02-01-2005 08:36 PM - edited 03-02-2019 09:25 PM
Hi :
Situation:
My switch all interface receive fa0/4 traffic.
Fa0/4 port interconnected my netflow host,it's only receive udp traffic from routers send netflow traffic.
I have checked switch mac-address-table,but i don't found netflow server mac address at the switch mac-address-table.
I am thinking the switch don't find the host mac,
so send traffic to ervery port.
But , i can ping the host success.
When i ping the host ,the switch can create MAC table,i think the question, because i send arp request , the netflow host send arp reply,so the switch created arp table.
When the netflow host initiative send traffic out to switch ,the switch create mac table also.
IDC-SW16-BJ2(old)#sh int fa0/4
FastEthernet0/4 is up, line protocol is up
Hardware is Fast Ethernet, address is 0006.d750.a044 (bia 0006.d750.a044)
Description: Netflow
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 20/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex (Full), Auto Speed (100), 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters 02:04:34
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 8124000 bits/sec, 686 packets/sec
255 packets input, 32941 bytes
Received 3 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast
0 input packets with dribble condition detected
6007382 packets output, 471327784 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
IDC-SW16-BJ2(old)#sh mac- int fa0/4
Solved! Go to Solution.
02-02-2005 09:54 PM
I guess as netflow traffic is on UDP/port ,so there is no acknowledgement (UDP is connectionless protocol) or any other kind of traffic from Netflow host .So that's causing no MAC address corresponding to Netflow Host.
So it is UDP/port thats causing no entry for MAC address ( and broadcast ) in the switch.If it is like that then I also learnt a great thing!!!!
If you don't want to create static entry then you can modify CAM aging timeout equal or greater then arp timeout on PIX.But again only if the end users are not getting connected on the switch.
Thanks.
02-01-2005 10:01 PM
I like to make some comment on your line "I am thinking the switch don't find the host mac,
so send traffic to ervery port. " See it will not send UDP traffic to each and every port of the switch.
Now if MAC address entry is not there at router it will do ARP so entry will be created in the switch.
But if router has the MAC address and switch doesn't have the MAC address entry then only first frame will be sent to all ports, not all the traffic.
Netflow Host is always at receving end. Normally it will not transmit. So there is no MAC address entry. But if you ping then MAC address entry is getting created and over the period MAC address is aging out from the MAC table.
Same you can see from sh interface fa0/4 output also
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 8124000 bits/sec, 686 packets/sec
Input rate on switch is 0 bits/sec.So host is always receiving traffic.
But if MAC address entry is not there in switch then it will broadacst that is default behaviour of switch.
One solution to reduce the broadcast is to config static MAC address in swtich so that that MAC address entry will never age out.
02-02-2005 07:55 AM
Hi :
thanks for your reply!
You say :
"But if router has the MAC address and switch doesn't have the MAC address entry then only first frame will be sent to all ports, not all the traffic. "
My pix is gateway , I find the netflow host arp table has been create at the PIX arp table when the switch mac entry aging out .
My situation is the switch send netflow udp traffic to every port , at the same time the pix arp table has been created a entry for the netflow host MAC address ( PIX ARP dont disappear). The switch MAC address table dont created MAC entry when the switch MAC address table aging time out .
I had used SNIFFER capture traffic . it can capture all netflow traffic at all time , then not only first frame, except use define static mac address table or ping the host once.
So , it look as if PIX has the MAC address and switch doesn't have the MAC address entry then not only first frame will be sent to all port .
I ponder over a problem in an effort to understand it.
Thanks for your support !
02-02-2005 07:39 PM
OK , I Know the first frame send to NETFLOW host ,the netflow host has not sent any frame to switch reply for the frame,however the switch don't create MAC address table and the switch will broadcast all traffic to any switch port.
02-02-2005 09:54 PM
I guess as netflow traffic is on UDP/port ,so there is no acknowledgement (UDP is connectionless protocol) or any other kind of traffic from Netflow host .So that's causing no MAC address corresponding to Netflow Host.
So it is UDP/port thats causing no entry for MAC address ( and broadcast ) in the switch.If it is like that then I also learnt a great thing!!!!
If you don't want to create static entry then you can modify CAM aging timeout equal or greater then arp timeout on PIX.But again only if the end users are not getting connected on the switch.
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide