From: Michael Martinek (mikemart@xxxxxxxxx)
Date: Fri Jun 08 2001 - 01:34:59 GMT-3
Troy,
I have one idea as to why you could see unicast packets from
another device in the same VLAN. If the 6509 does not have a cam
entry for a given mac address it will flood it to all ports in that VLAN.
Certain designs can be prone to unicast flooding which can occur when the layer
2 paths for a given mac address are asymmetric. I have seen other subtle
issues that
can cause continuous flooding. The point is that unicast flooding is a
normal bridge
process.
As to the broadcast seen in the wrong VLAN, that I would say should never
happen with a good VLAN configuration. I would connect your sniffer to a port
in the VLAN seeing the mis-directed broadcasts (not spanned) and see if you
still
pickup the broadcasts frames. This would take span out of equation.
Hope that helps.
Mike
At 09:01 PM 6/7/2001 -0700, Troy Edington wrote:
>Hello group,
>
>I am having a problem with a catalyst 6509. Specifically the problem is
>that traffic seems to be leaking between two logically separated VLAN's. I
>run my Sniffer on a span port with one source port in VLAN 10 pointing to
>it(A Solaris box). I am spanning transmitting traffic only, just to verify
>that it is the switch transmitting and not feedback from the one machine.
>Here is specifically what I see.
>
>Vlans involved
>VLAN 10 10.80.10.0/24
>VLAN 30 10.80.30.0/24
>
>This machine has an IP of 10.80.10.20 (VLAN 10)
>
>I configured the Sniffer to ignore all packets with this IP in it. What I
>see was kind of amazing
>
>Immediately I see lots of traffic from other VLAN 10 machines going to this
>port. This is not broadcast or multicast traffic but unicast traffic For
>example 10.80.10.30 to 10.80.10.40, etc etc shows up in the Sniffer (Both DS
>Pro and Snoop on Solaris)
>
>If that wasn't bad enough I see an occasional packet from a totally separate
>VLAN 30 10.80.30.18 10.80.30.22 Now this is local traffic what the hell is
>it doing in VLAN 10
>
>I understand from Cisco and please someone correct me if I am wrong. When a
>packet hits the back plane it is by default sent to every port and it is up
>to the CPU to instruct all ports except the correct destination port to drop
>the traffic. There can be leakage if your back plane and/or CPU is heavily
>utilized. Well I am at 4% CPU utilization and throughput utilization is
>low. (I am only using 48 Fast Ethernet ports on the 6509)
>
>I am running the following
>ver 6.1a
>I am only running Layer 2 on the switch no MSFC routing (The hardware is
>installed but we are not using it)
>I have tried sniffing other ports with the same result
>no trunking is going on anywhere
>no port-channeling anywhere
>
>
>Everything runs fine and the network is up but I would like to know what is
>going on. Any ideas anyone ?? I searched for bugs and solutions on the CCO
>with not much luck.
>
>Thanks in advance for any suggestions
>
>Troy Edington, CCIE #7190
>Network Engineer
>**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:20 GMT-3