Solved

VLAN cross talk?  such a thing?  VLAN Traffic broadcasting accross other VLANs

Posted on 2004-08-12
2
1,092 Views
Last Modified: 2008-03-10
This question is far out there but I am going to ask this anyway.  I work with a group of guys that think they know everything about networking and have all of the answers.  Here is a statement one was proposing was a cause to a traffic problem on our network.  We have a network that when you sniff traffic you can see VLAN traffic from host on other VLANS communicating that should not be broadcast within the VLAN your on.  Granted this is a problem but one of the reasons for this was that we are experiencing VLAN cross talk.  What is this?  It was explained to me that VLAN cross talk is when a switch is overloaded and will send a broadcast to all ports regardless of VLAN membership.  This was news to me and I have never heard of such a thing.  I can believe we are having routing issues or trunks that are misconfigured but VLAN cross talk?  This sounds like someone made up to sound like they think they know whats going on.  Has anyone heard of such?

0
Comment
Question by:jdbrooks99
2 Comments
 
LVL 3

Expert Comment

by:fatlad
ID: 11791076
Hi there the problem you are referring to is sometimes seen. Within a switch you will have area of volatile memory that stores the MAC address of machines, and their VLAN details, along with the port they are connected to. This is used whenever a frame needs transmitting, it is what makes the switch act in a different way to a hub.

In the Cisco world this is called the CAM (Content Addressable Memory).

The CAM table keeps track of machine network locations and knows which port future traffic travels over because it saw previous communication there.

The CAM is obviously of finite size and so can be filled up, especially if flooded with entries. Once flooded, the switch will broadcast traffic without a CAM entry out on its local VLAN, possibly allowing an attacker to see traffic he wouldn't ordinarily see. Flooding is easy if you are trying to do it, even with big tables and high-end switches.

The easiest way to prevent this is to enable port secuirty, limiting the maximum number of MAC addresses accepted until the port is shutdown or future MAC addresses are recorded. See http://cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/config/sec_port.htm if you have a Cisco switch.

Hope that helps

FatLad

0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 11793411
Yes, it is a well-known issue with VLANs where you can flood the mac-address table until it is full, then all ports go into a forwarding mode.
http://www.corecom.com/external/livesecurity/vlansec.htm
Want an easy tool? Get Cain and Able http://www.oxid.it/cain.html

Another good reference doc:
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper09186a008013159f.shtml
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Use of vpn-filter value  in S2S VPN 2 49
Cisco 5508 WLC software upgrade 2 71
google exe file 5 65
nested esxi, NIC issues 1 32
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question