Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Vlan Instability

Status
Not open for further replies.
suderman

suderman

Technical User
Aug 9, 2005
14
PL
Hello,

Yesterday I had a major incident in our LAN.

One of our wi-fi Vlans that is routed on Cisco L3 3750 switch has been paralysed. Devices were able to connect but when You try to ping them 75-90 % of the packets were lost.

After few hours it turned out that two linksys wifi-eth. converters were accidentally linked together with it's eth. interfaces. The effect was that entire Vlan within entire Cisco switched network was almost cutted off.

On our L3 Cisco switch logs I saw plenty of entries like this:

14w0d: %IP-4-DUPADDR: Duplicate address xxx.xxx.xxx.xxx on Vlan6, sourced by 0004.23aa.9eb5

How two little devices linked together could paralyse entire Vlan ?

Do You know how to protect from such situations in the future ?


Thanks.
 
Sort by date Sort by votes
You're lucky it only messed up 1 vlan which means at least you are running some type of per-vlan spanning tree. Also suprised it didn't negatively affect the entire layer 2 topology the switches were connected.
 
Upvote 0 Downvote
We have all been there and done that!! Makes for an interesting day doesn't it ?
 
Upvote 0 Downvote
All it takes is one user to plug in their own little workgroup switch...

One time I had a user plug in their Linksys 4 port switch/dsl router into a network, thinking that they could get on their "home internet"...LOL!

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
Hahaha.

I was investigating a network once after the organisation I worked for was asked to take it over.
I discovered that in two buildings, some old switches were running permanently at very high CPU.

I couldn't get much joy out of them remotely, so I went on-site to one of these buildings and had a look at its switch. The local users said their network always ran slowly and had been like it for years.
I had a look at the switch and it looked like a broadcast storm was running on one VLAN. After looking closely at it, I found that that VLAN wasn't routed on the network and only existed on a few ports, and disabling 2 of those switchports solved the problem. So I traced the cables and hunted around and found the wall-ports these switchports were patched to. Lo and behold, those two wallports were patched into each other.
Exact same situation at another of this organisation's buildings.

So what had happened was this: some passing terrorist had patched two wallports to each other creating a broadcast storm. Nothing unusual about that.
But, then the network guy had investigated the issue and come up with a genius plan: instead of stopping the broadcast storm, he isolated it to its own dedicated VLAN, with all the network users on a different VLAN, causing the switches to chugg along for years providing very poor performance.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cheikhdtn
  • Locked
  • Question
VLAN
Replies
3
Views
85
iggsterman
iggsterman
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
71
mikey789
mikey789
netguy2000
  • Locked
  • Question
C2960TTL multiple Trunk ports with same VLAN
Replies
1
Views
90
chieftan
chieftan
chieftan
  • Locked
  • Question
Strange VLAN issue 1
Replies
1
Views
72
chieftan
chieftan
napoleao
  • Locked
  • Question
Access List Vlan 1
Replies
5
Views
112
napoleao
napoleao

Part and Inventory Search

Sponsor

Back
Top