Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
245
Views
0
Helpful
2
Replies

Mix of Switches & Hubs

ak1871
Level 1
Level 1

‎08-13-2002 03:31 AM - edited ‎03-02-2019 12:39 AM

In a special redundant environment (Extranet, Firewalls) we had to expand a Shared LAN with a Switched LAN.

Design:

2 Switches (C2924M-XL) with different links to Cisco Routers and Encryption Boxes (not Cisco) connected with one link each to a Hub (Cisco FastHub400), which only is connected to 1 Firewall. The 2 Hubs are also connected to each other.

Important: this connection is/has to be done (because of the FW High Availability design) like this: Switch---Hub---Hub---Switch

-Switch-Ports 100/H (before 100/F), link to Hub

Facts:

-because of a feature weakness (Firewall, HA) we couldn't replace the hubs

-we had to add switches (mainly) because of having traffic reports (MRTG) from different customers

-the Shared LAN segemnt is Not oversized

-L2 is stable (no loops [are possible] or anything else)

-the hub don't have a load problem

-the links between hub and switch show healthy traffic: only we have lot of defferred frames

Problem:

-we have seriuous instabilities for end-to-end connections through this environment (client---switch---hub---FW---server) with outages about 1 and more minutes (session failures)

Question:

Do we have a CAM table problem, because the switche receives also packets from the Shared LAN with the destination for the Firewall (connected to 1 of the hubs each) over the same link the switch has already an entry for this MAC address?

We know that this design is bad, but a the moment there's no workaround.

Any ideas?

Labels:
0 Helpful
2 Replies 2

mmellet
Level 3
Level 3

‎08-20-2002 01:59 PM

You're probably going to want your Cisco SE/Design rep to come in with a network sniffer and see where the problem lies. This will be tough to troubleshoot offsite. Perhaps TAC would be usefull too.

0 Helpful

ak1871
Level 1
Level 1
In response to mmellet

‎08-26-2002 01:10 AM

Hi

Thanks for your input. I've forgotten to mention that we took/analysed a lot of sniffer traces. Especially was to see that after a bad frame (wrong CRC, jabber) with always(!?) 16 bytes length and a source address of the firewall nothing is coming from the FW about 1.5 minutes, but a lot (exspected) to the FW itself. We think that the FW probably produces this bad frame and there must be problem with the NIC drivers of the HA systems (both FW's seem to produce this frame and have 'link down' of only 5s). But what's the cause of this bad behaviour or frame is not already known. We'll check it out. Thanks.

0 Helpful
Customers Also Viewed These Support Documents