We have a major problem on our network. Seems broadcast storms are increasing in frequency and intensity. Basically, here's the topo of the LAN. Dual 6509's with MSFC's. Into them dual connected are a 4003, 4006, and a dozen or so 3548's. Connected into the 4003 are a few WAN routers that head out of the network to remote sites.

The problem is I can look at MRTG and see the broadcast storms on every port on the switches. The 6509's have HSRP running, and during the storms, they who "duplicate address <MSFC IP> on Vlan1, sourced by (his own Mac address).

The 4006 is showing a %SYS-4-P2_WARN: 1/Host xx.xx.xx.xx.xx.xx is flapping between port <a FastE port> and <GigE uplink to 6509P>

Well back to the broadcast storm. Best I can spot with tcpdump is tons of arp who-has from random hosts on the network. During this storm I'll see ~250 packets in a single second from a host arping for either another device or his gateway. No patterns between ports, devices or anything. It goes on for dozens of devices, but not all, and the just stops with no intervention.

I'm at a loss... Any ideas of what direction to troubleshoot this?

it seems like a loop in the network.

Check if TCN BPDUs appear in the time of the storm.

There might be a "active" user in the network connecting two ports via a hub or something like that.

The HSRP error message also might indicate a loop in the network.



