Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
636
Views
8
Helpful
6
Replies

Is this a normal behaviour?

raymccooney
Level 1
Level 1

‎12-21-2012 06:20 AM - edited ‎03-07-2019 10:44 AM

Hello,

This may sound like a beginner question, but I'm getting lost:

In my LAN environment, I'm using two cisco SG300-10 switches. Both switches are connected by GE10 on both switches, where both ports are set to trunk.

Now on all ports 1-9 on both switches, I'm having client computers attached. So I set ports 1-9 to "access" mode.

All interfaces on any switch is left in default vlan.

Is it normal that I see all traffic from all connected devices on any port where I connect a listening device?

What I'd like to achieve is, that only traffic that is meant for a specific workstation is actually forwarded to this workstation. By now it seems that I get all the traffic from everybody.

What am I missing?

I tried to put all workstations in a seperate vlan, but this seems to be the same problem.

Thanks for any help.

Labels:
0 Helpful
6 Replies 6

acampbell
VIP Alumni
VIP Alumni

‎12-21-2012 06:25 AM

Hi,

You should only see the traffic for the device on that port

BUT you will see all broadcast traffic for your VLAN.

IE dest MAC FFFF.FFFF.FFFF

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

raymccooney
Level 1
Level 1
In response to acampbell

‎12-21-2012 06:29 AM

Hi acampbell,

Thanks for your useful answer. This was also my first thought. But the interesting thing is, that the traffic I get, is not broadcast at all.

Am I missing something else?

Thank you very much.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to raymccooney

‎12-21-2012 06:55 AM

Hi,

if the listening device has put its NIC into Promiscuous mode then you will see all multicast traffic, all broadcast traffic in the same vlan and all unknown unicast traffic in the same vlan as well as traffic destined to this host..

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

raymccooney
Level 1
Level 1
In response to cadet alain

‎12-21-2012 07:07 AM

Maybe this was a long day, but I still don't understand why I can read the traffic.

Consider the following situation:

Let's isolate the problem to one cisco SG-300.

Now I have three workstations attachted to the switch, which all are in the same (default) vlan. All workstations are set to static ips.

Now when workstation1 does an http request on workstation2 (webserver), and i have a workstation3 where its NIC is in promiscious mode, I think I should not be able to see the traffic? Turning on wireshark tells me all the packets from workstation1 to workstation2 and vice versa. Even non broadcast or non multicast messages.

EDIT:

Or even simpler, lets say I did an smb share on workstation1 and copied a huge file from workstation2 to workstation 1, then I would see all the traffic in workstation3 (NIC promisc). This should not happen? Port mirroring is off.

0 Helpful

raymccooney
Level 1
Level 1
In response to raymccooney

‎12-22-2012 12:59 PM

Problem solved. The reason was an error in the firmware, which was fixed a year ago (I still had this firmware running). Upgraded, factory reset and everything is working as expected :-)

Thanks again for all the responses.

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to raymccooney

‎12-22-2012 01:02 PM

Hi,

happy you solved your problem.

It was indeed a big firmware error because your switch was just behaving like a hub.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card