Loop - broadcast storm in network

Similar Messages

• SG-300 series switches - Network loop / broadcast storm question

  So the SG300's have STP on them and prevent network loops when other switches on the network also support STP too.  However, if someone plugs in a non-managed switch that doesn't support STP with a network loop, is there anything within the SG300 switches to help isloate and/or prevent that from happening?
  (I currently have port mirroring turned on for one port and a network sniffer attached awaiting the incident to happen again).
  Thanks,
  Chris

  Hi Chris, the lowest cost path connection will go to a discard state on the interface of the SG300 switch. So, even if the unmanage switch has 2 physical connections, the spanning tree will shut down one port to prevent this loop.
  -Tom
  Please rate helpful posts

• I get a network broadcast storm with Yosemite

  I had poor internet speed and loss of packets.
  BT and AAISP could not fault the external line.
  It emerged the problem happens only when I use both  wifi and wired ethernet (or indeed wifi only) on my Yosemite Macbook Pro.
  AAISP said it was likely a 'broadcast storm'.
  This problem has not happened, or was not significant,  with previous OS X.
  I am using WPA/WPA2 Personal to a Technicolor TG582N router.

  Disable all Firewalls & Anti-Virus software...try again.

• Intel i217-LM NIC Causes Broadcast storm and High CPU

  Wanted to post this here to help others that may be experiencing issues with broadcasts.   
  If you have PC's with the Intel i217-LM NIC if you don't have the latest driver from Intel the NIC will cause an IPV6 broadcast storm when the computer goes into sleep/hibernate.  You have to have at least two PC's on your network in sleep/hibernate mode.  It causes the same affect as a network loop.  In my network it would cause the MDF CPU to go to 100% and basically shut the network down.  
  We have Lenovo M93 desktops that have this NIC and I know that there are other PC's that have his same NIC and experience the same problem.
  When the broadcast storm is happening you can issue the command 
  show interfaces | include is up|line|broadcast on your MDF switch to find which interfaces have high broadcasts.  You may have to trace it through your uplinks to your IDF's.  You can then shut those interfaces to stop the broadcast storm.
  Your long term solution will be to get the latest NIC driver from Intel and update your PC's.

  It's connected IPV4 but because of the faulty NIC driver it starts broadcasting IPV6 when in sleep/hibernate mode.
  https://supportforums.cisco.com/discussion/12291431/ipv6-broadcast-storm-caused-hp-eliteone-800-intel-i217-lm-nic-how-find-hosts
  https://forums.lenovo.com/t5/A-M-and-Edge-Series-ThinkCentre/M83-and-M93p-ipv6-storms-intel-i217-LM-NIC/td-p/1600686

• Broadcast Storm Control

  Hi everybody,
  I’m suspected about broadcast storm control feature on switch. Could anyone please advice me?
  1. When the broadcast storm control is triggered, can normal data packets (not broadcast packets) pass the switch?
  2. If the network looping is occurred at unmanaged switch that doesn’t support spanning tree protocol and it connects to the managed switch that broadcast storm control is turned on, does it help this issue?
  Managed switch
  |
  |
  Unmanaged switch
  ||
  \/<--- network looping
  Thanks for advance,
  Nitass

  1. Unicast packets and multicast packets are not affected when u enable broadcast storm control. Multicast packets will be affected only if you enable multicast storm control on the switchport.
  2. I have no experience in a setup such as this but the behavior of the storm-control broadcast level command suggests that the switch port will drop all broadcasts headed through the port (in both directions) for a specified period of time.
  This however, still does not stop the source of the broadcast (i.e. the multiple links running to the un managed switch) so I would presume that the broadcasts might die down for a small period of time but they will resurface as the unmanaged switch would continue generating broadcast packets.
  Thus the port on the managed switch would come back to normal state, only to go back into broadcast storm control state and stop all broadcasts all over again.
  HTH
  Please rate posts that help.
  Regards
  Arvind

• Broadcast storms

  Hello,
  I currently have 4 HP 2610 switches alongside a Cisco SG 300 28 Port POE.  I have a few laptops that when I look on the old 2610's I can plainly see they are pushing out what may be excessive traffic (AKA broadcast storms) from the login page on the GUI...I am investigating this with the laptops in question by updating drivers, checking for malware etc..hopefully the nics aren't bad as that would be a board replacement.  Anyways, if these laptops were on the Cisco is there a area that I can plainly see what ports or Macs are pushing out what may be a broadcast storm.  Under logs I see I have a flash log etc...but where would I see who is actually in plain english pushing bad traffic similar to the old HP switches?  The reason why I ask is I am retiring the old HP's over time and I want to be "in the know" how to see issues like this without having to go through alot of hoops.
  Don

  Hi Don
  I know HP 2610 switches and thus remember about what messages are you talking about. Neither of Cisco switches (Small business or Enterprise) provides same kind of output in regards identification of unexpected traffic pattern on ports.
  But on the other side they have options how to avoid and identify loops in switched networks. This means that instead of receiving "Excessive broadcasts received on the port X" you will get something like "STP Loopback Detection." in case there is really switching loop in network. Moreover with releasing firmware 1.4.0.88 new feature was introduced for avoiding loops in network: Loopback detection – Detects network loops using non-BPDU frames, and usually used where spanning tree cannot be used.
  There is also Storm control feature on SG300 switches, but it is like prevention mechanism instead. More here.
  I.e. in another words, Small business switches have resources and options how to detect switching loops with blocking of switch ports from where storms are coming from.
  One more thing: "Excessive broadcasts received on the port X" on HP not always pointed to broadcast storms, but yes is usually caused by a network topology loop, but can also be due to a malfunctioning device, NIC, NIC driver, or software application.
  hope this helps..

• Broadcast storms applicable on layer 3 switches?

  Dear all,
  Me and my collegue were wondering about the following on a cisco 3750 x layer 3 switch.
  Lets assume we configure the 3750 without vlans so we create several networks on the 3750. For example fa 0/1 has as network 10.10.10.0/24 with 10.10.10.1 as it being the default gateway. Fa 0/2 has as network 10.10.11.0/24 with 10.10.11.1 as it being the default gateway.
  The question is if a broadcast storm rages on network 10.10.10.0/24, would 10.10.10.0/24 only be affected by the broadcast storm or will network 10.10.11.0/24 also be affected due the broadcast?
  If we assume the same settings but we would utilize vlans then anetwork is definitely not being affected by a broadcast storm happening on an other network right?
  Thanks in advance for your help.
  kind regards

  Hi,
  When you configure an L3 port on your 3750
  int f0/1
  no switchport
  ip add 10.10.10.1 255.255.255.0
  no shut
  int f0/2
  no switchport
  ip add 10.10.11.1 255.255.255.0
  no shut
  The key is NO SWITCHPORT
  This takes the port out of L2 configuration therefore
  it does not belong to any VLAN and does not operate like an L2 port
  with regards to broadcast etc.
  Have a look at this link from a 3750 config guide
  http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swint.html#wpmkr2208885
  Hope this helps
  Regards
  Alex

• Broadcast Storm Control - Mac-address flooding

  Hi Friends,
  We would like to configure broadcast storm control in our LAN to detect/avoid mac-address flooding. What is the best way and Can I know how to decide the raising threshold & falling threshold values ?.. Please suggest.
  Regards,
  S.Tamilvanan

  Hello,
  the best way is to monitor your network fir 5-6 days in order to find out the normal pattern of broadcast traffic. Then based on results form this monitoring process you can set the thresholds of broadcast traffic.

• Broadcast Storm

  We host an annual LAN gaming event with about 3500 BYOC spots.  Last year we suffered a massive broadcast storm.  So this year we made each row its own subnet to prevent broadcasts from affecting the rest of the LAN.  This had an unintended side effect.  Many people hosting games on their systems were unable to announce their presence to the whole LAN, just their subnet.  It angered quite a few gamers.  What are some options to prevent broadcasts storms but still allow genuine game broadcasts?

  BPDU guard is often used to prevent end systems from introducing switches or hubs that could potenatilly casue a loop (and broadcast storm). Reference.

• ARD broadcast storms?

  Recently our entire 1000 node network was crippled by the repeated use of the ARD to push software to multiple clients (one at a time was fine) In reading online it appears to me that ARD is designed to deliver UDP datagrams to the endstations by means on sending them as Broadcast packets meaning all ports on all switches are immediately flooded by the traffic that is really only important to the 2 or more clients being pushed to. If this app is designed this way, what on earth is Apple thinking? Our host Mac is connected to a Gig port and the rate at which broadcasts were being sent was off the scale until the broadcast storm throttles on the switches kicked in but by that time, and even at the throttled rate, the harm was widespread. Can someone explain to me why any app would use the process of a broadcast to deliver content? Is something misconfigured?
  Thank you

  I think you can reduce the impact of the storm on a switch by setting a maximum number on UDP broadcast packets. Unfortunately, with UDP packets there is no error correction, so packets that arrive after the maximum has been met are dropped, which will cause your Remote Desktop session to fail.
  Another point to consider is that it does not matter what version your servers or clients are running as far as OS X. You can run the Remote Desktop Application from a workstation or server, as long as it meets the OS X requirements. The broadcast packets are spawned from the application, not the underlying OS.
  So far, no word from Apple on this. We have been limping along, having to manually run our updates one computer at a time. We support about 100 Macs at our company, and have updates for various applications about once a month.
  Maybe Santa is just late bringing me what I wished for?

• Can't get my BEFW11S4 to broadcast a Wireless Network

  Hello,
  I spent about 6 hours last night trying to get my linksys wireless access point router to broadcast a wireless network. it was working fine about a week ago, then we went on vacation and now... nothing! after countless times restarting my cable modem, my BEFW11S4 and my wired router, i was able to get internet via ethernet back in my room, but still no wireless. here's what i have for a set-up:
  cable modem -> BEFW -> Desktop Computer (yes, i ran the set up wizard on it, and yes, it was successful)
                                     -> Wired Modem -> MY Laptop computer.
  PLEASE PLEASE PLEASE HELP ME! I'm fresh out of ideas and VERY frustrated!

  Make sure the Wireless SSID Broadcast on your Router is set to Enable. If still you are not able to locate your wireless Network then i think you need to upgrade the firmware on your Router.
  Go to website linksysbycisco.com/downloads.........insert model no of your router in serach tab......select proper version of your router........download the firmware file......save that file on desktop 
  Follow these steps to upgrade the firmware on the device : -
  Open an Internet Explorer browser page on a computer hard wired to the router...In the address bar type - 192.168.1.1...Leave the Username blank & in Password use admin in lower case...
  Click on the 'Administration' tab- Then click on the 'Firmware Upgrade' sub tab- Here click on 'Browse' and browse the .bin firmware file and click on "Upgrade"...
  Wait for few seconds until it shows that "Upgrade is successful" After the firmware upgrade, click on "Reboot" and you will be returned back to the same page OR it will say "Page cannot be displayed".
  Now reset your router : Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...

• FWSM with contexts - Broadcast storm impact CPU

  Hi,
  we have a FWSM (4.1(5)) configured with several contexts.
  Last day we had a broadcast storm in one VLAN connected to one FWSM context and all contexts were impacted with loss of service.
  We could check that CPU in impacted context went to 50 - 60 % but in fact service allocated in other contexts were impacted.
  We have Resource Class implemented, but there is nothing about CPU usage (only connections, xlates, .... ).
  Any idea about how to protect contexts against a broadcast storm or high CPU usage in one context ?
  Thanks a lot
  Felipe

  Hi Felipe,
  Unfortunately, the FWSM's CPU is not virtualized across contexts like the conn tables, xlate tables, etc are. High CPU caused by traffic in one context will indeed affect traffic on other contexts on the same physical firewall, which is a limitation of the architecture.
  -Mike

• VPLS level Broadcast storm

  If we have broadcast storm in the VPLS
  will it be CPU processed,I mean to say like in a normal L2 switch scenario
  whenever there is a brodcast storm the cpu of L2 switch will go high but in the
  case of VPLS lets say in 7600 will the cpu also spike.

  The SUP of the 7600 has two CPU. Basically one for the L3 activities (RP CPU) and one for L2 activities (SP CPU).
  Without L3 interface, broadcast are not punted and flooded in hardware. There are special cases where some specific broadcast packets may be punted to the SP CPU (we are only L2 here) like if it's an IGMP packets and IGMP snooping is enabled.
  So a storm of such packets could overload the CPU.
  HTH
  Laurent.

• 3com and cisco switches (802.1q)vlan integration problem - broadcast storm?

  Hi forum,
  we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.
  my questions:
  1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?
  2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?
  3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?
  4) is there a way on the design side to effectly counter this problem?
  Kind regards,
  paul

  It sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.
  As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.
  P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do.

• Will this cause a broadcast storm/loop?

  I have 3 2960g switches that each have about 40 devices (pc's, printers, etc..) attached to them.  Each of these 2960 switches has one port connected to a port on a  "core" switch, which is a 3950g.  The 3950 has 3 switches and all of our servers (12) conected to it's ports.  The network seems to be running alright, however most, if not all, of the port lights on ALL switches blink wildly(at least I consider it "wildly").  Am I doing this wrong?  Is there a better way to connect all these switches?
  Also, this configuration is for our first floor.  The second floor has the exact same configuration, and the two 3950's (one upstairs, one downstairs) arec connected via fiber.
  Thanks for any help.

  Hi Scott,
  I think I like yours comments and  leolaohoo reaction .
  We don't know your Layer 3 setup, but broadcasts will stay in a broadcast domain. A broadcast will cause activity LEDs to flicker. 
  I would expect to see on a regular basis multicast and broadcast  packets that make the activity lights flicker in unison.  A bit daunting at the time, as your rack of switches flashed in unison like a christmas tree but as you said "the network seems to be running all right"
  To ease your mind, you could look at a wireshark capture  and see if you can coordinate looking at a activity LED flash  and the wireshark capture to see the types of packets that might be worrying you.
  I just did a wireshark capture  on my PC that you can see below.  I captured only  20 packets.  It was interesting that  just about every packet is a broadcast packet that will cause all port LEDs  in my layer 2 switch network to flicker.  But I know my layer 2 network is just fine.
  Never hurts to be cautious, and monitor switch MIB variables and wireshark capture to see what is really happening on your network.
  One positive thing to do if you are feeling like you would like better monitoring on your network,  and you reside in the USA or Canada  is to look at the new onplus appliance with included service   we are offering  for our partner community.
  check out the URL below and  the cost of appliance p/n  ON100-K9
  http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5734/ps11792/datasheet_c78-680690.html
  regards Dave