cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1584
Views
12
Helpful
3
Replies

why is switch acting like hub

ajsouthard
Level 1
Level 1

I have a unicast IP flow (no L2 or L3 multicast or broadcast) running between a source device connected to an "access" port in vlan 21 and a destination device connected to an "access" port in vlan 1. Routing between the vlans happens on an external device. I also have a pc connected to another "access" port in vlan 1 that is running a sniffer program. No span/monitor is set up.

Why can I see the unicast flow between the first 2 devices on the "sniffer" pc ?

I thought a switch would only forward packets to a port if the destination mac of the packet matched an entry in the cam table for that port.

3 Replies 3

kirkster
Level 3
Level 3

Is the unicast flow established? If the switch does not have a CAM table entry for that MAC address - i.e. does not know where the destination MAC address is (because is hasn't seen any traffic from your PC in VLAN 1) then the switch will flood the traffic out of all ports in VLAN 1 because it doesn't know where the MAC address of the PC is. This is normal switch behaviour in the absense of MAC address information.

Francois Tallet
Level 7
Level 7

You may be experiencing some asymmetric routing. If the L2 traffic between host A to host B does not take the same path as the traffic back from host B to host A, the CAM entries on the switch cannot be populated correctly and you will eventually experience flooding. There are several relevant docs on CCO, for example: http://www.cisco.com/en/US/partner/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml#cause1

Regards,

Francois

scottmac
Level 10
Level 10

On some switches, if they hit a certain threshold of high activity, they will flood everything.

There are even some hacking tools that are made to drive the switch activity up into the "flooding zone" so that traffic can be intercepted.

BTW: at L2 the only controls you'd have are to inhibit multicast/broadcast traffic. By default, all L2 devices will forward all broadcast / multicast traffic.

FWIW / Good Luck

Scott

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: