Cisco Switching/Routing :: Unicast Flood On 3750 - How To Determine Source MAC Address
Feb 27, 2013
There is a unicast flood on 3750 killing slow modem links. How to determine source MAC address of flooder? Is there a rate limit feature for it?
I know how to block it completely on port-level, but it breaks normal network operation. (when port goes down for some reason, it's learned MACs got flushed and since other hosts know MACs, they keep flooding untill their arp caches expire).
View 11 Replies
ADVERTISEMENT
Aug 13, 2012
Do they have a default IP assigned to them?
I'm trying to access the CMS administration page from my browser. I've already tried 192.168.0.1 and that brings up my gateway (cable modem from Time Warner).
View 15 Replies
View Related
Dec 2, 2012
I want to know if there is way to tag traffic with DCSP tags without having to do all the other requirments of QOS setup. All i want to do is just tag traffic at different DCSP values via source and destination IPs. We do not have a need to be priortizing traffic on out internal switches. We just want to tag the traffic so our MPLS provider can distinguish the different types of traffic.
Our environments is primarily 3750s in all offices.
View 6 Replies
View Related
Feb 23, 2012
We have 2 switches split across 2 datacentres connected via an interconnect. Over the past couple of days the interconnect provider's Cisco kit has shut down our port (err-disabled) due to a broadcast storm. They had the level set at 1 which I thought was a bit low. They say they tried to set to 2, then 5 but still kept tripping the storm-control feature so they set at 10. They say they've always had it set at 1% (on a 100Mb switch) and so we must be generating more broadcast traffic.
I'm trying to identify where the broadcast traffic is coming from. On our Cisco 3750 I've clear interface counters and when I do a sh run | i broadcasts there are a few ports which have what seems like a high broadcast count. The one port that is especially high and the only one tripping the storm-control feature (I've enabled on all our ports to try to identify where the traffic is coming from) is the port connected to the 100Mb interconnect. I've mirrored that port to another port and connected a server with wireshark so I can capture all the traffic across that port.
What I'm struggling to find is the source of the broadcast traffic.I have a few questions are these broadcasts layer 3 or layer 2 broadcasts. Also in the output below when it says broadcasts received is this inbound to the port i.e. from the connected device or is this a total of inbound and outbound broadcasts.
When I use wireshark and filter the capture on broadcasts (ff:ff:ff:ff:ff:ff) I see only 200-300 compared to the thousands the switch is reporting.If I filter on the broadcast IP address I also don't see the numbers corresponding to what I see in the show interface output.
GigabitEthernet1/0/1 is up, line protocol is up (connected)
Hardware is Gigabit Ethernet, address is 0014.a93f.7401 (bia 0014.a93f.7401)
Description: Interconnect
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 4/255, rxload 44/255
Encapsulation ARPA, loopback not set
[code].....
also I'm currently doing : monitor session 1 source int g1/0/1 both, and also tried just rx incase I just need to be looking at receive traffic but still nothing is standing out.
View 10 Replies
View Related
Sep 3, 2012
Most of the 4500 Switches in our network are giving the similar error for so many ports
%C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 1 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on p t Gi2/6 in vlan 100
Its impossible to do a wireshark packet tracing for all the ports.
View 2 Replies
View Related
Feb 14, 2012
Issue I am having with a Cisco 4507? Below is the error i am receiving.
Feb 14 10:06:09 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 508 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 14 18:44:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 119 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
Feb 15 00:51:06 EST: %C4K_L2MAN-6-INVALIDSOURCEADDRESSPACKET: (Suppressed 366 times)Packet received with invalid source MAC address (00:00:00:00:00:00) on port Po10 in vlan 112
[Code]...
View 9 Replies
View Related
Nov 8, 2012
I have a list of email addresses, people who have subscribed to a free electronic newsletter. The email address is all the information we have about each subscriber.A satellite office is going to begin handling print and electronic subscriptions for subscribers in Peru. Is there any way to determine which of these email addresses are from Peru?
View 5 Replies
View Related
Feb 3, 2011
I was wondering if the following scenario would work:
2 Microsoft TMG servers (could be any W2K8 R2 based server, e.g. UAG, Exchange etc.) configured for Unicast NLB. The servers are connected to separate L2 switches which are connected to a highly available central L3 switch (see attached drawing).
Unicast NLB works in such a way that it uses a shared virtual IP and a virtual MAC addres which is not used as Source MAC address when the TMG servers are respondign to requests.Basically it relies onto the fact that the switch does not learn the virtual MAC address and floods all packets destined to the virtual MAC on all ports. The L3 switch would learn the MAC through ARP. The question now is, what the L3 switch would do, if it receives a packet destined for the NLB VIP. It should do an ARP request in order to receive the virtual MAC. How would he decide on which port(s) to forward the packet as he does not know on which port the MAC is found. Can he make a decision based on Layer 3 (IP/VLAN based) therefore he knows that the VLAN for the TMGs is connected on those two uplink ports?
View 7 Replies
View Related
Apr 27, 2013
i recently identified all switch ports in my network on 6509 core were Transmitting Mail server Exchange traffic that was destined for Unicast NLB cluster. and it was impacting various HOST machines NIC cards/performance.After reading this article, i moved NLB CAS servers behind a dedicated cisco Switch.
[URL]
Now My core switch can learn mac address across its trunk port where CAS servers are connected on dedicated switch. but still i can see traffic Transmitting out to my all switch ports of same VLAN ( same as NLB VLAN).
View 5 Replies
View Related
Nov 28, 2011
I have a serious problem with nexus 7018, there're unicast flooding on one n7k, named n7k-1, which is the member of vPC domain combined with 2 N7Ks. [code]I had clean the mac-address-table, and all mac-address-tables had been synced fine, and the unicast flooding went away.
How could I fix the mac-address sync function between the modules ?
View 6 Replies
View Related
Jan 9, 2011
I'm having an issue with my network, where we're are experiencing random and brief network outages. They happen a couple times a day and last 5-10 seconds. when I check my two backbone switches (4506 : Supervisor: WS-X4516-10GE ,IOS : cat4500-ipbase-mz.122-31.SGA8.bin), STP remains normal and no topology change occurs.
View 16 Replies
View Related
Apr 15, 2012
There 's a Cisco IP phone that sits between a PC and the switch port. On the switch port, no MAC address is learned. However, the switch is able to detect the IP phone and deliver power to it: [code] Switch is Catalyst 3750 with IOS version 12.2(58)SE1.
View 1 Replies
View Related
Feb 7, 2012
I have switch 2960 and router that connect with one interface to that switch. the link is trunk and Router function is inter vlan routing between 4 vlan. This netwrok has only one ip address space that is 10.10.2.0/24 and work without problem. We connect cisco switch 2960 with optic link to another switch that in stack 3750 which configured as trunk link and allowed only 3 vlan between them. In the other side netwrok which consist the switch 3750 we have different subnet ip address that switch working in layer 3 too. the problem is that when I permit vlan 210 in the switch 2960 only layer 2 between this switch and the 3750 in network that consist th ip address 10.10.2.0/24 devices, if I disconnect and then connect pc to network he says that he has ip conflict and in the log he show mac address of router that has vlan 210 subinterface configured with 10.10.2./24 subnet. But how I gibe back vlan 210 from permited vlan in trunk devices start normaly working. If I again put vlan 210 to permit vlan in that trunk devices again said that there are conflict ip address and show mac address vlan 210 router subinterface.
View 10 Replies
View Related
Oct 16, 2012
Today when we run one applcation to access a target server with IP address 10.2.2.13, the application cannot run through and appearing error message related networking.The target server has two network ports whereby another one with IP 10.2.2.14 is running OK with the same application. All these two connections are connected to the same Cisco switch 3750, after the switch then go to Cisco ASA firewall which has no access control rule for this 10.2.2.13 and its subnet, and then the firewall connect directly to the application server.We can ping, remote desktop access and telent port for the application to the target server by using 10.2.2.13.We swapped the cable connection of the ports from one another and try the application again, the IP with 10.2.2.13 is still fail and IP with 10.2.2.14 is OK.We then change the IP from 10.2.2.13 to 10.2.2.12 or 10.2.2.155, all are OK. We changed back to 10.2.2.13, it is failed again.The switch is in running real time production and so we cannot power cycle or reload the switch.
View 9 Replies
View Related
Dec 11, 2012
a new LAN installation, two VSS pair 6509 core, 15 closets, with 3750 stacks. Floor 15 only, devices/hosts can ping teh DHCP server but cannot aquire IP addresses. no such problem on other floors?
portfast an dother parameters are intact.
View 2 Replies
View Related
Oct 23, 2012
I have some question about HSRP in 3750 switch. I have two Cisco 3750 switch which configured HSRP. Let say, we have interface vlan 100 that join in HSRP group member 1. The configuration on both switch is like as follows :
SWI-3750-A (Active)
==========
interface Vlan100
description *** gateway User NPL ***
[Code]....
View 8 Replies
View Related
Jun 13, 2013
We are trying to replace the CSS between our firewall and DMZ with a BigIP. Among it's other functions, it will act as the router between the firewall and the DMZ. To make this work, I need to assign vlan tags values for the vlans I create on the BigIP box and these must match the tags on the cisco switches (3550's) How do I find this information on the switch?
View 2 Replies
View Related
Mar 12, 2013
I would like to ask if how can we determine by mear physical inspection if the power supply of a CISCO2911/K9 router is AC, POE or DC? Do we have images of the actual spare power supply?
View 3 Replies
View Related
Jul 20, 2011
Do you know an easy way to determine the physical location of the device were an IP address is attached? IP Geo location doesn't work well.Is something like this possible? I know it could be if you are the network administrator and know the location of your equipment and stuff.
View 12 Replies
View Related
May 18, 2011
problem is my brother has been playing with its config page. he changed the IP Address of the modem and disabled DHCP. he forgot what IP Address he inputted on the config page. I tried resetting the router with the small button on its side. Nothing happens. all the lights blink when i pushed the reset button for 10 sec. but nothing happens. i still can't access its default IP which is 192.168.1.1 IS there anyway to determine its IP Address even if DHCP is disabled ?
View 5 Replies
View Related
Oct 22, 2012
how do i determine the ip address manually when installing my hp printer. model ; P3005x
View 3 Replies
View Related
Mar 8, 2012
Is there a free scan to determine ipaddress of westell7500 router?
View 3 Replies
View Related
Mar 27, 2012
We have Cisco IP phones behind a 2600 series router:Most of the time when the PBX receives a packet from the phone, the source IP of the packet is set to the public IP of the router (1.2.3.4) as expected. However, once in a while, we get packets (at the PBX) with the source IP set to the private IP of the phone (10.0.0.12).The router is configured by our provider, and they can't give us any explanation for this behaviour. Is it safe to assume that PAT is not configured properly at the router?
View 2 Replies
View Related
Dec 7, 2011
I am facing switch reboot issue when power of switch restore from RPS to AC.
View 1 Replies
View Related
Nov 11, 2012
is it possible, to use a Catalyst Switch (in my case a 3560E) as a source for a console session to another Catalyst? In principle to use it as a console terminal server.
View 1 Replies
View Related
Oct 31, 2012
i have a stack of 3750x, with minimal configuration. there are two vlans, and two vlan interfaces with IP addresses. when i ping out from this switch to another host, it picks vlan1's ip address as the source automatically. i tested this by doing two pings with extended options using each vlan's interface as the source, and got different results. how the switch decided to use the first vlan's ip address as a source.
View 11 Replies
View Related
May 20, 2013
I have cisco 2651. It contains two FastEthernet interfaces: Fa0/0, Fa0/1.Fa0/1 has an ip address. Fa0/0 hasn't an ip address.I need to create monitor session from source Fa0/1 to destination Fa0/0. Then i want to connect my notebook to Fa0/0 to analyze some traffic from port Fa0/1
View 2 Replies
View Related
Nov 5, 2012
i would like to monitor traffic between multiple source ports to multiple destination ports on a nexus 7k. i lknow when you set up monitor session is between source and destination (laptop or traffic analyser) but is there a way i can set up between source and multiple destination ports and capture that traffic ?
View 3 Replies
View Related
Aug 20, 2012
I have configured the ip telnet source-interface Loopback 0 command on a Nexus7010, but when I telnet to another device and do a show users, the ip address is of the closest interface to the device I telnet to, not the ip address of the Loopback. All interfaces are in vrf default. I am running 5.1(6) NXOS.
View 6 Replies
View Related
May 19, 2013
Basically I am trying to use Wireshark to do a packet capture on a Nexus 5010. I want to do a monitor session on on the switch so I can capture from a source port to a destination port on the same switch. I can configure the source port but when I go to configure the destination port I get "ERROR: Eth102/1/4: Configuration not allowed on fex interface". I have tried to reconfigure this port as a switchport but "switchport mode access" command does not take. I don't want to make any changes to any other ports but this one.
View 1 Replies
View Related
Aug 9, 2012
I'm trying to get ERSPAN working with an ERSPAN source on a Nexus 5548 and the ERSPAN destination on a Catalyst 6500.
The configuration on the Nexus is as follows:
[...]
interface loopback0
ip address 192.168.2.133/32
[Code].....
If I do a netdr capture I can see ERSPAN traffic sourced from the Nexus reaching the C6500, but there doesn't appear to be anything sent out the ERSPAN destination inerface (Gi4/6) and there's nothing being received by the probe connected to that interface. I know the traffic seen with netdr is definitely the ERSPAN traffic sourced from the Nexus as I've changed the TTL and DSCP values within the monitor session on the Nexus and can see those changes reflected on the C6500 netdr capture. The attached is a screen grab of the show netdr capture started with debug netdr capture soure-ip-address 192.168.2.133.
When I look at the interface I see it shown as up/down (monitoring), but no output or counters clocking up. If I run a local SPAN session on the C6500 it works fine.
I've tried changing the destination IP address from that assigned to the C6500 Loopback interface to an IP address assigned to a physical interface, but that still doens't work.
The hardware in the C6500 is WS-SUP720-BASE Hw version 3.2 with WS-F6K-PFC3B Hw version 2.4. The IOS version is 12.2(33)SXI6.
View 2 Replies
View Related
Sep 29, 2012
I've just set up DHCP Snooping and IP Source Guard on our SG500 series switches. It seems to work quite well, except when a wireless host roams from one AP to another (on a different switch port), all traffic from that host gets blocked.
I can understand why this is occuring, but I don't know what I can do to work around this problem.had success with roaming WiFi machines in conjunction with IP Source Guard?
View 6 Replies
View Related
Jan 21, 2013
Platform:
cisco6509-E with FWSM
Supervisor Engine 32 PISA 8GE
sup-bootdisk:s32p3-adventerprisek9_wan-mz.122-18.ZY2.bin
command:
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
(config)#no ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
#clear ip nat tran *
(config)#ip nat inside source static tcp 10.10.8.147 14029 interface g7/8 14029
%Port 14029 is being used by system
Or %Static entry in use, cannot change
But when I perform "sh ip nat tran" command,There is nothing
View 1 Replies
View Related