Link to home
Start Free TrialLog in
Avatar of jdbrooks99
jdbrooks99

asked on

VLAN cross talk? such a thing? VLAN Traffic broadcasting accross other VLANs

This question is far out there but I am going to ask this anyway.  I work with a group of guys that think they know everything about networking and have all of the answers.  Here is a statement one was proposing was a cause to a traffic problem on our network.  We have a network that when you sniff traffic you can see VLAN traffic from host on other VLANS communicating that should not be broadcast within the VLAN your on.  Granted this is a problem but one of the reasons for this was that we are experiencing VLAN cross talk.  What is this?  It was explained to me that VLAN cross talk is when a switch is overloaded and will send a broadcast to all ports regardless of VLAN membership.  This was news to me and I have never heard of such a thing.  I can believe we are having routing issues or trunks that are misconfigured but VLAN cross talk?  This sounds like someone made up to sound like they think they know whats going on.  Has anyone heard of such?

Avatar of fatlad
fatlad
Hi there the problem you are referring to is sometimes seen. Within a switch you will have area of volatile memory that stores the MAC address of machines, and their VLAN details, along with the port they are connected to. This is used whenever a frame needs transmitting, it is what makes the switch act in a different way to a hub.

In the Cisco world this is called the CAM (Content Addressable Memory).

The CAM table keeps track of machine network locations and knows which port future traffic travels over because it saw previous communication there.

The CAM is obviously of finite size and so can be filled up, especially if flooded with entries. Once flooded, the switch will broadcast traffic without a CAM entry out on its local VLAN, possibly allowing an attacker to see traffic he wouldn't ordinarily see. Flooding is easy if you are trying to do it, even with big tables and high-end switches.

The easiest way to prevent this is to enable port secuirty, limiting the maximum number of MAC addresses accepted until the port is shutdown or future MAC addresses are recorded. See http://cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/config/sec_port.htm if you have a Cisco switch.

Hope that helps

FatLad

ASKER CERTIFIED SOLUTION
Avatar of Les Moore
Les Moore
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial