All,
I have multiple security monitoring devices that lose communication/connectivity on a regular basis throughout the week.
I have set up WireShark to monitor the network traffic going to/from one of the switch ports. I see that when communication with the security device fails, a large, abnormal amount of traffic is directed through the switchport(it typically takes 2-8 hours to generate a 200M pcap file, when the communication fails, I see that a 200M file has been generated in just a few seconds). This traffic is typically between our network video servers(2), the video wall(2 workstation servers), and the network cameras(approx 50). The IP and mac addresses fields in the packets sent to the security device do not match the security device.
The security devices(7-8), network video servers, the video wall servers, and cameras are all on the same switch(3 stacked 48-port HPE switches), and on the same VLAN. We have other VLANs and devices that are not affected by this issue.
The security devices, NVR's, cameras, video wall workstations are all static configurations with reservations set up in Active Directory(Windows Server 2016)
The arp table and the mac address table on the switch are both set up with static addresses for the security devices.
What are the troubleshooting steps to determine why this network traffic is getting sent to the switchport--I've ran Wireshark, and I see the traffic going to the switchport, I have looked at the arp and mac-address tables, I've set up the addresses statically in the mac/arp tables.
Thanks for your assistance--
Clyde Reed
