flounder Posted March 8, 2012 Report Share Posted March 8, 2012 Gotcha... I can see that now that I'm awake... lolOn a related topic, today I learned that even if all of your corp. switches all have spanning tree protocol enabled, some asshole will bring in an old 5 port POS switch that doesn't, put it under his desk, attempt to plug in a WAP and with one patch cable, plug into port 2, and with the other end of the same cable, loop around the desk and plug into port 5... Whammo, broadcast storm! Spanning tree only shuts down loops as it detects them, and no loops on the other corp. switches so, if you have a broadcast storm on a switch and uplink it to the corp. network, the uplink re-transmits the broadcasts to the corp. switches properly, as it should, unaware of the storm. This even took out another building connected to this network via 2 media converters and fiber. No router to isolate b-cast domains. 1 DHCP broadcast is all it takes. Damn it!!!Who do you work for where this happened. One of my Delaware clients was having problems today. hmmm do you work for them? Quote Link to comment Share on other sites More sharing options...
chrisknight Posted March 8, 2012 Report Share Posted March 8, 2012 If you've got a Cisco switch, give spanning-tree bpduguard a try. Enable spanning-tree portfast on all your access switchports, then plug in a Linksys switch. Loop the Linksys. Once the Cisco sees its own BPDU's come back at it, it puts the switchport in a error-disable state and drops that motherfucker. Also works for regular loops to the same switch. I'd highly recommend having some sort of SNMP monitor running on that tells you if the port popped, otherwise you'll be doing a lot of sh int status mod x to figure out what ports are in what state when things magically "stop working". I had no idea about bpduguard before I came to Nationwide, now I'm kicking myself of all the time it would have saved me in previous gigs.No Cisco but thank you for the info... I'll look into that. Quote Link to comment Share on other sites More sharing options...
chrisknight Posted March 8, 2012 Report Share Posted March 8, 2012 Who do you work for where this happened. One of my Delaware clients was having problems today. hmmm do you work for them? I'm curious now, who do you work for? I heard that they might be looking around for assistance. I work for a consulting company in Delaware. This happened to one of our clients who has offices in Delaware, Columbus, and other areas... Originally I thought it was the point-to-point T1 from Delaware to Columbus, and CRC, etc.. errors on the interfaces kind of pointed to that. However, that was caused when TW telecom pulled the circuit down last night to loop up the smart jacks. The tests came back clean so we went in to figure out WTF happened. To stay somewhat confidential, what type of business is this that was having trouble? Quote Link to comment Share on other sites More sharing options...
Cheech Posted March 8, 2012 Report Share Posted March 8, 2012 No Cisco but thank you for the info... I'll look into that.No problem. BPDUGuard and HSRP configs (to create a HA environment out of 2 switches) literally blew my mind when I came over here. Quote Link to comment Share on other sites More sharing options...
chevysoldier Posted March 8, 2012 Report Share Posted March 8, 2012 Bunch of nerds. Quote Link to comment Share on other sites More sharing options...
Cheech Posted March 8, 2012 Report Share Posted March 8, 2012 Bunch of nerds.Sorry. We'll start talking about guns just to include everyone else. Quote Link to comment Share on other sites More sharing options...
chevysoldier Posted March 8, 2012 Report Share Posted March 8, 2012 ah ok then. Quote Link to comment Share on other sites More sharing options...
Scruit Posted March 9, 2012 Report Share Posted March 9, 2012 We had a few spanning tree loops at my old company. The network guy wanted to take the offending linksys hub outside and shoot it, but it was in England so he had to settle for yelling loudly. Quote Link to comment Share on other sites More sharing options...
Casper Posted March 9, 2012 Author Report Share Posted March 9, 2012 Gotcha... I can see that now that I'm awake... lolOn a related topic, today I learned that even if all of your corp. switches all have spanning tree protocol enabled, some asshole will bring in an old 5 port POS switch that doesn't, put it under his desk, attempt to plug in a WAP and with one patch cable, plug into port 2, and with the other end of the same cable, loop around the desk and plug into port 5... Whammo, broadcast storm! Spanning tree only shuts down loops as it detects them, and no loops on the other corp. switches so, if you have a broadcast storm on a switch and uplink it to the corp. network, the uplink re-transmits the broadcasts to the corp. switches properly, as it should, unaware of the storm. This even took out another building connected to this network via 2 media converters and fiber. No router to isolate b-cast domains. 1 DHCP broadcast is all it takes. Damn it!!! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.