[CentOS] OT - odd behavior of Cisco switch

Wed Feb 6 17:16:46 UTC 2013
Les Mikesell <lesmikesell at gmail.com>

On Wed, Feb 6, 2013 at 10:01 AM,  <m.roth at 5-cent.us> wrote:
> Ww just had our switch replaced with a pair of 3750G's, old and new all
> have 48 ports, so we now have some open ports.... Anyway, my manager was
> looking at issues yesterday, and discovered that for a while, off and on,
> from several systems on the new switches, he could see traffic between
> *other* servers and systems elsewhere in the building... which, of course,
> shouldn't be possible with a switch.
>
> He tells me that some switches, if they were overwhelmed with traffic,
> would give up and go into hub mode, but he's under the impression that was
> written out of the firmware years ago, while these are new switches.
>
> Anyone run into this?

A switch will forward to all ports until it learns the mac address
(from return traffic) of the correct destination port.  So a little
bit of  traffic leaking to the wrong place within a broadcast domain
is fairly normal.   A lot means you have a broken switch or one that
can't handle the size of the MAC address table it needs.   Or you have
some strange traffic (udp w/no return packets)  or firewalling that
keeps the switch from ever seeing the target MAC and restricting the
destination to the associated port.   Or someone is spoofing the MAC
to confuse the switch so they can sniff more than otherwise.

-- 
   Les Mikesell
      lesmikesell at gmail.com