1

I am by no means an expert when it comes to networking, I've inherited one which I am pretty much sure is wrong and due to my lack of experience I have no idea how to clean it up.

The network looks like this simplified:

enter image description here

L2 switches have multiple devices connected to them.

Some devices act as wireless bridges that connect to access points that then get connected to wirelessly by clients.

The important part is that each L2 switch consists of multiple subnets. In this example

  • 10.10.10.0/24
  • 10.10.20.0/24
  • 10.10.30.0/24

Devices that are part of these networks are scattered randomly, but eventually end up at one of the L2 switches.

I am seeing behaviour such as unicast flooding. (E.g in wireshark, if I am at PC5)

not eth.addr == <MY_MAC_ADDRESS> and ip.addr != 10.10.10.2 and ip.addr != 10.10.10.255

I can see traffic from or destined to other networks (10.10.20.0/24 and 10.10.30.0.24) - even if the hosts are located in the other L2 switch.

Not to mention that this has a negative impact on the router which can be felt especially at peak hours (bandwidth dropping eratically).

The only safety measure implemented on the switches is Port Isolation, but I don't think it's doing it's job.

What I could do to improve the situation?

Are VLANs out of the question because subnets are scattered on the L2 switches?

I can remotely change clients (that connect wirelessly) to use PPPOE protocol, but would this help with such unicast flooding?

What would you suggest?

krdx
  • 171
  • 2
  • 10

1 Answers1

2

Unicast flooding in and of itself isn't abnormal. A certain level of unicast flooding is going to happen as MAC addresses age out of the CAM (MAC address) tables on the switches. If you have excessive unicast flooding then I might posit that you have a problem with the Spanning Tree Topology of your switching infrastructure. The first thing I would suggest is that you look at all of the inter-switch links to determine that current STP topology and to verify that you don't have any switch loops (draw them out on a piece of paper in order to visualize them). If you're using any unmanaged switches then my suggestion would be to replace those with managed switches. You don't want to mix managed switches (that support STP) with unmanaged switches (that don't support STP).

As far as implementing VLAN's is concerned, that's probably a good idea in this case. That will limit the scope of Unicast flooding and Broadcast traffic to each VLAN. You'll need to configure the inter-switch links appropriately as Trunk ports to carry traffic for all of the VLAN's. You'll also need to configure either the router or the Layer 3 switch to route traffic between each of the VLAN's.

joeqwerty
  • 108,377
  • 6
  • 80
  • 171
  • Hi. Thanks. What I am wondering is that are VLANs applicable in a situation like mine: The two L2 switches connect hosts that can be a member of any the 3 subnets (10.10.10.0/24, 10.10.20.0/24, 10.10.30.0/24). Usually when VLANs are concerned the examples show that there's one subnet per port, or switch. Then it's pretty easy to reason about VLANs. In my situation there's no logical division like this. The subnets are randomly scattered around the L2 switches. I am trying to research if I could still benefit from VLANs though or would this be not adviced with this network setup. – krdx Mar 15 '15 at 19:37
  • For example, one port in the L2 switch can carry traffic from all 3 subnets. (Like in the wireless network bridge example in the diagram). To make matters worse I have about 20 ports like that. – krdx Mar 15 '15 at 19:46