cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1372
Views
10
Helpful
5
Replies

How can I debug why the Catalyst 2960 is dropping traffic?

ziffusion
Level 1
Level 1

Is the Catalyst 2960 switch capable of generating logs about how it handles traffic on a port (why it drops it, for example)? How can I turn this on?

5 Replies 5

Leo Laohoo
Hall of Fame
Hall of Fame
If the port is dropping traffic then post the complete output to the command "sh interface <PORT> controll".

Hello Leo

 

Thanks for the response. I'll post the output of that command soon as I can.

 

What's happening is a little weird (and baffling) though (at least to me). I was hoping for some general pointers on the kind of debug facilities available on this device.

 

Here are some details, if you are interested.

  1. The traffic being dropped is multicast IP.
  2. The traffic gets dropped ONLY if it comes from this specific device. Weirdly enough, if I capture the frames the device puts out, and play it back from a different device - they get switched just fine (I play back the pcap, bit by bit identical to the original frame).
  3. There is another device that puts out a similar multicast stream, and that gets switched fine as well. IGMP snooping is turned on in the switch at the moment, but the fact that this traffic makes it through, implies that the switch is aware of a interested receiver. These frames are bit-wise identical to the ones in question as well.
  4. The device that fails to get through, spoofs the IP address of the other machine that does make it through. They are not on the switch at the same time.

I'll post the output you wanted tomorrow.

Here is the output of "show interface <port> control".

 

  1. Doesn't look like it's dropping traffic.
  2. But the multicast frames don't show up in the SPAN session, and don't seem to be switched.
  3. The multicast number does keep going up, so it's counting something.

 

GigabitEthernet0/9 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 1c17.d35d.a789 (bia 1c17.d35d.a789)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 21:29:08, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 2000 bits/sec, 2 packets/sec
  5 minute output rate 2000 bits/sec, 2 packets/sec
     59570 packets input, 13247207 bytes, 0 no buffer
     Received 56107 broadcasts (46540 multicasts)
     0 runts, 0 giants, 0 throttles
     1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 46540 multicast, 0 pause input
     0 input packets with dribble condition detected
     101671 packets output, 12670936 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out

     Transmit GigabitEthernet0/9              Receive
     12672236 Bytes                         13247463 Bytes                    
        10133 Unicast frames                    3467 Unicast frames           
        91426 Multicast frames                 46540 Multicast frames         
          115 Broadcast frames                  9567 Broadcast frames         
            0 Too old frames                  229210 Unicast bytes            
            0 Deferred frames               10271782 Multicast bytes          
            0 MTU exceeded frames            2728941 Broadcast bytes          
            0 1 collision frames                   0 Alignment errors         
            0 2 collision frames                   0 FCS errors               
            0 3 collision frames                   0 Oversize frames          
            0 4 collision frames                   0 Undersize frames         
            0 5 collision frames                   0 Collision fragments      
            0 6 collision frames       
            0 7 collision frames                7187 Minimum size frames      
            0 8 collision frames                7619 65 to 127 byte frames    
            0 9 collision frames               37831 128 to 255 byte frames   
            0 10 collision frames               2589 256 to 511 byte frames   
            0 11 collision frames               4329 512 to 1023 byte frames  
            0 12 collision frames                 20 1024 to 1518 byte frames
            0 13 collision frames                  0 Overrun frames           
            0 14 collision frames                  0 Pause frames             
            0 15 collision frames

            0 Excessive collisions                 1 Symbol error frames      
            0 Late collisions                      0 Invalid frames, too large
            0 VLAN discard frames                  0 Valid frames, too large  
            0 Excess defer frames                  0 Invalid frames, too small
        53162 64 byte frames                       0 Valid frames, too small  
         5780 127 byte frames          
        40950 255 byte frames                      0 Too old frames           
         1704 511 byte frames                      0 Valid oversize frames    
           78 1023 byte frames                     0 System FCS error frames  
            0 1518 byte frames                     0 RxPortFifoFull drop frame
            0 Too large frames         
            0 Good (1 coll) frames     
            0 Good (>1 coll) frames

Hello,

 

on a side note, the port by itself if left a its default setting wouldn't drop any IGMP traffic.

 

You can only globally debug igmp (debug ip igmp)...

Yogi-Bear
Level 1
Level 1
Yes just use show interfaces to see what kind of drop you than you can drill down.

Please come back and say what does it tell you.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco