Can we use "spanning-tree portfast" command on trunk port. Will this help us in L2 network suspected flooding (If CAM table is showing full utilisation of Unicast MAC address). If not, then what feature will help us in the mention case.
if the trunk is an inter-switch link usage of spanning-tree portfast should be avoided.
when you see the CAM table full with
sh mac-address-table count
or you are under a MAC flooding attack or there is a misbehaving network device.
I suggest to enable port-security with violation action errordisable as the most effective countermeasure for this.
Be aware that switches with their CAM tables full need to replicate all frames out all ports in the same vlan and so they can face high cpu usage.
Among possible problems caused by network device we had a problem caused by CSM service modules in C6500 that under heavy load (more then 2Gbps) were generating frames with random source MAC addresses in vlan1. CSM firmware upgrade solved this issue.
try to follow some MAC addresses to see if you find from where they look like to come.
Actually port security feature what u suggesting is best when we are very sure that the mention problem happening due to STP TCN(Topology Change Notification). But here in this case nothing seems like this.
As for as MAC address following/tracing is concerned, i have tryed level best but unfortunetly does'nt seems that any single source is generatiing spurious traffic.
>> Actually port security feature what u suggesting is best when we are very sure that the mention problem happening due to STP TCN(Topology Change Notification).
My understanding is different: during STP topology changes the CAM aging time is changed to 15s = forward delay.
In this case it is more difficult to fill a CAM table with random MAC addresses because entries are aged out fast.
For example during L2 security tests we had to increase the aging time to be able to fill the CAM of a C6500.
STP port security is a good tool for dealing with MAC address flooding.
>> As for as MAC address following/tracing is concerned, i have tryed level best but unfortunetly does'nt seems that any single source is generatiing spurious traffic.
If there is no evidence of an external source of these random MAC addresses that fill the CAM tables the problem can be internal to one switch: I mentioned a problem we had with CSM service modules we couldn't find an external source of these MAC addresses.
As I wrote switches don't work well when the CAM tables are full so, I would try to make some change like for example to shut the link between the two distribution switches.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.