Multicast problem with blade and wireless's controllers

marcio.tormente · ‎10-24-2012

Dear experts,

I have no experience with multicast and know I have a problem.

I client of mine have some wireless's controllers (Motorola) that syncronize with AP using multicast, but my client bought some blade servers from IBM that work in cluster using multicast as well.

The big problem is that, when they put the blades in the network, the performace os all wireless divice goes down, both wireless and blades are in the same vlan and the client don't want to criate another now.

Any one knowns how to solve this problem?

Thanks

Marcio L. Tormente

fsebera · ‎10-24-2012

Hi Marcio,

It sound like the problem 'might' be with the multicast address, meaning same destination addresses are being used. Possibly either MAC or group and possibly the two are conflicting. I don't know for sure but this is my best guess.

:

If you could put a sniffer in the mix, you could gather some packet details to possibly reveal the real issue.

Sorry i don't have a better answer.

Frank

marcio.tormente · ‎10-24-2012

Hello Frank,

Thanks for your support.

Is possible that you are right, I know that all divices are in the same subnet and VLAN, this kind of config in my opinion is a big problem, but the client don't want to change.

Is possiblem criate two differents multicast groups ins the same vlan and subnet? And they talk each othe but don't change informations about multcast.

Thanks

Marcio

fsebera · ‎10-24-2012

Hey Marcio,

In your case, the multicast suggestion is just that - "a suggestion" in helping you solving your issue. Before you can start making changes, "I think' you should determine the real issue.

Perhaps -another suggestion - you could try each "system" seperatly and if both systems work while the other is off, then it would appear to be a conflict between the two systems. If one works while the other doesn't, focus on the failing system.

HTH

Frank

marcio.tormente · ‎10-24-2012

Frank,

Before the client buy blade servers, there wasn't configuration about multicast and wireless works fine, after they buy blade servers an put into the network, the problem begin and my client made some configurations by himself, for this reason is not like a change, but apply the best configuration.

Follow the configurations.

!

no aaa new-model

clock timezone GMT -3

switch 1 provision ws-c3750g-24t

switch 2 provision ws-c3750g-24t

system mtu routing 1500

ip routing

ip cef load-sharing algorithm universal B44B427F

ip domain multicast mclane

ip domain-name mclane.br

!

ip dhcp snooping vlan 1

ip multicast-routing distributed

ip multicast cache-headers

ip multicast heartbeat 224.0.0.1 2 2 20

ip multicast heartbeat 224.0.0.2 2 2 20

!

auto qos srnd4

!

diagnostic monitor syslog

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

ip ftp username anonymous

ip ftp password 7 12180B181C12010B3F38

!

interface GigabitEthernet1/0/9

description UX03 A

switchport mode access

switchport port-security aging type inactivity

macro description cisco-desktop

channel-group 3 mode on

spanning-tree portfast

spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/10

description UX05 A

switchport mode access

switchport port-security aging type inactivity

macro description cisco-desktop

channel-group 4 mode on

spanning-tree portfast

spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/11

description # IBM P720 (MCLANGUX01) Ethernet Port:1 (VI - Producao) IP: 10.2.7.1 / 10.2.7.3 #

switchport mode access

switchport protected

logging event status

speed 1000

duplex full

spanning-tree portfast

!

interface GigabitEthernet1/0/13

description # IBM P720 (MCLANGUX01) Ethernet Port:4 (HACMP) IP: 99.2.1.250 #

switchport mode access

switchport protected

logging event status

speed 1000

duplex full

spanning-tree portfast

!

interface GigabitEthernet1/0/14

description # P720 UX01a IBM #

switchport mode access

switchport protected

logging event status

speed 1000

duplex full

spanning-tree portfast

!

interface GigabitEthernet1/0/21

description Porta de Apoio

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

switchport protected

ip access-group multicast in

logging event status

speed 1000

duplex full

!

interface GigabitEthernet1/0/22

description UX75 A

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1

switchport mode trunk

macro description cisco-desktop

channel-group 2 mode on

spanning-tree portfast

spanning-tree bpduguard enable

!

interface GigabitEthernet1/0/23

description SWDIA

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

auto qos trust

macro description cisco-switch

channel-group 1 mode on

spanning-tree link-type point-to-point

!

interface GigabitEthernet1/0/24

description SWDIB

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

ip dhcp snooping trust

!

interface GigabitEthernet2/0/1

description Vlan Cliente1 Vago

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport mode access

shutdown

auto qos trust

macro description cisco-switch

spanning-tree link-type point-to-point

!

interface GigabitEthernet2/0/2

description Vlan Cliente2 Vago

switchport access vlan 20

switchport trunk encapsulation dot1q

switchport mode access

shutdown

auto qos trust

macro description cisco-switch

spanning-tree link-type point-to-point

!

interface GigabitEthernet2/0/3

!

interface GigabitEthernet2/0/4

description RED Vlan HMC UX30

switchport access vlan 70

switchport trunk encapsulation dot1q

switchport mode access

shutdown

auto qos trust

macro description cisco-switch

spanning-tree link-type point-to-point

!

interface GigabitEthernet2/0/5

description RED LTO

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet2/0/6

description # IBM P720 (MCLANGUX02) interface (HMC) IP: 10.2.7.2 / ASI 10.2.7.74 #

!

interface GigabitEthernet2/0/7

description RED UX30 Lan

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet2/0/8

description RED Probe Lan Col

switchport mode access

shutdown

spanning-tree portfast

!

interface GigabitEthernet2/0/9

description UX03 B

switchport mode access

switchport port-security aging type inactivity

macro description cisco-desktop

channel-group 3 mode on

spanning-tree portfast

spanning-tree bpduguard enable

!

interface GigabitEthernet2/0/10

description UX05 B

switchport mode access

switchport port-security aging type inactivity

macro description cisco-desktop

channel-group 4 mode on

spanning-tree portfast

spanning-tree bpduguard enable

!

interface GigabitEthernet2/0/11

description # IBM P720 (MCLANGUX01) Ethernet Port:2 (VI - Producao) IP: 10.2.7.1 / 10.2.7.3 #

switchport mode access

switchport protected

logging event status

speed 1000

duplex full

spanning-tree portfast

!

interface GigabitEthernet2/0/12

description UX05 C

!

interface GigabitEthernet2/0/13

description # IBM P720 (MCLANGUX02) Ethernet Port:4 (HACMP) IP: 99.2.1.251 #

switchport mode access

switchport protected

logging event status

speed 1000

duplex full

spanning-tree portfast

!

interface GigabitEthernet2/0/14

description # P720 UX02a IBM #

switchport mode access

switchport protected

logging event status

speed 1000

duplex full

spanning-tree portfast

!

interface GigabitEthernet2/0/15

description VM1 B

switchport trunk encapsulation dot1q

switchport trunk native vlan 200

switchport trunk allowed vlan 1,10,20,30,40,100

switchport mode trunk

channel-group 15 mode on

spanning-tree portfast

ip dhcp snooping trust

!

interface GigabitEthernet2/0/16

description VM2 B

switchport trunk encapsulation dot1q

switchport trunk native vlan 40

switchport trunk allowed vlan 1,10,20,30,40,100

switchport mode trunk

channel-group 25 mode on

spanning-tree portfast

ip dhcp snooping trust

!

interface GigabitEthernet2/0/17

description VM3 B

switchport trunk encapsulation dot1q

switchport trunk native vlan 40

switchport trunk allowed vlan 1,10,20,30,40,100

switchport mode trunk

channel-group 35 mode on

spanning-tree portfast

ip dhcp snooping trust

!

interface GigabitEthernet2/0/18

description DS4700 B

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet2/0/19

description DS4600 B

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet2/0/20

description B16 B

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet2/0/21

description Porta de Apoio

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

switchport protected

ip access-group multicast in

logging event status

speed 1000

duplex full

!

interface GigabitEthernet2/0/22

description UX75 B

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1

switchport mode trunk

channel-group 2 mode on

!

interface GigabitEthernet2/0/23

description SWDIA

switchport trunk encapsulation dot1q

switchport mode trunk

auto qos trust

macro description cisco-switch

channel-group 1 mode on

spanning-tree link-type point-to-point

ip dhcp snooping trust

!

interface GigabitEthernet2/0/24

description SWDIB

switchport trunk encapsulation dot1q

switchport mode trunk

auto qos trust

macro description cisco-switch

channel-group 5 mode on

spanning-tree link-type point-to-point

!

interface Vlan1

ip address 10.2.8.30 255.255.0.0

ip helper-address 10.2.1.7

ip helper-address 10.2.1.13

ip pim passive

!

interface Vlan7

description #IBM Servers AIX - Oracle#

no ip address

shutdown

!

ip default-gateway 10.2.0.1

ip classless

ip forward-protocol udp ntp

ip route 0.0.0.0 0.0.0.0 10.2.0.1

ip http server

ip http secure-server

ip http max-connections 10

ip http timeout-policy idle 60 life 60 requests 3

ip http client cache ager interval 1

ip http client connection timeout 60

ip http client connection idle timeout 60

ip pim send-rp-announce Vlan1 scope 2

!

ip access-list standard multicast

permit any log

deny 228.2.7.0 0.0.0.255 log

!

fsebera · ‎10-24-2012

One quick note

ip access-list standard multicast

line 1 permit any log

line 2 deny multicast range - what is the purpose of this block and since you have already allow "any' why is this here?

Only these 2 ports apply the multicast ACL. port G1/0/21 and port G2/0/23.

Are the new servers on these two ports?

Just guessing at this point.

Frank

marcio.tormente · ‎10-24-2012

I asked my client about the same topic, because was him that made this configuration and he told me that is was just a

attempt to block a traffic, but he don't know how to do it.

The new server are in

GI 1/0/11 – 1/0/14

GI 2/0/11 – 2/0/14

All of then are AIX and respond by the IP 228.2.7.3.

Thanks for your help

fsebera · ‎10-24-2012

Marcio

ok great. So what is the multicast address 228.2.7.3 used for?

When you say the two systems are not operational, do you mean not operational by mangement terms or by user access terms?

Can you determine what is not working?

marcio.tormente · ‎10-24-2012

Frank

The multicast address is 228.2.7.3.

Let me try explain the problem (sorry for my english).

Is the client leave only de wireless working in the network, nothing happen, but when the client put the AIX servers int the network, the wireless start have problems, many APs can't synchronize with wireless's controllers and many users can't connect to the network as well.

The reason is becuse both system use Multicast to synchronize.

I was thinking about block the multicast's traffic from the AIX servers to wireless's controllers by ACL. Do you thing this kind of config can help?