I have about 25 switches around the high school. Mainley 48 port 3com. At random around the school they are re-setting. They come back up alright but the end users get the message that the network has gone! Does anybody have any ideas?
Would they not need to know the ip address of the switch to do this?
Sounds like you're talking about SMBDie or one of the similar apps which unpatched XP is vulnerable to. Either way it's not really something a switch would be affected by.
Re-configured the switches at all recently (I assume they're at least L2 managed)? A quick google comes up with this - not sure if that could be related.
Is there a newer firmware available for the switch? Did it only start happening recently?
It has been doing it randomley since they were put in 14 months ago. I have been on the web and there is no firmware upgrade for this model??
Might be a power problem. Try putting your most troublesome switch on UPS. Make sure you monitor the switch and the UPS for network/power issues.
Thanks geoff, i thought this. We have a ups on a few of the switches and this has not made any difference. We have also had an electrical contractor out to access the electrics.
Realy stupid question. are they all password protected?
If im not mistaken im sure you can do a restart via web
Yes they are password protected -Originally Posted by bishopsgarthstockton
Re-address a couple to something not on your usual network range temporarily, or disable network management totally for a while (as long as you keep a console cable + laptop handy of course).
You'd at least know whether it was an exploit / someone with the password etc etc, or just faulty hardware / power / whatever then.
Are you sure the switch is actually rebooting and it's not just some issue with auto negotiation? Some switches do have issues with some NICs and will be forever trying to re-negotiate a link speed / duplex.
If they were clever enough a port scan would bring up the right reults for the characteristics of a switch eg telnet port and a web port so I wouldnt have said just changing the IP address would work. You can even get those nice handy apps from the manufacturer that scan by mac address for that particular manufacturer.
Are you definately sure they are resetting and that you arent suffering some kind of broadcast storm (is spanning tree protocol enabled to help protect you from this?)
In the maagement it says the up time. for example 4 switches in 1 cabinet 3 of them would have been up for 100 days and yet this 1 would have only been up for 20 mins. i only look when someone calls to say the network has gone for a few seconds. i cannot really disable the management as there are vlans on all the switches. when the school is closed the swtiches never reset. i have tried to tell the network manager that is must be 1 unit that is attached somewhere but he disagrees. if i was to try and find a source for the problem does anyone know of a peice of software that would help me??Originally Posted by GeeDee
I am not sure if spanning tree is disabled as i got told by 3com to disable spanning tree?? I will check. Do you think this would help?Originally Posted by ChrisH
If you disable STP you have no protection from network loops and thus ARP storms. This will lock up switches to varying degrees depending on the backplane bandwidth of the switches.
If you want some switch monitoring software consider Nagios or Cacti.
Nagios will give a real time over view of your network where as Cacti will tell you about the historic performance of devices over time. They both require snmp capable devices to work. You'll also need a Linux web server to run them on as they are LAMP apps.
Ok, so clearly a switch issue then. Could be hardware or software however.Originally Posted by western
No, you can't disable management but you can re-address a couple of units to an off net address of your choice (10.10.10.1/24 or whatever). Vlans are only L2, so the IP assigned to the switch is purely for management. I assume you're not doing L3 routing on 25 switches.Originally Posted by western
You can then either temporarily switch (or alias) a random machine to the 10.10.10.0 network or console the switch directly when (if) you need to manage it. If the switch never falls over, then it's most likely either some vulnerability in the 3com magement software, or someone with the password resetting via the webmin, or some other happening on the LAN. You can then investigate the problem before re-config'ing the switch management back to your usual network.
The only other likely cause would be faulty hardware. What's the warranty? It seems unlikely that broadcast storms or network loops would cause a switch to crash and reboot itself, especially while the rest of the LAN continues to run happily.
There are currently 1 users browsing this thread. (0 members and 1 guests)