This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- InterVLAN Broadcast flooding problem
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
InterVLAN Broadcast flooding problem
InterVLAN Broadcast flooding problem
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 06:56 AM
Hello,
In our deployment we have a core switch (BD 8800) connecting to edge switches (x440-24p) through aggregation switches (x460-24x).
All the ports on edge switches are configured for at least two vlans, vlan 10 is voice and an untagged vlan for data or other applications.
Now the problem is I am seeing traffic (at least broadcast) from the untagged vlans appearing in voice vlan.
This is happening all over the network hence putting extra load on all ports and as a result the IP Phones are not able to acquire IP from DHCP server. If i remove the tagged vlan (i.e voice) from a specific port then the leakage from that port into voice vlan stops.
Any idea about solving this issue ?
In our deployment we have a core switch (BD 8800) connecting to edge switches (x440-24p) through aggregation switches (x460-24x).
All the ports on edge switches are configured for at least two vlans, vlan 10 is voice and an untagged vlan for data or other applications.
Now the problem is I am seeing traffic (at least broadcast) from the untagged vlans appearing in voice vlan.
This is happening all over the network hence putting extra load on all ports and as a result the IP Phones are not able to acquire IP from DHCP server. If i remove the tagged vlan (i.e voice) from a specific port then the leakage from that port into voice vlan stops.
Any idea about solving this issue ?
23 REPLIES 23
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 07:35 PM
One other thing regarding seeing the 802.1p/q tag in wireshark, this is very common as a lot of nic's don't support tagging. Some network cards you can enable it in the nic settings or you have to change something in the registry. On my laptop for example my internal mic doesn't support it so I use an external USB Ethernet module that does.
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 07:22 PM
Actually it's funny you should say that as I've seen this before when the FDB table doesn't insert the MAC address of the device until you make it send some traffic, like ping, be interested to see if anyone comes up with an answer on that. Couple of things that would be interesting to try, the first would be to statically configure the phone with an IP, gateway, controller IP, vlan I'd etc and see if it starts working. The other would be to add a helper address / bootrelay command on the voice vlan pointing to your PBX that's acting as the DHCP server for your voice vlan. I know you shouldn't need it on the same vlan but could be worth a try. Not personally tried Mitel phones on the purple kit before, mainly the red.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 03:37 PM
@EtherMAN: you are correct
@Martin: when i connected PC to an untagged voice vlan port it got the IP easily and I could see the dhcp discover packet at Mitel PABX, But when I plugged Mitel Phone into that untagged port (and turned LLDP off) then it just kept on sending dhcp discover message that I could see on wireshark but they most probably never made it to the PABX, which bugged me. This was when a broadcast generating single device was on the network.
Also to me it appeared that the edge switches and Core switch had problem with populating CAM table or something like that because initially when I pinged the PABX (or other devices) then the arp seemingly didnt reach the destination and I never got reply, then i pinged the core switch from PABX and after that the PABX became pingable from core switch and after a minutes or so from other locations. this happened many times but that is not my immediate concern for now.
@Paul: I dont remember running wireshark in promiscuous mode but now that i checked its running in promiscuous mode by default. Anyway in that case shouldnt I be able to see the vlan tag in packets? because i tried to look for it and couldnt find any.
For now I resolved the DHCP issue by removing all other vlans from PABX port and putting it on untagged voice only. But I am still interested in reducing broadcast so please tell me how can I accomplish that ?
Also I wondered myself about the amount of broadcast being generated and its effect on dhcp, I only enabled one device throughout the network and shutdown all other switches and that one device successfully blocked IP Phones' attempt to reach DHCP server on PABX, you can see a screenshot that I posted earlier.
Thanks
@Martin: when i connected PC to an untagged voice vlan port it got the IP easily and I could see the dhcp discover packet at Mitel PABX, But when I plugged Mitel Phone into that untagged port (and turned LLDP off) then it just kept on sending dhcp discover message that I could see on wireshark but they most probably never made it to the PABX, which bugged me. This was when a broadcast generating single device was on the network.
Also to me it appeared that the edge switches and Core switch had problem with populating CAM table or something like that because initially when I pinged the PABX (or other devices) then the arp seemingly didnt reach the destination and I never got reply, then i pinged the core switch from PABX and after that the PABX became pingable from core switch and after a minutes or so from other locations. this happened many times but that is not my immediate concern for now.
@Paul: I dont remember running wireshark in promiscuous mode but now that i checked its running in promiscuous mode by default. Anyway in that case shouldnt I be able to see the vlan tag in packets? because i tried to look for it and couldnt find any.
For now I resolved the DHCP issue by removing all other vlans from PABX port and putting it on untagged voice only. But I am still interested in reducing broadcast so please tell me how can I accomplish that ?
Also I wondered myself about the amount of broadcast being generated and its effect on dhcp, I only enabled one device throughout the network and shutdown all other switches and that one device successfully blocked IP Phones' attempt to reach DHCP server on PABX, you can see a screenshot that I posted earlier.
Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 11:36 AM
EtherMAN you are correct. This is the same as using IP multinetting. If a port is a part of 4 VLANs all the broadcast for those VLANs will go out the port. The switch keeps the broadcasts within the VLAN and sends it to all ports that are part of that VLAN regardless of how many other VLANs are on there.
If you are doing wireshark and it is in promiscuous mode then you will see everything.
If the issue however is that port 1 is on VLAN A and port 2 is on VLAN B and you are seeing VLAN As broadcast on port 2 then that is an issue as both VLANs are not on both ports.
The question I think is why are there so many broadcast that it is affecting your devices from getting DHCP. You can use the port broadcast threshold option to restrict how much broadcast gets sent across the VLAN.
P
If you are doing wireshark and it is in promiscuous mode then you will see everything.
If the issue however is that port 1 is on VLAN A and port 2 is on VLAN B and you are seeing VLAN As broadcast on port 2 then that is an issue as both VLANs are not on both ports.
The question I think is why are there so many broadcast that it is affecting your devices from getting DHCP. You can use the port broadcast threshold option to restrict how much broadcast gets sent across the VLAN.
P
Anonymous
Not applicable
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-15-2015 11:24 AM
Hi Ferhan - appreciate what you are saying, know Mitel very well, but just wondering if your PC therefore gets an IP address when its connected to the Voice Vlan only, untagged.
I know that doesn't address the problem your are outlining but interested in the result based the description you have given regarding the initial phone problem.
Thanks.
I know that doesn't address the problem your are outlining but interested in the result based the description you have given regarding the initial phone problem.
Thanks.
