Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
388
Views
4
Helpful
3
Replies

Excess VLAN Unicast Sniffing Switchport

mlenco
Level 1
Level 1

‎01-12-2009 03:27 PM - edited ‎03-06-2019 03:24 AM

When sniffing the vlan using Ethereal I see numerous unicast conversations,in addition to broadcast and multicast. I assumed I would only see unicast conversations between my laptop and the devices it talks unicast and/or broadcast/multicast but never all unicast on a vlan. The port is not spanned. I guess all my servers are getting hit with all unicast on the vlan. How do I fix this? IOS version 122-18 SXF3.

Labels:
0 Helpful
3 Replies 3

Roberto Salazar
Level 8
Level 8

‎01-12-2009 03:36 PM

Sounds like the switch is flooding to vlan, there are several reasons for these to happen.

1. The cam of the switch is full and cannot store anymore learned mac address which would flood the unknown mac-addresses.

2. the cam table is getting flushed, the default is 300 secs - show mac-address aging. Anything less would mean there is STP issue that is causing the mac table to purge the entries.

3. Asymetric path which would be another reason for a mac-address to get purged after the aging time-out, normally, it should refresh but if there is asymetric path, that means the host is taking another path and causing the mac entry on this switch to age out.

These are just the known reasons, other reason could be bug, h/w, etc.

mlenco
Level 1
Level 1
In response to Roberto Salazar

‎01-12-2009 06:16 PM

Do you have a troubleshooting document on this? We will most likely walk the spanning-tree paths between our distro and core, perhaps even removing the mesh to see if the excess traffic stops. Thanks for your help.

0 Helpful

Roberto Salazar
Level 8
Level 8
In response to mlenco

‎01-12-2009 07:28 PM

Yes, I have the Unicast Flooding in Switched Campus Networks doc here in this link:

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card