Hello all,
I have a really strange issue going on with our core layer 3 switch. It's an Aruba 5406R. For a couple weeks we've been getting random issues where the port utilization on one port will max out at 100%. It's only on the Tx side. The Rx side will have 0 pkts/sec, while the Tx side will be absolutely flooded.
It happens on different ports, and at random times of the day. When I look at the switch that should be receiving this flood of packets, there's nothing out of the ordinary.
I've set up a port mirror to try and capture the traffic when it happens with wireshark. I'm a little confused on what I'm getting from the capture, so I was wondering if I post my setup here someone could tell me if I was doing it correctly.
Example mirror setup:
- I want to connect my laptop to port 1/F2. So I run from config "mirror 1 port 1/F2".
- The flooded port will be 1/C1. So I run from the 1/C1 interface context "monitor all both mirror 1"
- On my NIC properties, I uncheck everything but the Npcap Packet drivers so my NIC doesn't send out any useless info.
What's weird is I get traffic from other VLANs that neither port are even tagged in. So I'm confused on how to read the Wireshark output.
Any tips or assistance on how to diagnose this, or my packet capture setup, is greatly appreciated!
No comments:
Post a Comment