MAC flooding or spoofing or else?

Hi all,

I'm a network administrator in our company. We have 6 Catalyst 3548XL switchs connected together as our LAN. Today, my laptop experienced severe packet drop. That is, when I "ping" to our router(on the same switch with my laptop), I got lots of time out(packet loss) among all ping replies. But my colleague's laptop work fine with 100% packet received, when ping to that router.

Then I check the log of the switch that my laptop connects(SW1, f0/10), I found a message "%RTD-1-ADDR_FLAP: FastEthernet0/10 relearning 160 addrs per min". When I connected my laptop to another port, I still got lots of ping time out.

Somebody on the Internet told me to try to use "port security" command on f0/10 to restrict the max count of MAC address of the port connected with my laptop to 1. Surprisingly, no ping time out and 100% packets received.

I doubt if I'm attacked by some kind of MAC flooding or spoofing? Or my LAN exists loop? Is there any idea that can explain this?

Why using port security(with max mac count 1) on f0/10 can remedy my ping time out problem?

Reply to
Michael Shiah
Loading thread data ...

How long ago have You checked/scanned Your laptop for viruses? You might have had a worm attack originated from Your laptop which resulted in a flood of packets with random source MAC hitting Fa0/10 and causing high switch CPU utilization, hence the syslog message below. "port-security" forced these packets to be dropped and pings were able to get through. HTH Cheers Alex

Reply to
ETLALAR Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.