Host A traceroute to Host B stop @ Host_B default_gateway, If clear ARP on the router. It back to normal.
From the beginning, I checked the STP, interface, routing. HSRP, Trunk interface, but, I still cann't define what the problem is. the we turn off the netflow option on the interface, the drop packet was stop increase. We think it's over, 10 mins later, AGAIN.....why....
We checked all task again, also capture the packet from vlan 128, it's huge packet from the vlan. My laptop cann't take it. So I stop capture the packet. after 2 hours. I think I can capture a smaller switch uplink only, not all vlan 128. Then I found, the Host_B do send the icmp echo to the Host_A with the wrong MAC address to some unknow host. I know what it is.
Dynamic ARP Inspection
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/dynarp.html#wpxref26976
I shutdown the port. the service come back and never happen again. what a 11 Hours action fomr 22:00 to 10:00 in the morning....
I need 5 days to recovery.
No comments:
Post a Comment