• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1642
  • Last Modified:

LLC and CDP packet flooding

OK help please.

On wire shark I am seeing 200+ packets a second coming from a single device for CDP/LLC. At first it looked easy and tracing the source mac back to a Mitle phone I first rebooted the device, then shut down the port when that did not help.

But I am still seeing 200+ packets a second arriving at my PC with the port in a shut down state.

two questions,

1. On a 3com switch will shutting down a port stop CDP/LLC traffic??  (I think yes)

2. Assuming it does, which means this traffice is coming from a different source, how do I track it down? Every thing seems to lead back to the same port/device in the logs.

Cheers
CDP-flood.dmp
0
Aaron Street
Asked:
Aaron Street
  • 3
1 Solution
 
agonza07Commented:
That's funny. I ran into a problem like that too and was pulling my hair out. I was like "this isn't possible!"

Not gonna say for sure this is your problem, but just a thought.

The CDP messages are coming from a Mitel phone (5312IP to be exact.) I think you have your computer connected to that phone, which in turn is connected to the switch. When you turn off the port on the switch, you are still connected to the phone and getting those messages.

Try to turn off CDP on the switch, and see what you can do to turn it off on the phone too.

the answer to this one includes how to turn off CDP on the switch.
http://www.experts-exchange.com/Networking/Telecommunications/IP_Telephony/Q_26937033.html

Here's how to turn off CDP on a Mitel 3300, but not sure if it also applies to the 5312.
http://www.tek-tips.com/viewthread.cfm?qid=1630400
0
 
Aaron StreetInfrastructure ManagerAuthor Commented:
Nope,

the phone is in a building 500 meters from my PC ;) sitting on a desk unplugged with its cords wrapped up around it not plugged in too any thing.

;)

So I can assure you its not the phone sending the packets.

I have narrowed this down an it is actually seems to be a looping issue with one of the uplink ports from the access switch to the core. 3 of the four links seem fine, it is only when the forth link is brought up that the issue starts again.

I am thinking it could be the SFP or just a bug in the code on the switch, expecting a reboot will sort it out till I can look in to the code version and see if there are any known issues and update it to a later version.
0
 
Aaron StreetInfrastructure ManagerAuthor Commented:
This was a looping packet in the switch fabric I now think.

Removing all cables from the switch and it was still flooding the network. Finally rebooting the affected device and the issue has gone away.

Now checking the switch code and doc for any know issue.
0
 
Aaron StreetInfrastructure ManagerAuthor Commented:
issue was a bug/looping packet
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now