Solved

VLAN cross talk?  such a thing?  VLAN Traffic broadcasting accross other VLANs

Posted on 2004-08-12
2
1,104 Views
Last Modified: 2008-03-10
This question is far out there but I am going to ask this anyway.  I work with a group of guys that think they know everything about networking and have all of the answers.  Here is a statement one was proposing was a cause to a traffic problem on our network.  We have a network that when you sniff traffic you can see VLAN traffic from host on other VLANS communicating that should not be broadcast within the VLAN your on.  Granted this is a problem but one of the reasons for this was that we are experiencing VLAN cross talk.  What is this?  It was explained to me that VLAN cross talk is when a switch is overloaded and will send a broadcast to all ports regardless of VLAN membership.  This was news to me and I have never heard of such a thing.  I can believe we are having routing issues or trunks that are misconfigured but VLAN cross talk?  This sounds like someone made up to sound like they think they know whats going on.  Has anyone heard of such?

0
Comment
Question by:jdbrooks99
2 Comments
 
LVL 3

Expert Comment

by:fatlad
ID: 11791076
Hi there the problem you are referring to is sometimes seen. Within a switch you will have area of volatile memory that stores the MAC address of machines, and their VLAN details, along with the port they are connected to. This is used whenever a frame needs transmitting, it is what makes the switch act in a different way to a hub.

In the Cisco world this is called the CAM (Content Addressable Memory).

The CAM table keeps track of machine network locations and knows which port future traffic travels over because it saw previous communication there.

The CAM is obviously of finite size and so can be filled up, especially if flooded with entries. Once flooded, the switch will broadcast traffic without a CAM entry out on its local VLAN, possibly allowing an attacker to see traffic he wouldn't ordinarily see. Flooding is easy if you are trying to do it, even with big tables and high-end switches.

The easiest way to prevent this is to enable port secuirty, limiting the maximum number of MAC addresses accepted until the port is shutdown or future MAC addresses are recorded. See http://cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/config/sec_port.htm if you have a Cisco switch.

Hope that helps

FatLad

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 11793411
Yes, it is a well-known issue with VLANs where you can flood the mac-address table until it is full, then all ports go into a forwarding mode.
http://www.corecom.com/external/livesecurity/vlansec.htm
Want an easy tool? Get Cain and Able http://www.oxid.it/cain.html

Another good reference doc:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How Can i get Two 3-User licenses of Quickbooks to work??? 6 85
Password recovery 2960S 4 35
Edge switch problems cisco 2960 25 51
AD Design Best Practices 6 36
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question