RE: Traffic On switch without mac-address on mac-address table

Hi Mark , it sounds like unicast-flooding for whatever reason ,
unsymetric routing paths and etc , the first switch is not learning a
mac address for the destination and the traffic that you see is just
flooded to all ports , can you provide more information about how is
two switches are connected ?
br,
Atanas Yankov
Data Networks & Security Section
IT Division
Cosmo Bulgaria Mobile
CCIE # 21756

mobile: (+359 89) 8400734
e-mail: ayankov_at_globul.bg
www.globul.bg
On Tue, 2009-09-15 at 11:45 +0700, Mark Stephanus Chandra wrote:
> Unfortunately this is a production network L
>
>
>
> This is a Lyer2 port. The other switch which connected to the active
> firewall is showing the mac-address.
>
>
>
> Strange behaviour occur in the other switch which is connected to the
> standby switch.
>
>
>
> This is really strange and i have snoop the packet and it is real packet
> going to the standby switch.
>
>
>
> From: ALL From_NJ [mailto:all.from.nj_at_gmail.com]
> Sent: 14 September 2009 21:08
> To: Iwan Hoogendoorn
> Cc: Mark Stephanus Chandra; ccielab_at_groupstudy.com
> Subject: Re: Traffic On switch without mac-address on mac-address table
>
>
>
> Hope this is not a production network ... ;-)
>
> Mark, is this a L3 port? My guess is that it is ... If possible, ping the
> fw from the switch and then check the arp table via the show ip arp command.
>
>
> If your switch does not have a way to ping the FW, and IF IT IS a production
> network, then don't change a thing on the switch. ;-) ... lol
>
> Ping the FW interface from another device and you will be able to see the
> MAC add. HTH,
>
> Andrew
>
>
>
>
> On Mon, Sep 14, 2009 at 9:02 AM, Iwan Hoogendoorn <iwan_at_ipexpert.com> wrote:
>
> Hi,
>
> What will happen if you plug a laptop in the same switchport you have
> the firewall on and you do a show mac-address-table on the switch?
>
>
> --
> Regards,
>
> Iwan Hoogendoorn
> CCIE #13084 (R&S / Security / SP)
> Sr. Support Engineer IPexpert, Inc.
> URL: http://www.IPexpert.com
>
>
>
> On Mon, Sep 14, 2009 at 11:15 AM, Mark Stephanus Chandra
> <mark.chandra_at_gmail.com> wrote:
> > Dear GS,
> >
> >
> >
> >
> >
> > Have you guys ever experienced that you found traffic in one of your
> > switchport but there is no mac-address destinate on it.
> >
> >
> >
> > It happens on my switch , one of the switchport facing to a standby
> firewall
> > keep generate traffic, but actually there is no mac-address learn via that
> > port.
> >
> >
> >
> > The firewall is netscreen, have any idea what is the possible explanation
> of
> > this problem ?
> >
> >
> >
> >
> >
> > Regards
> >
> > Mark Stephanus Chandra - CCIE#23887
> > IT Consultant
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>
>
>

-- 
br,
Atanas Yankov
Data Networks & Security Section
IT Division
CCIE # 21756
mobile: (+359 89) 8400734
e-mail:  ayankov_at_globul.bg
www.globul.bg
Blogs and organic groups at http://www.ccie.net