Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

A lot of packet loss in Switching Infrastructure

 
SOLVED
Go to solution
AraCom
Occasional Visitor

A lot of packet loss in Switching Infrastructure

Hello HP Community,

i'm pretty new to the networking thematics in our company.

Today we've got huge problems with our switch infrastructure. Basicall this is what we have:

Ground Floor 1: JL256A (Mainswitch) +  JL255A

Ground Floor 2: J9729A + J9727A

1st Floor: J9729A + J9727A

2nd Floor: J9729A + JL262A

Each Switch of one floor ist connected via fibre to the mainswitch. The second one in the specific floor is connected to the first one of that floor.

So basically I need the perfect configuration for that setup. Currently STP is disabled on all switches and because a lot of the ports of each switch gets deactivated by loop-protection, almost all port with clients, are loop-protection disabled. Also a lot of ports have trustet snmp-snooping port. Is this necessary?

On the mainswitch i see a lot of "excessive broadcast" warnings and the majority of the clients has arount 30% packet loss.

I wish i could reset all switches and configure them completely freshly. Do you have any suggestions for the ideal setup? 

 

Best regards,

Jonas

3 REPLIES 3
jguse
HPE Pro
Solution

Re: A lot of packet loss in Switching Infrastructure

Hello,

Excessive Broadcasts in a situation with disabled STP and loop protection almost certainly means you actually have a loop somewhere in your network. My first suggestion would be to read up on STP and loop-protection, and to enable both. Set your switch in the 'core' network as your root bridge (spanning-tree priority 0) and make sure all other switches run it too.

STP prevents L2 loops between your switches and is very easy to configure unless you are fine-tuning settings on a large multi-vlan network. See for example https://community.spiceworks.com/how_to/43285-how-to-set-up-stp-on-hp-switches or the official docs your switches for more details.

Loop-protect prevents loops on ports connected to clients and should be used on client ports, since STP is not intended to prevent loops on the client side. Once you have enabled it, check the switch log ('show log') to see which ports, if any, have a loop. See also https://support.hpe.com/hpsc/doc/public/display?docId=c03398959

These protocols don't usually have bugs in their basic functionality, and if loop-protect started disabling your access ports, that's a pretty good sign you actually have a loop, or several, in your network.

Hope that helps.

Best regards,
Justin

Working @ HPE
Accept or Kudo
AraCom
Occasional Visitor

Re: A lot of packet loss in Switching Infrastructure

Hello Justin,

thanks a lot for your reply.

I'll enable STP asap on the switches. 

Here is basically what i did at the weekend:

I unplugged all client ports on the switches and gave each of them a "clean" configuration file. After that, everything was absolutely fine and worked like a charme. I plugged the client ports back in and still, everything was working. The last step was to plug in the Access Points - but still - no loops, nothing which didn't work as expected.

Now after two days, not a single warning is showing in the logs of the switches, so i'm not exactly sure what caused the huge problems. I attached the current running config and as mentioned before i'll add the STP configs.

The Link for the loop-protect is unfortunately not working, but i think this is very similar: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03439069

Best Regards,

Jonas

; J9729A Configuration Editor; Created on release #WB.16.08.0001
; Ver #14:01.44.08.15.9b.3f.b3.b8.ee.34.79.3c.29.eb.9f.fc.f3.ff.37.ef:09

hostname "SW-1OG-01"
module 1 type j9729a
dhcp-snooping
dhcp-snooping authorized-server 192.168.176.1
dhcp-snooping authorized-server 192.168.176.12
dhcp-snooping authorized-server 192.168.176.13
dhcp-snooping authorized-server 192.168.176.20
dhcp-snooping authorized-server 192.168.176.41
dhcp-snooping authorized-server 192.168.176.42
dhcp-snooping authorized-server 192.168.176.43
dhcp-snooping authorized-server 192.168.176.44
dhcp-snooping authorized-server 192.168.176.45
dhcp-snooping authorized-server 192.168.176.46
dhcp-snooping authorized-server 192.168.176.47
dhcp-snooping authorized-server 192.168.176.48
dhcp-snooping authorized-server 192.168.190.1
dhcp-snooping vlan 1-3
no dhcp-snooping option 82
timesync ntp
ntp unicast
ntp server 192.168.176.12 iburst
ntp server 194.25.134.196
ntp enable
no telnet-server
time daylight-time-rule western-europe
time timezone 60
web-management ssl
ip authorized-managers 192.168.176.0 255.255.255.0 access manager
ip authorized-managers 10.11.12.1 255.255.255.0 access manager
ip default-gateway 192.168.176.1
interface 1
   dhcp-snooping trust
   name "AP - 1. OG Grossraumbuero"
   exit
interface 2
   dhcp-snooping trust
   name "AP - 1. OG Buero Admin"
   exit
interface 42
   name "araNas02 - Port 1"
   exit
interface 43
   name "Drucker - 1. OG Grossraumbuero"
   exit
interface 44
   name "araNas02 - Port 2"
   exit
interface 45
   dhcp-snooping trust
   name "Uplink SW-EG-01"
   exit
interface 46
   dhcp-snooping trust
   name "Uplink SW-1OG-02"
   exit
interface 47
   dhcp-snooping trust
   exit
snmp-server community "xxxx" unrestricted
snmp-server host 192.168.176.16 community "xxxx" trap-level critical
snmp-server contact "IT" location "1OG"
vlan 1
   name "LAN"
   untagged 1-48
   ip address 192.168.176.35 255.255.255.0
   exit
vlan 2
   name "Gast"
   tagged 1-2,45-48
   no ip address
   exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator

 

Highlighted
jguse
HPE Pro

Re: A lot of packet loss in Switching Infrastructure

Hello Jonas,

Nice to hear it seems to run better now. Keep in mind that you might need to enable the fault-finder feature on some ProCurve/ArubaOS switches if the devices were factory reset (command like: fault-finder all) to see messages such as Excessive Broadcasts in the logs.

The article about loop-protect is accurate, you can configure that on all access ports where clients are connected. It's also a good idea to look into Spanning-tree's BPDU-Filtering or Protection features for your access ports. BPDU Filtering drops BPDUs on the configured ports and prevents end-users plugging in switches and unauthorized devices running STP from causing topology changes and disrupting your production topology.

See also https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c02597328

Best regards,
Justin

Working @ HPE
Accept or Kudo