Unicast Broadcasts

Hi,

I have a issue with broadcast storms that has been an issue for a long time, thought i’d ask your opinion.

I have a switch, on that switch i have a management vlan, lets call it Vlan100 its a /24 subnet.

Connected to my switch are a variety of routers, 800’s, 1900’s etc and each of these routers also has that management vlan, again a /24

Sometimes what happens is, one if those routers stars flapping, could be for any number of reasons.

When the flapping happens, the storm begins. I start getting loads of traffic heading out towards my end devices, i know that it is Vlan 100 that is causing this, i also see the increased traffic in one way only, i see it outwards from the switch to the routers.

I can make the issue go away with

clear arp-cache interface vlan 100 (sometimes a couple of times is required)

I spent days/weeks working with storm control, but i could never catch the storm, so perhaps broadcasts is a bad terminology to use.

One solution i am considering, is changing the timings on the mac-address aging time, or the arp-table timing, as i have had similar issues with other devices.

Your thought comments would be appreciated

Hello Andrew,

You only have a single switch and this command, you run it on the switch? The switch has a management IP address in VLAN 100?

The MAC address aging time is 5 minutes and for the ARP table, it’s 4 hours.

When you clear the ARP cache on Cisco IOS, it sends ARP requests right away. It sounds somehow that your switch is unable to re-learn some MAC addresses which is my it floods unknown unicast traffic.

Have you ever checked the ARP table and MAC address table when this happens? Or captured the traffic to see what kind of frames it is flooding?

You could configure a SPAN beforehand so when it happens, you can check it right away. I would first try to find where it is coming from before making any changes.

Rene