Okay this is a bizarre one but I hope that someone can help me out.
My clients (physician offices) are all connected to a hospital via VLANs. Everything was working great until the hospital replaced their Cisco core router with a Nortel core router.
Now (and this happens on all VLANs) every second a VRRP packet is sent from the Nortel core router out, then within that 1 second of time anywhere from 3-8 packets are sent out that are the protocol 0x8104 that has the info of Ethernet II (on my ethereal sniffer).
The VRRP packet I can handle but these others are only 60 bytes long and they look like malformed packets. Why I say that is the source address is 00:1f:da:86:82:03 but the destination address is 01:1f:da:86:80:00. Did you see how the packet took the source address move all bits over one character then added a 00 at the end?
Doing some digging it looks like it is a malformed IPX packet, since 0x8104 is in between to etherytpes on this chart:
Since they put the Nortel switch in place there has been random drop offs at all locations for no rhyme nor reason. If I disconnect the hospital VLAN then everything goes back to normal and is very clean.
Is this normal with Nortel switches or could one of the cards or parts of the router be bad?
I am really thinking that this is a malformed packet storm that is happening. Even though it is only 8 packets or so per second, can't this cause these issues that I am describing?