TTL and L3 Switch

dcanady55 · ‎03-27-2019

Hello,

I've got an issue between two endpoints across our wan. I setup spanning on two switches and and found some TCP resets and in the capture it shows the source IP of the reset the other end point in connection. However the TTL was 254 so it wasn't routed across our wan. When I look at the source MAC address it's coming from my 3850 voice SVI. The same thing was found on my other capture there was resets and source was my other 3850 voice SVI. I'm wondering what would cause this behavior on the switch but I'm also curious as why the TTL would be reduced as the packet didn't leave the switch yet. I wasn't capturing on the trunk interface but just spanning the port?

thanks

Deepak Kumar · ‎03-27-2019

HI,

I need some more details as what is service and which type of traffic is giving a problem to you. Does the Source or destination itself send TTL 254? Do you enable QoS on the Switch? What is output for below command on the switch:

mls rate-limit all ttl-failure 500 10

As you mentioned that both end you are getting Cisco Switches MAC address so I want to tell you that If switches are working in L3 mode then it is normal behavior for the switch. The switch Processer will rewrite the packet header (L2) information while sending the packet out toward destination. What is L3 header information like source IP?

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!