Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
999
Views
5
Helpful
18
Replies

Strange sniffer traffic on 3550s

innoval
Level 1
Level 1

‎11-24-2004 01:37 AM - edited ‎03-02-2019 08:10 PM

Hi all,

our current setup is: 3550 aggregator provides Gbit connections to 4 3548s. We have 15 hubs plugged into switch 4 where all our end users connect to.

We have been having some issues where users complain about network slowness when our backups run during the day. The backups run from the tape server on switch 1 to a database server on switch 2. When I place a sniffer on a hub (which uplinks to switch 4) I can see all traffic going back and forth for the backups. I moved these hubs to switch 3 and I cannot see that traffic anymore.

Can you please throw some ideas as to why this has happened (always thought switched traffic was A->B) and if it is a config error or hardware error.

Many thanks,

I.

Labels:
0 Helpful
18 Replies 18

Kevin Dorrell
Level 10
Level 10
In response to innoval

‎11-24-2004 05:10 AM

No, but if they are not being refreshed by seeing some frames sourced from that address, then they will time out after 5 minutes. That is why I am wondering whether the destination address that 'd' uses to get to 'p' might not be the same as the source address that 'p' uses when it sends to 'd'.

But you say "I do not think 'dynamic' means it times out every x minutes". I don't think so either, but I had a strange conversation with Prashanth Krishnappa, the expert of 4000 series : I asked why we could not read the time remaining on each forwarding table entry, and he replied with words to the effect of "there are so many forwarding entries in the table that we couldn't possibly have an individual counter for each of them". I didn't understand at the time, and I stil don't really understand.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&type=bookmarks&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1dd67a0a/7#selected_message

Can't think of any other problems with statics, except that you will have to do it in every switch that might get a whiff of the traffic. That, and setting an interesting diagnostic problem for your successor if you ever move job and your successor wants to change the topology. ;-)

Kevin Dorrell

Luxembourg

0 Helpful

innoval
Level 1
Level 1
In response to innoval

‎11-24-2004 05:11 AM

and one thing I missed in the previous one. Is the problem sw or hardware related? Config is exactly identical so guessing it could be hw

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to innoval

‎11-24-2004 05:18 AM

It might just depend on whether someone else on that switch happens to be talking to that MAC address.

K

0 Helpful

jroyster
Level 1
Level 1
In response to Kevin Dorrell

‎11-24-2004 01:10 PM

Ahh, so we've got the the root of the problem. The switch doesn't have the MAC in its table and is flooding.

this could be indicative of spanning-tree problems or a port going up or down. (and the fact that you say its is sporadic - the MAC will be in the table and then not). Topology change notifications will cause a switch to set its MAC aging timer to 15 seconds I believe. You can sometimes see this problem with backups depending on the protocol used. One host just isn't sending any traffic and thefore is aged out of the forwarding table (15 seconds), anything destined to it is then flooded.

check this document out.

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094797.shtml

anytime a port changes state from forwarding--->blocking (like a link going down) a TCN is generated and flooded to all switches, making them reduce their MAC aging timer to 15.

check your spanning-tree statistics for last TCN received on the interswitch links.

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card