Cisco SG300 bouncing when implementing AH Infrastructure

  • 2
  • Question
  • Updated 4 years ago
  • Answered
Thanks to everyone in advance for there help with this question.

We just purchased 24 AP121s, 2 AP170s, and 1 AP330 to replace our current wireless infrastructure. With our implementation we defined a new management vlan for all AP management. We are pushing 1 SSID using Aerohive's PPSK that can authenticate to either our corporate User VLAN or our guest User VLAN depending on the password used.

We've had 6 Access points implemented to this point, and we are now starting to see some of our switches bouncing. Specifically we are seeing 5 of our SG300 switches bouncing.

I guess I'm at a loss here. I am not not very knowledgeable when it comes to multicasting, but I fear that it is the culprit at play. Is there anything I can do to keep these switches from bouncing on Aerohive's end? Can I keep AH AP communication traffic only on the management vlan, and away from whatever the SG300 is doing?

Furthermore, if anyone happens to know how to turn off multicasting on an SG300 I would appreciate some help there as well.

We're at the point where we want Aerohive to do the talking as my team has prasied it to no end. This is definitely not settling well, and I would like to nip it in the butt before it blows up.
Photo of Kyle Myers

Kyle Myers

  • 5 Posts
  • 0 Reply Likes
  • defeated

Posted 4 years ago

  • 2
Photo of Roberto Casula

Roberto Casula, Champ

  • 231 Posts
  • 111 Reply Likes
Hi Kyle,

What exactly do you mean by "Bouncing"? Do you mean they crash and reboot, or are you seeing ports being disabled/re-enabled?

A common "issue" with Cisco switches is that they are extremely sensitive to MAC flaps, detecting (incorrectly) a MAC flap when a client roams from one AP to another and then back again (which with some client devices, happens quite often). This can cause the ports to which the APs are connected to shutdown as the switch thinks the MAC flap is the result of a loop - it's just a slightly dumb assumption.

In terms of multicast, the APs do not make heavy use of multicast at all. Why do you think multicast is relevant - is this because of something you've seen in logs etc.? In most cases, the only multicast you'll see coming out of an AP (except for what the clients themselves are producing) is related to Bonjour announcements, and there is not very much of that even.

If the SG300 is actually crashing, it could be because it has a bug trying to process packets. Having a quick look through various forums, it does seem that the SG300 has had more than its fair share of stability issues.

I did see one reference to Bonjour processing, so it might be worth disabling Bonjour on your APs. If you gave CDP/LLDP enabled, I'd try disabling that too.

Main thing that's needed really are any logs/crash information from the switch.

I know this doesn't help, but I've never seen any instance in the many deployments I've carried out where APs cause a switch to crash - I have seen the MAC flap issue in a number of CIsco LAN deployments, and the solution is to disable the MAC flap detection on the ports to which the APs connect. This is not an Aerohive-specific problem; it happens with all APs and can even happen with controller-based WLAN solutions  (if clients roam between APs connected to different controllers).

Cheers,
Roberto
Photo of Kyle Myers

Kyle Myers

  • 5 Posts
  • 0 Reply Likes
Hey Roberto, thank you so much for the reply. We use a network monitor called WhatsUpGold to monitor ping to a switch. What i meant was that we drop ping to these SG300's for about 2 minutes, before they come back online. I see no proof of the switch losing power. This also causes the connected devices to go down as well, obviously. The access points, however, stay online and fully functional when the switches do in fact lose ping.

The only reason I pointed to multicasting as a possible pain point was the fact that our management vlan has nothing to do with these SG300s. We avoided placing access points in these switches, and are only plugging them into true cisco access switches (2960s, 3750s, 4500s etc.). I didn't know if the APs were "screaming" for the hivemanager and affected the SG300s somehow. Again, I don't fully understand the realm of multicasting so that could be a huge misunderstanding on my end. Any clarification would be helpful.

Again, the main reason why I'm so confused as to why we drop ping on them is because we have no APs plugged into the SG300s, so I'm not sure which packets it is receiving to process. I will totally agree with you in that these switches are very, sketchy, and unstable.

Now we do have some apple TVs in our corporate office that are used for AirPlaying. We are a pretty big iOS shop so the need for Bonjour is definitely there. I will try and disable the MAC flapping also.

Thanks for the reply. It really helps hearing some ideas, and bouncing them around my office also.
Photo of Roberto Casula

Roberto Casula, Champ

  • 231 Posts
  • 111 Reply Likes
I see. It's a bit difficult to comment further without visibility of your network topology. Logs on the SG300 has to be the first port of call to see what it is doing. WhatsUp losing PING could be a problem with the network path between WhatsUp and the switch, or could be an indication that the control plane of the SG300 is hosed (e.g. 100% CPU utilisation or possibly a soft restart).
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
We had an issue with Cisco SG500 switches bouncing AP-121 access points and found the issue was the transformers in the SG500 switches.  If we placed a single AP121 access point in every bank of four switch ports (1, 2, 13, 14; 3, 4, 15, 16; etc.) the issue was resolved.

We raised this with Cisco and after a small battle with them they supplied us some free SG500 switches to compensate the customer.

My understanding is that Cisco has now resolved this issue with the SG500 design.
(Edited)
Photo of Kyle Myers

Kyle Myers

  • 5 Posts
  • 0 Reply Likes
Wow, that's pretty interesting. Thanks for the reply! We've hated the SGX00 series since we put some in place over 3 years ago so we decided to just fork over the dough for a few 2960s and some refurbed 3750s. So far the new switches are happy and the AH APs are perfect.