LTLnetworker | IT hálózatok, biztonság, Cisco

               IT networks, security, Cisco

Why is this huge traffic appearing here? Unknown unicast flood

Posted by ltlnetworker on October 5, 2014

Switches usually forward unicast frames to the necessary direction only. Selecting the egress port depends on the MAC address table that is populated by MAC learning. The switch has a chance to learn an address and keep it in the table only if frames are sent from that address regularly. Cisco switches’ default aging time is 300 s, a MAC address is dropped from the table if no frames arrive for 5 minutes.

Unknown unicast flood occurs if traffic is sent to a MAC address which was
a) never learned
b) already aged out
from the MAC address table. In this case, the frame is flooded out on all ports belonging to the VLAN just like a broadcast.
Posted in Cisco, switch

Unreachable network behind TMG

Posted by ltlnetworker on February 3, 2013

I was asked to troubleshoot Active Directory DC synchronization network issues. Two DC’s are behind TMG, the third is in an ASA DMZ so the path is :

                  DC0  —            ASA   —                          TMG — DC73

         — ASA — — TMG —

The TMG performs no NAT for these networks so it’s plain routing. TMG has a default gateway set to ASA and ASA has a static route pointing to TMG’s outside address .

Connectivity was completely broken (no ping, AD sync fail). On the ASA we could see half-open TCP connections:
Posted in ASA, Cisco