I am seeing(not a lot)a conversation from, a node om my vlan talking to another node on a seperate vlan. We have turned off all possible port mirroring/spanning. It was discovered by our CSO and I was able to verify this by running a sniff on my port and I saw the asme traffic.... anyone have any ideas or suggestions... I looked through the packet in Wireshark and did not see that this was a broadcast; although i do see the standard eigrp, cdp etc......
The symptom of seeing unicast traffic on a port that is not part of the unicast traffic flow can happen in a condition frequently referred to as unicast flooding. Unicast flooding generally happens when the destination MAC address is not found in the CAM of the source switch and there are several things that can lead to unicast flooding:
- the CAM might be full and the switch can not add the destination MAC to the CAM, so it floods.
- the CAM might have learned the MAC, timed out the MAC, and has not yet seen traffic to re-learn the MAC. This sometimes happens when there is assymetric traffic (traffic to the station you are seeing is sent through one upstream switch, and response traffic is being sent back through another switch - quite possible if the end station is connected to a VLAN with 2 switches where traffic arrives from switch A and the response is sent to the default gateway/HSRP address which is currently switch B. A frequent fix for this is to configure the ARP timeout (4 hours by default) to be the same as the CAM aging timer.
If the problem is still happening, I would suggest that you find the MAC of the other end station and do show cam dynamic to see if you can find the destination MAC address in the packet. My guess is that you will not find it.