From: Hansang Bae (hbae@xxxxxxxxxx)
Date: Sat Aug 10 2002 - 03:04:46 GMT-3
At 08:22 PM 8/9/2002 +0100, Colin Barber wrote:
>Hi Guys,
>Sorry for the OT. Today at work some bright spark got the ip address and
>default gateway the wrong way round on a Unix box in our data centre and
>took down the whole subnet; just 200 systems and 8000 users not able to
>communicate!
>
>Has anybody got any ideas on the best way to protect the default gateway ip
>address from misconfiguration? The device is a 300 port 6509 with the
>default gateway being the internal MSFCs. The only way I can thing of is
>using native IOS on the cat and applying an input access list denying the
>source ip address of the default gateway on all 300 Ethernet ports. I know
>the MSFCs can wire-speed route ip and standard and extended access lists but
>does the first packet still need to be processed switched? Whatever solution
>I use it cannot affect performance of the router, switch or the clients.
Won't work. How do you prevent the Unix box from responding to arp frames sent
by the users?
hsb
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:48:22 GMT-3