LLC and CDP packet flooding

Posted on 2012-08-14
Last Modified: 2012-08-21
OK help please.

On wire shark I am seeing 200+ packets a second coming from a single device for CDP/LLC. At first it looked easy and tracing the source mac back to a Mitle phone I first rebooted the device, then shut down the port when that did not help.

But I am still seeing 200+ packets a second arriving at my PC with the port in a shut down state.

two questions,

1. On a 3com switch will shutting down a port stop CDP/LLC traffic??  (I think yes)

2. Assuming it does, which means this traffice is coming from a different source, how do I track it down? Every thing seems to lead back to the same port/device in the logs.

Question by:Aaron Street
    LVL 20

    Expert Comment

    That's funny. I ran into a problem like that too and was pulling my hair out. I was like "this isn't possible!"

    Not gonna say for sure this is your problem, but just a thought.

    The CDP messages are coming from a Mitel phone (5312IP to be exact.) I think you have your computer connected to that phone, which in turn is connected to the switch. When you turn off the port on the switch, you are still connected to the phone and getting those messages.

    Try to turn off CDP on the switch, and see what you can do to turn it off on the phone too.

    the answer to this one includes how to turn off CDP on the switch.

    Here's how to turn off CDP on a Mitel 3300, but not sure if it also applies to the 5312.
    LVL 16

    Author Comment

    by:Aaron Street

    the phone is in a building 500 meters from my PC ;) sitting on a desk unplugged with its cords wrapped up around it not plugged in too any thing.


    So I can assure you its not the phone sending the packets.

    I have narrowed this down an it is actually seems to be a looping issue with one of the uplink ports from the access switch to the core. 3 of the four links seem fine, it is only when the forth link is brought up that the issue starts again.

    I am thinking it could be the SFP or just a bug in the code on the switch, expecting a reboot will sort it out till I can look in to the code version and see if there are any known issues and update it to a later version.
    LVL 16

    Accepted Solution

    This was a looping packet in the switch fabric I now think.

    Removing all cables from the switch and it was still flooding the network. Finally rebooting the affected device and the issue has gone away.

    Now checking the switch code and doc for any know issue.
    LVL 16

    Author Closing Comment

    by:Aaron Street
    issue was a bug/looping packet

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Join & Write a Comment

    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now