We appear to have a broadcast storm happening on our LAN. The utilization of our switch ports is pretty much always under 5%. Currently, most of the ports on our switches are around 40% utilization. We're having major issues with connections dropping right now. The switches themselves are HP, but I was wondering if there is anything I could log on the inside interface of the ASA 5510 that would help to isolate the source of this undesired traffic. The HP switches don't seem to offer much help in determining the source. Is there anything that can be done short of shutting down links between switches one-at-a-time to isolate the problem? Thanks!
Is your ASA the default gateway for the LAN network ? Are the HP switches layer 3 and terminate the broadcast domain ? Incase HP switches are layer 3, I think thats the place where you would look at.. not sure if there will be useful messages on the ASA if the broadcast domain terminates on the switch. You can anyway see the utilization of the port connecting to ASA and see if there are any alarms there (increased traffic etc).. practically there could be a loop on the LAN network or a PC sending unncessary broadcasts (virus, worms etc), and isolating this is challenging.. You need to track suspicious mac addresses end to end and see where it leads to.. if you see huge traffic on PC ports, you need to look at that... lots to look at, but ONLY when the problem occurs ....