Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

multiple VLAN traffic flooding, 5406zl core switch?

AccuMegalith
Advisor

multiple VLAN traffic flooding, 5406zl core switch?

This is a shot in the dark, as my other resources have turned up nothing and we've got nothing to lose.

We had a company-wide network outage yesterday which we traced back to a failing VoIP phone spewing gibberish packets. Our VoIP network is physically separated from the data network, as well as having a different VLAN ID. We also have a remote datacenter connected via metro ethernet, also with a separate VLAN ID. The only place all three networks come together, both physically and virtually, is in our 5406zl core switch. This switch does the inter-VLAN routing, as well as sends traffic out our public gateway.

The babbling phone effectively shut down all three VLANs. None of the switches (all procurve) showed any alerts about excessive traffic. We had to find the defective device by looking at link lights. As soon as we disconnected the phone, network response was back to normal.

All the VoIP phones do is boot off of a phone server on their own VLAN, download their configuration, and pass voice traffic. They have no need to contact the other VLANs. Does it make any sense that the core switch, which has fault detection set to high, should've been forwarding this traffic? Shouldn't the downstream switch (a 2626PWR) have blocked this port? Since we can't retroactively apply a packet sniffer, what else can we trace?

Like I said, a shot in the dark, but any thoughts would be appreciated.
White water rafting on a river of acid