RE: protecting trunks from flooding

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Wed Apr 05 2006 - 16:58:24 GMT-3

• Next message: James Ventre: "Re: protecting trunks from flooding"
• Previous message: Chris Lewis: "Re: HSRP + PORT SECURITY"
• Maybe in reply to: Geert Nijs: "protecting trunks from flooding"
• Next in thread: James Ventre: "Re: protecting trunks from flooding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I believe that you will want to break each one of these down
separately....

DDOS, broadcast storms, stp loops.... you can do the first part with
MQC using policies (or legacy with rate-limiting). The second part
(broadcast storms) could be done on the switch using storm-control.
And, the STP loops could be done on the switches with a combination of
BPDU and loop guard. Hope this helps and maybe others have some other
ideas.

Dave Schulz,
Email: dschulz@dpsciences.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Geert Nijs
Sent: Wednesday, April 05, 2006 10:41 AM
To: ccielab@groupstudy.com
Subject: protecting trunks from flooding

Hi all,

What is the best way to protect ONE VLAN on a trunk interface from
becoming squuezed away by a DDOS attack on another vlan ?
I want to protect bandwidth on some critical VLANs, no matter what
happens (DDOS, broadcast storm, STP loops) in the other VLANs.

regards,

Geert Nijs
Service Engineer
Networks Lan/Wan

########################################################################
#####
########
Simac N.V. trades under the commercial name Simac ICT Belgium.
This e-mail and any attached files are confidential and may be legally
privileged.
If you are not the addressee, any disclosure, reproduction, copying,
distribution,
or other dissemination or use of this communication is strictly
prohibited.
If you have received this transmission in error please notify Simac
immediately
and then delete this e-mail.

Simac has taken all reasonable precautions to avoid virusses in this
email.
Simac does not accept liability for damage by virusses, for the correct
and
complete
transmission of the information, nor for any delay or interruption of
the
transmission,
nor for damages arising from the use of or reliance on the information.

All e-mail messages addressed to, received or sent by Simac or Simac
employees
are deemed to be professional in nature. Accordingly, the sender or
recipient
of
these messages agrees that they may be read by other Simac employees
than the
official
recipient or sender in order to ensure the continuity of work-related
activities
and allow supervision thereof.
########################################################################
#####
########

• Next message: James Ventre: "Re: protecting trunks from flooding"
• Previous message: Chris Lewis: "Re: HSRP + PORT SECURITY"
• Maybe in reply to: Geert Nijs: "protecting trunks from flooding"
• Next in thread: James Ventre: "Re: protecting trunks from flooding"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3