Solution for failure caused by switch frame sealing (1)

A strange problem occurs in the VLAN of the two Departments in the office area of the organization. Some websites on the Internet can access normally, but some websites cannot access it. emails received through Outlook or Foxmail are normal, it is also normal to send small emails without attachments, but it cannot be normally sent when sending large emails or emails containing attachments. Internet access is normal in other office areas of the Organization. The topology 1 of this part of the network is shown in.

Fault Analysis

The Office Area of the user's PC is about 2 to 5 minutes away from the core switch ~ 3 km, the office area has two departments, which belong to different VLANs. Therefore, we have placed the annett Network Management Switch AT-8024 in the office area, connecting to our core switch Cisco 6509 via optical fiber and optical transceiver in the middle Cisco 6509 is configured as: super engine SUP720, a 16-port Gigabit Optical module WS-X6816-GBIC, A 48-port fast switching electrical module WS-X6548-RJ-45 ). Trunk is set up on the port 6509 connecting the optical transceiver and the corresponding port of the annett switch. The annett switch is divided into two VLANs, namely 172.25.6.0/24 and VLAN6) and 172.25.7.0/24 (VLAN7), machines in the two Departments are connected to their respective VLANs. Other office areas of the Convergence layer switch Cisco 3550) directly through the optical module connected to the 6509 WS-X6816-GBIC optical module.

The entire network uses an IBM X235 server as the NAT and DHCP servers. The data of all VLANs is first converted to the NAT address before accessing the Internet through the edge router.

When we encountered the above strange problem, we initially suspected that there was a problem with the NAT and 6509 settings. However, after checking, the VLAN6 and VLAN7 configurations are exactly the same as those in other office areas. Because the Internet access of other VLANs except the two VLANs is completely normal, the following steps are taken.

1) Delete All VLAN information of VLAN6 and VLAN7 on the annett Network Management Switch, and place all ports in VLAN1, which is completely the same as vlan1. However, the problem persists, while users in VLAN1 in other office areas still access the Internet normally.

2) from step 1) we infer that the problem is not about VLAN division. We suspect that the problem is caused by optical transceiver or annett switch, as a result, the normal optical transceiver or annett switch used in other office areas is replaced, and the problem persists.

3) Is it a problem of link quality? Hurry up and find two PCs, one connected to annett switch, unplug the optical transceiver from the 6509 network cable, directly connect to another machine, configure the IP address of the same network segment, the maximum packet sent is B ping, but the result is disappointing. The delay is only a few milliseconds, which indicates that the link is correct.

4) when we were "poor at technology", we connected the optical transceiver and the 6509 again. We still pinged the gateway of the VLAN 172.25.6.210 on 6509 using the PC Connected to annett, the problem occurs. When ping with a small packet, there is basically no latency, but when ping with a large packet is close to 18024b, Cisco supports the maximum packet.) packet loss occurs during ping. The problem must be solved here.

5) re-check the configurations of annett, 6509, and NAT servers. We found a problem: Configure VLAN6 and VLAN7 on annett, and add the corresponding ports to the VLAN using the following command: add vlan 6 ports = 23 frame = untagged: add port 23 to VLAN6. Note that frame = untagged indicates that no data encapsulation frame is performed ), however, we set up a Trunk on the annett switch and Port 1 of the cascade port 6509. At the same time, we forced frame sealing for the data. The command is as follows: add vlan 1 ports = 1-24 frame = tagged: We forcibly block all packets forwarded by cascade ports, we know that the frame type of the annett switch is IEEE 802.1Q VLAN tag ). Then, we continue to check the configuration of 6509, enter the interfaces connecting VLAN6 and VLAN7, and configure the Trunk for this port, as shown below:

6509 # conf t Enter configuration commands, one per line. end with CNTL/Z. 6509 (config) # interface gigabitEthernet 3/48-enter cascade interface 6509 (config-if) # switchport trunk? -View the situation after the Trunk is started. allowed Set allowed VLAN characteristics when interface is in trunking modenative Set trunking native characteristics when interface is in trunking modepruning Set pruning VLAN characteristics when interface is in trunking mode