Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2158
Views
0
Helpful
5
Replies

network analyzer sees all traffic on the switch

RONVER-systems
Level 1
Level 1

‎09-29-2010 01:33 AM

A client of us is having a very strange issue. They see a very load (initially just by watching the LEDs en got a software analyzer run on it. Now a software analyzer on a single port, even in promiscuous mode should only get its local data on a single switch port. The switch should only deliver local data to that port (thats why its switch, not a hub yes?) But to our surprise the analyze sees all the traffic, even the traffic that should get on to that specific switch, let a lone that port on the switch. It looks like everything is working like a big hub.

Hereunder is a screenshot of the installed network analyser:

analyser.jpg

Can anyone assist in finding where this is going wrong?

units in use:

SGE2000-EU

SRW224G4-EU

SRW224G4P-EU

SRW248G4-EU

Kind Regards

Labels:
0 Helpful
5 Replies 5

David Hornstein
Level 7
Level 7

‎10-06-2010 04:43 AM

Hi RONVER-Systems,

I cannot see the first image, just doesn't want to come up.  Knowing the behavior of a switch I can imagine "broadcast' traffic being received on each port.

It would be more relavvnt if you could use wireshark (a freeware 'sniffer' program)  and try the same capture again and post the capture file as a .cap file.

But you obviously will see broadcast traffic arrive at each switch port. The switches will route at Layer 2 any unicast traffic.  But lets check out the capture file you send in again.

Sorry for this bother, I just can't see the first image you posted.

regards Dave

0 Helpful

mj.jimenez
Level 1
Level 1
In response to David Hornstein

‎03-31-2011 07:17 AM

Hi,

I am getting the same response.... as soon as I configure the vlan in a port, the swicth seems to create a hub per vlan... and if you open a TAC with this problem, you only get, rebuild all the configuration from the beginning and let us know if this happened again.

Have someone solve this issue?

Thanks in advance.

0 Helpful

David Carr
Level 6
Level 6
In response to mj.jimenez

‎03-31-2011 11:38 AM

Mr. Jimenez,


Vlans are separate broadcast domains.  So if you have ports in that vlan it in a sense is a hub but does not allow collisions like a hub.  Each port is a collision domain.


So you will get broadcast, multicast traffic on that vlan for all ports associated on it.

0 Helpful

mj.jimenez
Level 1
Level 1
In response to David Carr

‎04-01-2011 02:52 AM

Hi,

I understand what a vlan domain is, my problems is when a server produce traffic, all this traffic is replacated to all the ports of the same vlan.... like a hub does. I thought the SGE was a switch, and the traffic would go only to the destination port.

Regards

0 Helpful

David Carr
Level 6
Level 6
In response to mj.jimenez

‎04-01-2011 05:28 AM

Yeah,


Anycast traffic or traffic directed to a specific host, it should not be seen by everyone on the floor.  However Multicast and Broadcast traffic will be seen by everyone on that vlan.


If your seeing traffic directed to someone other than yourself  and your receiving it.  Maybe the mac address table is not maintaining the mac table and flooding traffic to populate the mac table.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X
Customers Also Viewed These Support Documents