Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2509
Views
0
Helpful
0
Replies

SSDP packets causing network confusion....

jimmysands73_2
Level 5
Level 5

‎02-20-2013 12:19 PM - edited ‎03-07-2019 11:50 AM

Let me ask this....I work at a local school district.  A site (school) has a pesky problem of slowlessness.  Ping times (even on local lan segment are 1000+ ms)

I applied standard troubleshooting, eventually starting wireshark....now in 5 secs, one MAC (a Dell) out of 4440 packets, this one Dell is responsible for 4390 SSDP packets.   The problem comes and goes, one day its there, one day its not.  What is also odd, is that I might be looking at wireshark, bell rings, and the high traffic stops.   The other odd thing is I have been out there 4x, each and every time the bell rings, it stops for about 10 mins then starts up again.  I had to kick this upstairs, but am curious nonetheless. 

Here you can the MAC just jumping around the site, disable a port, its sourced somehwere else, dis that one, its off a diff one now.  Output is from extreme.

* 0242-RTR-01:1 # sh fdb 00:13:72:a2:a6:97
Index              Mac              Vlan       Age    Use  Flags  Port List
--------------------------------------------------------------------------
571f0-068 00:13:72:A2:A6:97     vlan26(0026)  0000000 0001  d mi     26(26-C1440)

Flags: (B) Egress Blackhole, (b) Ingress Blackhole, (d) Dynamic, (s) Static
       (p) Permanent, (m) MAC, (S) secure MAC, (l) lockdown MAC
       (L) lockdown MAC with timeout, (M) Mirror, IP, (x) IPX
       (z) translation MAC, (Q) Questionable, (R) Remapped

Total: 1022 Static: 244 Perm: 0 Locked: 0 Secure: 0 Dynamic: 778 Dropped: 0
Questionable: 0 Remapped: 1 Locked with timeout: 0
FDB Aging time: 300 seconds

* 0242-RTR-01:2 # dis port 26
* 0242-RTR-01:3 # clear fdb
* 0242-RTR-01:4 # sh fdb 00:13:72:a2:a6:97
Index              Mac              Vlan       Age    Use  Flags  Port List
--------------------------------------------------------------------------
571f0-0e8 00:13:72:A2:A6:97     vlan26(0026)  0000000 0001  d mi     30(30 C-1455)

Flags: (B) Egress Blackhole, (b) Ingress Blackhole, (d) Dynamic, (s) Static
       (p) Permanent, (m) MAC, (S) secure MAC, (l) lockdown MAC
       (L) lockdown MAC with timeout, (M) Mirror, IP, (x) IPX
       (z) translation MAC, (Q) Questionable, (R) Remapped

Total: 410 Static: 244 Perm: 0 Locked: 0 Secure: 0 Dynamic: 166 Dropped: 0
Questionable: 0 Remapped: 1 Locked with timeout: 0
FDB Aging time: 300 seconds

* 0242-RTR-01:5 # dis po 30
* 0242-RTR-01:6 # sh fdb 00:13:72:a2:a6:97
Index              Mac              Vlan       Age    Use  Flags  Port List
--------------------------------------------------------------------------
571f0-118 00:13:72:A2:A6:97     vlan26(0026)  0000000 0000  d m      12(12 IDF633-04)

Flags: (B) Egress Blackhole, (b) Ingress Blackhole, (d) Dynamic, (s) Static
       (p) Permanent, (m) MAC, (S) secure MAC, (l) lockdown MAC
       (L) lockdown MAC with timeout, (M) Mirror, IP, (x) IPX
       (z) translation MAC, (Q) Questionable, (R) Remapped

Total: 648 Static: 244 Perm: 0 Locked: 0 Secure: 0 Dynamic: 404 Dropped: 0
Questionable: 0 Remapped: 1 Locked with timeout: 0
FDB Aging time: 300 seconds

Also posted output of one packet (might provide some clues).

OnePacketCaputre.JPG

Would this be a broadcast storm?  And when the bell rings for classes to change, it stop, could this be caused by a USB drive a kid is inserting into a PC?

Thank you

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card