Re: storm-control vs switchport block

From: Marvin Wu (marvinwu@gmail.com)
Date: Wed Sep 07 2005 - 15:18:21 GMT-3

• Next message: Godswill Oletu: "Re: What is difference about "distribute-list out" and"
• Previous message: Edwards, Andrew M: "RE: storm-control vs switchport block"
• Maybe in reply to: James Matrisciano: "storm-control vs switchport block"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

isn't that even with port blocking the "known" traffic will still be
forwarded ? it will only block frames with unknown destination mac.

-Marvin

On 9/7/05, Edwards, Andrew M <andrew.m.edwards@boeing.com> wrote:
>
> James,
>
> These seem the same but they're different. Plus, the requirement is
> fairly vague, as ususal, with one specific keyword. "block
> unicast/multicast OUT of and interface".
>
> Storm control monitors packets INBOUND and drops frames when the %
> bandwidth of the interface reaches the defined level. If you set this
> to 0.0 for multicast that will effectively block all inbound multicast,
> unicast, and broadcast; only allowing STP frames inbound. If you set
> only unicast/broadcast the above statement is true for those types of
> frames only; STP remains unchanged.
>
> Wherease, blocking references protected ports and the forwarding of
> "unknown" multicast/unicast traffic from one port to another (e.g.
> outbound blocking).
>
> Per CCO:
>
> "Configuring Port Blocking
> By default, the switch floods packets with unknown destination MAC
> addresses to all ports. If unknown unicast and multicast traffic is
> forwarded to a protected port, there could be security issues.
>
> To prevent unknown unicast or multicast traffic from being forwarded
> from one port to another, you can configure a port (protected or
> nonprotected) to block unknown unicast or multicast packets"
>
> Now, because the vague requirement references blocking outbound, I would
> suggest using switchport blocking only.
>
> My 2 cents.
>
> andy
>
> -----Original Message-----
> From: James Matrisciano [mailto:jmatrisciano@kenttech.com]
> Sent: Wednesday, September 07, 2005 7:03 AM
> To: ccielab@groupstudy.com
> Subject: storm-control vs switchport block
>
>
> all,
>
> Have a question that maybe someone can answer for me.
>
> Lets say that I am required to block all unicast and/or multicast
> traffic out of a port.
>
> Will these commands fulfill the same requirment
>
> interface f0/14
> switchport block unicast
> switchport block multicast
>
> interface f0/14
> storm-control unicast level 0.00
> storm-control multicast level 0.00
>
> just trying to make sure I have extra tools in the tool box if
> limitations are set forth by our beloved proctors :)
>
> jm
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Godswill Oletu: "Re: What is difference about "distribute-list out" and"
• Previous message: Edwards, Andrew M: "RE: storm-control vs switchport block"
• Maybe in reply to: James Matrisciano: "storm-control vs switchport block"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3