Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
346
Views
0
Helpful
4
Replies

All network traffic propagation in SW 2950

nelson_pereira
Level 1
Level 1

‎11-11-2006 04:27 AM - edited ‎03-05-2019 12:45 PM

Hi experts,

I have had a bad experience with propagation of every network traffic in every switch ports. I have a LAN based in Cisco 2950, 2950SX, 2950-48T and 3560G-24TS. For exemplo: The traffic between port 1 and port 2 from Switch 1 can be listened in any switch port of LAN. This LAN was deployed with Cisco standard configuration. I just get cisco switch from the package and turn it on. PS. There are no redundant fisical path.

Thanks guys I will really appreciate your comments

Labels:
0 Helpful
4 Replies 4

scottmac
Level 10
Level 10

‎11-11-2006 07:19 AM

Are you sure you're not just seeing the broadcast / multicast traffic?

If you did your capture when the switch was just turned on, you may have been seeing some flooded traffic too. When a frame arrives and there is no table entry for the destination adress, the switch will flood it out all ports (except the one the frame was received from).

Check again with another capture now that it's been up for a while and see if you still see a lot of unicast for destinations other than the port you are monitoring.

Good Luck

Scott

0 Helpful

nelson_pereira
Level 1
Level 1
In response to scottmac

‎11-11-2006 07:47 AM

Hi Scott,

I have captured a lot of TCP, UDP and other kind of traffic in every moment that I have started a network analyser tool. In this case I have used Ethereal.

It is very stranger, because in this case the switch is working as a hub. Here is attached picture of the LAN

Preview file
267 KB
0 Helpful

ace-cco
Level 1
Level 1
In response to nelson_pereira

‎11-15-2006 06:13 AM

Hi Nelson,

check your mac-address-table to see if it is flooded with addresses. This is a common way to atack a L2-Switch and turn it into a hub. By overflowing the cam-table constantly is the switch not able to learn and memorize the correct mac/port combinations and acts like a hub by flooding every frame. If thats the case you should make yourself familar with the switchport port-security feature which would prevent such attacks.

Check the mac-table to see if its overflowing ...

Regards

Robert

0 Helpful

scottmac
Level 10
Level 10
In response to nelson_pereira

‎11-15-2006 06:57 AM

A picture of the LAN is not helpful in this case. Can you post the Ethereal captures?

Thanks

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card