Solved: Re: about SWITCH MAC address table problem,pls explain,thanks!

ccie11851 · ‎02-01-2005

Hi :

Situation:

My switch all interface receive fa0/4 traffic.

Fa0/4 port interconnected my netflow host,it's only receive udp traffic from routers send netflow traffic.

I have checked switch mac-address-table,but i don't found netflow server mac address at the switch mac-address-table.

I am thinking the switch don't find the host mac,

so send traffic to ervery port.

But , i can ping the host success.

When i ping the host ,the switch can create MAC table,i think the question, because i send arp request , the netflow host send arp reply,so the switch created arp table.

When the netflow host initiative send traffic out to switch ,the switch create mac table also.

IDC-SW16-BJ2(old)#sh int fa0/4

FastEthernet0/4 is up, line protocol is up

Hardware is Fast Ethernet, address is 0006.d750.a044 (bia 0006.d750.a044)

Description: Netflow

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 20/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive not set

Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output 00:00:00, output hang never

Last clearing of "show interface" counters 02:04:34

Queueing strategy: fifo

Output queue 0/40, 0 drops; input queue 0/75, 0 drops

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 8124000 bits/sec, 686 packets/sec

255 packets input, 32941 bytes

Received 3 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog, 0 multicast

0 input packets with dribble condition detected

6007382 packets output, 471327784 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

IDC-SW16-BJ2(old)#sh mac- int fa0/4

sachin · ‎02-02-2005

I guess as netflow traffic is on UDP/port ,so there is no acknowledgement (UDP is connectionless protocol) or any other kind of traffic from Netflow host .So that's causing no MAC address corresponding to Netflow Host.

So it is UDP/port thats causing no entry for MAC address ( and broadcast ) in the switch.If it is like that then I also learnt a great thing!!!!

If you don't want to create static entry then you can modify CAM aging timeout equal or greater then arp timeout on PIX.But again only if the end users are not getting connected on the switch.

Thanks.

View solution in original post

sachin · ‎02-01-2005

I like to make some comment on your line "I am thinking the switch don't find the host mac,

so send traffic to ervery port. " See it will not send UDP traffic to each and every port of the switch.

Now if MAC address entry is not there at router it will do ARP so entry will be created in the switch.

But if router has the MAC address and switch doesn't have the MAC address entry then only first frame will be sent to all ports, not all the traffic.

Netflow Host is always at receving end. Normally it will not transmit. So there is no MAC address entry. But if you ping then MAC address entry is getting created and over the period MAC address is aging out from the MAC table.

Same you can see from sh interface fa0/4 output also

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 8124000 bits/sec, 686 packets/sec

Input rate on switch is 0 bits/sec.So host is always receiving traffic.

But if MAC address entry is not there in switch then it will broadacst that is default behaviour of switch.

One solution to reduce the broadcast is to config static MAC address in swtich so that that MAC address entry will never age out.

ccie11851 · ‎02-02-2005

Hi :

thanks for your reply！

You say :

"But if router has the MAC address and switch doesn't have the MAC address entry then only first frame will be sent to all ports, not all the traffic. "

My pix is gateway , I find the netflow host arp table has been create at the PIX arp table when the switch mac entry aging out .

My situation is the switch send netflow udp traffic to every port , at the same time the pix arp table has been created a entry for the netflow host MAC address ( PIX ARP don’t disappear). The switch MAC address table don’t created MAC entry when the switch MAC address table aging time out .

I had used SNIFFER capture traffic . it can capture all netflow traffic at all time , then not only first frame, except use define static mac address table or ping the host once.

So , it look as if PIX has the MAC address and switch doesn't have the MAC address entry then not only first frame will be sent to all port .

I ponder over a problem in an effort to understand it.

Thanks for your support ! 

ccie11851 · ‎02-02-2005

OK , I Know the first frame send to NETFLOW host ,the netflow host has not sent any frame to switch reply for the frame,however the switch don't create MAC address table and the switch will broadcast all traffic to any switch port.

sachin · ‎02-02-2005

I guess as netflow traffic is on UDP/port ,so there is no acknowledgement (UDP is connectionless protocol) or any other kind of traffic from Netflow host .So that's causing no MAC address corresponding to Netflow Host.

So it is UDP/port thats causing no entry for MAC address ( and broadcast ) in the switch.If it is like that then I also learnt a great thing!!!!

If you don't want to create static entry then you can modify CAM aging timeout equal or greater then arp timeout on PIX.But again only if the end users are not getting connected on the switch.

Thanks.