Cisco Switching/Routing :: Ignored And Overrun Packets On 7204VXR?
Feb 21, 2012
I am seeing packets being ignored on GigabitEthernet0/0, but can't find any reason what the reason can be for that. So far calculated that about 3% of the traffic is being ignored. If it was caused by shortage of input buffers, I would expect to see increasing counters somewhere at no_buffer, but that is not the case. The average txload and rxload on the router is low all times.
#sh int g0/0GigabitEthernet0/0 is up, line protocol is up Hardware is i82543 (Livengood), address is 0012.7f8a.8008 (bia 0012.7f8a.8008) Description: ;Link to NORISMP998 G5/2 Internet address is 151.175.19.102/30 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 2/255, rxload 2/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX output flow-control is XON, input flow-control is XON ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters 8w2d Input queue: 0/75/522186/1117 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 11667000 bits/sec, 2319 packets/sec 5 minute output rate 9377000
I found increasing number of overrun in the tengigabit interface. The hardware is 6509 with sup720-3B and the overrun output is shown in WS-X6716-10GE module. The connected device to WS-X6716-10GE is EMC Islion S200. I think the capability of WS-X6716-10GE can handle EMC NAS device and the load is not so busy. So I have no idea of handling this and the reason why this overrun packet is shown.
We have a customer who uses about 20 x c2960's switches for access layer and 2 x c3560e for distribution layer. C2960's uses C2960-LANLITEK9-M , Version 12.2(58)SE1. Everything was working fine. Now we got information, that sometimes there are problems with connectivity. Customer tries to reach internet.
SW11#sh int fa0/18 FastEthernet0/18 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is e8ba.806a.4412 (bia e8ba.806a.4412)
We have a 3750x 24s acting as a root switch for about 10 other 3750x's. Everything else seems fine, but the device stopped forwarding packets to the applied static route. [code]
two interfaces with traffic going through, placed in a Data-VRF
Another physical interface and loopback interface in the global routing-table.
ip flow ingress on all physical interfaces configured
It was running for at least a year: I was getting netflow packets on my analyzer from the box. Since a couple of weeks I get no netflow-packets anymore.debug ip flow export tells me "IPFLOW: Sending export pak to ... port 2055"
But the packet is not leaving the box. By setting up an ip sla monitor udp-echo I simulated some traffic (udp/2055) which is leaving the box.
I have a stack of 2 C3750-switches (WS-C3750G-24TS-1U) with IPBASE-firmware (12.2(52)SE).
When I ping to a machine (in this case a virtual one), the replies are always received on the port where the machine is connected, but on the port-channel connecting to the stack of the 'pinging device' the reply comes only for certain initiators, and not for all.
Setting: Gi1/0/6: Device/Server I want to connect too ; defined as access port Gi1/0/25 + Gi2/0/25, as Port-Channel 1: The location of the devices I connect (read as: the uplink to the stack of the PC's), defined for Dot1Q-trunking
Monitoring setup: Source ports: Both: Gi 1/0/6, Po1 (or Po1 replaced by both interfaces)
For the machines which can ping the server I see 2 echo (ping) requests, followed by 2 echo (ping) replies ... So once seen on the Po1, and once seen on the interface Gi1/0/6.
However for other machines, the 2nd reply is missing ; which must be caused by the dropping of these packets in the switch. At least, I my opinion this must be the reason... But I can't see any (change of) output drops at int Po1, nor at Gi1/0/6. The CPU doesn't seem to have high usage, and even then, I don't think the error would be constant, as it's always failing for some PC's, and never for others... (at least for a certain time, a few hours it can be constant, the problem dissapears from time to time).
From everything I read it seems like DFC is for forwarding packets. When I hear packets I think of layer3. If my 6500s are just being used as a big layer2 only switch do I need a DFC? I am being told the 6500 looks at the layer 2 frame and the layer 3 patch header information before forwarding the frame. How true is this?
My C6500 is having relatively high CPU (no spikes, but constantly)
I'm under the impression that cef is causing this problem because alot of packets are being processed or send to/from the CPU. [code]
I did a netdr and I can see that the majority of packets going to the CPU are packets for which I have an entry in the CEF table.What can be a reason why those packets don't get hardware switches?I'm running Version 12.2(33)SXH5 - Sup720-10G.
I am having trouble with my Cisco SG300 switch big time. I have two servers with IP addresses 10.17.0.11 and 10.17.0.29 sitting on the same switch which is a Cisco SG300. I initiate a file transfer from 10.17.0.11 to 10.17.0.29. I could see lots of Dup Acks and retransmissions which means something is wrong in the connection. Further, I could see the session initiation a bit bizarre. I could see two SYN packets sent from 10.17.0.11 to 10.17.0.29 and also two SYN ACK packets returned by 10.17.0.29. The switch forms part of a network but since both the servers are sitting on the same switch I suppose the rest of the network doesn't come into play when one server talks to the other.
See also the number of Dup Acks and retransmissions. The two switch ports connecting the servers have speed and duplex set to auto negotiate, flow control is enabled. What could cause this sort of problem?Could it be any setting on the switch or the servers' NICs?Or could it be a bad switch that causes this?
i have several cisco 6500 switches, and user switched connected to them.in my example i have a global service vlan, where some access ports are directly connected on the 6500, and this vlan is also allowed on the trunks to the access switch.
now i am connected with ma laptop on a access switch, where my port is in the same vlan. when i do a show mac address-table on my access port, i can see my own mac-address, nothing else.when i start wireshark to see the traffic, all i should see is traffic from or to my MAC, or broadcasts/multicasts.
But i can see other unicast traffic with different source/destination mac than mine.It seem slike these packets get broadcasted over the whole VLAN, but its no broadcast MAC nor IP.
i am wanting to log dropped and oop packets on a c3825 isr with ios12.3(11)T3. on other routers(like a 2951 running 151-4.M2)i can state ip inspect log drop-pkt and it will log to buffer or syslog all dropped and oop packets. can i do this on this 3825 another way
on some of our ports on Nexu 5000 and on the connected FEX we can see a lot of Jumbo Packets though there is not enableed any JumboFrame on the Switch, all Interface and system MTU is set to 1500.
DBE-LINZ-XX41# sh int Eth113/1/27 Ethernet113/1/27 is up Hardware: 100/1000 Ethernet, address: d0d0.fd1b.b69c (bia d0d0.fd1b.b69c)
I have a requirement to monitor downstream data feed from a remote site and feed it to multiple destination devices for recording. The source data will be fed into a port on a Cisco 2960G switch then, using the monitor function, be forwarded to multiple interfaces. This works fine for normal Etherent II traffic. We tried a test using a device that generates IEEE 802.3 Raw packets ('type' field is used as a 'length' field) but found that while the traffic appeared to be accepted by the input port with no errors it was not forwarded to the destination ports, even when using the monitor function. I did try the 'encapsulation replicate' feature with no luck. It does not forward these packets even if I set all the ports into a common VLAN and let the switch just perform a normal switch function (non monitor).
if it is possible to get the IEEE 802.3 raw packets to pass through the switch and if it is, how to or what I need to do to make it work?
I have a switch that I have configured for jumbo packets, but they don't seem to be functioning. I have set system mtu jumbo 9000. The hosts are connected via 2x EtherChannel links. The hosts are jumbo frame enabled, and can ping their own local address using jumbo packets & do-not-fragment flags on the pings. They cannot, however, ping each other or the switch that way - it always says that the packet requires fragmentation. I know the attached machines (they're all VMs) and virtual switches support jumbos because I can ping within the virtual interfaces of the VMs. It's just traffic that goes over the switch that fragments.The switch is a WS-2960G-48TC. Here are the various outputs, with a section of config at the end.
hrnacancwtdevs3#show system mtu System MTU size is 1500 bytes System Jumbo MTU size is 9000 bytes System Alternate MTU size is 1500 bytes Routing MTU size is 1500 bytes
I have a problem with the 6500 not exporting netflow data. They are not exported due to no fib.I have read somewhere that this has something to do with VRF. VRF are running on the router.ip flow ingress has been applied to desired ip int.Is there anything I could do to make it export netflow data?
VSS-core-XXX-rs1#sh ip flow export Flow export v5 is enabled for main cache Export source and destination details : VRF ID : Default Source(1) xxx.xxx.83.253 (Unknown)
why the QoS deployment causes ports on 2960 switches to drop packets although there is no bandwidth contension? (output bit/second of the interface)packet drops at threshold 1, queue 2 ( queue 3 in config)
We are using Catalyst 2960 switches and are experiencing issues with QoS. After the QoS, we experience a lot of packet drops and it make the network slow. It appears that the slow performance relates to the egress queuing of each port.
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5 WS-C2960-48TT-L
switch_06#show inter fa0/1 | in drops|queue|output input flow-control is off, output flow-control is unsupported Last input never, output 00:00:01, output hang never
I put a QoS in a WS-C3560CG-8TC-S version 12.2(55)EX2. in our lab file upload or download speed much reduced and drop the packets with QoS everyting is fine without QoS
Here is the config: My question is why I speed reduced a lot and packets to be dropped with QoS.everything is fine WITHOUT QoS.
class-map match-any VoIP description Voice IP Phone RTPmatch access-group 157 class-map match-any WEB description Internal Web, SSL Web, DNS query, Pinnaclematch access-group 153 ! policy-map QOSMARK class VoIP set dscp ef class WEB set dscp cs3
In fact i receive traffic on a one client per vlan basis (traffic is PPPoE), i receive all this traffic on a router, collecting all these vlan on a bridge where the pppoe packets are treated.When I use a transeiver to convert operator fiber arrival to my router copper media interface, i have no problem....
When I use dot1q-tunnel to make the same on my 3750, packets seems to be corrupted.I get PPPoE timeouts and packet loss, not regulary, totally stochastic...
I made dozen of tests and different settings, without success I first thougt of MTU issues. [code] I made tests with system MTU and/or system jumbo MTU above 1500, without success.I didn't found any known caveats on 3750 running Version 12.2(25r)SEE4 related to dot1q-tunnel.
I am trying to block all dhcp packets through 2960S lan base IOS. But when i set no trust interface for dhcp snooping, the dhcp packet source port will be err-disabled. Is there any other solution to block any DHCP packet through switch without interface or other service outage?Is possible to block DHCP packet through specific VLAN?
I'm using a Catalyst 4948. It seems to drop all truncated packets. I don't know whether this is an expected behavior.I'm developing a program which processes packets in the following steps:
1) capture packets 2) if a packet is too long, truncate it to a certain length 3) insert a vlan tag (say 100) to each packet 4) send them to the switch
Mac address learning is disabled on the vlan 100, so the packets should be seen at all ports of the vlan. However, I only observed untruncated packets. Truncated packets seemed to be dropped by the switch.The summary of the source port is:
Almost no packets were output.I see a Cisco document says "ingress port drops corrupted packets" [URL] then my questions are:
1) Is this the root cause of dropping truncated packets?
2) What criteria does a switch use to check corrupted packets? My understanding is that truncated packets could have wrong L3 and L4 data, but they can't be detected at L2.
3) If switch drops mal-format packets, can we disable this feature?
We have the problem that MPLS labeled packets are not being processed on EHWIC-1GE-SFP-CU if L3PDU + Shim-Header exceeds 1500 bytes.When we move the config exactly to the on-board Interface Gi0/0 it works with put any problems. [code]
I recently installed DHCP snooping on a 3750v2 switch (Version 12.2(55)SE4) and configured the uplink(Po2) as a trusted port. The problem is that clients cannot receive an IP address. When I disable DHCP snooping it is working properly. DHCP snooping is configured correctly but I don't have an idea how to resolve it. [code]I tested the solution on the same kind of hardware switch and firmware and it worked out fine. What is causing the clients not to receive an IP address from the DHCP server?
Basically I have netflow which i'm trying to use to export to a netflow collector. I'm pretty sure that the 3750-X does support netflow. I've recently updated IOS on the 3750-X to support flexi netflow.For some reason the netflow packets are not being exported to the server. I'm using Opmanager which should present the netflow stats in the form of a graph. I'm using a universal IOS image. (C3750E-UNIVERSALK9-M), Version 12.2(58)SE2 3750-X WS-C3750X-24T-S
We have a remote site that is using 3750X switches as layer 2 switches back to our home site. The uplink port is showing dropped packets but the utilization on the link is never about 10%. We have a 100Mb circuit to this site. Our speed tests and iperf tests are not showing any issues that we can see. However the port is still droping packets. It is not dropping at a high rate but they are dropping.
A specific switch port which happens to be part of a 2 switch 3750 Switch Stack is seeing multiple CDP packets from 3 extra switch port interfaces that are not directly connected. Noteworthy is that the far end devices have the correct CDP entries and I physically confirmed at least two of those connections that lead to the switch "upstream to the culprit switch". Tricky part is that its production so room for maneuvering is limited. At some point I disabled all Ports save for the real uplink and the problem momentarily disappeared. Re-enable the interfaces problem resurfaces. Is there an explanation, technique to eliminate the culprit with minimal disruption?
I've got a 1760 router which uses port forwarding (25, 80 and 443) for my internal network services. If, let's say, I try to open a FTP connection on the router, of course the connection will be refused. Is there a way to make the router DROP the packets instead of rejecting them? My Linux iptables configurations drop packets who fail the firewall test, so I would like the router to perform that behavior.Commands for port forwarding:ip nat inside source static tcp 10.10.0.1 80 int f0/0 80 (these work fine)
I've a big problem with a loss of packets ICMP sent by different hosts in differents VLAN. Here my architecture:
Core Switch : 2 Switch's C6509 (Version 15.0 (1) SY1)- Mode VSS - One lien VSL , the other link is defective.Access Switch: C3750 , Connected to Core Switch through 2 fibre optique wires.Topology: redundant ring
When I send consecutive ping message I found always a missing of packets . Furthermore When I insert the "show ip traffic" command., the parameter "bad hop count" increase after a loss of packets. I've 2 hosts connected in my network and they send packets with TTL =127.
In the Core Switch I haven't configured the MEC because it gave me troubles with the packets multicast.
On one of our N7K, we have some packets dropped by the COPP policy in the class-default class-map. Partial results of "show policy-map interface control-plane" not so long after clearing the counters : [code]
what traffic is dropped by the policy ? Is there any logging possible ?
I have some Ethernet-connected cameras that all have the same Ethernet MAC address FF:FF:FF:0A:0A:0A. They were originally designed to directly connect to a Windows PC, but they can also connect through a simple unmanaged switch.A Catalyst 3560 switch won't forward packets to or from anything with that MAC address, at least not by default. Is there a way to convince the switch to do so?
It was my hope to replace the dedicated connections we have for these cameras with a separate VLAN for each camera, and switch them through our existing switch network. Given that all of the cameras use the same MAC address, putting them on the same network is out of the question, but different VLANs, where the only two devices on each VLAN were the camera and the PC that uses it, would be fine.
The switches run IOS 12.2(55) SE through SE3. I learned the camera MAC address from the PC's ARP table while the camera software runs; it turns out the cameras don't have a full IP stack either and don't even do ICMP.
I faced with issue on ME3800. [code] With that configuration there is no problem with DHCP Relay packets.But if I add on interface #xconnect 82.199.1 19.1 77 encapsulation mpls it will stop forward DHCP relay packets immediately. All other traffic transfers without problem.
