Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

All network traffic propagation in SW 2950

Hi experts,

I have had a bad experience with propagation of every network traffic in every switch ports. I have a LAN based in Cisco 2950, 2950SX, 2950-48T and 3560G-24TS. For exemplo: The traffic between port 1 and port 2 from Switch 1 can be listened in any switch port of LAN. This LAN was deployed with Cisco standard configuration. I just get cisco switch from the package and turn it on. PS. There are no redundant fisical path.

Thanks guys I will really appreciate your comments

4 REPLIES
Green

Re: All network traffic propagation in SW 2950

Are you sure you're not just seeing the broadcast / multicast traffic?

If you did your capture when the switch was just turned on, you may have been seeing some flooded traffic too. When a frame arrives and there is no table entry for the destination adress, the switch will flood it out all ports (except the one the frame was received from).

Check again with another capture now that it's been up for a while and see if you still see a lot of unicast for destinations other than the port you are monitoring.

Good Luck

Scott

New Member

Re: All network traffic propagation in SW 2950

Hi Scott,

I have captured a lot of TCP, UDP and other kind of traffic in every moment that I have started a network analyser tool. In this case I have used Ethereal.

It is very stranger, because in this case the switch is working as a hub. Here is attached picture of the LAN

New Member

Re: All network traffic propagation in SW 2950

Hi Nelson,

check your mac-address-table to see if it is flooded with addresses. This is a common way to atack a L2-Switch and turn it into a hub. By overflowing the cam-table constantly is the switch not able to learn and memorize the correct mac/port combinations and acts like a hub by flooding every frame. If thats the case you should make yourself familar with the switchport port-security feature which would prevent such attacks.

Check the mac-table to see if its overflowing ...

Regards

Robert

Green

Re: All network traffic propagation in SW 2950

A picture of the LAN is not helpful in this case. Can you post the Ethereal captures?

Thanks

Scott

128
Views
0
Helpful
4
Replies