What is the timer for the CAM table? Is it still set to 5 minutes, the default? If so and you really do have asymmetric routing, then unicast packets might indeed get flooded. With asymmetric routing a switch can lose track of which port to use for a MAC address. This happens when replies come back in via a router interface but requests have the ability to go out a switch interface.
One fix is to simply make the CAM table age less often. Some of the white papers that discuss this situation on Cisco's Web site are incomprehensible, but some of them are good. Did you find this one already? http://www.cisco.com/en/US/tech/tk648/tk365/technologies_tech_note09186a0080094afd.shtml#t8 My first reaction to your e-mail wasn't to worry about asymmetric routing, though. My first reaction was that you might be under attack. How good is your security? How about protection from Trojan horses. An nice little hack would be a Trojan horse that sends huge amounts of traffic with different MAC addresses, causing the CAM table to fill up, which will result in some flooding. I guess that's why you mentioned that you are looking at the MAC addresses to see if they are valid. Port security could solve this problem, though it's a hassle. But you could make sure that only the legitimate MAC address is allowed into each port (or at least suspect ports). By the way, how do you know flooding is happening? The information below doesn't tell us anything other than that the number of entries in the CAM table is changing which is normal, especially with a default 5-minute timer for how long an entry remains in the table. _______________________________ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com [EMAIL PROTECTED] wrote: > > Every 1 minute and 30 seconds the switches (6509 and 5500) are > flooding > traffic. > > The CAM agingtime content is changing more than the expected. > > The Spanning Tree are stable. There is minimum TCNs on the > network. > > We are looking at some of the MAC addresses to see if they are > valid > stations. > > Other point that we are working on is asymetric routing. > > Any thoughts on that? > > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:31:01 GMT-3 > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:31:16 GMT-3 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 2855 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 2879 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3617 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3637 > SWITCH> (enable) > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:33:37 GMT-3 > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:33:41 GMT-3 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3670 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3674 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3679 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3683 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3686 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 3694 > SWITCH> (enable) sh cam count dy > Total Matching CAM Entries = 1286 > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:34:47 GMT-3 > SWITCH> (enable) sh time > Mon Feb 24 2003, 09:34:48 GMT-3 > SWITCH> (enable) > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63636&t=63622 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
