Posted on January 13, 2020 5:01 pm
 |  Asked by Johan Kooijman
Print Friendly, PDF & Email


I’m having an issue with a DCS-7148S running 4.13.10M. I’ve configured a trunk, with a limited set of VLAN’s, to another rack running Mellanox/Juniper/Arista switches.
In this new rack we hooked up some server hardware. When we run a tcpdump on this new server hardware we see quite a bit of unicast traffic not designated for this new setup. We see literally https traffic with a destination host that’s indeed connected to this DCS-7148S, but that has nothing to do with the hardware in the new rack. We don’t see this for a single host, but for dozens and dozens of hosts. Running a tcpdump for about 10 minutes shows 110 hosts.

It almost feel like the port is in mirror mode or something like that.
We don’t see this behavior on one port, but tried multiple ports and multiple switches in the new rack as well.

Am I missing something very obvious here?

Posted by Mark Berly
Answered on January 13, 2020 5:37 pm

Generally when you see traffic for hosts other than the one connected to the port in question it is due to unknown unicast flooding in the VLAN. I would start by looking to see if the destination MAC address for the hosts not connected to the port are in the MAC address table, example command:

sw1-1#show mac address-table address ?
H.H.H Ethernet address

Based on your description, I am guessing you are seeing unicast flooding, if this is the case let us know we can discuss ideas around how to mitigate this - usually it is as easy as making your ARP timeout greater than the MAC aging timer on the L3 gateway switch for that network.

Post your Answer

You must be logged in to post an answer.