The switch is paralyzed to its own immunity.

The author office used a common two-layer switch, has been silent for us for several years, so far there has been no accident. However, recently, the author of the local area network computer room has a switch suddenly strange phenomenon; taking into account the particularity of the fault phenomenon, the author used a special method to exclude, now the specific troubleshooting process is written out, I hope the following content can give you network management personnel to bring inspiration!

Fault Playback

The local area network of the author unit is medium size, the local area network has 36 common workstations, 4 servers, which are connected together through 3 switches to form a medium sized LAN network. One of the 3 switches uses a Cisco-branded 24-port 100M switch. As the main switch in the LAN, 4 servers and two other switches are directly connected to the RJ45 port of the main switch, and the other two switches are using the 24-port 10m/of the real-life brand. 100M Adaptive Network switch, the two switches are used as secondary switches to connect the normal 36 workstations. All workstations in the LAN are connected to the Internet network through the main switch.

For a long time, the LAN in the switch has been dedicated to maintain the normal operation of the network. But in the last day or two, several colleagues at the same time to the author, their workstation can not be normal Internet; At first, I thought it was a colleague improper operation caused the network fault, so rushed to the failure of the workstation, trying to do Internet network access operations, the fact that the LAN network does appear to have a problem. However, when the author of this network can not access the full range of workstations to check, it is found that the network connection parameters of the workstation and the connection reliability of the interface are not any problems. Even more strange is that the LAN is not all workstations can not access the Internet, there are many workstations not only the normal internet, and the speed of the Internet is also relatively fast. Careful comparison of the network configuration of normal workstations and the network configuration of abnormal workstations, the author did not find any different places, then why the Internet configuration is exactly the same, but the network connection results are not the same?

Could it be that there is a loose network connection interface on the switch? I do not trust this point, so came to the LAN computer room next to the switch, want to check the connection of the cable connector; but who ever thought of one of them? All the lights in the front panel of the switch are Yuchangliang and not blinking, It is clear that the switch is running abnormally, so all workstations connected to the switch will naturally not be able to perform network access operations. Then look at the other two switches, the author found that their working condition is very normal, it is no wonder that some workstations in the LAN can surf the internet, and some workstations are not online. Is in the long bright state of the switch occurred hardware damage, the author heart to himself road!? In order to check whether the malfunctioning switch has hardware damage, the author deliberately unplug the power cable of the switch, and then reinsert the power cable into it after a period of time to try to reboot the switch; Fortunately, after the faulty switch was restarted by the author, The previous workstations on the LAN that could not be connected to the Internet were able to go online, and the speed of the Internet was restored to its former normal state. Originally thought to here, LAN part workstation can not be solved the problem of the Internet; people are puzzled that the author just ready to leave the computer room, and colleagues began to shout that the network again problem. Again came to the switch, the author found that just been restarted the fault switch, and now all the lights are not flashing state, and at this time the other two switches still maintain the previous state of operation, this is going on?

Although I know that many workstations in the LAN are infected with a variety of network viruses, but considering the two secondary switches, whether it is the brand model, or connection mode, or even parameter configuration is exactly the same, if the fault of the switch is caused by network virus, The symptoms should be two secondary switches can not be normal operation of the right; now only one secondary switch is not working properly, the other secondary switch has always maintained a normal state of operation, so the author estimates that the failure of the second switch has been the hardware damage. So the author initially thought that in order to solve such a network failure, the only way is to use another working normal switch to replace the faulty switch.

Because there is no ready-made free switch can be replaced, the author did not remove the fault switch from the LAN, ready to come early the next day with a new switch for replacement operations. But it is very unexpected, when the author came to the LAN room the next day, but found that the work of yesterday's abnormal switch, suddenly became normal, what is going on? The author looks at the switch, and subconsciously looked at the computer room outside the LAN workstation, Suddenly thought must be the LAN workstation in the absence of operation, the network does not exist virus, then the switch will not be virus attacks, which is the failure of the switch in the case of no use of the computer can return to normal working state of the best explanation bar. The things that happened then, indeed, it also validates the author's inference; When colleagues began to work on the computer, the fault switch signal led immediately back to the previous long bright not flashing state, the author estimated that at this time, the network of workstations in the LAN virus began to continue to send broadcast information to the network, Until the radio storm caused the switch to be paralyzed. Later I mobilized the unit's colleagues, have their workstation system reinstalled to wipe out the virus in the LAN network; When all workstations have been reinstalled, the faulty switch is immediately back to normal, and there has been no anomaly for a long time.

Summary of issues

Here, the cause of the paralysis of the switch is the local area network virus. But one thing that I still have to worry about is why the network virus affects only one of the switches, but not the other switch. Later on the Internet to search for relevant data, the author found that even if the brand, model exactly the same switch, they do not necessarily run the same performance; For example, two fully consistent switches, if their operating environment is inconsistent, then the internal components of the switch aging speed is not the same, the aging speed of the switch in the future work, resistance to external interference, including virus interference ability is relatively poor, which is why the network virus only caused a switch paralysis, And the other switch was safe. According to this kind of analysis thought, the author believes that the fault switch mentioned above will be paralyzed, the real reason is that the switch has a poor immune system, resulting in the switch can not resist network virus attacks; In contrast, the other completely consistent model of the switch is always maintained the normal state of operation, That's because the switch has good performance and strong resistance, and the damage to the network virus is not enough to paralyze it.

Summing up the above troubleshooting process, the author believes that in order to effectively avoid the switch paralysis or other unknown failures, the first thing to do is in the selection of switches, can not covet the present cheap, to buy those brands are not, the quality of products, but should try to pick those brands are, performance, large cache capacity products, To ensure that the switch itself is strong enough to be immune, to resist all kinds of external interference in the network, and then to install the original anti-virus software in each workstation in the LAN, and require the virus killing operation of the system on a regular basis, in time to update the virus database operation, to ensure that the network virus does not cause broadcast storm. It's also worth reminding you that in order for the switch to remain in a highly efficient state, we may want to take time off the switch and then reconnect it to the power supply during the free period of network access, so that the switch cache can be emptied to further enhance the immunity of the switch.