Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

steveping

6 Posts

14712

May 10th, 2007 15:00

3348 and dynamic vlans

Hi, I have my 3348 ports configured as "switchport access vlan dynamic" with relevent entries in the "vlan database" such as "mac-to-vlan 00:11:22:33:44:55 064". This works well, the machine being placed on the correct vlan when connected to a switch port. However, if the machine doesn't generate any network traffic for a while, the switch places the port back to the default vlan (vlan 1 in my case). This means the machine isn't visible on the network, until it generates some network traffic, when the switch places it back onto the correct vlan. This behaviour is OK for workstations but for servers (where traffic is invariably incoming) this doesn't work. Currently I'm just forcing the server switchports to specific vlans but I'd like to continue to use the dynamic facility. Is there a way for increasing the timeout or (even better) making a switch remain on the vlan until A) The carrier goes down or B) It sees traffic originating from a different MAC address? Thanks, steve.

----

I've just trawled through the manual again and it looks like "bridge aging time" might do it? Is it advisable to set this to a high value or to simply switch it off with "no bridge aging time" ?

Message Edited by steveping on 05-10-2007 12:21 PM

bh1633

909 Posts

May 11th, 2007 02:00

no bridge aging time command will do it.
 
Regarding effect on the network:  It depends on how big your network is, and how often the links on the switch go up and down.   When the address table is filled, the switch will act as a hub for unknown destination MAC addresses.  Whenever a link is dropped, all the learnt addresses on that port are flushed from the switch, freeing up space.  33xx probably holds about 8000 addresses.

steveping

6 Posts

May 11th, 2007 07:00

Thanks for the info. By the link going down, do you mean the carrier or just lack of traffic? I'm seeing the vlan return to default when the carrier remains up but there is no traffic. I have about 80 mac addresses currently visible on the switches.

bh1633

909 Posts

May 11th, 2007 09:00

I meant loss of carrier (disconnected cable, link partner power cycling) when I said link going down.
 
With only 80 addresses, it should be no problem disabling aging time.  Check the switch occasionally to make sure you assumption of 80 addresses is correct.  Use:
 
console# show bridge address-table

steveping

6 Posts

May 11th, 2007 11:00

Yes, I've just checked - definitely less that 80!

Am I right in saying that when a devices carrier goes down, then the bridge aging time also comes into play? Or does the switch assume that if the link goes down, then the bridge table entry should be removed (I'm not seeing this at the moment)?

By default any rogue device goes to VLAN1. I look at the bridge table, and add an entry to the mac-to-vlan database for the correct VLAN. However, unplugging and re-plugging the device back in, doesn't steer it to the correct VLAN - it remains on VLAN1, presumably because there is already an entry in the bridge table for it?

I know I could do a "clear bridge" command but that seems a bit drastic to force a single device onto the right VLAN. Is there a way of clearing out a bridge entry for a specific MAC or physical port?

bh1633

909 Posts

May 14th, 2007 18:00

You have a 3448, not a 3348.  If you look at the release notes for the 3448 you will find the following:

MAC addresses are not flushed when a port goes down. Relearning
occurs when a packet is sent from the host.
Therefore, when a host migrates from the one port to another, it is not
erased from the database, and therefore not relearned. This issue is
apparent when the user tries to ping from the device to the host, as no
traffic has been sent yet from the host to the device.
The address is learned when a packet is received from the host, or after
the address ages out from the old location.
How to avoid this situation:
When a host moves from one port to another, check viability by pinging
from the host to the device, and not vice verse.
This bug is going to get in your way when trying to use mac-to-vlan, as you have already seen.  You should think about another plan (static address table entries?).
 
Regarding you current setup, using clear bridge is not very disruptive on an 80 node network, but all your clients have to talk before they get back into their VLAN you set up with mac-to-vlan.
 
Also, I made a mistake on "no bridge aging".  This sets aging back to its default of 300 seconds, and does not disable aging.  The only way to disable aging is by putting a static entry in the address table.  You can set aging to 3825 seconds.  This is a little over an hour.

steveping

6 Posts

May 15th, 2007 09:00

Cool. Thanks for the info (and, yes, it is a 3448!).

Does anyone you know if Dell plan to address the "feature"?

I'm a bit risk averse to running the "clear bridge" command during office hours. The phone system is VOIP based and it would cause the phones to fall off the network.

Is there no way to purge a specific device from the bridge table?

bh1633

909 Posts

May 15th, 2007 11:00

Unplug the device and wait the "aging time" (300 seconds by default).

steveping

6 Posts

May 15th, 2007 12:00

LOL - Catch 22!! One switch randomly rebooted itself today (first glitch in operating for several weeks). Grrrr.

Was this post helpful?

View All

No Events found!

Top