RE: Traffic On switch without mac-address on mac-address table from Mark Stephanus Chandra on 2009-09-15 (Ccielab archives 09/2009)

From: Mark Stephanus Chandra <mark.chandra_at_gmail.com>
Date: Tue, 15 Sep 2009 11:45:52 +0700

Unfortunately this is a production network L

This is a Lyer2 port. The other switch which connected to the active
firewall is showing the mac-address.

Strange behaviour occur in the other switch which is connected to the
standby switch.

This is really strange and i have snoop the packet and it is real packet
going to the standby switch.

From: ALL From_NJ [mailto:all.from.nj_at_gmail.com]
Sent: 14 September 2009 21:08
To: Iwan Hoogendoorn
Cc: Mark Stephanus Chandra; ccielab_at_groupstudy.com
Subject: Re: Traffic On switch without mac-address on mac-address table

Hope this is not a production network ... ;-)

Mark, is this a L3 port? My guess is that it is ... If possible, ping the
fw from the switch and then check the arp table via the show ip arp command.

If your switch does not have a way to ping the FW, and IF IT IS a production
network, then don't change a thing on the switch. ;-) ... lol

Ping the FW interface from another device and you will be able to see the
MAC add. HTH,

Andrew

On Mon, Sep 14, 2009 at 9:02 AM, Iwan Hoogendoorn <iwan_at_ipexpert.com> wrote:

Hi,

What will happen if you plug a laptop in the same switchport you have
the firewall on and you do a show mac-address-table on the switch?

--
Regards,
Iwan Hoogendoorn
CCIE #13084 (R&S / Security / SP)
Sr. Support Engineer   IPexpert, Inc.
URL: http://www.IPexpert.com
On Mon, Sep 14, 2009 at 11:15 AM, Mark Stephanus Chandra
<mark.chandra_at_gmail.com> wrote:
> Dear GS,
>
>
>
>
>
> Have you guys ever experienced that you found traffic in one of your
> switchport but there is no mac-address destinate on it.
>
>
>
> It happens on my switch , one of the switchport facing to a standby
firewall
> keep generate traffic, but actually there is no mac-address learn via that
> port.
>
>
>
> The firewall is netscreen, have any idea what is the possible explanation
of
> this problem ?
>
>
>
>
>
> Regards
>
> Mark Stephanus Chandra - CCIE#23887
> IT Consultant
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

Received on Tue Sep 15 2009 - 11:45:52 ART

This archive was generated by hypermail 2.2.0 : Sun Oct 04 2009 - 07:42:03 ART