This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- RE: InterVLAN Broadcast flooding problem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
InterVLAN Broadcast flooding problem
InterVLAN Broadcast flooding problem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 06:56 AM
Hello,
In our deployment we have a core switch (BD 8800) connecting to edge switches (x440-24p) through aggregation switches (x460-24x).
All the ports on edge switches are configured for at least two vlans, vlan 10 is voice and an untagged vlan for data or other applications.
Now the problem is I am seeing traffic (at least broadcast) from the untagged vlans appearing in voice vlan.
This is happening all over the network hence putting extra load on all ports and as a result the IP Phones are not able to acquire IP from DHCP server. If i remove the tagged vlan (i.e voice) from a specific port then the leakage from that port into voice vlan stops.
Any idea about solving this issue ?
In our deployment we have a core switch (BD 8800) connecting to edge switches (x440-24p) through aggregation switches (x460-24x).
All the ports on edge switches are configured for at least two vlans, vlan 10 is voice and an untagged vlan for data or other applications.
Now the problem is I am seeing traffic (at least broadcast) from the untagged vlans appearing in voice vlan.
This is happening all over the network hence putting extra load on all ports and as a result the IP Phones are not able to acquire IP from DHCP server. If i remove the tagged vlan (i.e voice) from a specific port then the leakage from that port into voice vlan stops.
Any idea about solving this issue ?
23 REPLIES 23
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 11:22 AM
Correct me if I am understanding this wrong but no matter if you have tagged or untagged vlans on the port you plug the laptop into the laptop will be presented with any and all Mcast frames, broadcast frames, unknown mac address frames for all vlans on that port. So you will be seeing packets from other vlans.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 11:10 AM
Hi Paul,The device can only use untagged traffic and thats what it was doing. The IP phones are from Mitel and they detect voice vlan using LLDP MED, which they were successfully doing. The problem arose when they tried to acquire IP from DHCP server and the DHCP DISCOVER messages somehow got lost in all that broadcast traffic and the phones were not able to reach the server.
I will try to elaborate the problem. The issue is not specifically related to voice vlan only.
Test Device is connected to a port 1 which is configured to be tagged for vlan A B C D and untagged for vlan X,
I connect my laptop to port 2 which is configured to be tagged for vlan B C D X and untagged for vlan A.
In this scenario my laptop (at port 2) shouldnt be able to see traffic on vlan A originating from untagged vlan X on port 1 but when i run wireshark I can clearly see the broadcast.
Same happens if i use any other vlan.
I will try to elaborate the problem. The issue is not specifically related to voice vlan only.
Test Device is connected to a port 1 which is configured to be tagged for vlan A B C D and untagged for vlan X,
I connect my laptop to port 2 which is configured to be tagged for vlan B C D X and untagged for vlan A.
In this scenario my laptop (at port 2) shouldnt be able to see traffic on vlan A originating from untagged vlan X on port 1 but when i run wireshark I can clearly see the broadcast.
Same happens if i use any other vlan.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 10:29 AM
Hello Ferhan In your original test you had a device that was on both the data and voice VLAN and your PC was on the data VLAN. The test device was looking for a server that was not there but the IP address on the capture were on the same VLAN. Was the device actually using the TAG for the voice VLAN?
I have seen something like this before where the device that was supposed to be on the voice VLAN came up and originally since it can't get to its server will come up on the untag VLAN. Most voice applications the phone first comes up with a DHCP address on the data and then is told, using LLDP or DHCP, to move over to the voice VLAN and use the tag.
Try this test make the port that the phone is on strictly Voice and tag it to work on the voice VLAN then see if you see the broadcast on data. that would show if broadcast are "leaking" between VLANs or if you are just seeing the voice device sending broadcast on the data VLAN.
Thanks
P
I have seen something like this before where the device that was supposed to be on the voice VLAN came up and originally since it can't get to its server will come up on the untag VLAN. Most voice applications the phone first comes up with a DHCP address on the data and then is told, using LLDP or DHCP, to move over to the voice VLAN and use the tag.
Try this test make the port that the phone is on strictly Voice and tag it to work on the voice VLAN then see if you see the broadcast on data. that would show if broadcast are "leaking" between VLANs or if you are just seeing the voice device sending broadcast on the data VLAN.
Thanks
P
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 09:01 AM
the source address always appears of the device generating the broadcast traffic and destination mac is always 00:00:00:00:00:00. So far I have only reproduced this issue using ARP.
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 08:46 AM
Whether this has any bearing or not - What's the full mac address in your capture, is it a multicast address? Not that it should still traverse a Vlan with your configuration.
Wonder if your not actually seeing traffic transverse Vlans but something else related to the NLB?
Wonder if your not actually seeing traffic transverse Vlans but something else related to the NLB?
