cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4149
Views
0
Helpful
15
Replies
nibauramos
Beginner

unicast on all switch ports

Hello,

I'm using a CISCO 2960 in my network... I have somewhere in the network (not connected to this switch) one VMWARE that as a mail server with ip address a.b.c.d and make address in the virtual network interface of 00:0c:29:26:99:5d.

The thing is...I notice that all ports were blinking too much considering none of the hosts connected to it are in use...there should be very little traffic, I connected my laptop to port 14 in this switch and launch a packet sniffer... I receive packets that are addressed to the mail server running on the vmware, even though my mail server is not connected to this switch, nor is this switch in the path between the source and the origin of the packet I captured. I don't receive just one packet, I receive tons, enough to make a follow tcp strem in my wireshark and see the entire SMTP conversation.

I think this would be an expected behavior if for some reason the switch didn't know behind what port lies the mac 00:0c:29:26:99:5d (or if the mac was a broadcast, which it is not) so I connected to the switch and issued the following command:

#show mac address-table  | include 000c.2926.995d              

   1    000c.2926.995d    DYNAMIC     Po1

I see that my switch has only one entry for this mac, and it is a port-channel, it's correct, this port-channel connects this switch to the rest of the network.

The port where I'm testing and capturing packets (port 14) doesn't belong to the port-channel:

#show running-config interface gi 0/14

interface GigabitEthernet0/14                                                  

switchport trunk encapsulation dot1q                                          

switchport trunk native vlan 900                                              

switchport mode trunk                                                         

no cdp enable                                                                 

end 

The configuration of the portchannel is perfectly simple:

#show running-config interface po1

interface Port-channel1                                                        

switchport trunk encapsulation dot1q                                          

switchport mode trunk                                                         

end

lets see how manny interfaces are configured in this port-channel:

#show running-config | include channel                         

interface Port-channel1                                                        

channel-group 1 mode on                                                       

channel-group 1 mode on  

Only two interfaces....

The first one:

#show running-config interface gigabitEthernet 0/24            

Building configuration...                                                      

Current configuration : 155 bytes                                              

!                                                                              

interface GigabitEthernet0/24                                                  

switchport trunk encapsulation dot1q                                          

switchport mode trunk                                                         

channel-group 1 mode on                                                       

end                                                                            

..and the second one:

#show running-config interface gigabitEthernet 0/23            

Building configuration...                                                      

Current configuration : 155 bytes                                              

!                                                                              

interface GigabitEthernet0/23                                                  

switchport trunk encapsulation dot1q                                          

switchport mode trunk                                                         

channel-group 1 mode on                                                       

end     

So... any idea what could cause this behavior? the switch knows where the mac is so why is he forwarding the packets to all ports?

Thank you for your help

15 REPLIES 15

Yes, I'll do that has soon as possible, In the meanwhile I remmebered that I can do something, I'm going to add static mac address entries just for the mail server that is generating all this problem, it isn't perfect but it will improve every thing.

thank you all for the help