Hi, I am seeing on my network a flood of LLC packets all seeming to come from the same MAC address (which is a mitel phone about 4 switches away from the capturing PC). Even stranger it is now unpluged and I am still seeing the traffic!! So I need some help in picking apart the wireshark log and tracking down where this data is coming from. asked 14 Aug '12, 04:23  DevilWAH |
2 Answers:
CDP is a Cisco proprietary protocol. They use it to learn about other switches in the network.
So, these packets are from one of your switches, that has CDP enabled. It's nothing to worry about, as long as it is not really flooding the network with these packets. You can disable CDP with this command:
For further information, please check the Cisco site:
BTW:
What is a flood in that case? How many packtes per second/minute do you see? Regards answered 14 Aug '12, 07:09  Kurt Knochner ♦ edited 14 Aug '12, 07:09 |
As CDP packets are multicast packets, they can be forwarded by switches if they do not absorb them. Cisco switches will receive the CDP packets and not forward them. Maybe your L2 network has a loop that is not blocked anywhere with spanning-tree, maybe only for a specific vlan? The fact that you have a storm of these messages even after you disconnect the source does suggest a loop too. What kind of switches are you using and what does the topology look like? answered 14 Aug '12, 10:02  SYN-bit ♦♦ |
