From: Geert Nijs (geert.nijs@simac.be)
Date: Wed Apr 05 2006 - 18:46:56 GMT-3
Yes, i was also thinking that way:
for example
HARDWARE: C4500 switch with supervisor 4 module
I have 2 access ports configured in vlan 8 (high priority vlan)
and one trunk port carrying vlan 8 + vlan 2 traffic (1 gig speed)
I want to put vlan 8 traffic in the high priority egress queue on the
trunk interface, so that it takes priority over all other traffic.
I was thinking about the following config:
Switch(config) int gi1/1
Switch(config-if) switchport access vlan 8
Switch(config-if) qos cos 6
Switch(config) int gi1/2
Switch(config-if) switchport access vlan 8
Switch(config-if) qos cos 6
! cos 6 gets mapped to DSCP 48 by default
Switch(config) qos map dscp 48 to tx-queue 3
Switch(config) int gi2/0
Switch(config-if) switchport mode trunk
Switch(config-if) switchport trunk allowed vlans 2,8
Switch(config-if) tx-queue 3
Switch(config-if-tx-queue)# priority high
! Takes priority over other queues
Switch(config-if-tx-queue)# bandwidth 100000000
! does this reserve 100 Mbit for this output queue (as a minimum) ? Or
does it also limit the output to 100 Mbit. I have no idea.
regards,
Geert
-----Oorspronkelijk bericht-----
Van: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Namens Leigh
Harrison
Verzonden: woensdag 5 april 2006 17:27
Aan: Geert Nijs
CC: ccielab@groupstudy.com
Onderwerp: Re: protecting trunks from flooding
Hi there Geert,
Depending on the switches you've got, I'd put in some QoS and ensure
that you main vlan(s) have guaranteed bandwidth.
LH
Geert Nijs wrote:
> Hi all,
>
> What is the best way to protect ONE VLAN on a trunk interface from
> becoming squuezed away by a DDOS attack on another vlan ? I want to
> protect bandwidth on some critical VLANs, no matter what happens
> (DDOS, broadcast storm, STP loops) in the other VLANs.
>
> regards,
>
> Geert Nijs
> Service Engineer
> Networks Lan/Wan
>
>
>
> ######################################################################
> #######
> ########
> Simac N.V. trades under the commercial name Simac ICT Belgium.
> This e-mail and any attached files are confidential and may be legally
> privileged.
> If you are not the addressee, any disclosure, reproduction, copying,
> distribution,
> or other dissemination or use of this communication is strictly
prohibited.
> If you have received this transmission in error please notify Simac
> immediately
> and then delete this e-mail.
>
> Simac has taken all reasonable precautions to avoid virusses in this
> email. Simac does not accept liability for damage by virusses, for the
> correct and complete transmission of the information, nor for any
> delay or interruption of the transmission,
> nor for damages arising from the use of or reliance on the
information.
>
> All e-mail messages addressed to, received or sent by Simac or Simac
> employees are deemed to be professional in nature. Accordingly, the
> sender or recipient of these messages agrees that they may be read by
> other Simac employees than the official
> recipient or sender in order to ensure the continuity of work-related
> activities
> and allow supervision thereof.
>
########################################################################
#####
> ########
>
> ______________________________________________________________________
> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3