From: Sean C. (Upp_and_Upp@hotmail.com)
Date: Thu Sep 14 2006 - 01:02:04 ART
Hi Chris,
Me thinks someone is doing an IEWB lab. ;-)
2 separate solutions:
1-The first task's solution has already been posted by others:
task: have two servers on fa0/1 and fa0/4, how do I prevent them from
passing traffic between each other
solution: to stop the servers ports from talking to each other, configure
each port:
switchport protected.
2-The second task was the stumper for me (and why I remember this so well):
task: I also want to configure SW1 so that if servers are compromised random
unicast and multicast MAC address frames cant be sent out
solution: under each port, configure:
switchport block unicast
switchport block multicast
Per the DocCD: By default, all traffic with unknown MAC addresses is sent
to all ports. You can block unknown multicast or unicast traffic on
protected or non-protected ports. If unknown multicast or unicast traffic is
not blocked on a protected port, there could be security issues.
Blocking unknown multicast or unicast traffic is not automatically enabled
on protected ports; you must explicitly configure it.
http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225see/cr/cli2.htm#wp3432214
HTH,
Sean
----- Original Message -----
From: "chris" <iannaconec@optonline.net>
To: <ccielab@groupstudy.com>
Sent: Wednesday, September 13, 2006 10:07 AM
Subject: Switches
I am over thinking this , if I have two servers on fa0/1 and fa0/4 ,
how do I prevent them from passing traffic between each other
sw mode access on both ports , or should I use a sticky-mac address
of the server
I also forgot how to enable netbui support - I remember it is a
bridged protocol
I also want to configure SW1 so that if servers are compromised
random unicast and multicast MAC address frames cant be sent out
this leads me to the second solution above mac address-sticky , I
dont recall seeing a mac address for a switchport ?
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART