RE: storm-control vs switchport block

From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Wed Sep 07 2005 - 14:58:09 GMT-3

• Next message: Marvin Wu: "Re: storm-control vs switchport block"
• Previous message: A Molica: "RE: route feedback"
• Maybe in reply to: James Matrisciano: "storm-control vs switchport block"
• Next in thread: Marvin Wu: "Re: storm-control vs switchport block"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

James,

These seem the same but they're different. Plus, the requirement is
fairly vague, as ususal, with one specific keyword. "block
unicast/multicast OUT of and interface".

Storm control monitors packets INBOUND and drops frames when the %
bandwidth of the interface reaches the defined level. If you set this
to 0.0 for multicast that will effectively block all inbound multicast,
unicast, and broadcast; only allowing STP frames inbound. If you set
only unicast/broadcast the above statement is true for those types of
frames only; STP remains unchanged.

Wherease, blocking references protected ports and the forwarding of
"unknown" multicast/unicast traffic from one port to another (e.g.
outbound blocking).

Per CCO:

"Configuring Port Blocking
By default, the switch floods packets with unknown destination MAC
addresses to all ports. If unknown unicast and multicast traffic is
forwarded to a protected port, there could be security issues.

To prevent unknown unicast or multicast traffic from being forwarded
from one port to another, you can configure a port (protected or
nonprotected) to block unknown unicast or multicast packets"

Now, because the vague requirement references blocking outbound, I would
suggest using switchport blocking only.

My 2 cents.

andy

-----Original Message-----
From: James Matrisciano [mailto:jmatrisciano@kenttech.com]
Sent: Wednesday, September 07, 2005 7:03 AM
To: ccielab@groupstudy.com
Subject: storm-control vs switchport block

all,

Have a question that maybe someone can answer for me.

Lets say that I am required to block all unicast and/or multicast
traffic out of a port.

Will these commands fulfill the same requirment

interface f0/14
switchport block unicast
switchport block multicast

interface f0/14
storm-control unicast level 0.00
storm-control multicast level 0.00

just trying to make sure I have extra tools in the tool box if
limitations are set forth by our beloved proctors :)

jm

• Next message: Marvin Wu: "Re: storm-control vs switchport block"
• Previous message: A Molica: "RE: route feedback"
• Maybe in reply to: James Matrisciano: "storm-control vs switchport block"
• Next in thread: Marvin Wu: "Re: storm-control vs switchport block"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3