Oversized packets between N2048 and N4064F

Hi,

What types of devices are connected to the switches? If it is connected to a vswitch those packets could be coming in at the wrong size. You may also want to make sure that the switch firmware is up to date on both switches. 

Thanks for your reply

These 2 switchs are connected to cluster nodes and servers with a MTU set to 9000.

There are also IDRAC et unix nodes on the N2024 with MTU set to 1500.

That I do not understand is why this error message occure only on the uplink  as the MTU is the same on the 2 switchs and set to 9216 (lager than on the connnected hosts) ?

If a packet has wrong MTU from a server, the error should be reported on the switch port it is connected to. And I've only errors on the uplink between the 2 switchs. Or I'm wrong with this behavior (I'm not a networking gourou) ?

I've changed the DAC cable, the error is the same.

Patrick

Hi Josh

These 2 switch N2048 and N4064F have 6.2.0.5 firmware level (I've updated the firmwares before puting them in prod).

Patrick

Here are the current firmware versions, you may want to try updating.

N2000 http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=9824X&fileId=3594872080&osCode=NAA&productCode=networking-n2000-series&languageCode=en&categoryId=NI

N4000 http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=P3F19&fileId=3594871950&osCode=NAA&productCode=networking-n4000-series&languageCode=en&categoryId=NI

Hi Josh,

I think your suggestion is a very good idea. Looking in details to the release notes I found a corrected bug about "Receive and transmit packets dropped > MTU counters increasing" in  Release 6.2.1.6!

So, may be it is just a "counter bug!"

I'm not very familar with firmware update but it is obviously the first step to do when problems arise.
I'll proceed to the updates now.

Patrick

I've updated the first switch to 6.3.1.13. All run fine but now I'm unable to use a browser to connect to the switch. I get a SSL_ERROR_NO_CYPHER_OVERLAP with firefox or seamonkey (latest centos6 or redHat6 version). I saw some changes in the release notes since my old firmware version:

"Disable SSL Version 2 and 3 Protocols and user TLS1.0 or higher " in release 6.2.6.6 and they suggest that "ip http secure-protocol" allows to configure the desired protocol. 

This command is not documented in the latest CLI reference guide (january 2006 version). With the online command documentation I try to execute:
ip http secure-protocol TLS1 SSL3

But it does not help. Any suggestion is welcome before I try to update the other switch.

Patrick

Try setting  about:config into the firefox address bar (confirm the info message in case it shows up) & search for bold preferences starting with security. - right-click and reset those entries to their default values.

It has to do with the changes to TLS.

Hi Josh

I've reset to original values all bolds security tags (no security* tag in bold now) on Firefox. Connecting to the switch provides an information page saying the connection is unsecure, an "advanced" button and the message: "SSL_ERROR_NO_CYPHER_OVERLAP".

If I click on this button i can accept to use lower security but  connection fails with:

SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT

and

security.tls.incsecure_fallback_hosts becomes bold and is set to my switch IP.

The only way to connect is http with a browser after the firmware update

security.tls.version.min is set to 1 and security.tls.version.max to 3 (defaults values)