 dfsr-a-esx : 2010 Nov 22 16:18:09 pst: %ETHPORT-5-SPEED: Interface Ethernet100/1/40, operational speed changed to 100 Mbps
Nov 22 16:18:09 dfsr-a-esx : 2010 Nov 22 16:18:09 pst: %ETHPORT-5-IF_DUPLEX: Interface Ethernet100/1/40, operational duplex mode changed to Full
Nov 22 16:18:09 dfsr-a-esx : 2010 Nov 22 16:18:09 pst: %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet100/1/40, operational Receive Flow Control state changed to off
Nov 22 16:18:09 dfsr-a-esx : 2010 Nov 22 16:18:09 pst: %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet100/1/40, operational Transmit Flow Control state changed to on
Nov 22 16:18:09 dfsr-a-esx : 2010 Nov 22 16:18:09 pst: %ETHPORT-5-IF_UP: Interface Ethernet100/1/40 is up
dfsr-a-esx# sh int eth100/1/40 cap
Ethernet100/1/40
Model: N2K-C2248TP-1GE
Type (Non SFP): --
Speed: 10,100,1000,auto
Duplex: full
Trunk encap. type: 802.1Q
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off/on),tx-(off/on)
Rate mode: none
QOS scheduling: rx-(6q1t),tx-(1p6q0t)
CoS rewrite: no
ToS rewrite: no
SPAN: yes
UDLD: no
Link Debounce: yes
Link Debounce Time: yes
MDIX: no
Pvlan Trunk capable: yes
dfsr-a-esx#
So, I find this astonishing. Auto-negotiation failure between modern hardware!? (the APC card in question is the latest model, just shipped this year). But perhaps I'm naive ... have other folks seen auto-negotiation issues recently?
--sk -
Nexus 5548UP and GLC-LH-SM showing sfpinvali
Hi gurus, have just received a 5548UP and when a 1GB GLC-LH-SM is inserted into the system it shows as being invalid.
Eth0/1 -- sfpInvali 1 auto 10G 1/10g
4 different SFPs have been tried in numerous interfaces on the system. I have also upgraded the software to 5.0(2).
And I have tried setting the speed to 1GB on the interface.
Any ideas on what simple configuration task I have missed?
LPHi,
I've the same issue with GLC-T 1Gbps SFP tranceiver and NX-5548UP with L3 Daughter Card.
sh int e1/32 status
Port Name Status Vlan Duplex Speed Type
Eth1/32 VLAN99 notconnec 99 full 1000 SFP-1000BAS
The cable is connected and in the other device (switch 2960x) the ethernet interface is UP
My configuration :
NX-OS : version 5.2(1)N1(4)
interface Ethernet1/32
description VLAN99
switchport access vlan 99
speed 1000
sh mod
Mod Ports Module-Type Model Status
1 32 O2 32X10GE/Modular Universal Plat N5K-C5548UP-SUP active *
3 0 O2 Daughter Card with L3 ASIC N55-D160L3-V2 ok
Tranceiver info :
Ethernet1/32
transceiver is present
type is SFP-1000BASE-T
name is CISCO-METHODE
part number is SP7041_Rev_E
revision is E
serial number is 00000MTC163405CF
nominal bitrate is 1300 MBit/sec
Link length supported for copper is 100 m
cisco id is --
cisco extended id number is 4
DOM is not supported
Interface capa :
Ethernet1/32
Model: N5K-C5548UP-SUP
Type (SFP capable): 10Gbase-(unknown)
Speed: 1000,10000
Duplex: full
Trunk encap. type: 802.1Q
Channel: yes
Broadcast suppression: no
Flowcontrol: rx-(off/on),tx-(off/on)
Rate mode: none
QOS scheduling: rx-(6q1t),tx-(1p6q0t)
CoS rewrite: no
ToS rewrite: no
SPAN: yes
UDLD: yes
Link Debounce: yes
Link Debounce Time: yes
MDIX: no
Pvlan Trunk capable: yes
TDR capable: no
FabricPath capable: yes
Port mode: Switched
FEX Fabric: yes
Any idea ?
Regards,
Julien. -
GigabitEthernet1/1 is up, line protocol is down (notconnect)
Hi All,
I am really curious to investigate a possible reason behind this error message.
During the configuration of a port channel bundled with 2 links I have the error in the subject but only for one side of the connection and only for one link part of the port channel.
On the other side the corrispondent interface was up/up and the other link part of the port channel was able to go up with no issue (for all the configuration is the same).
Background info:
- The link in discussion was connecting the two Multilayer swicthes before the configuration of the port channel with no issue
- The port channel is a L2 etherchannel
- What was done was simply to shutdown the interface on both swicthes, add the command channel group xx mode on on both side of the connection and then bring up the connection with the result above showed: one side up/down (not connect) and the other side up/up
I am excluding problem with the configuration. The reason is simple: i just reply the configuration to the all links (total 2) part of the port channel with no issue.
Can be a cabling problem (SFP)? Again keep in mind that before the change, this link was active with no issue for 4 years.
Thanks all.Hi Peter,
Find below the requested output.
I forgot to mention something:
The etherchannel is a L2
The mode employed to create the port channel was on
In any case what I did in the meanwhile was:
- To check the cable -> It is ok
- I did not check the SFP but I configured the involved interfaces as L3 and I bringed up both with no issue. They are connected so I am assuming that the SFP is ok. Do you agree?
At this point due to the fact that:
Configuration is working properly for the second link part of the same portchannel
The cable and sfp is ok
The only problem that I can see here is the Etherchannel Modes adopted: I heard that on modes is not the best practice. The best is use the LACP
Here the requested output:
show int gi1/1 capa
Dot1x: yes
Model: WS-X6748-SFP
Type: 1000BaseSX
Speed: 1000
Duplex: full
Trunk encap. type: 802.1Q,ISL
Trunk mode: on,off,desirable,nonegotiate
Channel: yes
Broadcast suppression: percentage(0-100)
Flowcontrol: rx-(off,on,desired),tx-(off,on,desired)
Membership: static
Fast Start: yes
QOS scheduling: rx-(1q8t), tx-(1p3q8t)
CoS rewrite: yes
ToS rewrite: yes
Inline power: no
SPAN: source/destination
UDLD yes
Link Debounce: yes
Link Debounce Time: yes
Ports on ASIC: 25,27,29,31,33,35,37,39,41,43,45,47
Port-Security: yes
GigabitEthernet1/1 is up, line protocol is down (notconnect)
Hardware is C6k 1000Mb 802.3, address is 0019.aa70.0000 (bia 0019.aa70.0006)
Description:
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 1000Mb/s, media type is SX
input flow-control is off, output flow-control is off
Clock mode is auto
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:58, output 02:08:13, output hang never
Last clearing of "show interface" counters 4y10w
Input queue: 0/2000/66318/0 (size/max/drops/flushes); Total output drops: 1731225685
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 17000 bits/sec, 25 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1705750435550 packets input, 2106584160022948 bytes, 1 no buffer
Received 245618852 broadcasts (148781910 multicasts)
0 runts, 48 giants, 1 throttles
0 input errors, 0 CRC, 0 frame, 66317 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 input packets with dribble condition detected
3762458417011 packets output, 3133012553118384 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
show interfaces status err-disabled
empty
show etherchannel summary
120 Po120(SU) - Gi1/2(P) Gi1/1(D) -
WS-C412 HUB suppresses broadcast messages
We have a Fasthub 400 series (WS-C412) hub (refurbished I think). One of our application broadcasts some data that's supposed to appear on a monitor on another PC. It doesn't. It makes us think that WS-C412 is suppressing broadcasts. We do a ping from one of the PCs (there are 4 PCs and 5 LANs. All HUBs are WS-C412) and watch the lights on the HUB and it doesn't look like the PING is broadcast at all (although we don't care about the PING, we do care about HUB suppressing broadcast messages because we need broadcasting capability in other applications). We have a 3COM HUB in another setup and there are no such problems there.
I was wondering if there is some configuration that would allow us to enable broadcasting. I would appreciate anyone's assistance.
Regards,
KalyanWe have a Fasthub 400 series (WS-C412) hub (refurbished I think). One of our application broadcasts some data that's supposed to appear on a monitor on another PC. It doesn't. It makes us think that WS-C412 is suppressing broadcasts. We do a ping from one of the PCs (there are 4 PCs and 5 LANs. All HUBs are WS-C412) and watch the lights on the HUB and it doesn't look like the PING is broadcast at all (although we don't care about the PING, we do care about HUB suppressing broadcast messages because we need broadcasting capability in other applications). We have a 3COM HUB in another setup and there are no such problems there.
I was wondering if there is some configuration that would allow us to enable broadcasting. I would appreciate anyone's assistance.
Regards,
Kalyan
Maybe you are looking for
-
Need more than 5 computers or link other accounts
Firstly let me say I love Home Sharing! BUT>>>> We have a household with 5 iMac's, 2 MacBook Pro's 1 MacBook Air, 1 iMac G5, 1 Mac Mini, 3 iPhone 4,s, 3 iPad 2's, 4 iPod's, and an Apple TV. (Just your standard Apple Fanboy) Here is our problem, I hav
-
Hello, I'm capturing Beta Cam tapes via Black Magic, it creates an AVI file, to a GLYPH hard drive; I'm working off the Glyph. After a minute of plyaback Adobe Premiere CS4 crashes and explains that there is an Import Process Server crash. This onl
-
Tech Preview 2: Windows Update
Since installing an update for Win10 when it changed Windows update to update and recovery in settings. I am no longer able to update through update and recovery. I'm running a completely clean build of Win10 with all the updates (that were installle
-
Aperture seems to apply a color profile to raw by itself
When I open up a image in aperture, it shows the image as shot for a second and then disorts the colors for some reason, applying some kind of preset profile to every raw I open. Below, it shows "processing" for the second before changing the colors.
-
Group and count by range of amount
Hi all, I have a list of 400,000 lines like this: But I need grouped by amount of 10 and count the number of clients grouped, something like this: I hope the pictures explain better my problem. Thanks for your support Carlos