unicast on all switch ports - Page 2

nibauramos · ‎09-01-2011

Hello,

I'm using a CISCO 2960 in my network... I have somewhere in the network (not connected to this switch) one VMWARE that as a mail server with ip address a.b.c.d and make address in the virtual network interface of 00:0c:29:26:99:5d.

The thing is...I notice that all ports were blinking too much considering none of the hosts connected to it are in use...there should be very little traffic, I connected my laptop to port 14 in this switch and launch a packet sniffer... I receive packets that are addressed to the mail server running on the vmware, even though my mail server is not connected to this switch, nor is this switch in the path between the source and the origin of the packet I captured. I don't receive just one packet, I receive tons, enough to make a follow tcp strem in my wireshark and see the entire SMTP conversation.

I think this would be an expected behavior if for some reason the switch didn't know behind what port lies the mac 00:0c:29:26:99:5d (or if the mac was a broadcast, which it is not) so I connected to the switch and issued the following command:

#show mac address-table | include 000c.2926.995d

1 000c.2926.995d DYNAMIC Po1

I see that my switch has only one entry for this mac, and it is a port-channel, it's correct, this port-channel connects this switch to the rest of the network.

The port where I'm testing and capturing packets (port 14) doesn't belong to the port-channel:

#show running-config interface gi 0/14

interface GigabitEthernet0/14

switchport trunk encapsulation dot1q

switchport trunk native vlan 900

switchport mode trunk

no cdp enable

end

The configuration of the portchannel is perfectly simple:

#show running-config interface po1

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

end

lets see how manny interfaces are configured in this port-channel:

#show running-config | include channel

interface Port-channel1

channel-group 1 mode on

Only two interfaces....

The first one:

#show running-config interface gigabitEthernet 0/24

Building configuration...

Current configuration : 155 bytes

!

interface GigabitEthernet0/24

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

end

..and the second one:

#show running-config interface gigabitEthernet 0/23

Building configuration...

Current configuration : 155 bytes

!

interface GigabitEthernet0/23

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode on

end

So... any idea what could cause this behavior? the switch knows where the mac is so why is he forwarding the packets to all ports?

Thank you for your help

nibauramos · ‎09-05-2011

Yes, I'll do that has soon as possible, In the meanwhile I remmebered that I can do something, I'm going to add static mac address entries just for the mail server that is generating all this problem, it isn't perfect but it will improve every thing.

thank you all for the help