09-04-2006 05:59 AM - edited 03-03-2019 04:48 AM
Hello
I recently carried out some sniffing on a 3550 and noticed a lot of traffic that I should not have seen on that port. Having had a look around on cco this appears to be a known issue (unicast flooding)
I am a little confused as to exactly what causes this, can anyone explain?
I understand that the mac address table aging timer on the switch can be adjusted and that the arp timeout on a router can also be adjusted. Does anyone know what the best setting for both these timers is? I think the defaults are 14400 seconds for router arp table and 300 seconds for a switches mac table.
Many thanks
09-04-2006 06:17 AM
Hi,
Unicast Flooding is a classical behavior mostly seen in the switches to due instability in spanning tree.
Whenever a TCN BPDU is received by a layer 2 switch, it will reduce its mac-aging timer from the standard/configured value to Fast Aging timer, which is 20 seconds.
Till the STP convergence the mac aging timer of the switch will be 20 seconds only.
Hence whenever a TCN BPDU is seen by a switch, MAC relearning process will start. This is the behavior of Spanning tree protocol. During this time, as all known mac address in the switch are flushed and mac relearning process is running, when the switch receives an ethernet packet, if it doesn't know where the mac-address is located, it will flood the packets to all ports.
You can have a look at the following URL to know more on this and other reasons for unicast flooding.
-VJ
09-04-2006 06:37 AM
Hi,
unicast flooding might also arise from HSRP besides SPT issues. Have a look at "Unicast Flooding in Switched Campus Networks" at
http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml
So changing of timers is not the initial approach. First have a look at the document and conclude network modifications suggested there. If this does not fix the problem then
post your findings.
Hope this helps! Please rate all posts.
Regards, Martin
09-04-2006 07:31 AM
Sorry, I just now realized that VJ already had posted the same link. Cudos to him.
Regards, Martin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide