From: Roman Rodichev (rodic000@xxxxxxxxxxx)
Date: Sat Jun 09 2001 - 00:55:49 GMT-3
very stooopid question: is host configured with /24 mask?
I've seen solaris and sun boxes configured with /24 in the /etc/netmasks,
but ifconfig -a still showed /16
>From: Troy Edington <TEdington@ingenuity.com>
>Reply-To: Troy Edington <TEdington@ingenuity.com>
>To: "'Michael Martinek'" <mikemart@cisco.com>, Troy Edington
><TEdington@ingenuity.com>
>CC: "Ccie Lab (E-mail)" <ccielab@groupstudy.com>
>Subject: RE: OT: Catalyst 6509 problem leaking VLANs
>Date: Thu, 7 Jun 2001 22:12:34 -0700
>
>Hey Group,
>
>Thanks for your quick answers. Looks like Michael has half the problem.
>Looks like there is a bug in version 6.1(1a) and the aging timeout for the
>CAM(CSCds71110). The workaround is to set the agingtimeout to zero to
>prevent the premature flooding. I tried the temporary fix and the problem
>of seeing a lot of volume of other traffic from the same VLAN has
>disappeared, I am still sniffing for traffic from the other VLAN and
>nothing
>yet,
>
>Just to answer some of the other questions. No other switches or hubs are
>plugged in (to my knowledge at least, I will physically confirm)but this is
>at collocation environment where I control everything.
>
>The span port source/destination port are both in VLAN 10. I also tried a
>few Solaris machines using snoop with the same problem (no span port just
>normal traffic flow)
>
>Thanks again for the help.
>
>Troy Edington #7190
>
>
>
>
>
>-----Original Message-----
>From: Michael Martinek [mailto:mikemart@cisco.com]
>Sent: Thursday, June 07, 2001 9:35 PM
>To: Troy Edington
>Cc: Ccie Lab (E-mail)
>Subject: Re: OT: Catalyst 6509 problem leaking VLANs
>
>
>Troy,
>
>I have one idea as to why you could see unicast packets from
>another device in the same VLAN. If the 6509 does not have a cam
>entry for a given mac address it will flood it to all ports in that VLAN.
>Certain designs can be prone to unicast flooding which can occur when the
>layer
>2 paths for a given mac address are asymmetric. I have seen other subtle
>issues that
>can cause continuous flooding. The point is that unicast flooding is a
>normal bridge
>process.
>
>As to the broadcast seen in the wrong VLAN, that I would say should never
>happen with a good VLAN configuration. I would connect your sniffer to a
>port
>in the VLAN seeing the mis-directed broadcasts (not spanned) and see if you
>still
>pickup the broadcasts frames. This would take span out of equation.
>
>Hope that helps.
>
>Mike
>
>
>At 09:01 PM 6/7/2001 -0700, Troy Edington wrote:
> >Hello group,
> >
> >I am having a problem with a catalyst 6509. Specifically the problem is
> >that traffic seems to be leaking between two logically separated VLAN's.
>I
> >run my Sniffer on a span port with one source port in VLAN 10 pointing to
> >it(A Solaris box). I am spanning transmitting traffic only, just to
>verify
> >that it is the switch transmitting and not feedback from the one machine.
> >Here is specifically what I see.
> >
> >Vlans involved
> >VLAN 10 10.80.10.0/24
> >VLAN 30 10.80.30.0/24
> >
> >This machine has an IP of 10.80.10.20 (VLAN 10)
> >
> >I configured the Sniffer to ignore all packets with this IP in it. What
>I
> >see was kind of amazing
> >
> >Immediately I see lots of traffic from other VLAN 10 machines going to
>this
> >port. This is not broadcast or multicast traffic but unicast traffic For
> >example 10.80.10.30 to 10.80.10.40, etc etc shows up in the Sniffer (Both
>DS
> >Pro and Snoop on Solaris)
> >
> >If that wasn't bad enough I see an occasional packet from a totally
>separate
> >VLAN 30 10.80.30.18 10.80.30.22 Now this is local traffic what the hell
>is
> >it doing in VLAN 10
> >
> >I understand from Cisco and please someone correct me if I am wrong.
>When
>a
> >packet hits the back plane it is by default sent to every port and it is
>up
> >to the CPU to instruct all ports except the correct destination port to
>drop
> >the traffic. There can be leakage if your back plane and/or CPU is
>heavily
> >utilized. Well I am at 4% CPU utilization and throughput utilization is
> >low. (I am only using 48 Fast Ethernet ports on the 6509)
> >
> >I am running the following
> >ver 6.1a
> >I am only running Layer 2 on the switch no MSFC routing (The hardware is
> >installed but we are not using it)
> >I have tried sniffing other ports with the same result
> >no trunking is going on anywhere
> >no port-channeling anywhere
> >
> >
> >Everything runs fine and the network is up but I would like to know what
>is
> >going on. Any ideas anyone ?? I searched for bugs and solutions on the
>CCO
> >with not much luck.
> >
> >Thanks in advance for any suggestions
> >
> >Troy Edington, CCIE #7190
> >Network Engineer
> >**Please read:http://www.groupstudy.com/list/posting.html
>**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:21 GMT-3