02-26-2003 06:31 PM - edited 03-02-2019 05:25 AM
We have a switch which I think has it's mac address table been flooded. I ran two different sniffer software which showed TCP traffic for different hosts/ports on the switch which I am not suppose to see since I had no span enabled on the switch. Is this something could happen with a Cisco 2948 switch ? and if so how can I stop it from happeneing and/or clear it out ?
Thanks
Shareef
02-26-2003 10:27 PM
Don't forget the CAM or mac address table on the switch is really short term memory. So the first thing a switch does is once it recieves a frame is check its memory to see if it knows where the destination is.
If it doesn't it floods all the ports with a broadcast looking for it.
If your network has a lot of PC's or more Mac addresses than it does memory to handle them, that could happen.
You didn't mention vlans or spanning tree in the mix, but everytime spannintree reconverges the CAM rebuilds itself, part of that process is broadcasting.
You may want to track if spanning tree is stable, and possably set up portfast on all your PC ports.
Hope that helps you.
02-27-2003 08:12 AM
Thank you so much for your reply. Here is the utput for sh vlan :
Console> en
Enter password:
Console> (enable) sh vlan
VLAN Name Status IfIndex Mod/Ports, Vlans
---- -------------------------------- --------- ------- ------------------------
1 default active 4 2/1-48
3/1-34
1002 fddi-default active 5
1003 token-ring-default active 8
1004 fddinet-default active 6
1005 trnet-default active 7
VLAN Type SAID MTU Parent RingNo BrdgNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ ------ ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - - - 0 0
1005 trbrf 101005 1500 - - - ibm - 0 0
VLAN DynCreated RSPAN
---- ---------- --------
1 static disabled
1002 static disabled
1003 static disabled
1004 static disabled
1005 static disabled
VLAN AREHops STEHops Backup CRF 1q VLAN
---- ------- ------- ---------- -------
1003 7 7 off
Console> (enable)
No configs for any vlans should be on the switch. The switch is used only as a hub (falt network).
Also all ports are in forwarding mode and portfast is not enabled , here is the output of sh spantree :
Port Vlan Port-State Cost Prio Portfast Channel_id
------------------------ ---- ------------- --------- ---- -------- ----------
2/1 1 forwarding 19 32 disabled 0
2/2 1 forwarding 19 32 disabled 0
2/3 1 forwarding 19 32 disabled 0
2/4 1 forwarding 19 32 disabled 0
2/5 1 forwarding 19 32 disabled 0
2/6 1 forwarding 19 32 disabled 0
2/7 1 forwarding 19 32 disabled 0
2/8 1 forwarding 19 32 disabled 0
2/9 1 forwarding 19 32 disabled 0
2/10 1 forwarding 19 32 disabled 0
2/11 1 forwarding 19 32 disabled 0
2/12 1 not-connected 100 32 disabled 0
2/13 1 forwarding 19 32 disabled 0
2/14 1 forwarding 19 32 disabled 0
2/15 1 forwarding 19 32 disabled 0
2/16 1 forwarding 19 32 disabled 0
2/17 1 forwarding 19 32 disabled 0
2/18 1 forwarding 19 32 disabled 0
2/19 1 forwarding 19 32 disabled 0
2/20 1 forwarding 19 32 disabled 0
2/21 1 forwarding 19 32 disabled 0
2/22 1 forwarding 19 32 disabled 0
2/23 1 forwarding 19 32 disabled 0
2/24 1 not-connected 100 32 disabled 0
2/25 1 forwarding 19 32 disabled 0
2/26 1 forwarding 19 32 disabled 0
2/27 1 forwarding 19 32 disabled 0
2/28 1 forwarding 19 32 disabled 0
2/29 1 forwarding 100 32 disabled 0
2/30 1 forwarding 19 32 disabled 0
2/31 1 forwarding 19 32 disabled 0
2/32 1 forwarding 19 32 disabled 0
2/33 1 forwarding 19 32 disabled 0
2/34 1 forwarding 19 32 disabled 0
2/35 1 forwarding 19 32 disabled 0
2/36 1 forwarding 19 32 disabled 0
2/37 1 forwarding 19 32 disabled 0
2/38 1 forwarding 19 32 disabled 0
2/39 1 forwarding 19 32 disabled 0
2/40 1 forwarding 100 32 disabled 0
2/41 1 forwarding 100 32 disabled 0
2/42 1 forwarding 100 32 disabled 0
2/43 1 forwarding 19 32 disabled 0
2/44 1 forwarding 19 32 disabled 0
2/45 1 forwarding 100 32 disabled 0
2/46 1 forwarding 100 32 disabled 0
2/47 1 forwarding 19 32 disabled 0
2/48 1 forwarding 19 32 disabled 0
3/1 1 forwarding 19 32 disabled 0
3/2 1 forwarding 19 32 disabled 0
3/3 1 forwarding 19 32 disabled 0
3/4 1 forwarding 19 32 disabled 0
3/5 1 forwarding 19 32 disabled 0
3/6 1 forwarding 19 32 disabled 0
3/7 1 forwarding 19 32 disabled 0
3/8 1 forwarding 19 32 disabled 0
3/9 1 forwarding 19 32 disabled 0
3/10 1 forwarding 19 32 disabled 0
3/11 1 forwarding 19 32 disabled 0
3/12 1 forwarding 19 32 disabled 0
3/13 1 forwarding 19 32 disabled 0
3/14 1 forwarding 19 32 disabled 0
3/15 1 forwarding 19 32 disabled 0
3/16 1 not-connected 100 32 disabled 0
3/17 1 forwarding 19 32 disabled 0
3/18 1 forwarding 19 32 disabled 0
3/19 1 not-connected 100 32 disabled 0
3/20 1 forwarding 19 32 disabled 0
3/21 1 forwarding 19 32 disabled 0
3/22 1 forwarding 19 32 disabled 0
3/23 1 not-connected 100 32 disabled 0
3/24 1 forwarding 19 32 disabled 0
3/25 1 forwarding 19 32 disabled 0
3/26 1 forwarding 19 32 disabled 0
3/27 1 not-connected 100 32 disabled 0
3/28 1 forwarding 19 32 disabled 0
3/29 1 forwarding 19 32 disabled 0
3/30 1 forwarding 19 32 disabled 0
3/31 1 forwarding 19 32 disabled 0
3/32 1 forwarding 19 32 disabled 0
3/33 1 not-connected 4 32 disabled 0
3/34 1 not-connected 4 32 disabled 0
Console> (enable)
Thanks
02-27-2003 12:42 PM
Could be a case of unicast flooding due to asymmetric routing. See: http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00800a875c.shtml
Hope it helps.
Steve
03-05-2003 08:39 AM
Every time that a switch detect a topology change notification, it clears the cam table. So usually in a huge vlan this kind of problem should occur.
Please let see you cam agingtime and probably you will see the interested vlan with a 15 sec. value.
We resolved switching on the portfast feature.
Marco Vettor
-marcat-
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide