From: Troy Edington (TEdington@xxxxxxxxxxxxx)
Date: Fri Jun 08 2001 - 02:12:34 GMT-3
Hey Group,
Thanks for your quick answers. Looks like Michael has half the problem.
Looks like there is a bug in version 6.1(1a) and the aging timeout for the
CAM(CSCds71110). The workaround is to set the agingtimeout to zero to
prevent the premature flooding. I tried the temporary fix and the problem
of seeing a lot of volume of other traffic from the same VLAN has
disappeared, I am still sniffing for traffic from the other VLAN and nothing
yet,
Just to answer some of the other questions. No other switches or hubs are
plugged in (to my knowledge at least, I will physically confirm)but this is
at collocation environment where I control everything.
The span port source/destination port are both in VLAN 10. I also tried a
few Solaris machines using snoop with the same problem (no span port just
normal traffic flow)
Thanks again for the help.
Troy Edington #7190
-----Original Message-----
From: Michael Martinek [mailto:mikemart@cisco.com]
Sent: Thursday, June 07, 2001 9:35 PM
To: Troy Edington
Cc: Ccie Lab (E-mail)
Subject: Re: OT: Catalyst 6509 problem leaking VLANs
Troy,
I have one idea as to why you could see unicast packets from
another device in the same VLAN. If the 6509 does not have a cam
entry for a given mac address it will flood it to all ports in that VLAN.
Certain designs can be prone to unicast flooding which can occur when the
layer
2 paths for a given mac address are asymmetric. I have seen other subtle
issues that
can cause continuous flooding. The point is that unicast flooding is a
normal bridge
process.
As to the broadcast seen in the wrong VLAN, that I would say should never
happen with a good VLAN configuration. I would connect your sniffer to a
port
in the VLAN seeing the mis-directed broadcasts (not spanned) and see if you
still
pickup the broadcasts frames. This would take span out of equation.
Hope that helps.
Mike
At 09:01 PM 6/7/2001 -0700, Troy Edington wrote:
>Hello group,
>
>I am having a problem with a catalyst 6509. Specifically the problem is
>that traffic seems to be leaking between two logically separated VLAN's. I
>run my Sniffer on a span port with one source port in VLAN 10 pointing to
>it(A Solaris box). I am spanning transmitting traffic only, just to verify
>that it is the switch transmitting and not feedback from the one machine.
>Here is specifically what I see.
>
>Vlans involved
>VLAN 10 10.80.10.0/24
>VLAN 30 10.80.30.0/24
>
>This machine has an IP of 10.80.10.20 (VLAN 10)
>
>I configured the Sniffer to ignore all packets with this IP in it. What I
>see was kind of amazing
>
>Immediately I see lots of traffic from other VLAN 10 machines going to this
>port. This is not broadcast or multicast traffic but unicast traffic For
>example 10.80.10.30 to 10.80.10.40, etc etc shows up in the Sniffer (Both
DS
>Pro and Snoop on Solaris)
>
>If that wasn't bad enough I see an occasional packet from a totally
separate
>VLAN 30 10.80.30.18 10.80.30.22 Now this is local traffic what the hell is
>it doing in VLAN 10
>
>I understand from Cisco and please someone correct me if I am wrong. When
a
>packet hits the back plane it is by default sent to every port and it is up
>to the CPU to instruct all ports except the correct destination port to
drop
>the traffic. There can be leakage if your back plane and/or CPU is heavily
>utilized. Well I am at 4% CPU utilization and throughput utilization is
>low. (I am only using 48 Fast Ethernet ports on the 6509)
>
>I am running the following
>ver 6.1a
>I am only running Layer 2 on the switch no MSFC routing (The hardware is
>installed but we are not using it)
>I have tried sniffing other ports with the same result
>no trunking is going on anywhere
>no port-channeling anywhere
>
>
>Everything runs fine and the network is up but I would like to know what is
>going on. Any ideas anyone ?? I searched for bugs and solutions on the
CCO
>with not much luck.
>
>Thanks in advance for any suggestions
>
>Troy Edington, CCIE #7190
>Network Engineer
>**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:20 GMT-3