Switching Question: Sniffing a mac adx to mac adx conversation
This is for you switching gurus out there. I know its not good but I am trying to explain why and I cant come up with the correct words...
Two Unix Solaris boxes with 2 nics each. Nic1 for Prod and Nic 2 for BU on both boxes. On the same switch (3750) and the Prod subnet is x.x.1.0/24 and BU subnet is x.x.2.0/24 for both boxes. SolarisA has both nics set to the same mac adx (:::ABCD) as well as SolarisB(:::1234). (This is a default setting to this type of physical server ( I think its a Fujitsu chassis. And yes, I am forcing the unix team to change it to unique adxs but I just want assistance for a pro-active write up.)
Ive been asked to sniff these servers due to the fact that ftp transfers sometimes stop during its process and they want to be proactive about it and find out why. These ftp transfers are log transfers that are normally very large.
Since it is same switch and same subnet; they are only communicating via Layer 2 and not using any L3 type of communication. Sniffing is not coming up with anything inclusive (Im probably using it wrong due to the fact that the filters are based upon mysql ports and ip adxs.) But, I am trying to explain to the client that having the same mac address on both ports (prod and BU) can cause this problem. I realize that communication will be via L2 but if it goes to the BU port it should drop due to the wrong vlan while if it goes to the PROD port then communication is good. But, will there be any time where it is communicating via the PROD port and then switch to the BU port?
Re: Switching Question: Sniffing a mac adx to mac adx conversati
some notes about what you have written:
1) FTP is TCP/IP so communication is Layer3 but there isn't any network device in the middle.
2) if the PROD ports are in Vlan X and the BU ports are in Vlan Y the switch should be able to deal with the duplicated MAC address because the CAM table has three fields: the MAC address, the port where the MAC has been seen as source address and the Vlan the port is member of (or the vlan tag in case of trunk port).However, in this case you have the same MAC address on different ports of the same switch.
I agree that using different MAC addresses would be better.
3) you can use SPAN for this defining as source ports the two PROD ports and the destination is the port where you connect you sniffer.
you can even have a second session for the BU ports sending traffic to a second destination port (if you can use two sniffers or PCs).
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.