HPE Community
Switches, Hubs, and Modems
1752571 Members
5024 Online
108788 Solutions
New Discussion

Re: Non-Broadcast Traffic on all ports

 
FunnyDingo
Occasional Advisor

‎07-18-2012 02:52 AM

‎07-18-2012 02:52 AM

Non-Broadcast Traffic on all ports

Hello,

 

I've an very strange problem. A Windows XP workstation with dumpcap is connected to a 5406zl (also tested with 4208vl). Except for broadcasts the capture includes a lot of packets wich in my opinion never should reach this port. Examples:

 

NBSS between servers and backup system while backup

MSSQL between workstations and SQL servers

HTTP between clients and internal webservers

...

 

But not all traffic, It's randomly (for example: I've seen the answer for a DNS request, but not the DNS request itself).

 

This problem is not bounded by one switch: the capture PC is connect to another switch than mail and backup, but it captures parts of the backup process.

 

Any idea about this strange problem?

 

Kind regards,

Funny

0 Kudos
4 REPLIES 4
Richard Brodie_1
Honored Contributor

‎07-18-2012 03:34 PM

‎07-18-2012 03:34 PM

Re: Non-Broadcast Traffic on all ports

Spanning tree topology changes will flush the MAC database. Does "show span" show a big count and a short time?

0 Kudos
FunnyDingo
Occasional Advisor

‎07-18-2012 11:16 PM - edited ‎07-18-2012 11:16 PM

‎07-18-2012 11:16 PM - edited ‎07-18-2012 11:16 PM

Re: Non-Broadcast Traffic on all ports

Hm, don't if this is count is big, but I think so:

 

STP Enabled   : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : xxxxxx-xxxxxx
Switch Priority    : 32768
Max Age  : 20
Max Hops : 20
Forward Delay : 15

Topology Change Count  : 29,676
Time Since Last Change : 13 mins

I don't know if this is a big count and a short time, but I think so :) Uptime is 30 Days... Another Switch:

STP Enabled   : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : xxxxxx-xxxxxx
Switch Priority    : 32768
Max Age  : 20
Max Hops : 20
Forward Delay : 15

Topology Change Count  : 315,634
Time Since Last Change : 98 secs

 Uptime: 18 days...

 

OK, seems there is a STP problem... But how to find?

0 Kudos
Richard Litchfield
Respected Contributor

‎07-19-2012 01:34 AM

‎07-19-2012 01:34 AM

Re: Non-Broadcast Traffic on all ports

It certainly looks like a spanning tree issue! How many switches are in the network?

 

There are lots of things you could do, some are listed below. They may or may not be suitable in your environment:

 

  • Download IMC and map the network. It will show you where the loops are.
  • Use the console tools (show spanning tree, show spanning tree instance cst, etc) to work out root devices, root ports, connections
  • show lldp info remote to see switch connections to other switches
  • make sure spanning tree is actually enabled on all switches, with the same type (eg MSTP)
  • check all MSTP settings are common (region name, number, correct instance) [put them all in instance 0/CST to start with]
  • set the root switch (most central one) to have the lowest priority
  • use aggregation (LACP) when two switches are connected with more than one cable
  • disconnect all cables and reconnect them until the problem comes back!
0 Kudos
Richard Brodie_1
Honored Contributor

‎07-19-2012 04:06 AM

‎07-19-2012 04:06 AM

Re: Non-Broadcast Traffic on all ports

Depending on what firmware you have installed there is a lot of debugging information available.

 

show span debug-counters port 1-n instance 0,

 

then look where the most/most recent TCN RX packets come from, and follow them back. Best to start at the root switch.

 

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.