[c-nsp] ARP oddness
Mike
mike-cisconsplist at tiedyenetworks.com
Fri Aug 19 19:40:17 EDT 2011
On 08/19/2011 01:24 PM, Chuck Church wrote:
> Anyone,
>
> Researching some issues at a remote site, seeing something I don't
> think should happen. A packet capture on this remote server using wireshark
> and focusing in on ARP is seeing all the requests (as I'd expect), but I'm
> also seeing unicast replies that I shouldn't. The MAC address table on the
> switch I'm attached to shows only the MAC of this remote server on that
> port. There are no SPAN sessions on the switch either. The destination
> addresses aren't multicast, they're true unicast. Yet I'm seeing all these
> unicasts that aren't my mac address. Is there some function built into a
> Cisco switch that broadcasts these to make them act like gratuitous ARPs, or
> am I really seeing something that shouldn't happen? It's on a Sup2+ 4500,
> running 12.2(25)EWA10 (I know it's ancient, vendor owns it...)
>
Maybe not your environment, but... virtualbox has a bug in it's network
driver implementation that allows you to see unicast from other
virtualmachines bridged to the same adaptor. Are you here perhaps?
Oterwise if your not using such, seeing foreign unicast washing ashore
on your nic can be a switch doing flooding because it doesn't know where
the source is, or a full mac table for example.
Mike-
More information about the cisco-nsp
mailing list