HPE Community
Switches, Hubs, and Modems
1752806 Members
6013 Online
108789 Solutions
New Discussion юеВ

Re: Traffic on switch ports

 
Mariani Alberto
Frequent Advisor

тАО10-29-2003 08:13 PM

тАО10-29-2003 08:13 PM

Traffic on switch ports

Hi All!

I'm seeing a strange behaviour of my procurve switches (a gl4104 and a 4000M) and was wondering if you coul hlp me.

About a week ago, i started monitoring lan traffic with MRTG (my switches have SNMP capabilities, so why not use them) and this is what i don't get: for each (enabled and connected) port, mrtg registers a costant activity of about 4-5 kbit/s (one-way, from the switch to the nic) when the PC attached to that port is ON and about 1 Kbit/s when it's OFF.
Now, i could understand if the switches sent a packet every now and then to see if the PC was on or off, but it seems too much traffic to be simply that (mrtg polls the hardware every 5 minutes and the value it gets is the average data sent/received since last check).

Any idea?

Thank you,
Alberto
0 Kudos
6 REPLIES 6
Ron Kinner
Honored Contributor

тАО10-30-2003 02:30 AM

тАО10-30-2003 02:30 AM

Re: Traffic on switch ports

Probably Spanning Tree Protocol. It sends out a packet every two seconds to see if there is a routing loop.

Does seem a little strange that it sends out data to an off PC but the PC probably has a Wake from LAN capabilities and never really turns its NIC off.

Ron
0 Kudos
Gonzo Granello
Valued Contributor

тАО10-30-2003 06:21 PM

тАО10-30-2003 06:21 PM

Re: Traffic on switch ports

...could also be the NIC's themselfs. I heared that some 3Com nic's look for a server they can be booted and or upgraded from. Wake on Lan is usually passive (from the NIC side) but, and Ron is absolutley right here, the port never turns off. That also means all broadcasts will light up the activity and your counters since they get flooded to all active switch ports. Since they do that, just connect your laptop fire up that Ethereal Scanner and voila, now you know where the broadcasts came from. Hope that helps.

Andreas Koertel
ProCurve product development
switching routers
wireless security

PS: check for dual intel nic's using the proset sw and fault tolerant setting - lot's of broadcasts.....
most time the day i have to mask my contempt for the a-holes in charge......
0 Kudos
Mariani Alberto
Frequent Advisor

тАО10-30-2003 06:21 PM

тАО10-30-2003 06:21 PM

Re: Traffic on switch ports

I think the culprit is not the spanning tree protocol: it's off in the configuration of the switch(es) (but maybe there is a part of it that runs nonetheless).

About the nics having WOL... i think it's true: even with the PC "off", the led of the nic is still on; and, after all, i would expect they have this feature: they are either 3com or Intel cards...


Bye,
Alberto
0 Kudos
Gonzo Granello
Valued Contributor

тАО10-30-2003 06:24 PM

тАО10-30-2003 06:24 PM

Re: Traffic on switch ports

Alberto,

I agree and if it is turned off - it's off. Do a short trace and you will find the issue since you have the mac address where it came from.

AK
most time the day i have to mask my contempt for the a-holes in charge......
0 Kudos
Stuart Teo
Trusted Contributor

тАО10-31-2003 03:20 AM

тАО10-31-2003 03:20 AM

Re: Traffic on switch ports

If you have Spanning Tree turned on and did not tweak the HELLO TIME parameter, BPDUs get sent out every 2 seconds on every port.

My experience of pointing MRTG to a switch is not too extensive but MRTG has always been a "rough counter" rather than a "precision counter".

You said that the port registered 1 kbit/s when the OFF. That's shouldn't be the case, MRTG should register 0 kbit/s.

The 4000Ms are Layer 2 switches and will not send any packets to any PC to check any status. Even though the 4100gl are Layer 3 switches, I see no reason for them to be sending packets out to PCs.

IMHO, it's the inaccuracies in MRTG.
If a problem can be fixed, there's nothing to worry. If a problem can't be fixed, worrying ain't gonna help. Bottom line: don't worry.
0 Kudos
Mariani Alberto
Frequent Advisor

тАО10-31-2003 03:27 AM

тАО10-31-2003 03:27 AM

Re: Traffic on switch ports

As i already said, spanning tree is turned off.
However, i agree that MRTG has some accuracy problem, but in this case, i believe that rounding (up or down) a value of 0 (bits/bytes/pkts/whatever) would yield the correct result :-)

Bye,
Alberto

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.