i cleared the counter for my gig interface connected to DS.and i watch my strange brodcast:
brodcast incresed every second i issue sh interface gig0/1
plz help to overcome
SW#sh interfaces gigabitEthernet 0/1
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Link type is autonegotiation, media type is SX
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:03, output hang never
Last clearing of "show interface" counters 03:59:45
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue :0/40 (size/max)
5 minute input rate 7006000 bits/sec, 7053 packets/sec
5 minute ouxtput rate 0 bits/sec, 0 packets/sec
102537443 packets input, 4241617996 bytes, 0 no buffer
Received 102361096 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 102195392 multicast, 0 pause input
0 input packets with dribble condition detected
4618 packets output, 862882 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out
wow, you have a ton of input traffic with no output traffic.
Did you try telneting to the device connected on G0/1 ? What type of device is connected to G0/1 ?
It looks like you have a virus.
Did you telnet to this switch and check the port counters to identify which switchport is the one sending the most traffic ?
The first question coming to my mind: what is causing the broadcast traffic? Can you use a packet analyzer like Wireshark to record the packets utilizing a SPAN port?
This should help to identify the cause of the broadcast packets and thus maybe allow you to stop it at the origin.
I know some applications use broadcast to distribute data, which could explain the observed behaviour.
Which source MAC address is seen? Track the source MAC address(es) to the switch port(s) connecting the end device(s). In some operating systems IPv6 is turned on by default (or misconfiguration by admins).
Once you know the end device you need to check the operating system settings. In MS you could simply disable the protocol for the network card in the LAN Properties Tab.
Empty? you mean all zeros as source MAC address? A standard ethernet frame has to have a source MAC and a destination MAC. Can you attach a small sample of collected packets in a zipped file?
Based on the screenshot you posted, it seems you are seeing lots of MLD (Multicast Listener Discovery) packets.
You can control and block this traffic by following this URL
Since the traffic is coming from the switch and you are sure that IPv6 is disabled in the switch. Can you post the "show version" output of the switch? It could be a bug.
show ipv6 interface [interface-id]
show ipv6 route
show ipv6 static
Make sure you don't use IPv6 first.
In the global configuration mode
SW(config)# no ipv6 unicast-routing
In the interface configuration mode
SW(config-if)#no ipv6 enable
and also based on the snapshot.i didnt understand this:ff04::10 do i need to configure it or find the Destination based on my snapshot
have a look at the source mac addresses seen, which is HighTech_1d:b3:01 in the screenshot. Track the mac address in the switches to the access port (presumably "show mac-address-table") and have a look at the attached device. I would assume the source is not a switch, but a host with default IPv6 settings. Once you found the host(s), check the network card settings and disable IPv6, as you do not want it to be active. In case you do not know how to disable it, please provide more informations on the host(s) causing the issue.
1) find access port in the switches by tracking MAC address
2) identify host connected
3) check network card settings connected to switch port