LTLnetworker | IT hálózatok, biztonság, Cisco

               IT networks, security, Cisco

Posts Tagged ‘arp’

Why is this huge traffic appearing here? Unknown unicast flood

Posted by ltlnetworker on October 5, 2014


Switches usually forward unicast frames to the necessary direction only. Selecting the egress port depends on the MAC address table that is populated by MAC learning. The switch has a chance to learn an address and keep it in the table only if frames are sent from that address regularly. Cisco switches’ default aging time is 300 s, a MAC address is dropped from the table if no frames arrive for 5 minutes.

Unknown unicast flood occurs if traffic is sent to a MAC address which was
a) never learned
b) already aged out
from the MAC address table. In this case, the frame is flooded out on all ports belonging to the VLAN just like a broadcast.
Read the rest of this entry »

Posted in Cisco, switch | Tagged: , | Leave a Comment »

Unreachable network behind TMG

Posted by ltlnetworker on February 3, 2013


I was asked to troubleshoot Active Directory DC synchronization network issues. Two DC’s are behind TMG, the third is in an ASA DMZ so the path is :

                  DC0  —            ASA   —                          TMG — DC73

Subnets:
                  10.0.0.0/24 — ASA — 10.0.203.0/24 — TMG — 10.0.73.0/24

The TMG performs no NAT for these networks so it’s plain routing. TMG has a default gateway set to ASA and ASA has a static route pointing to TMG’s outside address 10.0.203.100 .

Connectivity was completely broken (no ping, AD sync fail). On the ASA we could see half-open TCP connections:
Read the rest of this entry »

Posted in ASA, Cisco | Tagged: , , | Leave a Comment »