Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

network analyzer sees all traffic on the switch

A client of us is having a very strange issue. They see a very load (initially just by watching the LEDs en got a software analyzer run on it. Now a software analyzer on a single port, even in promiscuous mode should only get its local data on a single switch port. The switch should only deliver local data to that port (thats why its switch, not a hub yes?) But to our surprise the analyze sees all the traffic, even the traffic that should get on to that specific switch, let a lone that port on the switch. It looks like everything is working like a big hub.

Hereunder is a screenshot of the installed network analyser:

analyser.jpg

Can anyone assist in finding where this is going wrong?

units in use:

SGE2000-EU

SRW224G4-EU

SRW224G4P-EU

SRW248G4-EU

Kind Regards

Everyone's tags (4)
5 REPLIES

Re: network analyzer sees all traffic on the switch

Hi RONVER-Systems,

I cannot see the first image, just doesn't want to come up.  Knowing the behavior of a switch I can imagine "broadcast' traffic being received on each port.

It would be more relavvnt if you could use wireshark (a freeware 'sniffer' program)  and try the same capture again and post the capture file as a .cap file.

But you obviously will see broadcast traffic arrive at each switch port. The switches will route at Layer 2 any unicast traffic.  But lets check out the capture file you send in again.

Sorry for this bother, I just can't see the first image you posted.

regards Dave

New Member

Re: network analyzer sees all traffic on the switch

Hi,

I am getting the same response.... as soon as I configure the vlan in a port, the swicth seems to create a hub per vlan... and if you open a TAC with this problem, you only get, rebuild all the configuration from the beginning and let us know if this happened again.

Have someone solve this issue?

Thanks in advance.

Silver

Re: network analyzer sees all traffic on the switch

Mr. Jimenez,


Vlans are separate broadcast domains.  So if you have ports in that vlan it in a sense is a hub but does not allow collisions like a hub.  Each port is a collision domain.


So you will get broadcast, multicast traffic on that vlan for all ports associated on it.

New Member

Re: network analyzer sees all traffic on the switch

Hi,

I understand what a vlan domain is, my problems is when a server produce traffic, all this traffic is replacated to all the ports of the same vlan.... like a hub does. I thought the SGE was a switch, and the traffic would go only to the destination port.

Regards

Silver

Re: network analyzer sees all traffic on the switch

Yeah,


Anycast traffic or traffic directed to a specific host, it should not be seen by everyone on the floor.  However Multicast and Broadcast traffic will be seen by everyone on that vlan.


If your seeing traffic directed to someone other than yourself  and your receiving it.  Maybe the mac address table is not maintaining the mac table and flooding traffic to populate the mac table.

1587
Views
0
Helpful
5
Replies
CreatePlease login to create content