02-10-2012 12:36 PM - edited 03-07-2019 04:51 AM
Hello Friends,
First of all I'm sorry for my bad English.
I have a very strange situation with unicast flooding. Switches doesn't learn mac addresses of desktops without arp requsts. The network has a star topology: one core switch (4507) and access switches (2960) are conected to the core switch. The laptop with wireshark recieves traffic with dst mac addresses of another desktops which are connected to another access switches. I've checked spaning tree topology - no loops, mac address tables on all switches is not full.
I found that the switches forget mac addresses in 300 seconds (default mac aging time) and don't learn mac addresses again without arp requests.
we have 2 vlans: data and voice vlans.
all desktops and all management ip addresses of all switches are in the data vlan
The test desktop (x.y.z.36) was connected to the SWITCH_C.
The desktop with wireshark was connected to the SWITCH_B
I pinged a test desktop and checked arp entries and mac entries on SWITCH_A, CORE and SWITCH_C switches
1. Everythins is OK, the switch knows the mac address of the x.y.z.36 desktop
SWITCH_A#show clock
12:00:25.172 UTC Fri Feb 10 2012
SWITCH_A#show mac address-table | i a.b.60d4
10 a.b.60d4 DYNAMIC Gi0/1
2. I tried to ping the x.y.z.36 desktop. Ping was success.
SWITCH_A#ping x.y.z.36
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.y.z.36, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/210/1040 ms
3. I checked an arp table and a mac table. Everything is OK
SWITCH_A#show arp | i x.y.z.36
Internet x.y.z.36 0 a.b.60d4 ARPA Vlan10
SWITCH_A#showshow mac address-table | i a.b.60d4
10 a.b.60d4 DYNAMIC Gi0/1
4. I waited about 6 minutes and checked an arp table and a mac table. The switch didn't have anymore mac address of the
x.y.z.36 desktop and had arp entry for that desktop. SWITCH_C and CORE switches removed the mac address also. Everything is OK
SWITCH_A#show mac address-table | i a.b.60d4
SWITCH_A#show clock
12:06:51.232 UTC Fri Feb 10 2012
SWITCH_A#show mac address-table | i a.b.60d4
SWITCH_A#show arp | i x.y.z.36
Internet x.y.z.36 5 a.b.60d4 ARPA Vlan10
5. I tried to ping the x.y.z.36 desktop. Ping was success.
SWITCH_A#ping x.y.z.36
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.y.z.36, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/40/184 ms
6. I checked an arp table and a mac table. The switch had arp entry for the desktop, but the switch didn't learn the mac address. SWITCH_C and CORE switches didn't learn the mac address too.
SWITCH_A#show arp | i x.y.z.36
Internet x.y.z.36 5 a.b.60d4 ARPA Vlan10
SWITCH_A#show mac address-table | i a.b.60d4
SWITCH_A#
SWITCH_A#show mac address-table | i a.b.60d4
7. I tried to ping the x.y.z.36 desktop again . Ping was success but the switches didn't learn the mac address again
SWITCH_A#ping x.y.z.36
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.y.z.36, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/7/17 ms
SWITCH_A#show mac address-table | i a.b.60d4
8. I cleared arp cache on the switch
SWITCH_A#clear arp
9. And the switches learnt the mac address
SWITCH_A#show mac address-table | i a.b.60d4
10 a.b.60d4 DYNAMIC Gi0/1
SWITCH_A#show clock
12:09:53.391 UTC Fri Feb 10 2012
I saw ping requests during 5-7 steps on the desktop with wireshark.
Software versions:
Access switches: c2960-lanbase-mz.122-53.SE1
The core switch: cat4500-ipbasek9-mz.122-54.SG
Does anyone have any ideas what is going on in my network?
Thank you.
Best regards,
Ruslan