Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1285
Views
0
Helpful
4
Replies

unexpected packets on port

Go to solution
RolandMai3
Level 1
Level 1

‎04-18-2012 05:24 AM - edited ‎03-07-2019 06:11 AM

my szenario:

i have several cisco 6500 switches, and user switched connected to them.

in my example i have a global service vlan, where some access ports are directly connected on the 6500, and this vlan is also allowed on the trunks to the access switch.

now i am connected with ma laptop on a access switch, where my port is in the same vlan. when i do a show mac address-table on my access port, i can see my own mac-address, nothing else.

when i start wireshark to see the traffic, all i should see is traffic from or to my MAC, or broadcasts/multicasts.

But i can see other unicast traffic with different source/destination mac than mine.

What could be the reason for this issue?

It seem slike these packets get broadcasted over the whole VLAN, but its no broadcast MAC nor IP..

thanks in advance,

Roland

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
acampbell
VIP Alumni
VIP Alumni
In response to RolandMai3

‎04-18-2012 09:04 AM

Roland,

YES the unicast flooding happens with VRRP too.

The solution is the same as HSRP.

You need to adjust the mac table time out to equal the ARP cache of 4 hours

!

mac-address-table aging-time 14400

!

See link

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html#wp1108782

Regards

Alex

Regards, Alex. Please rate useful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
acampbell
VIP Alumni
VIP Alumni

‎04-18-2012 07:35 AM

Hi,

This is a problem caused on 6500s running HSRP.

You are seeing UNICAST flooding.

Look at these links.

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a00801d0808.shtml

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00807347ab.shtml#broadcast

Basically you need to set the the 6500 mac address timout to be the same as the ARP cache on the switches that are running L3-HSRP

!

mac-address-table aging-time 14400

!

This will then equal 4 Hours, same as the ARP cache.

Regards

Alex

Regards, Alex. Please rate useful posts.
0 Helpful

Go to solution
RolandMai3
Level 1
Level 1
In response to acampbell

‎04-18-2012 08:37 AM

thanks for the links, but they only helped me on another problem though

at least i will now set the unicast flood protection (action = syslog) to see exactly what is happening.

actually i dont use HSRP at all, does it also apply to VRRP?

and in special conditions i can create packets myself (for example normal PINGs) which gets flooded too

thanks

Roland

0 Helpful

Go to solution
acampbell
VIP Alumni
VIP Alumni
In response to RolandMai3

‎04-18-2012 09:04 AM

Roland,

YES the unicast flooding happens with VRRP too.

The solution is the same as HSRP.

You need to adjust the mac table time out to equal the ARP cache of 4 hours

!

mac-address-table aging-time 14400

!

See link

http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html#wp1108782

Regards

Alex

Regards, Alex. Please rate useful posts.
0 Helpful

Go to solution
RolandMai3
Level 1
Level 1
In response to acampbell

‎04-19-2012 12:17 AM

thank you, helped a lot.

things getting clear now ;-)

0 Helpful
Customers Also Viewed These Support Documents