Unsolved
This post is more than 5 years old
1 Rookie
•
22 Posts
0
3548
Oversized packets between N2048 and N4064F
I've set up a link between a N2048 (Tengigabitethernet 1/0/2) and a N4064F (Tengigabitethernet 1/0/48) with a DELL DAC. These two switch are configured with MTU set to 9216 on each switch.
But on the 2 ports involved in this link I get a lot of :
On the N2048
# show interfaces counters tengigabitethernet 1/0/2
Received packets dropped > MTU: ............... 303283
Transmitted packets dropped > MTU: ............ 155494
On the N4064F:
#show interfaces counters Tengigabitethernet 1/0/48
Received packets dropped > MTU: ............... 147596
Transmitted packets dropped > MTU: ............ 221817
I do not understand why this occure as MTU is the same for the 2 switchs. Any idea ?
Thanks
Patrick
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
February 7th, 2017 09:00
Hi,
What types of devices are connected to the switches? If it is connected to a vswitch those packets could be coming in at the wrong size. You may also want to make sure that the switch firmware is up to date on both switches.
begou
1 Rookie
1 Rookie
•
22 Posts
0
February 8th, 2017 05:00
Thanks for your reply
These 2 switchs are connected to cluster nodes and servers with a MTU set to 9000.
There are also IDRAC et unix nodes on the N2024 with MTU set to 1500.
That I do not understand is why this error message occure only on the uplink as the MTU is the same on the 2 switchs and set to 9216 (lager than on the connnected hosts) ?
If a packet has wrong MTU from a server, the error should be reported on the switch port it is connected to. And I've only errors on the uplink between the 2 switchs. Or I'm wrong with this behavior (I'm not a networking gourou) ?
I've changed the DAC cable, the error is the same.
Patrick
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
February 8th, 2017 09:00
What version is the firmware at?
begou
1 Rookie
1 Rookie
•
22 Posts
0
February 9th, 2017 03:00
Hi Josh
These 2 switch N2048 and N4064F have 6.2.0.5 firmware level (I've updated the firmwares before puting them in prod).
Patrick
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
February 9th, 2017 06:00
Here are the current firmware versions, you may want to try updating.
N2000 http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=9824X&fileId=3594872080&osCode=NAA&productCode=networking-n2000-series&languageCode=en&categoryId=NI
N4000 http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=P3F19&fileId=3594871950&osCode=NAA&productCode=networking-n4000-series&languageCode=en&categoryId=NI
begou
1 Rookie
1 Rookie
•
22 Posts
0
February 9th, 2017 07:00
Hi Josh,
I think your suggestion is a very good idea. Looking in details to the release notes I found a corrected bug about "Receive and transmit packets dropped > MTU counters increasing" in Release 6.2.1.6!
So, may be it is just a "counter bug!"
I'm not very familar with firmware update but it is obviously the first step to do when problems arise.
I'll proceed to the updates now.
Patrick
begou
1 Rookie
1 Rookie
•
22 Posts
0
February 10th, 2017 01:00
I've updated the first switch to 6.3.1.13. All run fine but now I'm unable to use a browser to connect to the switch. I get a SSL_ERROR_NO_CYPHER_OVERLAP with firefox or seamonkey (latest centos6 or redHat6 version). I saw some changes in the release notes since my old firmware version:
"Disable SSL Version 2 and 3 Protocols and user TLS1.0 or higher " in release 6.2.6.6 and they suggest that "ip http secure-protocol" allows to configure the desired protocol.
This command is not documented in the latest CLI reference guide (january 2006 version). With the online command documentation I try to execute:
ip http secure-protocol TLS1 SSL3
But it does not help. Any suggestion is welcome before I try to update the other switch.
Patrick
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
February 10th, 2017 09:00
Try setting about:config into the firefox address bar (confirm the info message in case it shows up) & search for bold preferences starting with security. - right-click and reset those entries to their default values.
It has to do with the changes to TLS.
begou
1 Rookie
1 Rookie
•
22 Posts
0
February 13th, 2017 09:00
Hi Josh
I've reset to original values all bolds security tags (no security* tag in bold now) on Firefox. Connecting to the switch provides an information page saying the connection is unsecure, an "advanced" button and the message: "SSL_ERROR_NO_CYPHER_OVERLAP".
If I click on this button i can accept to use lower security but connection fails with:
SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT
and
security.tls.incsecure_fallback_hosts becomes bold and is set to my switch IP.
The only way to connect is http with a browser after the firmware update
security.tls.version.min is set to 1 and security.tls.version.max to 3 (defaults values)