?
Solved

VLAN cross talk?  such a thing?  VLAN Traffic broadcasting accross other VLANs

Posted on 2004-08-12
2
Medium Priority
?
1,139 Views
Last Modified: 2008-03-10
This question is far out there but I am going to ask this anyway.  I work with a group of guys that think they know everything about networking and have all of the answers.  Here is a statement one was proposing was a cause to a traffic problem on our network.  We have a network that when you sniff traffic you can see VLAN traffic from host on other VLANS communicating that should not be broadcast within the VLAN your on.  Granted this is a problem but one of the reasons for this was that we are experiencing VLAN cross talk.  What is this?  It was explained to me that VLAN cross talk is when a switch is overloaded and will send a broadcast to all ports regardless of VLAN membership.  This was news to me and I have never heard of such a thing.  I can believe we are having routing issues or trunks that are misconfigured but VLAN cross talk?  This sounds like someone made up to sound like they think they know whats going on.  Has anyone heard of such?

0
Comment
Question by:jdbrooks99
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Expert Comment

by:fatlad
ID: 11791076
Hi there the problem you are referring to is sometimes seen. Within a switch you will have area of volatile memory that stores the MAC address of machines, and their VLAN details, along with the port they are connected to. This is used whenever a frame needs transmitting, it is what makes the switch act in a different way to a hub.

In the Cisco world this is called the CAM (Content Addressable Memory).

The CAM table keeps track of machine network locations and knows which port future traffic travels over because it saw previous communication there.

The CAM is obviously of finite size and so can be filled up, especially if flooded with entries. Once flooded, the switch will broadcast traffic without a CAM entry out on its local VLAN, possibly allowing an attacker to see traffic he wouldn't ordinarily see. Flooding is easy if you are trying to do it, even with big tables and high-end switches.

The easiest way to prevent this is to enable port secuirty, limiting the maximum number of MAC addresses accepted until the port is shutdown or future MAC addresses are recorded. See http://cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/config/sec_port.htm if you have a Cisco switch.

Hope that helps

FatLad

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 750 total points
ID: 11793411
Yes, it is a well-known issue with VLANs where you can flood the mac-address table until it is full, then all ports go into a forwarding mode.
http://www.corecom.com/external/livesecurity/vlansec.htm
Want an easy tool? Get Cain and Able http://www.oxid.it/cain.html

Another good reference doc:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question