Meraki

Community

Switch Device Health MS425-C9300 Meraki Managed

First off, I realize this feature is early access/beta, but I have some concerns and I wanted to see if anyone else seen this. I have a MS425 switch that I enabled this and its showing an alarming number of drops. This switch is half populated and maybe early morning some interfaces get maxed out for high bandwidth operations. However throughout the day I will see 10k plus drops just randomly (not during high utilization times).

You can see for the last week 60k packets were dropped over 4 hours and that's not the highest. Millions of packets are getting dropped according to this tool per month. Outside of this tool, there is no way to tell. The event log shows no errors and there isn't a way to correlate this information. I opened up a ticket with Meraki, and they said "Reaching out to our internal team to confirm and they stated the traffic being dropped is not client traffic. It is traffic copied to the management CPU for inspection for functions such as client tracking". I believe this would still cause issues is millions of packets are dropping per month esp with CPU hits eating up resources.

I have issues with accurate client tracking as well for some time. It was set to MAC address for client tracking as I used to have a C9300 behind the MS425 as a "access switch" Its since been converted to Meraki Managed so it was changed to Unique client identifier tracking, since that's whats recommended.

Has anyone else seen issues like this with high packet drops for those that have this turned on? I don't have another device in another org/network to look at like this.

12 Replies 12

What firmware is your MS425 running?

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

17.2.2 on the 425, and CS 17.2.2 on the 9300

MS 17.2.2 has been steady (reliable) for my networks - that is good news! I'd stay with firmware MS 17.2.2.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

It would also be worth checking to see what your MS425 MTU size is at since there is hardware limitation specific to MS425 series switches - I am not sure if this might be a contributing factor in your drops.

Switch Settings

The maximum MTU on MS425 is 9416 bytes (i.e.: 9394 + 22 = 9416). Therefore, enter MTU size 9394.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Its just the default 9198. Not sure where it pulled that number, but I have never checked it before so im assuming that's what it was set to when I added to the network.

It's likely set at that due to the limitations of the C9300 series.

Are you using SFP+ or DAC cables?

Is the module seated secure into the port? I have had instances that the module pulled out without me releasing or latch/release tab.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

Im using DAC cables. Interesting story is that I was having loss from the MX to the 425 last year. I had Cisco branded SFPs and fiber patch cables. Meraki suggested that I swap those for some specific DAC cables, and it did clear up the issue (all SFPs were replaced with DAC cables). When I opened up this case, they were questioning these DAC cables, so I had to reference the previous case where they suggested them 🙂

It is odd though that it shows OEM and gives basic info for those SFPs in the dashboard. TAC said they expected to see more info almost like they are not 100% supported...

I will double check to make sure all of them are seated correctly. I was able to look at someone else's dashboard with a MS225 and it does show 10k plus drops as well, so it might be a early access thing etc, or they are really valid, and they have only Ethernet connections.

For what it's worth - I had temporarily used DAC cables in my early deployment but elected to go with 1M AOC instead - BIG difference (so what if it's 3rd party) but I no longer have any drops.

And the drops I had wasn't on the scale you mention - it's just a lab/test (sometimes demo) network with not much data (throughput).

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.

What types are these packets ?

I have 1513 switches on a total of 3459 that are showing > 0 drops. I have 0 problems on all of these sites.

For example some switches are reporting a large amount of drops, these are STP drops because BPDU guard is triggered.

They are mostly in the other category. I'm looking into multicast issues with the 9300 per @RWelch to see if the drop issue is causing this to send multicast traffic to the 9300 then to the 425 and thats whats causing it. Im seeing a bunch of IGMP/multicast traffic from the 9300 to the 425

In the distant past, I have seen this happen due to mass spanning tree calculations, as the switches had every port configured as a trunk port. This specific issue typically occurs when a large number of people are coming or leaving the network location.

Every time a trunk port goes up and down, anywhere in the entire network, on any switch, it triggers a spanning tree re-calculation.

To avoid this, it is essential to ensure that switch ports connected to end-user devices are marked as access ports. Spanning tree ignores access ports when they go up and down.

Thanks for the suggestion @PhilipDAth . I am pruning all vlans that are unneeded on trunk ports, and all end user ports are access. There are a few trunk ports, but they are to APs and to the MS425. I checked the event log on the 425 and no port bounces since the last time I upgraded the firmware. On the access side, no trunk ports have bounced.

I double checked the device health, and no STP drops. Just other.

Welcome to the Meraki Community!

To start contributing, simply with your Cisco ID. If you don't yet have a Cisco ID, you can .