Solved: IP Cameras and 2951 Router Issue - Page 2

tensi0n519 · ‎01-04-2020

Hello all,

I am having the following issue with my home lab:

Equipment: Cisco Catalyst Switch 2960-S POE 750W, Cisco 2951 Router running IOS 15.1

I am having an issue with a few IP (POE) cameras causing my switch CPU to run high which causes connectivity issues and my IP cameras to drop frames. I have the camera set up on their own VLAN. It appears that no matter what IP camera I plug into the switch, it starts sending several packets to the router which bogs things down. Prior to using the 2951 router, I was using a pfsense box with the 2960 switch. I had the same vlan setup and the cameras were all working without issues and I was getting no high cpu usage on the switch. I can't see to figure out what the problem is.

The cameras are on vlan 70 and plugged into switchports 1/0/1,3,5, etc. The router is plugged into the switchport 1/0/42. I have a number of devices reserved by client-id or hardware-address, including the cameras. Here are the switch and router configs. Some items like my IP and password stuff I removed from the configs. Hopefully this all makes sense. Thank you all for the help!

Router config:

MainRouter#sh run
Building configuration...

Current configuration : 11735 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/2
enable secret
!
no aaa new-model
!
clock timezone PST -8 0
clock summer-time PDT recurring
!
crypto pki token default removal timeout 0
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.10.1.1 10.10.1.100
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp excluded-address 10.10.10.200 10.10.10.254
ip dhcp excluded-address 10.10.20.1 10.10.20.100
ip dhcp excluded-address 10.10.20.200 10.10.20.254
ip dhcp excluded-address 10.10.30.1 10.10.30.100
ip dhcp excluded-address 10.10.30.200 10.10.30.254
ip dhcp excluded-address 10.10.40.1 10.10.40.100
ip dhcp excluded-address 10.10.40.200 10.10.40.254
ip dhcp excluded-address 10.10.50.1 10.10.50.100
ip dhcp excluded-address 10.10.50.200 10.10.50.254
ip dhcp excluded-address 10.10.60.1 10.10.60.100
ip dhcp excluded-address 10.10.60.200 10.10.60.254
ip dhcp excluded-address 10.10.70.1 10.10.70.100
ip dhcp excluded-address 10.10.70.200 10.10.70.254
!
ip dhcp pool MainLAN
import all
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 209.18.47.61 209.18.47.62
domain-name MainLAN
!
ip dhcp pool Management
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 209.18.47.61 209.18.47.62
domain-name Management
!
ip dhcp pool Servers
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
dns-server 209.18.47.61 209.18.47.62
domain-name Servers
!
ip dhcp pool SecureData
network 10.10.30.0 255.255.255.0
default-router 10.10.30.1
dns-server 209.18.47.61 209.18.47.62
domain-name SecureData
!
ip dhcp pool GuestData
network 10.10.40.0 255.255.255.0
default-router 10.10.40.1
dns-server 209.18.47.61 209.18.47.62
domain-name GuestData
!
ip dhcp pool GuestWifi
network 10.10.60.0 255.255.255.0
default-router 10.10.60.1
dns-server 209.18.47.61 209.18.47.62
domain-name GuestWiFi
!
ip dhcp pool CCTV
network 10.10.70.0 255.255.255.0
default-router 10.10.70.1
dns-server 209.18.47.61 209.18.47.62
domain-name CCTV
!
ip dhcp pool MainSwitch
host 10.10.10.2 255.255.255.0
client-identifier 0164.d814.071a.80
!
ip dhcp pool ServerSwitch
host 10.10.10.3 255.255.255.0
client-identifier 0134.bdc8.098d.80
!
ip dhcp pool FamilyRoomSwitch
host 10.10.10.4 255.255.255.0
hardware-address 6cb0.ce00.a246
!
ip dhcp pool MasterBedSwitch
host 10.10.10.5 255.255.255.0
client-identifier 0178.d294.aace.d1
!
ip dhcp pool GarageSwitch
host 10.10.10.6 255.255.255.0
client-identifier 01a0.0460.2129.36
!
ip dhcp pool ShedSwitch
host 10.10.10.7 255.255.255.0
hardware-address 841b.5e69.551d
!
ip dhcp pool HallwayAP
host 10.10.10.10 255.255.255.0
client-identifier 0180.2aa8.8688.49
!
ip dhcp pool GarageAP
host 10.10.10.11 255.255.255.0
client-identifier 01fc.ecda.f353.31
!
ip dhcp pool BackyardAP
host 10.10.10.12 255.255.255.0
client-identifier 0180.2aa8.8688.e5
!
ip dhcp pool NVR
host 10.10.70.2 255.255.255.0
client-identifier 0128.57be.94af.2f
!
ip dhcp pool FrontGateCamera
host 10.10.70.3 255.255.255.0
client-identifier 0100.18ae.6374.e4
!
ip dhcp pool CourtyardCamera
host 10.10.70.4 255.255.255.0
client-identifier 0100.18ae.6374.f2
!
ip dhcp pool DrivewayCamera
host 10.10.70.5 255.255.255.0
client-identifier 0100.18ae.6374.d0
!
ip dhcp pool PatioCamera
host 10.10.70.6 255.255.255.0
client-identifier 0100.18ae.529b.7a
!
ip dhcp pool WestSideCamera
host 10.10.70.7 255.255.255.0
client-identifier 0100.18ae.6375.13
!
ip dhcp pool BackyardCamera
host 10.10.70.8 255.255.255.0
client-identifier 0100.18ae.6374.f7
!
ip dhcp pool EastSideCamera
host 10.10.70.9 255.255.255.0
client-identifier 0100.18ae.6375.02
!
ip dhcp pool SouthPTZCamera
host 10.10.70.10 255.255.255.0
client-identifier 01f0.0000.2081.f4
!
ip dhcp pool ChickenCamera
host 10.10.70.11 255.255.255.0
hardware-address e061.b251.3f9e
!
ip dhcp pool GarageCamera
host 10.10.70.12 255.255.255.0
client-identifier 0100.13e2.fa63.0f
!
ip dhcp pool ShedCamera
host 10.10.70.13 255.255.255.0
client-identifier 0100.18ae.6374.da
!
ip dhcp pool WeatherCamera
host 10.10.70.14 255.255.255.0
client-identifier 013c.8cf8.a104.ba
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
license udi pid CISCO2951/K9 sn FTX1819AJKF
hw-module pvdm 0/0
!
hw-module pvdm 0/1
!
hw-module sm 2
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.10.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
description Management VLAN
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.20
description Servers VLAN
encapsulation dot1Q 20
ip address 10.10.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.30
description SecureData VLAN
encapsulation dot1Q 30
ip address 10.10.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.40
description GuestData VLAN
encapsulation dot1Q 40
ip address 10.10.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.60
description GuestWifi VLAN
encapsulation dot1Q 60
ip address 10.10.60.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.70
description CCTV VLAN
encapsulation dot1Q 70
ip address 10.10.70.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 20 interface GigabitEthernet0/0 overload
ip nat inside source list 30 interface GigabitEthernet0/0 overload
ip nat inside source list 40 interface GigabitEthernet0/0 overload
ip nat inside source list 60 interface GigabitEthernet0/0 overload
ip nat inside source list 70 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 ***IP ADDRESS REMOVED** 254
!
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 20 permit 10.10.20.0 0.0.0.255
access-list 30 permit 10.10.30.0 0.0.0.255
access-list 40 permit 10.10.40.0 0.0.0.255
access-list 60 permit 10.10.60.0 0.0.0.255
access-list 70 permit 10.10.70.0 0.0.0.255
!
!
!
!
nls resp-timeout 1
cpd cr-id 1
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password
login
transport input all
!
scheduler allocate 20000 1000
ntp master 1
end

MainRouter#

Switch Config:

MainSwitch#sh run
Building configuration...

Current configuration : 8655 bytes
!
! Last configuration change at 07:27:21 PST Sat Jan 4 2020 by ryan
! NVRAM config last updated at 07:28:24 PST Sat Jan 4 2020 by ryan
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MainSwitch
!
boot-start-marker
boot-end-marker
!
enable password
!
username
no aaa new-model
clock timezone PST -8 0
clock summer-time PDT recurring
switch 1 provision ws-c2960s-48fps-l
!
!
no ip domain-lookup
ip domain-name mainswitch.skynet
vtp mode transparent
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
vlan internal allocation policy ascending
!
vlan 10
name Management
!
vlan 20
name Servers
!
vlan 30
name SecureData
!
vlan 40
name GuestData
!
vlan 50
name SecureWiFi
!
vlan 60
name GuestWifi
!
vlan 70
name CCTV
!
vlan 71
!
vlan 150
name VOICE
!
vlan 900
name TestVLAN
!
ip ssh version 2
lldp run
!
!
!
!
!
!
!
!
!
!
interface Port-channel1
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30,50,60,150
switchport mode trunk
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 70
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
description HallwayAP
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30,50,60,150
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 30
switchport mode access
switchport voice vlan 150
!
interface GigabitEthernet1/0/7
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 30
switchport mode access
switchport voice vlan 150
!
interface GigabitEthernet1/0/11
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/14
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30,50,60,150
switchport mode trunk
!
interface GigabitEthernet1/0/15
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/16
description Family Room Switch
switchport trunk native vlan 10
switchport trunk allowed vlan 10,30,40
switchport mode trunk
!
interface GigabitEthernet1/0/17
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/20
description Master Bedroom Switch
switchport trunk native vlan 10
switchport trunk allowed vlan 10,30
switchport mode trunk
!
interface GigabitEthernet1/0/21
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/22
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30,50,60,150
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/25
switchport access vlan 70
switchport mode access
!
interface GigabitEthernet1/0/26
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet1/0/29
switchport access vlan 30
switchport mode access
switchport voice vlan 150
!
interface GigabitEthernet1/0/30
switchport access vlan 40
switchport mode access
!
interface GigabitEthernet1/0/31
switchport mode access
switchport voice vlan 150
!
interface GigabitEthernet1/0/32
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/33
switchport trunk native vlan 10
switchport trunk allowed vlan 1-99,150
switchport mode trunk
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet1/0/36
switchport access vlan 900
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/37
switchport access vlan 71
switchport mode access
!
interface GigabitEthernet1/0/38
switchport access vlan 30
switchport mode access
power inline never
!
interface GigabitEthernet1/0/39
switchport access vlan 71
switchport mode access
!
interface GigabitEthernet1/0/40
switchport access vlan 30
switchport mode access
power inline never
!
interface GigabitEthernet1/0/41
switchport access vlan 71
switchport mode access
!
interface GigabitEthernet1/0/42
description MainRouter
switchport trunk allowed vlan 10,20,30,40,50,60,70
switchport mode trunk
power inline never
!
interface GigabitEthernet1/0/43
switchport access vlan 71
switchport mode access
!
interface GigabitEthernet1/0/44
description BackupRouter
switchport trunk allowed vlan 10,20,30,40,50,60,70,900
switchport mode trunk
!
interface GigabitEthernet1/0/45
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30,50,60,150
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/46
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30,50,60,150
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/47
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30,50,60,150
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/48
switchport trunk native vlan 10
switchport trunk allowed vlan 10,20,30,50,60,150
switchport mode trunk
channel-protocol lacp
channel-group 1 mode active
!
interface GigabitEthernet1/0/49
shutdown
!
interface GigabitEthernet1/0/50
shutdown
!
interface GigabitEthernet1/0/51
shutdown
!
interface GigabitEthernet1/0/52
shutdown
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.10.10.2 255.255.255.0
!
ip default-gateway 10.10.10.1
ip http server
ip http secure-server
!
!
!
vstack
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
exec-timeout 0 0
password
login local
transport input ssh
line vty 5 15
exec-timeout 0 0
password 7
login local
transport input ssh
!
ntp server 10.10.1.1
end

MainSwitch#

Leo Laohoo · ‎01-04-2020

How much power do the cameras require?

tensi0n519 · ‎01-04-2020

They use 15.4 watts.

And not sure if you saw me state before that I was using my 2960 switch with a pfsense box. Had no issues what so ever. This all started when I began using the 2960 switch with the 2951 router. Seem like there is a broadcast flood directly to the router and not to any other devices or ports and the back and forth of packets is bringing the switch to its knees.

Thanks again for the continued help on this too!

MainSwitch#show power inline

Module Available Used Remaining
(Watts) (Watts) (Watts)
------ --------- -------- ---------
1 740.0 276.6 463.4
Interface Admin Oper Power Device Class Max
(Watts)
--------- ------ ---------- ------- ------------------- ----- ----
Gi1/0/1 auto on 15.4 Ieee PD 3 30.0
Gi1/0/2 auto on 15.4 Ieee PD 0 30.0
Gi1/0/3 auto on 15.4 Ieee PD 3 30.0
Gi1/0/4 auto off 0.0 n/a n/a 30.0
Gi1/0/5 auto on 15.4 Ieee PD 3 30.0
Gi1/0/6 auto on 12.0 IP Phone 7975 3 30.0
Gi1/0/7 auto on 15.4 Ieee PD 3 30.0
Gi1/0/8 auto off 0.0 n/a n/a 30.0
Gi1/0/9 auto on 15.4 Ieee PD 3 30.0
Gi1/0/10 auto on 12.0 IP Phone 7975 3 30.0
Gi1/0/11 auto on 15.4 Ieee PD 3 30.0
Gi1/0/12 auto off 0.0 n/a n/a 30.0
Gi1/0/13 auto on 15.4 Ieee PD 3 30.0
Gi1/0/14 auto off 0.0 n/a n/a 30.0
Gi1/0/15 auto on 15.4 Ieee PD 3 30.0
Gi1/0/16 auto on 15.4 Ieee PD 0 30.0
Gi1/0/17 auto on 15.4 Ieee PD 0 30.0
Gi1/0/18 auto off 0.0 n/a n/a 30.0
Gi1/0/19 auto on 15.4 Ieee PD 0 30.0
Gi1/0/20 auto on 30.0 Ieee PD 4 30.0 <-------netgear poe powered switch
Gi1/0/21 auto on 15.4 Ieee PD 3 30.0
Gi1/0/22 auto off 0.0 n/a n/a 30.0
Gi1/0/23 auto on 7.0 Ieee PD 2 30.0
Gi1/0/24 auto off 0.0 n/a n/a 30.0
Gi1/0/25 auto off 0.0 n/a n/a 30.0
Gi1/0/26 auto off 0.0 n/a n/a 30.0
Gi1/0/27 auto off 0.0 n/a n/a 30.0
Gi1/0/28 auto off 0.0 n/a n/a 30.0
Gi1/0/29 auto off 0.0 n/a n/a 30.0
Gi1/0/30 auto off 0.0 n/a n/a 30.0
Gi1/0/31 auto off 0.0 n/a n/a 30.0
Gi1/0/32 auto off 0.0 n/a n/a 30.0
Gi1/0/33 auto off 0.0 n/a n/a 30.0
Gi1/0/34 off off 0.0 n/a n/a 30.0
Gi1/0/35 auto on 15.4 Ieee PD 0 30.0
Gi1/0/36 auto off 0.0 n/a n/a 30.0
Gi1/0/37 auto off 0.0 n/a n/a 30.0
Gi1/0/38 off off 0.0 n/a n/a 30.0
Gi1/0/39 auto off 0.0 n/a n/a 30.0
Gi1/0/40 off off 0.0 n/a n/a 30.0
Gi1/0/41 auto off 0.0 n/a n/a 30.0
Gi1/0/42 auto off 0.0 n/a n/a 30.0
Gi1/0/43 auto off 0.0 n/a n/a 30.0
Gi1/0/44 auto off 0.0 n/a n/a 30.0
Gi1/0/45 auto off 0.0 n/a n/a 30.0
Gi1/0/46 auto off 0.0 n/a n/a 30.0
Gi1/0/47 auto off 0.0 n/a n/a 30.0
Gi1/0/48 auto off 0.0 n/a n/a 30.0

Leo Laohoo · ‎01-04-2020

IP Cameras are notorious for multi-cast storms. Some low-end/low-priced IP cameras don't like VLANs.
Read the manual of the cameras and find out what it needs.
The output from the "sh interface <PORTS>" shows there is a large amount of input & output traffic. For a camera, why is there an input traffic -- that's not right.

tensi0n519 · ‎01-04-2020

Is there a way to fix the traffic/storm problem so that it doesn't cause an issue like this?

It seems odd to me that this doesn't occur with my pfsense box (with same vlans) and yet the cameras are causing cisco gear to have issues.

Here's also the switch CPU utilization and switchport 1/0/1 when I'm routing using the pfsense box:

No errors!! I'm stumped.

MainSwitch#sh proc cpu sort | ex 0.00
CPU utilization for five seconds: 32%/0%; one minute: 33%; five minutes: 33%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
157 943383 89562 10533 25.28% 24.95% 24.87% 0 Hulc LED Process
126 21552 3594 5996 0.69% 0.63% 0.59% 0 hpm counter proc
122 5689 35465 160 0.39% 0.14% 0.14% 0 hpm main process
185 19157 15126 1266 0.39% 0.46% 0.49% 0 Auth Manager
168 7618 734 10378 0.19% 0.20% 0.19% 0 HQM Stack Proces
169 2346 1448 1620 0.09% 0.06% 0.06% 0 HRPC qos request
214 4912 16609 295 0.09% 0.18% 0.15% 0 Spanning Tree

MainSwitch#sh interface gigabitEthernet 1/0/1
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 64d8.1407.1a81 (bia 64d8.1407.1a81)
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 16/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 6507000 bits/sec, 568 packets/sec
5 minute output rate 123000 bits/sec, 234 packets/sec
2124514 packets input, 3028760607 bytes, 0 no buffer
Received 210 broadcasts (12 multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 12 multicast, 1 pause input
0 input packets with dribble condition detected
912082 packets output, 60927884 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out

paul driver · ‎01-05-2020

Hello

@tensi0n519 wrote:

And not sure if you saw me state before that I was using my 2960 switch with a pfsense box. Had no issues what so ever. This all started when I began using the 2960 switch with the 2951 router. Seem like there is a broadcast flood directly to the router and not to any other devices or ports and the back and forth of packets is bringing the switch to its knees.

Did you make the changes to the router as I previously recommended?

no ip source-route
no ip route 0.0.0.0 0.0.0.0 ***IP ADDRESS REMOVED** 254
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

access-list 1 permit 10.10.20.0 0.0.0.255
access-list 1 permit 10.10.30.0 0.0.0.255
access-list 1 permit 10.10.40.0 0.0.0.255
access-list 1 permit 10.10.60.0 0.0.0.255
access-list 1 permit 10.10.70.0 0.0.0.255

no ip nat inside source list 20 interface GigabitEthernet0/0 overload
no ip nat inside source list 30 interface GigabitEthernet0/0 overload
no ip nat inside source list 40 interface GigabitEthernet0/0 overload
no ip nat inside source list 60 interface GigabitEthernet0/0 overload
no ip nat inside source list 70 interface GigabitEthernet0/0 overload
no access-list 20 permit 10.10.20.0 0.0.0.255
no access-list 30 permit 10.10.30.0 0.0.0.255
no access-list 40 permit 10.10.40.0 0.0.0.255
no access-list 60 permit 10.10.60.0 0.0.0.255
no access-list 70 permit 10.10.70.0 0.0.0.255

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

tensi0n519 · ‎01-05-2020

Yes sir! But nothing changed unfortunately. Except for the fact that the config is cleaner now :)

Leo Laohoo · ‎01-05-2020

@tensi0n519 wrote:

reliability 255/255, txload 1/255, rxload 16/255
5 minute input rate 6507000 bits/sec, 568 packets/sec
5 minute output rate 123000 bits/sec, 234 packets/sec

I don't see any improvements. This output tells me the downstream client is pushing a lot of traffic to the switch. A LOT!

Hmmmm ... I wonder if the IP cameras are "members" of the Mirai botnet?

tensi0n519 · ‎01-05-2020

Sooo.....

I decided to look at my flash: and found that there was a newer IOS, c2951-universalk9-mz.SPA.154-3.M3.bin.

I decided to reboot the router with the newer IOS and now the problem is gone!

So going from c2951-universalk9-mz.SPA.151-4.M1.bin to c2951-universalk9-mz.SPA.154-3.M3.bin seems to have fixed my issue. If only I could get those lost hours back.....

Thank you to all who responded to help me! Very much appreciated.