11-11-2006 04:27 AM - edited 03-05-2019 12:45 PM
Hi experts,
I have had a bad experience with propagation of every network traffic in every switch ports. I have a LAN based in Cisco 2950, 2950SX, 2950-48T and 3560G-24TS. For exemplo: The traffic between port 1 and port 2 from Switch 1 can be listened in any switch port of LAN. This LAN was deployed with Cisco standard configuration. I just get cisco switch from the package and turn it on. PS. There are no redundant fisical path.
Thanks guys I will really appreciate your comments
11-11-2006 07:19 AM
Are you sure you're not just seeing the broadcast / multicast traffic?
If you did your capture when the switch was just turned on, you may have been seeing some flooded traffic too. When a frame arrives and there is no table entry for the destination adress, the switch will flood it out all ports (except the one the frame was received from).
Check again with another capture now that it's been up for a while and see if you still see a lot of unicast for destinations other than the port you are monitoring.
Good Luck
Scott
11-11-2006 07:47 AM
11-15-2006 06:13 AM
Hi Nelson,
check your mac-address-table to see if it is flooded with addresses. This is a common way to atack a L2-Switch and turn it into a hub. By overflowing the cam-table constantly is the switch not able to learn and memorize the correct mac/port combinations and acts like a hub by flooding every frame. If thats the case you should make yourself familar with the switchport port-security feature which would prevent such attacks.
Check the mac-table to see if its overflowing ...
Regards
Robert
11-15-2006 06:57 AM
A picture of the LAN is not helpful in this case. Can you post the Ethereal captures?
Thanks
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide