Common reason is we constantly move computers around (college environment). Port security has been looked into, unfortunately management has decided not to use this for various reasons.I completely agree with not being 100% sure finding all redundant links and unknown switches on the network, but as best of our finding, this this is the case until we find further evidence.Using Arpwatch is definitely something we can try but i suspect because several access port is registering mac address even though it doesn't belong to this port, the conclusion of arpwatch may not be useful.I personally also agree with majority, whereby the broadcast domain is far too big. However, we do intend to split this up in the future but unfortunately this issue occured before we could do this. We are now at a stage, where we will require huge amount of downtime to isolate each area at a time unless anyone else has some ideas to identify the source or root cause of this weird and bizarre issue. IPv4 policy based routing aces: 452/452 12/12
IPv4 unicast indirectly-connected routes: 2048/2048 77/77 IPv4 IGMP groups + multicast routes: 1120/1120 1/1
Hoping someone here might have some insight to the issue we are facing.