Dell switches behaving abnormal and facing network issues

Question

Hi, We are having Dell 6224 as a core switch which consists of VLANs 48, 50, 52 and 54. We are using Dell PC 2724 and 2848 switches as access switches. The main idea behind creating VLAN is not to restrict communication between VLANs and only for to limit the broadcast or any botnet in the network will limited to that particular vlan. But after creating the VLANs also we are facing the network issues which will effect complete network which our VLAN concept completely failed. For example recently one system in VLAN 54 OS got a blue screen error and due to that system is generating lot of unknown traffic and complete network was getting high latency. One more example is one switch at VLAN 52 is misbehaving and got same network latency and which will affect L3 switch got overloaded and not responded. We have reset the switch and removed the management IP then it was working fine. If you assign management ip as 129.135.52.4 which is in VLAN-52 subnet we got the network latency. I was unable to understand the problem and is there anything about the configuration. Please help me with this and attached a network diagram as well as L3 switch (Dell PC 6224) configuration. Dell PC 6224 Configuration in-iccl3sw01#show run!Current Configuration:!System Description 'Powerconnect 6224, 3.2.0.7, VxWorks 6.5'!System Software Version 3.2.0.7!Cut-through mode is configured as disabled!configurevlan databasevlan 48,50,52,54,160,164-165vlan routing 48 1vlan routing 50 2vlan routing 52 3vlan routing 160 4vlan routing 54 7exithostname 'in-iccl3sw01'clock timezone 5 minutes 30stackmember 1 1exitip address 172.16.10.20 255.255.255.0access-list Test-Rule ip routingip route 0.0.0.0 0.0.0.0 129.135.48.1ip helper-address 129.135.48.3interface vlan 48name 'Management VLAN'routingip address 129.135.48.2 255.255.255.0exitinterface vlan 50routingip address 129.135.50.1 255.255.254.0exitinterface vlan 52routingip address 129.135.52.1 255.255.254.0exitinterface vlan 54routingip address 129.135.54.1 255.255.254.0exitinterface vlan 160 routingexitusername 'admin' password 43ac2013fa9686f4cba2e7c149a00101 level 15 encryptedusername 'LManager' password 43ac2013fa9686f4cba2e7c149a00101 level 15 encrypteddhcp l2relay vlan 48!interface ethernet 1/g1switchport access vlan 48exit!interface ethernet 1/g2switchport access vlan 48exit!interface ethernet 1/g3switchport access vlan 48exit!interface ethernet 1/g4switchport access vlan 48exit !interface ethernet 1/g5switchport access vlan 54exit!interface ethernet 1/g6switchport access vlan 54exit!interface ethernet 1/g7switchport access vlan 50exit!interface ethernet 1/g8switchport access vlan 50exit!interface ethernet 1/g9switchport access vlan 50exit! interface ethernet 1/g10switchport access vlan 50exit!interface ethernet 1/g11switchport access vlan 52exit!interface ethernet 1/g12switchport access vlan 52exit!interface ethernet 1/g13channel-group 2 mode autoswitchport access vlan 52exit!interface ethernet 1/g14channel-group 2 mode autoswitchport access vlan 52exit !interface ethernet 1/g15switchport access vlan 52exit!interface ethernet 1/g16switchport access vlan 52exit!interface ethernet 1/g17switchport access vlan 54exit!interface ethernet 1/g18switchport access vlan 54exit!interface ethernet 1/g19switchport access vlan 54exit! interface ethernet 1/g20switchport access vlan 54exit!interface ethernet 1/g21switchport mode trunkswitchport trunk allowed vlan add 48,50,52,54exit!interface ethernet 1/g22switchport access vlan 48exit!interface ethernet 1/g23switchport access vlan 48exit!interface ethernet 1/g24switchport access vlan 48exit! interface ethernet 1/xg3switchport access vlan 48exit!interface ethernet 1/xg4switchport access vlan 48exit!interface port-channel 1switchport mode generalswitchport general allowed vlan add 48,54exit!interface port-channel 2description 'Domain Controllers'switchport mode generalswitchport general allowed vlan add 48exitexit   Regards, Yugandhar

DELL-Willy M · Answer

I would suggest a completely separate VLAN dedicated for Management. Also, you might take a look at storm control on you switch.

Storm Control

A traffic storm occurs when incoming packets flood the LAN resulting in network performance

degradation. The Storm Control feature protects against this condition.

The switch software provides broadcast, multicast, and unicast storm recovery for individual interfaces.

Unicast Storm Control protects against traffic whose MAC addresses are not known by the system.

For broadcast, multicast, and unicast storm control, if the rate of traffic ingressing on an interface

increases beyond the configured threshold for that type, the traffic is dropped.

To configure storm control, you will enable the feature for all interfaces or for individual interfaces, and

you will set the threshold (storm control level) beyond which the broadcast, multicast, or unicast traffic

will be dropped.

Configuring a storm-control level also enables that form of storm-control. Disabling a storm-control level

(using the “no” version of the command) sets the storm-control level back to default value and disables

that form of storm-control. Using the “no” version of the “storm-control” command (not stating a

“level”) disables that form of storm-control but maintains the configured “level” (to be active next time

that form of storm-control is enabled).

NOTE: The actual rate of ingress traffic required to activate storm-control is based on the size of incoming packets

and the hard-coded average packet size of 512 bytes - used to calculate a packet-per-second (pps) rate - as the

forwarding-plane requires pps versus an absolute rate Kbps. For example, if the configured limit is 10%, this is

converted to ~25000 pps, and this pps limit is set in forwarding plane (hardware). You get the approximate desired

output when 512bytes packets are used.

CLI Example

The following examples show how to configure the storm control feature an Ethernet interface. The

interface number is 1/g17.Example #1: Set Broadcast Storm Control for an Interface

console#configure

console(config)#interface ethernet 1/g17

console(config-if-1/g17)#storm-control broadcast ?

Press enter to execute the command.

level Configure storm-control thresholds.

console(config-if-1/g17)#storm-control broadcast level ?

Enter the storm-control threshold as percent of port

speed. Percent of port speed is converted to

PacketsPerSecond based on 512 byte average packet

size and applied to HW. Refer to documentation for

further details.

console(config-if-1/g17)#storm-control broadcast level 7

Example #2: Set Multicast Storm Control for an Interface

console(config-if-1/g17)#storm-control multicast level 8

Example #3: Set Unicast Storm Control for an Interface

console(config-if-1/g17)#storm-control unicast level 5

Hope this helps,

Keep us updated if you can.

yugandhar.m · Answer

Hi Willy,

Thank you for your solution but the problem is we have to carefully configure the storm control threshold otherwise it will once again affect the network performance right or we can only select the unknown unicast, broad and multicast option right?

We have one more query on Management VLAN is

1. If we configure management VLAN what will be switched port mode of uplink ports i.e. trunk or General? I tried with trunk but it didn't work

2. What will be the interface mode of firewall connected interface? General or trunk. We have placed servers on VLAN 48 and it should be accessible from other locations also.

Please help us on this configuration query because we are very new to Dell switches..

Regards,

Yugandhar

DELL-Willy M · Answer

Broadcast Storm Control When Layer 2 frames are forwarded, broadcast, unknown unicast, and multicast frames are flooded to all ports on the relevant virtual local area network (VLAN). The flooding occupies bandwidth, and loads all nodes connected on all ports. Storm control limits the amount of broadcast, unknown unicast, and multicast frames accepted and forwarded by the switch. Here is a PDF with information about Storm Control. www.dell.com/.../app_note_5.pdf general or trunk has to specifically have the switchport allowed vlan add XX for each VLAN that will pass.  On a 62xx trunk doesn't auto include all VLANs on the 62xx

Networking General

Was this post helpful?