Hi,
First of all you need to look for what kind of devices are connected to these ports. If the answer is servers, look for 'teaming'(lacp) problems mixed with 802.1q.
By other hand, you should review and control the broadcast rate limit at these ports, and count, how many mac's are you seeing.
If you have switches behind, then look for he loop.
Hth,
Robclav
Enviado desde mi BlackBerry. de Vodafone
-----Original Message-----
From: Mad_Prof <dr3d3m3nt0_at_gmail.com>
Sender: nobody_at_groupstudy.com
Date: Thu, 18 Aug 2011 21:46:54
To: <ccielab_at_groupstudy.com>
Reply-To: Mad_Prof <dr3d3m3nt0_at_gmail.com>
Subject: Troubleshooting a suspect L2 loop
Hello,
I had an incident this week where a customer' server was misconfigured and
it was sending out BPDU which resulted in the core switches pegged the cpu
at 99%.
The log output showed multiple events involving duplicate ip addresses ,
specifically the ips of the neighbor core switch and show proc cpu sorted
showed
ARP Input at nearly 20%. I managed to fix the issue by shutting down all the
ports on one switch , bring the ports back online in groups and check if the
cpu levels
would increase. I found the ports involved in a L2 loop and configured
spanning-tree guard bpduguard. These ports immediately went into
err-disable and the cpu came down to about 3%. I managed to fix the problem
without a completely comprehending how L2 loop comes into existence, how to
classify the
type of L2 loop and the correct process to troubleshoot. Any assistance is
greatly appreciated.
Thanks
KS
Blogs and organic groups at http://www.ccie.net
Received on Fri Aug 19 2011 - 07:24:26 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART