I am getting excess traffic on my routers under the following condition:
R3 and R4 are 3640s using EIGRP with an AS of 7
R3's fa0/0 connects to S1, a 2950, on my 10.10.44.0/24 subnet, VLAN1
R4's fa0/0 connects to S1, on the same subnet as above and VLAN1
R3's fa0/1 connects to S2, another 2950, on my 10.10.46.0/24 subnet, VLAN2
R4's fa0/1 connects to S2, on the same subnet as above and VLAN2
Both R3 and R4 have multiple 56kbps connects out to my WAN.
Now, given how R3, R4, S1 and S2 are connected, all of my 56ks get lots of traffic, yet, nothing is really talking to the remote routers at the other end of the 56k circuits.
But, when I do a shutdown on R3's fa0/1, all of this traffic comes to a hault. It doesn't make sense as to why.
Anyone run into this? Situation before?
I haven't been able to connect a probe up to the remote sites. But, the WAN has some redundance on the other side of the remote sites via serial links that go to other routers at other sites. But, the problem is strictly going to the route sites off these two routers.
Are you thinking a STP problem?
Can you do a sniffer trace on VLAN 2 off of R3 fa0/1 to see what traffic is occurring?
Do you have any bridge commands on R3 Fa0/1 interface configuration?
If there isn't many people plugged into the 2950 for VLAN2 then go unplug connections one at a time until the problem goes away if you won't effect work to much, etc and then go find out what that device is.
We did a sniffer trace on VLAN2 and we couldn't find anything that looked unusual. I have a guy connecting a WAN probe to one of the serials and we're going to capture date with and without the r3 router connected and see what is different. Only problem is, that may not tell us "why".
Well, I put a probe on one of the serial interfaces. What I am getting is R4 is sending type 2048, TOS=192 packets out to every router on its serials and they are responding back with 2048/192. Right now, I'm searching Cisco's site to find out why.
Looks like a ARP_RARP packet. Check to see if there isn't a device sending out constant requests. Awhile back HP JetAdmin software did this so maybe thats a possibility here.
There are two devices on the subnet that I'm not sure about. So, I've asked my co-workers in Alhambra to look to see what they are. They very well might be HP print sharing devices. But, at this point, I don't know.
It looks like the connection between R3 and S2 is the problem. We hard-coded it to 100mbps at both ends and it will not run at that speed. So, we're going to do some elimination and find the component that won't work at 100mbps and see if that solves the problem.
Problem solved! It turns out that the default bandwidth value on all of my serial connects is 2048 kbps (or 2mbps). So, I set all of my 56kbps circuits to have a BW 56, all of my T-1s to have 1554 and after about 15 minutes, all returned to normal as far as the traffic levels go.
I do still have a problem with chatty traffic from R3 & R4 out to the remote sites, but it is no longer taking up the majority of my bandwidth. And, I have a good idea as to what triggers the traffic.
Thanks to everyone who gave me suggestions as to what to look for.