CISCO SG-300 sending packets out all ports like a HUB

Tud · ‎10-01-2013

Hi All

I have an SG-300-52, I have been having an issue when there is large traffic on the network everything will gring to a halt

After running packet captures on one of the hosts I see packets too and from all hosts on the network (not just broadcast packets, but packets too and from specific hosts) are sent to my capture host. I ran a file transfer betrween to other hosts, and all the packets appeared in the capture log on the capture host

I have upgraded to latest firmware version 1.3.0.62 and this made no difference at all

my config is out of the box config, so all ports are configured in trunk mode and part of the default VLAN 1

it seems that soon as a packet enters this switch is it is sent out all ports

the behaviour stays the same after a reboot

any ideas on why this would be happening?

Thanks for your help

Richard H. Shores · ‎10-01-2013

Unless you are doing any Vlan trunking, you need to setup switchport mode access on the ports instead of trunking. Also, you should setup spanning-tree portfast on interfaces that connect to computers or other devices...DO NO use spanning-tree portfast on any ports connecting to a router or another switch.

Hope this helps!

RIchard

Tud · ‎10-01-2013

Thanks, I have changed all the ports to access mode and this seems to have made no difference, all packets are still getting sent out all ports

even though they were in trunk mode the should not have been behaving that way either

any other ideas?

Richard H. Shores · ‎10-01-2013

I would put the switch in routed mode, which makes it a layer 3 switch. When you do this, it will wipe your configuration, so if you try this, backup your switch first.

Before you do that, if you would upload a plain text running configuration of your switch, I will take a look at it to get a better idea of what is going on.

Richard

Tud · ‎10-01-2013

Hi, I will try and change to layer 3 mode and let you know what happens, my running and startup config are below, I left the certifcates off the end to save some space in the thread

config-file-header
switch121a57
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch

file SSD indicator plaintext
@
voice vlan oui-table add 0001e3

Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add

000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table

add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname switch121a57
username cisco password encrypted

3b14f3ff97862972e3b576a0275053f86554eb1a privilege 15
username fwadmin password encrypted 3b14f3ff97862972e3b576a0275053f86554eb1a privilege 15
!
interface vlan 1
ip

address 10.20.2.246 255.255.255.0
no ip address dhcp
!
interface gigabitethernet1
switchport mode access
!
interface gigabitethernet2
switchport mode access
!
interface

gigabitethernet3
switchport mode access
!
interface gigabitethernet4
switchport mode access
!
interface gigabitethernet5
switchport mode access
!
interface

gigabitethernet6
switchport mode access
!
interface gigabitethernet7
switchport mode access
!
interface gigabitethernet8
switchport mode access
!
interface

gigabitethernet9
switchport mode access
!
interface gigabitethernet10
switchport mode access
!
interface gigabitethernet11
switchport mode access
!
interface

gigabitethernet12
switchport mode access
!
interface gigabitethernet13
switchport mode access
!
interface gigabitethernet14
switchport mode access
!
interface

gigabitethernet15
switchport mode access
!
interface gigabitethernet16
switchport mode access
!
interface gigabitethernet17
switchport mode access
!
interface

gigabitethernet18
switchport mode access
!
interface gigabitethernet19
switchport mode access
!
interface gigabitethernet20
switchport mode access
!
interface

gigabitethernet21
switchport mode access
!
interface gigabitethernet22
switchport mode access
!
interface gigabitethernet23
switchport mode access
!
interface

gigabitethernet24
switchport mode access
!
interface gigabitethernet25
switchport mode access
!
interface gigabitethernet26
switchport mode access
!
interface

gigabitethernet27
switchport mode access
!
interface gigabitethernet28
switchport mode access
!
interface gigabitethernet29
switchport mode access
!
interface

gigabitethernet30
switchport mode access
!
interface gigabitethernet31
switchport mode access
!
interface gigabitethernet32
switchport mode access
!
interface

gigabitethernet33
switchport mode access
!
interface gigabitethernet34
switchport mode access
!
interface gigabitethernet35
switchport mode access
!
interface

gigabitethernet36
switchport mode access
!
interface gigabitethernet37
switchport mode access
!
interface gigabitethernet38
switchport mode access
!
interface

gigabitethernet39
switchport mode access
!
interface gigabitethernet40
switchport mode access
!
interface gigabitethernet41
switchport mode access
!
interface

gigabitethernet42
switchport mode access
!
interface gigabitethernet43
switchport mode access
!
interface gigabitethernet44
switchport mode access
!
interface

gigabitethernet45
switchport mode access
!
interface gigabitethernet46
switchport mode access
!
interface gigabitethernet47
switchport mode access
!
interface

gigabitethernet48
switchport mode access
!
interface gigabitethernet49
switchport mode access
!
interface gigabitethernet50
switchport mode access
!
interface

gigabitethernet51
switchport mode access
!
interface gigabitethernet52
switchport mode access
!
exit
ip default-gateway 10.20.2.254
ip ssh-client key rsa key-pair
----

Richard H. Shores · ‎10-02-2013

Your config looks fine. I did have a question about you default gateway...are you connecting to another switch, firewall, or router of some kind to get to this gateway and which port on this switch is it connecting to?

Once you switch to layer 3, you will need to set a default route in place of the ip default-gateway:

ip route 0.0.0.0 0.0.0.0 10.20.2.254

After you do this, if you do a sh run for the config, it will show ip default-gateway 10.20.2.254 even though the switch is in layer 3. It used to show the actual ip route in the config in previous versions of the firmware...this is cosmetic.

Richard

Tud · ‎10-02-2013

Hi

The only reason there is a default GW is so I can manage it from another site, this was only set when I saw problems with it, so defintely not related to the issue I am haivng

there s another switch (SGE2000p)connected to G51, which has a firewall connected to it, which is the default GW

Cheers

Tom Watts · ‎10-02-2013

Hi Tony, if I had to make a guess, the switch doesn't know where to forward certain traffic therefore sending it out all ports. So my question would be, what traffic are you seeing, where does it originate and where should it go?

It is possible the switch isn't getting a MAC binding in the learning tables hence causing this behavior. Most likely it is something you have externally configured causing the confusion if that's the case.

One of the other problems aside from CAM table issues would be spanning tree. I doubt it's the problem but may be try to filter all BPDU.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Richard H. Shores · ‎10-02-2013

I have to agree with Tom and would try his suggestions.

Richard

Tud · ‎10-03-2013

Hi all

It seems the problem was actually with the SGE2000 switch, that was forwardiing packets out all ports, which the SG-300 was then forwarding out all its ports.

I have updated the firmware on the SGE2000 which seems to have resloved the issue

interestingly there were also Catalyst switches connected to the SGE2000 and they weren't sending packets out all the ports, so it does lead me to think that there may still be and underlying issue with these swiches that had not quite been resloved yet