Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Tcp and snmp communication

Hello all;

I'm find an explanation of one issue face in our network. We have a part of our network which is not segmented.We install a sniffer server without configuring span, this sniffer server was connected to the cisco switch.

We discover that this sniffer is able to see tcp &snmp traffic between PRTG server and remote equipment monitored via snmp.

I'm confused, because i do not know why a unicast traffic can be received by sniffer. Please, can you know the different reason of this behavoir and how to avoid it ?

Thank you & Best regards.

Stephane.

7 REPLIES
Hall of Fame Super Gold

Re: Tcp and snmp communication

Hi, something is not correct with the switch, and you should examine carefully its configuration.

Community Member

Re: Tcp and snmp communication

I attached the switch configuration and log. Please, have a look on it and let me know what should be aligned.

Regards,

Stephane.

Hall of Fame Super Gold

Re: Tcp and snmp communication

Check:

%C4K_EBM-4-HOSTFLAPPING: Host 00:13:C3:9A:A8:00 in vlan 1 is f

lapping between port Gi1/32 and port Gi1/37

You probably have a topology loop that causes the switch to flood unknown MAC to all ports.

Hall of Fame Super Gold

Re: Tcp and snmp communication

I do not understand the low rating give to my post above.

The switch is telling you clearly that you have at least one flapping MAC, so you should investigate that.

Please refrain to use the rating system if you can't make a good use of it.

Community Member

Re: Tcp and snmp communication

I put the low rate because, event when the switch forward the traffic to mac address HSRP the snffer is receiving it. I can not confirm that is coming the loop.You mention what is the root cause. We are still verifying.

Thank you for your comprehension.

Stephane.

Hall of Fame Super Gold

Re: Tcp and snmp communication

You did not mentioned HSRP in first place, in fact that is the most likely cause of unicast flooding. See cases 4 and 8 in the following document:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094afd.shtml

So, it's appropriate to bring all the facts and wait for the discussion to complete before giving ratings.

Community Member

Re: Tcp and snmp communication

Hello bevilacqua,

Other than HSRP, can we have another explanation of lack of the unicast flooding ? Do you want to see the wireshark output ?

Regards,

Stephane.

132
Views
7
Helpful
7
Replies
CreatePlease to create content