We have a switch which I think has it's mac address table been flooded. I ran two different sniffer software which showed TCP traffic for different hosts/ports on the switch which I am not suppose to see since I had no span enabled on the switch. Is this something could happen with a Cisco 2948 switch ? and if so how can I stop it from happeneing and/or clear it out ?
Don't forget the CAM or mac address table on the switch is really short term memory. So the first thing a switch does is once it recieves a frame is check its memory to see if it knows where the destination is.
If it doesn't it floods all the ports with a broadcast looking for it.
If your network has a lot of PC's or more Mac addresses than it does memory to handle them, that could happen.
You didn't mention vlans or spanning tree in the mix, but everytime spannintree reconverges the CAM rebuilds itself, part of that process is broadcasting.
You may want to track if spanning tree is stable, and possably set up portfast on all your PC ports.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...