Page 1 of 2 12 LastLast
Results 1 to 10 of 18

Thread: Network Problem Opinions Needed....

  1. #1
    Junior Member daffyduc's Avatar
    Join Date
    Nov 2009
    Posts
    27

    Default Network Problem Opinions Needed....

    We have been going back and forth with a few consultants about an Issue that they cannot seem to answer but have a "solution".... what do you think?

    here is the scenario basically.

    lets say you have 5 switches in a warehouse environment - fiber between switches.

    Router/FW/Outside World/Etc
    |
    |
    SW1 _____ SW4____Sw5
    |
    |
    SW2
    |
    |
    SW3

    Now here is the problem: We have been seeing major slowdowns at switch 2 and switch 4...

    This is a remote facility so we asked a consulting company to go out and take a look at it. They sent us back the wireshark logs while plugged in to switch 2.

    what they see at switch 2 are packets destined for a host that lives on switch 5 coming from a host that lives on switch 1 ?! these are non-broadcast packets.

    I verified this in the logs... so at first glance it appears that the switch is acting like a hub. this is an inherited problem (previous admin left "abruptly") so we figured we should reconfigure the switches since the guy that installed them was known not to be the brightest crayon in the box.... We went ahead and took all the switches down over a weekend (after backing them up of course) and reset them back to factory defaults and then reconfigured them as needed. (standard/basic config(ipaddress, network info, etc no Vlans or anything))

    So a week goes by all is well the issues have stopped.... We think we are out of the woods.

    Well 2 weeks later the issue starts creeping back in. We had the consultants back out and they said the same thing.... Switch acting as a hub. They spent all day pulling logs and running wireshark on all the switches... They came back with a quote to REPLACE all our switches with new ones?!

    So here is where I get a little PO'd these are cisco switches that are only 4 years old. They are running the newest IOS..... WTF are new switches going to do that these cannot?!....

    The consultants rational is that the new switches have Packet Storm Suppression.... The newest IOS has that as well you just need to enable it.... They are saying that the hardware we have will not support it... I cannot find any documentation from cisco confirming that....

    What do you think? .... Any suggestions? .... Ever seen this before?

    let me know if you need clearification on any of this I know this is vague...

    Thanks

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    If these are managed switches, do you have your ports configured for Auto-negotiation? If you do, there's your problem. Auto-negotiation is evil and should be avoided.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default

    Quote Originally Posted by daffyduc View Post
    The consultants rational is that the new switches have Packet Storm Suppression.... The newest IOS has that as well you just need to enable it.... They are saying that the hardware we have will not support it... I cannot find any documentation from cisco confirming that....

    What do you think? .... Any suggestions? .... Ever seen this before?

    let me know if you need clearification on any of this I know this is vague...

    Thanks
    I'm not a pro with Cisco, but what is the highest version number those switches support? Which version do they have? if the firmware is not supported, then you can have all sorts of weird problems, like the ones described by your vendors.
    This is the sixth time we have created a thread about it... and we have become exceedingly efficient at it.

  4. #4
    Junior Member daffyduc's Avatar
    Join Date
    Nov 2009
    Posts
    27

    Default

    Quote Originally Posted by g3ksan View Post
    I'm not a pro with Cisco, but what is the highest version number those switches support? Which version do they have? if the firmware is not supported, then you can have all sorts of weird problems, like the ones described by your vendors.
    I handle the security side of this world. I am not the network admin.... she has been keeping me in the loop as I have a good networking background and it never hurts to have an extra set of eyes.

    I do not know the version numbers and exact details.

    she said they are on the newest firmware... when they did the reconfig they upgraded them....

    I will have her check if auto-negoc is enabled.... Thanks

    after researching.... these switches may be older than I thought.... she said they were installed 4 years ago but they might be older than that.... they are 2955's and 2950's I was think thing those are more like 6 or 7 years old.... but the specs say they support broadcast suppression....

  5. #5
    Junior Member g3ksan's Avatar
    Join Date
    Jan 2010
    Location
    Florida
    Posts
    93

    Default

    Quote Originally Posted by daffyduc View Post
    after researching.... these switches may be older than I thought.... she said they were installed 4 years ago but they might be older than that.... they are 2955's and 2950's I was think thing those are more like 6 or 7 years old.... but the specs say they support broadcast suppression....
    :whistles: yeah. I have a 3560 sitting on my desk which is from just under 4 years ago. I think our 2600s that fell into my car while i was carrying them to the dumpster are at least 8 years old. So yeah, they fall between that timeline. We had a 3560 fail on us not too long ago and replaced it with another switch, you might have to take the plunge and look at buying new switches.
    This is the sixth time we have created a thread about it... and we have become exceedingly efficient at it.

  6. #6
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by daffyduc View Post
    I handle the security side of this world. I am not the network admin.... she has been keeping me in the loop as I have a good networking background and it never hurts to have an extra set of eyes.

    I do not know the version numbers and exact details.

    she said they are on the newest firmware... when they did the reconfig they upgraded them....

    I will have her check if auto-negoc is enabled.... Thanks

    after researching.... these switches may be older than I thought.... she said they were installed 4 years ago but they might be older than that.... they are 2955's and 2950's I was think thing those are more like 6 or 7 years old.... but the specs say they support broadcast suppression....
    Cisco EOL'd the 2900 seriess in 2004. So they're more like a decade old.
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #7
    Junior Member daffyduc's Avatar
    Join Date
    Nov 2009
    Posts
    27

    Default

    well then .... the consultants might be on to something... but that does not explain why we are having these issues....

    especially all of a sudden.... this only started about 2 months ago....

    I will talk to the network tech about it when she gets back in town

    thanks guys!

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by daffyduc View Post
    well then .... the consultants might be on to something... but that does not explain why we are having these issues....

    especially all of a sudden.... this only started about 2 months ago....

    I will talk to the network tech about it when she gets back in town

    thanks guys!
    Did someone upgrade the IOS and blank out the previous configuration?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Not sure about the previous issue but it looks like you are running a flat network now after resetting them to factory default configuration, and everything now is on a single broadcast domain. edit: I am just reading what you posted and it looks like you said you just used basic configs, no vlans, so I am assuming this is all on one subnet? It looks like the original topology resembled a router on a stick, do you have the original configs saved somewhere?

    Some proactive things you can do is see if you have multiple macs showing up on a port, then enable port security. It can be tedious for large networks but you can use the err-disable recovery feature and reset the ports after a specific time out or change the violation rule. If you had STP enabled before and someone brought in a cheapo router that didn't support STP you could have had loops. Also as streaker69 said, auto-negotiation has compatibility issues, I always have to hard set my ports, and if you re-setted back to factory, they are definitely on auto.

    Feel free to PM me, I would be more than happy to take a look.

  10. #10
    Junior Member daffyduc's Avatar
    Join Date
    Nov 2009
    Posts
    27

    Default

    Again I am not the network admin. she has been bouncing things off of me. I figured I would throw the issue out to you guys since this place has a wealth of knowledgeable people.

    I was absolutely right you guys have taken it in a whole new direction.

    we have a copy of the original configs and yes it is all one subnet... the network is only about 100 nodes.

    Did someone upgrade the IOS and blank out the previous configuration?
    yes they started from scratch

    I am going to get some more details monday when she gets back... I will make a list for her from what you guys have suggested....

    I will probably point her in the direction of this forum since you guys seem to have a much better grasp on the situation than the consultants....

    Thanks again....

    I will get with her and then let you know what we find.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •