cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1111
Views
0
Helpful
4
Replies

Packet flooding : MAC address table forgets entries

eric.ternant
Level 1
Level 1

Greetings all,

I am working on a strange problem here : there is a switch (Catalyst 2950-24, IOS 12.1(9)EA1) that "forgets" the MAC address table entry of another switch (same type and IOS), despite the direct connection between the two (EtherChannel including Fe0/23 and Fe0/24).

The effects are quite nasty : any IP interaction (a ping, for example) with the VLAN1 produces a flooding of packets, which are eventually destructed due to TTL expired. By so, many packets which should be switched get discarded.

The problem has appeared on 2 of my LANs recently, without any structural change or upgrade. After boot or a direct ping between the 2 switches, the situation is OK as long as the MAC address table keeps the entry. The problem appears after a moment, which seems to equal the MAC address table aging time.

A quick fix that works is to set a static Mac Address Table entry ("mac-address-table static" command), but it remains quick & dirty.

Besides, I would really like to understand what can make Mac Address auto-learning fail like this. Any idea ?

(other technologies involved at LAN level are STP and HSRP)

4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

Eric

There are several things that can cause the unicast flooding that you describe. Probably the most common is the difference between the timeout of the ARP cache and the aging time of the MAC forwarding table (much shorter by default). Basically the issue is that the ARP table has the MAC which it learned and if an IP packet is to be sent to the other switch, it puts the destination MAC into the frame since the ARP table has the MAC. But the MAC forwarding table has aged out the MAC (and since packets from the IP of the other switch have not been received for a while it has not relearned the MAC). So the frame is flooded to all ports in that VLAN. The solution for this is usually to change the ARP timeout so that it matches the MAC aging timer.

I am surprised that this appeared recently, since this behavior should have been present all along.

Change the ARP timer and let us know if it fixes the problem.

HTH

Rick

HTH

Rick

I have made the change (value 300) on the VLAN1 for both switches, the problem is still there, unfortunately.

Anyway, is it a setting you would advise me to set on all my LANs ? If so, one could ask why those 2 timers have different default values...

What strikes me most in this case is that once the entry is deleted from the table, it is never learnt again automatically. I have to set it manually or launch a ping from the other switch or from a nearby router to make it enter the MAC Address Table again.

This link explains unicast flooding very well. It is a somewhat common occurance and can exist for a long time before it is noticed because in most cases the flooded packet does get to its destination, although it goes everywhere else as well.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

glen.grant
VIP Alumni
VIP Alumni

you might want to try upgrading the code too 12.1.9 that is ancient and could have bugs in it .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: