InterVLAN Broadcast flooding problem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-15-2015 06:56 AM
Hello,
In our deployment we have a core switch (BD 8800) connecting to edge switches (x440-24p) through aggregation switches (x460-24x).
All the ports on edge switches are configured for at least two vlans, vlan 10 is voice and an untagged vlan for data or other applications.
Now the problem is I am seeing traffic (at least broadcast) from the untagged vlans appearing in voice vlan.
This is happening all over the network hence putting extra load on all ports and as a result the IP Phones are not able to acquire IP from DHCP server. If i remove the tagged vlan (i.e voice) from a specific port then the leakage from that port into voice vlan stops.
Any idea about solving this issue ?
In our deployment we have a core switch (BD 8800) connecting to edge switches (x440-24p) through aggregation switches (x460-24x).
All the ports on edge switches are configured for at least two vlans, vlan 10 is voice and an untagged vlan for data or other applications.
Now the problem is I am seeing traffic (at least broadcast) from the untagged vlans appearing in voice vlan.
This is happening all over the network hence putting extra load on all ports and as a result the IP Phones are not able to acquire IP from DHCP server. If i remove the tagged vlan (i.e voice) from a specific port then the leakage from that port into voice vlan stops.
Any idea about solving this issue ?
23 REPLIES 23
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-15-2015 08:23 AM
UPDATE: I disconnected the switch where my laptop is connected from rest of the network.Then i connected another laptop to another port which is configured for untagged data and tagged voice on this same switch.Then I started sending ping request to an unavailable address and I can still see the ARP requested generated by that laptop in data vlan on my laptop which is in voice vlan.
scenario right now:
test laptop--->[switch]<---my laptop
scenario right now:
test laptop--->[switch]<---my laptop
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-15-2015 08:23 AM
Do you use feature like "VLAN Translation" ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-15-2015 08:04 AM
yes you are right 10.154.x.x is data vlan, and I have shutdown all the other switches. only 4 switches are ON in total. The scenario right now is like:
device-->[edge sw]-->[aggregation sw]-->[core sw]<--[edge sw]<---my laptop
the only untagged ports right now are the 2 ports, 1st whre the test device is connected and 2nd where my laptop is connected. Both of these are on different vlans.
The configuration across all the switches is similar so I dont know where the mixup can possibly happen.
And as i mentioned earlier if i remove for example voice vlan from that test port then i stop seeing the broadcast from that device in voice vlan. So as far as i can see the mixup is happening on source port.
device-->[edge sw]-->[aggregation sw]-->[core sw]<--[edge sw]<---my laptop
the only untagged ports right now are the 2 ports, 1st whre the test device is connected and 2nd where my laptop is connected. Both of these are on different vlans.
The configuration across all the switches is similar so I dont know where the mixup can possibly happen.
And as i mentioned earlier if i remove for example voice vlan from that test port then i stop seeing the broadcast from that device in voice vlan. So as far as i can see the mixup is happening on source port.
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-15-2015 07:44 AM
Just to be clear the device 10.154.0.22 I assume is in your Data Vlan right? and your seeing ARP's from this device even though you connected directly into the Voice Vlan?
I cant imagine any other way how layer 2 broadcasts could hop vlans unless they are not connected in someway. Obviously the method I mentioned could be happening / configured anywhere in your network and you would still see it where you are connected.
If not that then I'm stumped at the moment.
I cant imagine any other way how layer 2 broadcasts could hop vlans unless they are not connected in someway. Obviously the method I mentioned could be happening / configured anywhere in your network and you would still see it where you are connected.
If not that then I'm stumped at the moment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎09-15-2015 07:34 AM
here is my config for the edge switch where the traffic at port is getting mixed-up/leaked:
Test device is connected to port 19 which belongs to RMS vlan 15 for untagged traffic. All other vlans are tagged on that port.
172.16.4.22.8 # sh conf # # Module devmgr configuration. # configure snmp sysName "172.16.4.22" configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000" configure sys-recovery-level switch reset # # Module vlan configuration. # configure vlan default delete ports all configure vr VR-Default delete ports 1-24 configure vr VR-Default add ports 1-24 configure vlan default delete ports 1-24 create vlan "CCTV" configure vlan CCTV tag 14 create vlan "Data-Admin" configure vlan Data-Admin tag 12 create vlan "Data-Guest" configure vlan Data-Guest tag 11 create vlan "IPTel" configure vlan IPTel tag 10 create vlan "IPTV" configure vlan IPTV tag 13 create vlan "net-mgmnt" configure vlan net-mgmnt tag 20 create vlan "PA" configure vlan PA tag 23 create vlan "RMS" configure vlan RMS tag 15 create vlan "WAP-Mgmt" configure vlan WAP-Mgmt tag 19 configure vlan CCTV add ports 1-24 tagged configure vlan Data-Admin add ports 1-24 tagged configure vlan Data-Guest add ports 20-24 tagged configure vlan Data-Guest add ports 1-18 untagged configure vlan IPTel add ports 1-24 tagged configure vlan IPTV add ports 1-19, 24 tagged configure vlan IPTV add ports 20-23 untagged configure vlan net-mgmnt add ports 1-24 tagged configure vlan PA add ports 1-24 tagged configure vlan RMS add ports 1-18, 21-24 tagged configure vlan RMS add ports 19 untagged configure vlan WAP-Mgmt add ports 1-24 tagged configure vlan Mgmt ipaddress 172.16.4.22 255.255.0.0 configure vlan net-mgmnt ipaddress 172.16.4.22 255.255.0.0 # # Module fdb configuration. # # # Module rtmgr configuration. # disable iproute ipv4 compression disable iproute ipv6 compression # # Module mcmgr configuration. # # # Module aaa configuration. # configure account admin encrypted "9FtorW$L4OVuc9.2rTtMC7x2AN4K1" # # Module acl configuration. # configure access-list zone SYSTEM application NetLogin application-priority 4 configure access-list zone SYSTEM application HealthCheckLAG application-priority 5 configure access-list zone SYSTEM application IdentityManager application-priority 6 configure access-list zone SYSTEM application VMTracking application-priority 7 configure access-list zone SYSTEM application PolicyManager application-priority 8 configure access-list zone SYSTEM application Snmp application-priority 11 configure access-list zone SYSTEM application Telnet application-priority 12 configure access-list zone SYSTEM application Http application-priority 13 configure access-list zone SYSTEM application Ssh2 application-priority 14 # # Module bfd configuration. # # # Module ces configuration. # # # Module cfgmgr configuration. # # # Module dosprotect configuration. # # # Module dot1ag configuration. # # # Module eaps configuration. # # # Module edp configuration. # # # Module elrp configuration. # # # Module ems configuration. # # # Module epm configuration. # # # Module erps configuration. # # # Module esrp configuration. # # # Module ethoam configuration. # # # Module etmon configuration. # # # Module hal configuration. # # # Module idMgr configuration. # # # Module ipSecurity configuration. # # # Module ipfix configuration. # # # Module lldp configuration. # # # Module mrp configuration. # # # Module msdp configuration. # # # Module netLogin configuration. # # # Module netTools configuration. # # # Module ntp configuration. # # # Module poe configuration. # # # Module rip configuration. # # # Module r.png configuration. # # # Module snmpMaster configuration. # # # Module stp configuration. # # # Module synce configuration. # # # Module techSupport configuration. # # # Module telnetd configuration. # # # Module tftpd configuration. # # # Module thttpd configuration. # configure ssl certificate hash-algorithm sha512 # # Module vmt configuration. # # # Module vsm configuration. # 172.16.4.22.9 #
Test device is connected to port 19 which belongs to RMS vlan 15 for untagged traffic. All other vlans are tagged on that port.
172.16.4.22.8 # sh conf # # Module devmgr configuration. # configure snmp sysName "172.16.4.22" configure snmp sysContact "support@extremenetworks.com, +1 888 257 3000" configure sys-recovery-level switch reset # # Module vlan configuration. # configure vlan default delete ports all configure vr VR-Default delete ports 1-24 configure vr VR-Default add ports 1-24 configure vlan default delete ports 1-24 create vlan "CCTV" configure vlan CCTV tag 14 create vlan "Data-Admin" configure vlan Data-Admin tag 12 create vlan "Data-Guest" configure vlan Data-Guest tag 11 create vlan "IPTel" configure vlan IPTel tag 10 create vlan "IPTV" configure vlan IPTV tag 13 create vlan "net-mgmnt" configure vlan net-mgmnt tag 20 create vlan "PA" configure vlan PA tag 23 create vlan "RMS" configure vlan RMS tag 15 create vlan "WAP-Mgmt" configure vlan WAP-Mgmt tag 19 configure vlan CCTV add ports 1-24 tagged configure vlan Data-Admin add ports 1-24 tagged configure vlan Data-Guest add ports 20-24 tagged configure vlan Data-Guest add ports 1-18 untagged configure vlan IPTel add ports 1-24 tagged configure vlan IPTV add ports 1-19, 24 tagged configure vlan IPTV add ports 20-23 untagged configure vlan net-mgmnt add ports 1-24 tagged configure vlan PA add ports 1-24 tagged configure vlan RMS add ports 1-18, 21-24 tagged configure vlan RMS add ports 19 untagged configure vlan WAP-Mgmt add ports 1-24 tagged configure vlan Mgmt ipaddress 172.16.4.22 255.255.0.0 configure vlan net-mgmnt ipaddress 172.16.4.22 255.255.0.0 # # Module fdb configuration. # # # Module rtmgr configuration. # disable iproute ipv4 compression disable iproute ipv6 compression # # Module mcmgr configuration. # # # Module aaa configuration. # configure account admin encrypted "9FtorW$L4OVuc9.2rTtMC7x2AN4K1" # # Module acl configuration. # configure access-list zone SYSTEM application NetLogin application-priority 4 configure access-list zone SYSTEM application HealthCheckLAG application-priority 5 configure access-list zone SYSTEM application IdentityManager application-priority 6 configure access-list zone SYSTEM application VMTracking application-priority 7 configure access-list zone SYSTEM application PolicyManager application-priority 8 configure access-list zone SYSTEM application Snmp application-priority 11 configure access-list zone SYSTEM application Telnet application-priority 12 configure access-list zone SYSTEM application Http application-priority 13 configure access-list zone SYSTEM application Ssh2 application-priority 14 # # Module bfd configuration. # # # Module ces configuration. # # # Module cfgmgr configuration. # # # Module dosprotect configuration. # # # Module dot1ag configuration. # # # Module eaps configuration. # # # Module edp configuration. # # # Module elrp configuration. # # # Module ems configuration. # # # Module epm configuration. # # # Module erps configuration. # # # Module esrp configuration. # # # Module ethoam configuration. # # # Module etmon configuration. # # # Module hal configuration. # # # Module idMgr configuration. # # # Module ipSecurity configuration. # # # Module ipfix configuration. # # # Module lldp configuration. # # # Module mrp configuration. # # # Module msdp configuration. # # # Module netLogin configuration. # # # Module netTools configuration. # # # Module ntp configuration. # # # Module poe configuration. # # # Module rip configuration. # # # Module r.png configuration. # # # Module snmpMaster configuration. # # # Module stp configuration. # # # Module synce configuration. # # # Module techSupport configuration. # # # Module telnetd configuration. # # # Module tftpd configuration. # # # Module thttpd configuration. # configure ssl certificate hash-algorithm sha512 # # Module vmt configuration. # # # Module vsm configuration. # 172.16.4.22.9 #
![](/skins/images/7811FBBBD2FAF02B9BC62558EDF43DD2/responsive_peak/images/icon_anonymous_message.png)