[c-nsp] Switch Craziness and maybe STP or bad ARP's

Church, Chuck cchurch at netcogov.com
Thu Feb 9 09:34:10 EST 2006 

I'm not sure about a network TAP, but this sounds like either a loop was
created, or a device was accidentally (or purposely/maliciously)
answering ARPs it shouldn't have.  The original poster said he doesn't
use any STP.  Does this mean spanning tree is turned off everywhere?  If
so, BAD idea; would have prevented this whole mess.  If the problem is
the later, port security limiting the number of MACs you can learn on an
given access port should have helped also.  


Chuck Church
Network Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services -  Enterprise Network Engineering
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 864-266-3978
cchurch at netcogov.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
"I'm one Snickers Pie away from losing my foot to diabetes."  -  Homer

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Raymond Macharia
Sent: Thursday, February 09, 2006 5:47 AM
To: Joseph Jackson
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Switch Craziness and maybe STP or bad ARP's

Hello Joseph

What you describe sounds like you you had an ARP issue. when a layer 2
device goes faulty it may spew out incorrect ARP information creating
problems for the entire network.
Unfrtunately with Layer 2 there is no quick fix to locating a problem,
most
times you have to do what you did, elimination and isolation.
However there are Network TAPS which can be plugged into a network
transparently and are said to help. I am in the process of obtaining one
to
play with to see if it will.
Anyone in the list with Network TAP knowledge, please shed some more
light.

Thanks

Raymond

On 2/8/06, Joseph Jackson <JJackson at aninetworks.com> wrote:
>
> we
> finally traced it to a small work group switch that was coming off of
> our core LAN switch once we brought that down
> All communication come back up normally.  As its now late and I want
to
> go home I haven\'t had a chance to test out the switch on our test
> network yet but I was wondering what you guys thoughts
> Were on this.  Why did that happen?  Is there any monitoring tools
that
> ",1] ); //-->I could have used to track it down much faster than the
hours
> it took
> for us?  We don't use any STP and no redundant connections on the
> switches.. Any thoughts?
>
>
> Thanks
>
> Joseph Jackson
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



--
Raymond Macharia
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list