Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Doubt regarding Switching Principle

Re: Doubt regarding Switching Principle 8 years 3 months ago #31103

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
You're right about the problem, but that's the way a switch works. In normal networks the percentage of flooded frames to normal frames is low so it isn't a problem. And I have to wonder given, say, a 24-port switch with a backplane capable of several gigabits of throughput, how much impact one device on one port would have. It certainly could generate a fair amount of traffic but I don't think it would bring the switch to its knees. The more likely outcome would be that a few users might complain of slow response, you'd monitor the switch and see the problem, then you'd go visit the user with an offer of alternative employment
The administrator has disabled public write access.

Re: Doubt regarding Switching Principle 8 years 3 months ago #31109

  • Perlhack
  • Perlhack's Avatar
  • Offline
  • Frequent Member
  • Posts: 49
  • Karma: 0
There are some features to limit the impact like broadcast and multicast storm control. Look at the offenders source MAC and To solve the issue, shutdown his/her switchport.
The administrator has disabled public write access.

Re: Doubt regarding Switching Principle 8 years 3 months ago #31121

  • gvkalra
  • gvkalra's Avatar
  • Offline
  • New Member
  • Posts: 7
  • Karma: 0
There are some features to limit the impact like broadcast and multicast storm control. Look at the offenders source MAC and To solve the issue, shutdown his/her switchport.


Could you please discuss out those configurations ?
The administrator has disabled public write access.

Re: Doubt regarding Switching Principle 8 years 3 months ago #31124

  • Perlhack
  • Perlhack's Avatar
  • Offline
  • Frequent Member
  • Posts: 49
  • Karma: 0
On a 3350:
Switch_3(config)#int fa 0/22

Switch_3(config-if)#storm-control ?
broadcast Broadcast address storm control
multicast Multicast address storm control
unicast Unicast address storm control

Switch_3(config-if)#storm-control broadcast level ?
<0 - 100> Enter Integer part of storm suppression level

Switch_3(config-if)#storm-control broadcast level 50

Switch_3#sh storm-control fa0/22
Interface Filter State Level Current



Fa0/22 Forwarding 50.00% 0.00%
Switch_3#
The administrator has disabled public write access.

Re: Doubt regarding Switching Principle 8 years 3 months ago #31134

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
These will help, but do remember that a broadcast and a flooded frame are not necessarily the same thing - you'll need to read the switch documentation carefully to find out what types of frames each of these commands actually work with
The administrator has disabled public write access.

Re: Doubt regarding Switching Principle 8 years 3 months ago #31141

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
On some higher models of Cisco switches, you can detect such excessive flooding using the mac-address-table unicast-flood command, and then take specified action if flooding exceeds a specified amount. I've never tried it my self, so this might help:

www.cisco.com/en/US/products/hw/switches...01d0808.shtml#detect

www.cisco.com/en/US/docs/switches/lan/ca...ecure.html#wp1078807

On the other hand Port Security is a partial but not definite solution to this problem. You could configure the switch (if it supports port security) to allow only trusted source MAC addresses to use a switch port. An outsider/hacker will have to be smart enough to CHANGE his MAC address to match the one you configured on the port he is connected to. That to be able to send any traffic at all using the switch. It's not impossible to hack into this, but certainly is less possible. Surely, if naughtiness comes from within your own users/organization then this is no use :lol:
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.105 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup