Troubleshooting of switch device cache Overflow

There are many things worth learning about Switch Equipment. Here we mainly introduce how to troubleshoot cache overflow of switch equipment. A switch is an important data exchange and processing device in a LAN. Its performance directly affects the data transmission capability and network transmission speed of the LAN.

Normally, the performance of the switch equipment is relatively stable, especially for common L2 switches. However, a common L2 Switch used by a LAN is abnormal recently. Considering that this phenomenon rarely occurs, the process of solving this abnormal phenomenon is also different. Now, this article will contribute to the detailed solution process of this abnormal phenomenon for your reference and exchange!

Fault playback

The LAN of a certain organization is not very large. About 40 workstations in 10 offices are connected to two common 24-port TP-Link vswitches with the same model, the two switches act as L2 Switches of the LAN and are directly connected to the router devices of the Organization. The router devices are connected to the Internet through the broadband optical fiber line, generally, all workstations in the LAN can share with each other, and each workstation can also directly access the content of the target site in the Internet through the router devices in the LAN.

Recently, some workstations in the LAN cannot normally access the shared content of other workstation systems on the Intranet or the content of the target site on the Internet. However, some other workstations can access the Intranet, you can also access the Internet. Some workstations in the LAN can access the Internet, which means that the LAN router device is working normally, those workstations that cannot access the Internet may be caused by their own reasons or problems with common L2 switches.

Tracing reason

To find out the specific cause of the fault, I randomly find a common workstation that cannot access the Internet from the LAN, open the running dialog box of the workstation system, and use the ping command in it, test the IP address of the local Nic device, the IP address of the vswitch, And the IP address of the vro. The result shows that the IP address of the local Nic device can be pinged normally, and the IP addresses of the other two devices cannot be pinged normally, this indicates that the NIC device of the local workstation is working normally. The physical line between the NIC device and the vswitch device may be faulty, in order to determine whether this problem is caused by network connection cables, I immediately found a professional Cable Testing Instrument to test the connectivity of the target network connection cables, the test result shows that the physical connection cable is normal.

Since the physical connection line is smooth, why can't the network line between the NIC device of the faulty workstation and the switch and router device be pinged normally? As the NIC device confirms that the working status is normal, will the switching port connecting to the faulty workstation work abnormally, or will there be any exceptions in the L2 Switch? With this in mind, I immediately followed the network connection cable connecting to the faulty workstation and found the switch port connecting to the faulty workstation. I immediately tried to use another switch port for testing, the test is abnormal. I immediately checked the switch device connected to the faulty workstation and found that all the signal lights in the control panel of the device were completely bright and not blinking. Obviously, this status is abnormal, because when a switching port forwards and processes Internet data normally, the signal lights on the corresponding port should be in the flashing state, and the signal lights on all ports are not blinking now, it indicates that no data forwarding is performed on all workstations connected to this L2 Switch. In this case, all workstations under this L2 Switch cannot access the Internet normally.

Troubleshooting

When a layer-2 switch is not working properly, we often need to restart the device to solve the problem. After all, the layer-2 switch rarely has hardware quality problems. According to this analysis, the author immediately cut off the power supply of the faulty switch, and re-connect the power supply after a period of time. However, after the Faulty Switch restarts stably, the faulty workstation that cannot access the Internet in the LAN immediately restores the normal network connection status.

I thought that some workstations in the LAN could not access the Internet, even if the problem was solved successfully. But who once thought that the workstations that could not access the Internet had the same fault again when they had arrived in an hour, when I observe the faulty switch device again, I can see that all the signal lights in the control panel of the device are completely bright and do not flash. This indicates that the second-layer switch has the same fault; after repeated tests and practices, I found that even if the L2 Switch is not connected to any workstation, the same fault will occur in the same period of time. Why? Why is another L2 Switch in the LAN always working normally?

Although I know that many wks in the LAN of this Organization have various network viruses, the two common L2 switches share the same brand and have the same connection method, even their configurations are the same, but now only one switch device has a problem, so I guess it must have been that the faulty switch has a hardware damage. To completely solve the problem, the only way is to replace the L2 Switch.

Because I have no ready-made switch devices to replace, I plan to thoroughly check the network viruses in the LAN. Before the new switch devices are in place, the entire lan network is very "clean" and there are no network viruses or Trojans. After all the virus programs in the LAN are cleared, I restarted the faulty switch device. Then I saw that the faulty switch was working properly, because I had something to do at the time, I first left the faulty scene. When I went to work the next morning, I checked the working status of the faulty switch. What surprised me was that, the working status of the vswitch has been normal. When I randomly find a workstation system that was previously unable to access the Internet for testing, I found that their network connection status has now returned to normal. After a period of observation, their Internet access status remains normal. At this point, the failure of some workstations to access the Internet has finally been solved, the final "crash" that causes this fault is obviously a network virus in the LAN.

Deep Analysis

On the surface, the above fault is caused by abnormal working status of the L2 Switch in the LAN. In fact, the working status of the faulty switch is affected by the network virus; due to the existence of a network virus in the LAN, the network virus causes a broadcast storm in the LAN network, which causes the cache of the faulty switch to overflow and thus causes paralysis of the switch, this is also the reason that the signal lights of all ports of the faulty switch are in the Full Bright and non-blinking state. After all the network viruses in the LAN are cleared, after the faulty switch is restarted, its cache overflow error disappears, and its working status can also be restored to normal, in the future, because the network virus will not continue to affect the switch, the faulty switch will always work normally.

In addition, the reason why another vswitch in the LAN is not attacked by a network virus is probably that the performance of the vswitch is relatively stable. In other words, the faulty vswitch device may suffer Component Aging, as a result, the faulty switch has a low capability to defend against network viruses. As a result, the two L2 Switches of the same model may not work in the same state.

To avoid such faults caused by network viruses as much as possible, we should try to use switches with stable performance and large cache capacity when establishing a LAN network; at the same time, genuine anti-virus software should be frequently used to clear Network viruses in the LAN and prevent the occurrence of broadcast storms.