Looking for some troubleshooting feedback on this one.
In a single vtp domain environment containing about 120 switches (mostly Cat 3560s and very few DLink Des3550s) I've recently started to see a few network wide connectivity drops, very short in nature but totally unacceptable either way. The fact that everything is configured default pvst made me wonder if the short downtime was a STP recalculation + the network converging again. Very soon we'll be looking at moving layer 3 out to each network closet but in the mean time I want to find the culprit with the current setup. Syslogs aren't showing anything concrete and I don't see any ST inconsistencies from my root bridge. Anyone have a few tricks to track down these issues?
Thanks in advance,
I agree you need to track where the address *should* be.
I would also sugest that if you don't already use them, use BPDU-Guard and port security. Port security can be used to effectively restrict a user port to a single mac address - ie a user puts a hub there to connect a second PC and only one will work, BPDU Guard should be used on all edge ports of your network. What that does is protect your network against someone plugging a real switch in that will send BPDUs. The effect would normally be that of someone plugs a switch in, the port shuts down and the user then has to ask for the port to be re enabled, giving you the opportunity to educate them about the issues of connecting unauthorised network devices to the network!