Re: Multicast traffic crossing VLANs

VistaICT · ‎2019-09-12

Upgraded from 12.0.4.9 where everything was working (except for snoopTask occasionally causing the CPU to get stuck at 100%)

Noticed issues with multicast traffic. Connected wireshark to an access port but could see multicast traffic for other VLANs.

Multicast MFDB table also has weird STATIC entries for RSVD-MC on all ports (see image attached)

Retired_Member · ‎2019-09-15

Hi @VistaICT

Welcome to Community!

Yes, it's new change on latest firmware.

For the known multicast destination address, switch will HW forwarding these packet to all ports.

Below is the list of all Multicast destination addresses:

Regards,

EricZ

VistaICT · ‎2019-09-15

This sounds very dangerous! Traffic should never cross a VLAN boundary unless routed...

Retired_Member · ‎2019-09-16

Hi @VistaICT

No, these known multicast IP address traffic only forwarding in same VLAN, will not cross the VLAN.

Please double check your configuration.

Below is my operations:

(port 11/12/13/14 is up, but only 11&12 in VLAN1, 13 in VLAN100, 14 in VLAN200), I send known multicast from port 11, only port 12 forwarding the traffic. port 13&14 don't forwarding the traffic.

(M4300-16X) #show running-config interface 2/0/11

!Current Configuration:
!
interface 2/0/11
exit

(M4300-16X) #show running-config interface 2/0/12

!Current Configuration:
!
interface 2/0/12
exit

(M4300-16X) #show running-config interface 2/0/13

!Current Configuration:
!
interface 2/0/13
vlan pvid 100
vlan participation auto 1
vlan participation include 100
exit

(M4300-16X) #show running-config interface 2/0/14

!Current Configuration:
!
interface 2/0/14
switchport mode trunk
switchport trunk native vlan 200
switchport trunk allowed vlan 200
exit

(M4300-16X) #
(M4300-16X) #show port all | include Up

2/0/11 Enable Auto 10G Full Up Enable Enable Disable Yes
2/0/12 Enable Auto 10G Full Up Enable Enable Disable Yes
2/0/13 Enable Auto 10G Full Up Enable Enable Disable Yes
2/0/14 Enable Auto 10G Full Up Enable Enable Disable Yes
vlan 1 Enable Up Enable N/A Disable No

(M4300-16X) #show mac-address-table multicast

Fwd
VLAN ID MAC Address Source Type Description Interface Interface
------- ----------------- ------- ------- --------------- --------- ---------
1 01:00:5E:00:00:05 Rsvd-MC Static Network Assist Fwd: Fwd:
ALL ALL

Note:In general, the multicast addresses in the range 224.0.0.1 - 224.0.0.255, 224.0.1.1 - 224.0.1.255 are forwarded by CPU

(M4300-16X) #show interface counters

Port InOctets InUcastPkts InMcastPkts InBcastPkts InDropPkts InBitRate(Mbps) Rx Error
--------- ---------------- ---------------- ---------------- ---------------- ---------------- -------------------- ---------------
2/0/1 0 0 0 0 0 0.0 0
2/0/2 0 0 0 0 0 0.0 0
2/0/3 0 0 0 0 0 0.0 0
2/0/4 0 0 0 0 0 0.0 0
2/0/5 0 0 0 0 0 0.0 0
2/0/6 0 0 0 0 0 0.0 0
2/0/7 0 0 0 0 0 0.0 0
2/0/8 0 0 0 0 0 0.0 0
2/0/9 0 0 0 0 0 0.0 0
2/0/10 0 0 0 0 0 0.0 0
2/0/11 11766336 0 183848 0 0 0.0 0
2/0/12 0 0 0 0 0 0.0 0
2/0/13 0 0 0 0 0 0.0 0
......
Port OutOctets OutUcastPkts OutMcastPkts OutBcastPkts OutDropPkts OutBitRate(Mbps) Tx Error
--------- ---------------- ---------------- ---------------- ---------------- ---------------- -------------------- ---------------
2/0/1 0 0 0 0 0 0.0 0
2/0/2 0 0 0 0 0 0.0 0
2/0/3 0 0 0 0 0 0.0 0
2/0/4 0 0 0 0 0 0.0 0
2/0/5 0 0 0 0 0 0.0 0
2/0/6 0 0 0 0 0 0.0 0
2/0/7 0 0 0 0 0 0.0 0
2/0/8 0 0 0 0 0 0.0 0
2/0/9 0 0 0 0 0 0.0 0
2/0/10 0 0 0 0 0 0.0 0
2/0/11 55622 0 201 6 0 0.0 0
2/0/12 11821958 0 184050 6 0 0.0 0
2/0/13 7676 0 104 0 0 0.0 0
2/0/14 7676 0 104 0 0 0.0 0
2/0/15 0 0 0 0 0 0.0 0
2/0/16 0 0 0 0 0 0.0 0
...

VistaICT · ‎2019-09-16

Working with support we think we've identified it as a bug. Only one port was affected, this port had previously been used for Port Mirroring (which was disabled).

Retired_Member · ‎2019-09-16

Hi @VistaICT

Could you please tell me the detailed configration in your switch?

I want to reproduce in my side.

Thanks.

VistaICT · ‎2019-09-29

I have been unable to reproduce this. Configuration was very simple.

VLAN 1 & 50

Ports 1 - 24 configured in Access port mode, VLAN 1

Ports 25 - 48 configured in Access port mode, VLAN 50

IGMP enabled on both VLANs

Port 48 was configured as a mirror port mirroring port 24, could see all unicast and multicast traffic on VLAN 1

Changed mirror to port 25, now I could see all unicast/multicast for vlan 50 but also multicast for VLAN 1

Tried disabling the mirror but VLAN 1 multicast was still showing on port 25 and mirror port 48.

Rebooting switch fixed the issue.

Retired_Member · ‎2019-09-29

@VistaICT

Ok, got it, thanks for your update.