Excess VLAN Unicast Sniffing Switchport

Unanswered Question
Jan 12th, 2009
User Badges:

When sniffing the vlan using Ethereal I see numerous unicast conversations,in addition to broadcast and multicast. I assumed I would only see unicast conversations between my laptop and the devices it talks unicast and/or broadcast/multicast but never all unicast on a vlan. The port is not spanned. I guess all my servers are getting hit with all unicast on the vlan. How do I fix this? IOS version 122-18 SXF3.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Roberto Salazar Mon, 01/12/2009 - 15:36
User Badges:
  • Gold, 750 points or more

Sounds like the switch is flooding to vlan, there are several reasons for these to happen.

1. The cam of the switch is full and cannot store anymore learned mac address which would flood the unknown mac-addresses.

2. the cam table is getting flushed, the default is 300 secs - show mac-address aging. Anything less would mean there is STP issue that is causing the mac table to purge the entries.

3. Asymetric path which would be another reason for a mac-address to get purged after the aging time-out, normally, it should refresh but if there is asymetric path, that means the host is taking another path and causing the mac entry on this switch to age out.

These are just the known reasons, other reason could be bug, h/w, etc.

mlenco Mon, 01/12/2009 - 18:16
User Badges:

Do you have a troubleshooting document on this? We will most likely walk the spanning-tree paths between our distro and core, perhaps even removing the mesh to see if the excess traffic stops. Thanks for your help.


This Discussion