IGM snooping with Q-in-Q

Similar Messages

• High cpu with dhcp snooping

  Hi all,
  I am using 2950T and have configured dhcp snooping with this config:
  conf t
  ip dhcp snooping
  ip dhcp snooping vlan 416
  int range fa0/1 - 24
  ip dhcp snooping limit rate 50
  int gig0/1 (Uplink)
  ip dhcp snooping trust
  int gig0/2
  ip dhcp snooping trust (uplink)
  After this the 2950 goes up to 80% cpu, and is barely accessible.
  Have i done something wrong, or will the cpu return to 20%?
  //Robert Pettersson
  senior network engineer, WetterNet

  Well,
  In Cisco Bug Toolkit there are couple of articles which looks similar to yours.
  The first thing to check now is the option-82. It is enabled by default so would be interesting to see what's happen if you disable it.
  Otherwise it would be better if you can open case at Cisco because it could be that your problem depends on some other features enabled on the switch.
  //Mikhail Galiulin

• WLC 5760 with internal DHCP server, clients no get IP address

  Hi all,
  I have  2  Cisco 5760 WLC (active-standby)  IOS-Xe 03.03.03SE  with  one WLAN.
   sh wlan summary 
  Number of WLANs: 1
  WLAN Profile Name                     SSID                           VLAN Status 
  1    Invitados_ADSL                   Guest                          905  UP
  sh vlan         
  VLAN Name                             Status    Ports
  1    default                          active    Te1/0/3, Te1/0/4, Te1/0/5, Te1/0/6, Te2/0/3
                                                  Te2/0/4, Te2/0/5, Te2/0/6
  100  VLAN0100                         active    Te1/0/1, Te2/0/1
  101  Planta_1                         active    
  905  Internet                         active    Te1/0/2, Te2/0/2
  The DHCP server is internal.
  Sometimes the clients no get IP address and the DHCP pool has IP addresses available.
  The workaround done by me to solve the issue is “clear  ip dhcp  binding *”.
  Some days later the problem appears again.
  I see this bug with a similar problem:
  NGWC blocks DHCP traffic if wireless broadcast disabled
  CSCun88928
  Description
  Symptom:
  Some clients set the BROADCAST flag on the DHCP Discover packet. This requires the DHCP server to reply with a broadcast.
  In that case and if you are not using DHCP snooping on the 5760/3850, then the controller will block the return traffic unless you enable "wireless broadcast" which enables broadcast globally (and is thus not always desirable)
  Conditions:
  Seen on 3.3.2 IOS-XE
  Workaround:
  Use DHCP snooping with the "ip dhcp snooping wireless bootp-broadcast command"
  OR
  Enable "wireless broadcast" globally
  My DHCP configuration is:
  ip dhcp relay information trust-all
  ip dhcp snooping vlan 905
  ip dhcp snooping
  ip dhcp excluded-address 172.16.0.1 172.16.0.19
  ip dhcp excluded-address 172.16.1.250 172.16.1.254
  ip dhcp pool Invitados
   network 172.16.0.0 255.255.254.0
   default-router 172.16.0.1 
   dns-server 212.66.160.2 212.49.128.65 
   lease 0 8
  I see in Cisco documentation (http://www.cisco.com/en/US/docs/wireless/technology/5760_deploy/CT5760_Centralized_Configuration_eg.html) this configuration:
  DHCP Snooping and Trust Configuration on CT5760
  ip dhcp snooping vlan 100, 200
  ip dhcp snooping wireless bootp-broadcast enable
  ip dhcp snooping
  interface TenGigabitEthernet1/0/1
  description Connection to Core Switch
  switchport trunk allowed vlan 100, 200
  switchport mode trunk
  ip dhcp relay information trusted ip dhcp snooping trust
  interface Vlan100
  description Client Vlan
  ip dhcp relay information trusted
  My question is,Do I have to add the command "ip dhcp snooping wireless bootp-broadcast enable" to solve the issue?
  Thanks in advance.
  Regards.
  D

  Yes, test it with the command you mentioned
  ip dhcp snooping wireless bootp-broadcast enable
  HTH
  Rasika
  **** Pls rate all useful responses *****

• IGMP snooping

  Hello to all!
  I have come a cross one problem with hope someone can help me solve it or at least give some valuable ideas.
  The problem is regarding IGMP snooping with Cisco 4948E swithes. By documentation it is said that IGMP snooping is turned on by default.
  However, I was getting all multicast traffic on the port where there is only one receiver, tuned to only one multicast group.
  I was able to solve to problem by turning igmp snooping querier option and now it is working ok.
  However, I have to plug in a Cisco router (7200 series). In that case the router is the querier.
  My problem is that the router is constantly getting all multicast traffic, causing the CPU time to increase and be crushed.
  I have several multicast groups on the switch, but want only specific ones to be present on the port where router is connected.
  I think IGMP snooping is not working on 4948E switches.
  Did anybody else experience the same problem?
  The router has PIM enabled and I have managed to solve the problem with access list being put in outside direction but this is not the neat solution.
  How can I solve this problem? When I do show int command on the router I am getting all multicast traffic and I want to receive only specific ones with way too lower traffic amount.
  Thank you very much!

  Hello to all!
  I have come a cross one problem with hope someone can help me solve it or at least give some valuable ideas.
  The problem is regarding IGMP snooping with Cisco 4948E swithes. By documentation it is said that IGMP snooping is turned on by default.
  However, I was getting all multicast traffic on the port where there is only one receiver, tuned to only one multicast group.
  I was able to solve to problem by turning igmp snooping querier option and now it is working ok.
  However, I have to plug in a Cisco router (7200 series). In that case the router is the querier.
  My problem is that the router is constantly getting all multicast traffic, causing the CPU time to increase and be crushed.
  I have several multicast groups on the switch, but want only specific ones to be present on the port where router is connected.
  I think IGMP snooping is not working on 4948E switches.
  Did anybody else experience the same problem?
  The router has PIM enabled and I have managed to solve the problem with access list being put in outside direction but this is not the neat solution.
  How can I solve this problem? When I do show int command on the router I am getting all multicast traffic and I want to receive only specific ones with way too lower traffic amount.
  Thank you very much!

• TCP/IP (HTTP) Snooping

  Apologies if this sort of question has been asked before! Is it possible to write an application that can pick up messages (e.g. SOAP messages) on a local machine without using a ServerSocket? For example, can I get hold of SOAP messages sent to port 80 on my local machine even though there is an HTTP server on my machine bound to that port? If I use a ServerSocket in my Java app I inevitably get a JVM_Bind error.
  I hope someone can help!
  Thanks,
  Andrew

  There is no "clean" way of doing that, but if you have suitable permissions (root in Unix, I don't know if Windows requires admin) you may be able to snoop packets. Google for the jpcap library, I think you can write a packet snooper with it.

• AIR Badge Install fails on Macromedia Certificate Error

  I noticed my AIR Badge installer stopped working with the message “A download error occurred, would you like to try again” when the person did not have Adobe AIR installed previously.  The badge installer is supposed to download AIR seamlessly as part of the process.
  I snooped with Charles and found that the loaded air.swf file was attempting to access https://www.macromedia.com and this request is returning a certificate error.  Attempting to access the url on my home machine directly using gives me the message that the cert is not from a trusted authority.  Attempting to access that url from my work machine results in a re-direct to Adobe.com.
  Anyone got a clue as to what the heck is going on? Am I dealing with an outdated version of the badge?  I got this from the Flex SDK 3.4 samples directory.
  Thanks,
  Jeff

  Rob,
  Thanks very much for getting back but the issue is resolved - I discovered
  that I was passing 1.52 instead of 1.5.2 for the required air version
  parameter.  D'oh.  Once that was set correctly the badge works fine.
  Jeff

• Network account logins hang and spinning ball in Mavericks

  Hello,
  All of a sudden on Monday, 11/3/14, I started getting reports from Mac users that they were running into the spinning ball of death (SBOD) during login. The Macs in question are all running OS X 10.9 (between 10.9.3 and 10.9.5), and bound to active directory through directory utility, and the accounts being used to login are active directory/network accounts. The hardware is identical for all users as well (15" Macbook Pro, 16GB RAM, 2.0GHz Core i7 CPU)
  I haven't been able to come up with much rhyme or reason to this yet as not all of my Mac users have been affected, and some are having to wait longer than others. I'm suspecting it is something with my Active Directory setup, but have not been able to find much useful information the the Windows Event Log. However, I'm not completely sure that's where the issue lies either because some of the MB Pros will sit at the login screen with the SBOD before the user has even tried typing their username.
  What I'm trying to figure out is where should I be looking in Console for any hints at what might be going on or hanging up the boot process? I seem to have a lot of entries being created during the login process, but I'm not as familiar with Console as I should be for troubleshooting this so I'm hoping for some community guidance.
  One thing I did find that didn't help was removing one of the search paths. That path does not exist on our machines so that isn't the issue.
  Thank you in advance for your assistance

  So I've done some snooping with Wireshark and the Mac is sending IGMP requests like crazy while it appears to be hung up. Almost non-stop outbound to port 11111. This only seems to happen with Macs that are joined to the domain. I'm using a Thunderbolt Ethernet adapter. It seems to have problems over Wifi though too, but haven't analyzed that traffic yet to verify it's the same IGMP requests. If I disable wifi and remove the Thunderbolt Ethernet from Network in System Preferences, then reboot, then the system seems to boot quickly.
  I found another topic about Thunderbolt Ethernet and IGMP kernel panics, but I don't seem to be having any panics. It's just that the system will hang for 10 minutes before going to the desktop, and then possibly longer before it will show any icons.
  Anyone have any ideas?

• IGMPv2 Membership Reports

  Hello,
  I have a SG300-10 with the latest Firmware 1.4.0.88.
  IGMP snooping with the built-in querier and filtering of unregistered multicast is successfully configured and works fine except for IGMPv2 membership reports. If a device sends IGMPv3 membership reports, then the multicast stream is immediately forwarded to this device. If a device sends IGMPv2 membership reports, then it takes about 2 minutes to get the multicast stream on this device.
  Are there any settings to get IGMPv2 membership faster or is this a firmware bug?

  Hi Matthias,
  I have not seen such a problem when testing. Please check if IGMP groups are added to dynamic table immediately. Are you using source specific multicast and switch is configured accordingly or any source multicast?
  Regards,
  Aleksandra

• IP Source Guard

  I have configured DHCP snooping with option 82. That is working OK. I then went to enable IP Source guard to help against MAC Spoofing. I enable port security and ip verify source. I connected a client to the port and the address when into the snooping database as it should. I then spoofed my MAC address on the same port with the same client and it adds another entry and ip address into the DHCP Snooping Binding database and give my client an IP address. So, it looks like my ip verify source is not working? Any suggestions?

  and the dhcp server link to the core switch, but it is a win-server do not support option 82.And I can not config : ip veryfy source.

• Solaris 8 IP Multipathing ping rate

  Hi:
  Has anyone characterized the relationship between the vaule of FAILURE_DETECTION_TIME
  in /etc/default/mpathd and the rate at which the test IP addresses will be pinged.
  From an initial snoop with FAILURE_DETECTION_TIME=10000 (defalut of 10 seconds)
  it looks like the pings occur every second or so.
  thanks

  It's variable to not induce pathological behaviour.

• Having trouble getting IPv6 to work

  I've configured my AEBSn base station to allow IPv6 tunneling, but I can't seem to actually make an IPv6 connection. I could swear this was working before.
  My network has the AEBSn as the main router, configured and 5GHz N only, and an AEBS (dome) and and Express configured to bridge as G. The dome and express are in a WDS net but the AEBSn doesn't participate in that.
  I tried snooping with wireshark on the cable modem side of the AEBSn while doing a "ping6 www.kame.net" and I see the Echo request go out, then I see an echo reply come back, then the base station sends a ICMP destination unreachable to the IPv4 router for KAME. ***?
  First I tried this with the ipv6 firewall off, then I tried to configure the firewall. When I do that and I add the IPv6 address of my mac to the list of allowed incoming connections and hit update, it doesn't stick. The base station comes back up with no stations listed in the firewall exceptions list.
  I'm running 7.2.1 in the AEBSn, but I've tried going back to 7.2 and 7.1 with the same result.
  Everything else works fine. What am I doing wrong?

  I get an error message saying "thunar-volman: no property info.capabilities on device with id ..." And as for the problem, nothing automounts. I plug in my usb thumb drive or hard drive, and nothing happens. Thats the problem.

• Nexus 7710 F348's TCAM Allocation Errors

   Having issues  with new core on 7710's upgraded from 6.2(8a) to 6.2(10) running ACL's on all SVI's, Netflow, and DHCP Snooping with one VDC added along side the admin VDC with 2 F348 line cards and dual-sups.  The 6.2.10 upgrade was due to TCAM errors before finishing the entry of all ACL's.  After the upgrade I entered the command for hardware access-list resource feature bank-mapping.  Remaining ACL entries entered without issue, Netflow and DHCP snooping started.  
   During redundancy testing I can reload vdc 2 and while everything performs flawlessly when the vdc returns back online module 1 cannot be allocated back into the vdc due to tcam allocation error.   Checking the tcam allocation resources I see tcam 1 bank0 is half full, tcam 1 bank 1 is empty as is all others.  
    Can this be reallocated, re-shuffled around for better distribution ?? Do I have to REMOVE everything and reconfigure to do this ??  Dont like having to reset the entire switch to recover modules if a vdc reloads but at least the constant errors seem to have stopped unless trying to configure or unconfigure the bank-mapping to try resource pooling, even with atomic updates disabled.
  Please advise, dont have time to call Tac right now, hope someone has been thru this already, 
  thanks in advance.
  dave

  In the inital post where I put "
  The N7K sees the server MAC in the FIP snooping, it also sees the 5548  as it's FCF.  But the 5548 vfc is stuck in "initializing".
  I meant to put N4K...not N7K...sorry about that.

• How to snoop traffic on PGW 2200 with Wireshark

  How to snoop traffic between PGW 2200 & MGX 8880 with Wireshark?

  I hope to have understood correctly your question.
  1) enable the snoop on PGW using ./snoop_scrip in /opt/snoop/ path
  2) collect the trace of the call and so stop the snoop usinf CTRL C
  3) open wireshark
  4) drag and drop the files generated from the snoop in wireshark
  5) wireshark will ask to merge the file
  P.S. PGW uses RUDP to communicate with the media gateway. Set the wireshark RUDP port (in Edit - Preferences - Protocols menu) according to PGW configuration.
  Regards.

• [solved] DHCP snooping in environment with core and access switches

  Hello,
  I'd like to know what steps are needed to configure DHCP snooping in my environment:
  1) two core switches Catalyst 6500 (VSS): VLAN defined here, DHCP server connected here
  2) access switches Catalyst 3750: clients connected here
  Access switches are connected to core ones via trunk ports (fiber optics).
  How many snooping databases are required?  One for core and next for each stack?

  Hi Marian,
  If your network is properly designed and connected so that clients, including DHCP clients, are attached to the access layer switches, then the DHCP Snooping should be run only on access switches. Running DHCP Snooping on core switches is not going to increase the security because the DHCP communication has already been sanitized on the access layer.
  If you intend to save the DHCP Snooping database then each switch performing the DHCP Snooping needs to have its own database if you intend to use a persistent storage for it. However, you can always have the switch to save the database to its own FLASH, alleviating the need for a centralized networked storage.
  I am not sure if this answers your question so please feel welcome to ask further.
  Best regards,
  Peter

• Lync 2013 - Issue with Snooper and Centralized Logging files

  I ran the AlwaysOn trace on 3 pools last night till this morning.  When I run the search script and include the specific time I want I get a different time in the trace.  For example....I want to see the traces from 3-3:30AM.  This is what
  I ran :
  Search-CsClsLogging -Pools "X","Y","Z" -StartTime "12/27/2013 03:00:00 AM" -EndTime "12/27/2013 03:30:00 AM" -OutputFilePath \\file01\LyncShare\Traces\lync_trace122713.txt
  When I open snooper the timestamp on the trace is from 8-8:30AM.  I checked all the servers in the 3 pools and there are .hdr and .cache files from yesterday to this morning as seen here:
  The timestamps on the servers are correct.  
  Not sure what the issue is.  Suggestions?  Thanks.

  Hi,
  The issue may cause by the influence of the cache before.
  Please try to run the cmdlet: Sync-CsClsLogging and then run the search cmdlet again to test the issue. The cmdlet
  Sync-CsClsLogging will flush the cache used by searching before. Flushing the cache helps to ensure that there is a clean log and trace file capture buffer at the CLSController for the next search operation.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support