Ethernet traffic on wrong port

tmadden · ‎02-01-2011

Can anyone point me in the right direction? I'm Wiresharking from a 6509 port configured as this:

swC-1Z2#sh run int fa3/14
Load for five secs: 2%/0%; one minute: 3%; five minutes: 2%
Time source is NTP, 16:33:55.542 MDT Tue Feb 1 2011

Building configuration...

Current configuration : 120 bytes
!
interface FastEthernet3/14
switchport
switchport access vlan 2
switchport mode access
spanning-tree portfast
end

The problem is that I'm seeing unicast packets that are sourced and destined to MAC and IP addresses that don't belong to the PC, and in some cases are on different VLANs all together. I've checked the MAC address table and don't see any problems in this case......

swC-1Z2#sh mac address-table address 0021.9b3c.0377

Time source is NTP, 17:13:27.813 MDT Tue Feb 1 2011

Codes: * - primary entry

vlan mac address type learn qos ports

------+----------------+--------+-----+---+--------------------------

Supervisor:

* 2 0021.9b3c.0377 dynamic Yes -- Fa3/14

swC-1Z2#sh mac address-table int fa3/14
Load for five secs: 1%/0%; one minute: 3%; five minutes: 3%
Time source is NTP, 17:14:03.429 MDT Tue Feb 1 2011
Codes: * - primary entry

vlan mac address type learn qos ports
------+----------------+--------+-----+---+--------------------------
* 2 0021.9b3c.0377 dynamic Yes -- Fa3/14

But, I've got other MACs that are duplicating between VLANs. For instance, one of my UPS's MAC is getting replicated in various VLANs...

swC-1Z1#sh mac address-table address 00c0.b771.0287
Load for five secs: 1%/0%; one minute: 2%; five minutes: 2%
Time source is NTP, 13:37:17.554 MDT Tue Feb 1 2011
Codes: * - primary entry

vlan   mac address     type    learn qos            ports
------+----------------+--------+-----+---+--------------------------
Supervisor:
* 240 00c0.b771.0287   dynamic Yes   -- Po3
*     2 00c0.b771.0287   dynamic Yes   -- Po1

swC-1Z1#sh mac address-table address 00c0.b771.0287
Load for five secs: 3%/1%; one minute: 2%; five minutes: 2%
Time source is NTP, 14:25:19.051 MDT Tue Feb 1 2011
Codes: * - primary entry

vlan mac address type learn qos ports
------+----------------+--------+-----+---+--------------------------
Supervisor:
* 2 00c0.b771.0287 dynamic Yes -- Po1

swC-1Z1#sh mac address-table address 00c0.b771.0287
Load for five secs: 3%/1%; one minute: 3%; five minutes: 2%
Time source is NTP, 14:26:17.035 MDT Tue Feb 1 2011
Codes: * - primary entry

vlan   mac address     type    learn qos            ports
------+----------------+--------+-----+---+--------------------------
Supervisor:
* 200 00c0.b771.0287   dynamic Yes   -- Po3
*     2 00c0.b771.0287   dynamic Yes   -- Po1

VLANs 200 and 240 are both wireless VLANs, and I'm highly suspicious of the wireless configs and/or gear.

On the LAN there are 2 6509's port channeled to each other, 3 WLC 4402's, 7 3750 stacks with etherchannels to the 6509s or each other, and 50-ish 3550's and 3650's.

I've cleared the arp and mac-address tables on the 6509s and one of the 3750 stacks several times, and I'm having great network connectivity problems throughout the LAN.

Can incorrect multicast config do this? I'm at my wits end.

Thanks.

Tim

Nagaraja Thanthry · ‎02-01-2011

Hello,

The symptoms indicate that there is a physical loop somewhere in the network. You might want to see if there are any servers with dual NIC cards connected between these VLANs as sometimes, if configured incorrectly, these servers might bridge between the VLANs. Also, you might need to check if somewhere the ports between the switches are connected incorrectly i.e. an access port in one VLAN is connected to another access port on a different VLAN.

Hope this helps.

Regards,

NT