I am experiencing a rather bizare situation. My network, well segmented is acting funny. Suddenly i start getting request time out when i ping an outside ip, when i isolate a certain switch, i start getting replies agiain.After a while it starts timing out again, i isolate another switch and reply continues, this time i have connected back the first switch. So it seems like a virus that jumps from one network segment to the other congesting the whole network.
I have cisco 2950, Pix 501, router 2621XM, dlink, 3com and intex switches on my network of less than 20 concurrent users.
I had a similar situation in the past in my lab but it was not completely Cisco. I had 3COM L3 switches that showed the same problem. Below is my scenario..
all the switches were going to PCs and servers. the switches were in L2 mode and one fine day i started getting IP conflict on some of my PCs. then accessing those PCs from others was not possible. I could clearly see that there is no IP conflict on in the network at all.
couple of days later the IT team called me and said they are getting MAC broadcast from the ports connected to switches and disabled them. i flushed all the MACs from the switches, made sure STP is configured properly (thought there is no redundancy) and configured the MAC refresh rate properly. it is good from then.
i think there was some problem with the switches' MAC db and that spoiled the whole network. in your scenario, when you disconnect one switch, that MAC db will not be active and the new one will start learning. it works for sometime till the db gets corrupt (due to improper refresh rate or bad nic/virus broadcasts). as you have multi-vendor network.. check the 3com (super stack..?) throughly first. it is a switching problem.
let me know if this helps and rate this post if useful.
Hi, thanks a lot for your response. It really made a lot of sense. How do i flush all MACs and configure refresh rate (catalyst 2950) for the other switch type, i guess i'll just turn them off and on right? watch mean by 3com(super stack..?). Secondly how is it possible to check and remove virus on these switches. Can i locate a bad nic through a software?
Sorry i ask this much(i hardly configure switches)
hmm.. i am more of a planner and troubleshooter but i don't remember the commands properly. for the 3com and rest of the switches, you can logon to the GUI (http or https) and change the refresh rate. your switches are not infected with virus, but check your PCs connected to the switches. am not sure of any software to check the bad NIC but i would prefer sniffer or isolate and try method.
please rate this post if you are satisfied with the reply
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...