Solved

VLAN cross talk?  such a thing?  VLAN Traffic broadcasting accross other VLANs

Posted on 2004-08-12
2
1,067 Views
Last Modified: 2008-03-10
This question is far out there but I am going to ask this anyway.  I work with a group of guys that think they know everything about networking and have all of the answers.  Here is a statement one was proposing was a cause to a traffic problem on our network.  We have a network that when you sniff traffic you can see VLAN traffic from host on other VLANS communicating that should not be broadcast within the VLAN your on.  Granted this is a problem but one of the reasons for this was that we are experiencing VLAN cross talk.  What is this?  It was explained to me that VLAN cross talk is when a switch is overloaded and will send a broadcast to all ports regardless of VLAN membership.  This was news to me and I have never heard of such a thing.  I can believe we are having routing issues or trunks that are misconfigured but VLAN cross talk?  This sounds like someone made up to sound like they think they know whats going on.  Has anyone heard of such?

0
Comment
Question by:jdbrooks99
2 Comments
 
LVL 3

Expert Comment

by:fatlad
ID: 11791076
Hi there the problem you are referring to is sometimes seen. Within a switch you will have area of volatile memory that stores the MAC address of machines, and their VLAN details, along with the port they are connected to. This is used whenever a frame needs transmitting, it is what makes the switch act in a different way to a hub.

In the Cisco world this is called the CAM (Content Addressable Memory).

The CAM table keeps track of machine network locations and knows which port future traffic travels over because it saw previous communication there.

The CAM is obviously of finite size and so can be filled up, especially if flooded with entries. Once flooded, the switch will broadcast traffic without a CAM entry out on its local VLAN, possibly allowing an attacker to see traffic he wouldn't ordinarily see. Flooding is easy if you are trying to do it, even with big tables and high-end switches.

The easiest way to prevent this is to enable port secuirty, limiting the maximum number of MAC addresses accepted until the port is shutdown or future MAC addresses are recorded. See http://cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/config/sec_port.htm if you have a Cisco switch.

Hope that helps

FatLad

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 11793411
Yes, it is a well-known issue with VLANs where you can flood the mac-address table until it is full, then all ports go into a forwarding mode.
http://www.corecom.com/external/livesecurity/vlansec.htm
Want an easy tool? Get Cain and Able http://www.oxid.it/cain.html

Another good reference doc:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Super Scope, DHCP 5 53
Tagging ports on a managed switch 6 52
cutting over to a new network 9 69
Cisco RV 130 - No internet on wired connections, wireless clients ok 32 30
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now