Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

why is switch acting like hub

I have a unicast IP flow (no L2 or L3 multicast or broadcast) running between a source device connected to an "access" port in vlan 21 and a destination device connected to an "access" port in vlan 1. Routing between the vlans happens on an external device. I also have a pc connected to another "access" port in vlan 1 that is running a sniffer program. No span/monitor is set up.

Why can I see the unicast flow between the first 2 devices on the "sniffer" pc ?

I thought a switch would only forward packets to a port if the destination mac of the packet matched an entry in the cam table for that port.

3 REPLIES
Community Member

Re: why is switch acting like hub

Is the unicast flow established? If the switch does not have a CAM table entry for that MAC address - i.e. does not know where the destination MAC address is (because is hasn't seen any traffic from your PC in VLAN 1) then the switch will flood the traffic out of all ports in VLAN 1 because it doesn't know where the MAC address of the PC is. This is normal switch behaviour in the absense of MAC address information.

Re: why is switch acting like hub

You may be experiencing some asymmetric routing. If the L2 traffic between host A to host B does not take the same path as the traffic back from host B to host A, the CAM entries on the switch cannot be populated correctly and you will eventually experience flooding. There are several relevant docs on CCO, for example: http://www.cisco.com/en/US/partner/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml#cause1

Regards,

Francois

Green

Re: why is switch acting like hub

On some switches, if they hit a certain threshold of high activity, they will flood everything.

There are even some hacking tools that are made to drive the switch activity up into the "flooding zone" so that traffic can be intercepted.

BTW: at L2 the only controls you'd have are to inhibit multicast/broadcast traffic. By default, all L2 devices will forward all broadcast / multicast traffic.

FWIW / Good Luck

Scott

274
Views
12
Helpful
3
Replies
CreatePlease to create content