Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Debug Question - Switched Network

Hi All

OK so I was thrown in to the fire yesterday and asked to figure out why a network was going down in one area every 10 minutes roughly for about 20-30 seconds.

This was not a cisco network unfortunatley but debugging is the same right?  There are 12 x 24 port switches (3 dell and 9 netgear) and they are all daisy chanined and running RSTP.

First thing I noticed was when I plugged in my laptop to any port on any switch when I ran tcpdump I could see all tcp packets from anywhere on the LAN.  It was behaving more like the network was full of hubs.  I did narrow down the issue to a singlar switch and it looks like a virus on a PC.

My question is why whould I see all traffic from around the network on on any port of any so called switch?  I  have never seen this before.

Thankfully I am doing a new network design for them (cisco) so they have a first class network and not one that has oranically grown.

Thanks

Mick

2 REPLIES
Super Bronze

Debug Question - Switched Network

Disclaimer

The     Author of this posting offers the information contained within this     posting without consideration and with the reader's understanding  that    there's no implied or expressed suitability or fitness for any   purpose.   Information provided is for informational purposes only and   should not   be construed as rendering professional advice of any kind.   Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In     no event shall Author be liable for any damages whatsoever   (including,   without limitation, damages for loss of use, data or   profit) arising  out  of the use or inability to use the posting's   information even if  Author  has been advised of the possibility of  such  damage.

Posting

My question is why whould I see all traffic from around the network on on any port of any so called switch?  I  have never seen this before.

It's possible the virus is causing your switches' mac tables to overflow which in turn causes unicast flooding.

New Member

Debug Question - Switched Network

absolutely that is possible.  I hadnt considered unicast flooding.  thanks for highlighting it.

Its hard to troubleshoot this with all this traffic going on in the network.  if you have any helpful ideas in nailing this down please share.

thanks

165
Views
5
Helpful
2
Replies
CreatePlease to create content