Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

UPD broadcast in LAN

HI all,

Required your valued clarification on a basic and a stupid question I have. I hope you dont mind to reply.

I have installed an etheral in one of my LAN broadcast domain where I am getting around 40 to 70 percent UDP traffic of my total subnet traffic.

Need your esteemed advice on this.. I personaly guess its normal. Does it ? I have mostly use of internet. I have a SNMP server in this subnet, HSRP is also configured for this subnet. Please advice. When I figure out this traffic it explains me about the listed protocols that works on UDP.

Please advice.

7 REPLIES
Hall of Fame Super Blue

Re: UPD broadcast in LAN

Hi

It's difficult to say without more specifics. Are you saying that the UDP traffic is broadcast traffic or just that the majority of traffic on that LAN is UDP.

What UDP ports are being used ?

Jon

New Member

Re: UPD broadcast in LAN

I mean the majority of the LAN traffic is UDP. UDP protocols mainly used are SNMP and HTTP.

I do feel it perfect. please advice.

Re: UPD broadcast in LAN

Likely you have plugged your ethereal machine in a switchport. What you see there consists largely of broadcasts because the monitor pc does not generate any traffic from itself.

To "see" real traffic you should configure the switchport as a monitor port:

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008015c612.shtml

regards,

Leo

New Member

Re: UPD broadcast in LAN

For the past two weeks we had the case where, a server was broadcasting UDPs We just found the source problem) and our CAT4506 was pegged at 95% (show processes CPU) Cat4k Mgmt LoPri was 85.29% ! The SysAdmmin says we need to close or filter UDP Destination Port 6669 on our Cat3560 (first level Switch) or or Router (4506)

What can we do to stop the Packets at the Port???

Mike

Re: UPD broadcast in LAN

As a rule of thumb, it is always better to adjust the behaviour of the host that is generating the traffic than to adjust it at the network level.

When you know what (which host) the cause is, shut it down or restrict it's access.

The first question that I would ask here is: what does this traffic on port 6669 do?

Is this an essential network-service or not?

When it is, you will have to facilitate it one way or the other. When it is not, contact the server admin and shut it down, take any measures that you see fit to solve the needs of the moment.

An access-filter like below will suffice for this:

access-list 199 deny udp any any 6669

access-list 199 permit ip any any

int vlan XX (where the source is)

access-group 199 in

regards,

Leo

New Member

Re: UPD broadcast in LAN

Thank we mployed this on the 4506, we are now down to 10 to 17% !

It was very hard intially to find the source of the problem. I wished I had some software to alert me. As it happened someone remembered complaint from a particular server from months agao, and it was the same problem here.

Mike

New Member

Re: UPD broadcast in LAN

Thanks... The document was very helpfull.

Cheers !

198
Views
10
Helpful
7
Replies
CreatePlease to create content