I have a location that has a 2800 series router, packet shaper, l3 switch (dell), 1231bg APs, and several l2 switches (dell) spread over 2 buildings.
I noticed over the last week that if I ping the inside interface of the router from my side (public -> private), my access times can come back as high as 200ms. The serial interface on the router stays consistent within 12ms-70ms. When I ping any of the switches behind the router, I've seen latency as high as 1200ms.
It's not a broadcast storm, at least according to all of the switch statistics. Broadcast packets are incrementing at a rate of about 15-30 packets every 15 sec. I would think it would be much more if it was a storm.
CPU and memory is fine on the router, and this was my first thought as to why the traffic would jump from a 70ms public to a 200ms private address within the same router. I'm honestly at a loss.
I can put a sniffer on the network, but I'll only catch broadcasts. I could try to mirror the port on the dell that connects to the router and see what's going through that port, but I'm not sure if this would be necessary. Does this situation call for netflow running on the inside interface?