cancel
Showing results for 
Search instead for 
Did you mean: 

Enterasys S8 Flapping ports

Enterasys S8 Flapping ports

Pedro_Redondo
New Contributor II
We're observing a higher-than-desired number of "bad" ethernet port > negotiations. On Two ports of this Switch , I ve tried all posible combinations of ( duplex , negocitation speed etc) in both sides, but these ports continues up/down.
These port not have much traffic.
Does any have any experience that they can share regarding issues that might > cause less-than-optimal negotiation? ( cable issues, NIC driver bugs, > Enterasys S8 configuration)?
Help is much appreciated.

Cheers


3 REPLIES 3

Mark_Lamond
New Contributor III
Thanks for your post James.

We just experienced a partial meltdown due to this issue with Microsoft SCCM 2012 causing MAC's to be spoofed. This was confusing the hell out of our switches and causing rolling blackouts:
https://supportforums.cisco.com/discussion/11835361/mac-address-flapping-and-sccm-wake-proxy

This explains that when clients were going to sleep, the issue was worse. Apparently Microsoft use some sort of election process to work out which PC on the local subnet becomes the "MAC spoofing master".

We only found the problem by getting Wireshark out - the first thing that jumped out was some clients pinging all others on the local subnet and ARP'ing to find each other's MAC's. Normally a client has no reason to speak to another client, most traffic should be client to server.

The PC's sending out all the pings were also recieving lots of TCP SYN's on port 25536 from other PC's on the LAN. SCCM's SleepAgentService.exe was the process running on port 25536 on the affected workstation.

Now I have an explanation for why the link flaps also. 🙂

Whoever at Microsoft thought MAC spoofing was a good idea needs their head examined! It might work fine on a $50 Netgear or D-Link, but it's going to cause severe issues on enterprise grade switches from any manufacturer.

More here:
https://social.technet.microsoft.com/Forums/en-US/a0ba31d1-e3cc-4218-80ee-f67583fb4ddd/client-settng...

The funny thing is while looking at this problem I kept thinking it was the type of thing malware would do (or at least rather bizzare malware) - guess I wasn't too far from the truth!

Thanks,
Mark

Pedro_Redondo
New Contributor II
Thanks for your reply James is much apreciated,
But i have checked the hardware part, My Enterasys S8, have more than 400 Gigabit Ethernet port but only flap 4, in two different machines (that have one port intel and one port broadcom each one).
The counnters no have CRC errors or discard , and the machines have linux operating system both, No Energy Saving configurated, and have updated Driver in both cases ...
Today i am trying to connect one port to a Windows PC and monitoring for one hour for example ... I post the results here....

Cheers

JAMES_WIEDEL
New Contributor II
Port flaps are almost always caused by some hardware issue, typically a bad/damaged cable or a sick NIC. I've never seen bad negotiations causing this. There is a new(er) feature that Microsoft has that is sometimes called Wake-on-LAN. When configured, the PC goes to sleep and wakes periodically to see if it is supposed to fully wake up. When it does that, it brings the link UP, then checks, then takes the link back DOWN if it isn't supposed to wake up then. That looks like a link flap and can happen several hundred times overnight.

If that hasn't been configured, go after the cable, especially if it happens when the PC is supposed to be online during the day. Check for connectors falling out, tangled in someone's feet, smashed behind desks, etc. We find physical damage to be the most prevalent issue for machines not working.
James

GTM-P2G8KFN