Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
674
Views
0
Helpful
2
Replies

Incorrect MAC address count on ME3400G SW 12.2(44)SE6?

mikaelbje
Level 1
Level 1

‎02-07-2014 02:22 AM - edited ‎03-07-2019 06:04 PM

I've been troubleshooting a network for a while where the problem appears to be MAC address table filling up. My customer has two ME3400G-12CS-A switches on two sites connected over a WAN link with local subnets routed between each site. Site 1 acts as a hub and has internet connectivity where Site 2 is a spoke connected to the other site. The issue we're having is that the hub seems to fill up its TCAM tables in peak periods, seriously degrading performance. I haven't been able to figure out why yet as the MAC and unicast tables support 5k entries each (verified in the data sheet and "show sdm prefer") and we should be nowhere near that.

I've been searching through the bug toolkit and googling issues or inconsistencies with the TCAM tables but haven't found any information on the apparent issue, so I believe this is an undocumented defect in SW 12.2(44)SE6. Both switches run the "default" sdm template.

My findings so far:

The hub (Site 1) runs the following:

Switch Ports Model              SW Version            SW Image                

------ ----- -----              ----------            ----------              

*    1 16    ME-3400G-12CS-A    12.2(44)SE6           ME340x-METROIPACCESSK9-M

hub#sh mac address-table count | i Total Mac Address Space

Total Mac Address Space Available: 1471

hub#sh mac address-table | i Total Mac Add

Total Mac Addresses for this criterion: 1258

hub#sh platform tcam utilization


CAM Utilization for ASIC# 0 Max Used

Masks/Values Masks/values


Unicast mac addresses: 656/5248 430/3359

IPv4 IGMP groups + multicast routes: 144/1152 10/54

IPv4 unicast directly-connected routes: 656/5248 430/3359

IPv4 unicast indirectly-connected routes: 528/4224 32/175

IPv4 policy based routing aces: 512/512 2/2

IPv4 qos aces: 512/512 37/37

IPv4 security aces: 1024/1024 21/21


The spoke (Site 2) runs the following:

Switch Ports Model SW Version SW Image

------ ----- ----- ---------- ----------

* 1 16 ME-3400G-12CS-A 12.2(53)SE ME340x-METROIPACCESSK9-M



Configuration register is 0xF

spoke#sh mac address-table count | i Total Mac Address Space

Total Mac Address Space Available: 3833

spoke#sh mac address-table | i Total Mac Add

Total Mac Addresses for this criterion: 1145

spoke#sh platform tcam utilization


CAM Utilization for ASIC# 0 Max Used

Masks/Values Masks/values


Unicast mac addresses: 656/5248 157/1175

IPv4 IGMP groups + multicast routes: 152/1216 9/45

IPv4 unicast directly-connected routes: 656/5248 157/1175

IPv4 unicast indirectly-connected routes: 528/4224 25/117

IPv4 policy based routing aces: 512/512 2/2

IPv4 qos aces: 512/512 41/41

IPv4 security aces: 1024/1024 27/27

Summary:

hub: 1471+1258 = 2729 (almost 3359 from TCAM utilization)

spoke: 3833+1145 = 4978 (almost 5k/5248 from TCAM utilization)

The hub in total only seems to support 3k MAC addresses whereas it should support 5k. The only differences between the switches I can find are different HW revisions and SW versions. Is this most likely a software bug in 12.2(44)SE6? Is it only cosmetic or is it the cause of the degraded capacity?

Any comments?

Labels:
0 Helpful
2 Replies 2

mikaelbje
Level 1
Level 1

‎02-12-2014 07:47 PM

Upgraded to 12.2(60)EZ3 hoping that it would go away, but the problem is still there. I can't really seem to understand how the switch allocates MAC addresses. It perfectly matches the amount of directly-connected routes, but I wasn't expecting the MAC table to show more MAC addresses than the switch has actually learned.

0 Helpful

Tom Watts
VIP Alumni
VIP Alumni
In response to mikaelbje

‎02-13-2014 09:39 AM

Hi Mika, I think you should determine where the MAC come from. MAC address should only be learned on the ingress interface. So if your uplink to the network is where the MAC addresses learned, it is safe to say it originated from the upstream. Then your problem is the network side. If the large amount of MAC is on a LAN facing port, then you should go to the upstream device directly connected to see if your network learns those same MAC addresses on the ingress port facing toward that ME3400.

Once you identify the 'rogue' MAC, you can use a MAC look up tool

http://www.coffer.com/mac_find/

This can at least tell you the vendor the MAC comes from which may be logical or illogical if you're aware of what connects to and through the switch.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card