On Wed, Feb 6, 2013 at 10:01 AM, m.roth@5-cent.us wrote:
Ww just had our switch replaced with a pair of 3750G's, old and new all have 48 ports, so we now have some open ports.... Anyway, my manager was looking at issues yesterday, and discovered that for a while, off and on, from several systems on the new switches, he could see traffic between *other* servers and systems elsewhere in the building... which, of course, shouldn't be possible with a switch.
He tells me that some switches, if they were overwhelmed with traffic, would give up and go into hub mode, but he's under the impression that was written out of the firmware years ago, while these are new switches.
Anyone run into this?
A switch will forward to all ports until it learns the mac address (from return traffic) of the correct destination port. So a little bit of traffic leaking to the wrong place within a broadcast domain is fairly normal. A lot means you have a broken switch or one that can't handle the size of the MAC address table it needs. Or you have some strange traffic (udp w/no return packets) or firewalling that keeps the switch from ever seeing the target MAC and restricting the destination to the associated port. Or someone is spoofing the MAC to confuse the switch so they can sniff more than otherwise.