Re: Switch security.

From: Kal Han (calikali2006@gmail.com)
Date: Mon Nov 20 2006 - 17:37:11 ART

• Next message: Bob Sinclair: "Working 3560 Vlan-Based QoS example"
• Previous message: elias.chari@gmail.com: "DHCP Server source address - how?"
• Maybe in reply to: V Shekhar: "Switch security."
• Next in thread: Michael Zuo: "RE: Switch security."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

when you enable two ports as protected,
those two ports cannot communicate at all.
( not unicast, broadcast, multicast )

But for unknown destination mac addresses, switch
by default will flood to all ports.
This way some packets from one protected port can
go to the other.

If you do not want this behavior, you need to configure
switchport block unicast | multicast

Thanks
Kal

On 11/19/06, V Shekhar <vshekhar25@yahoo.com> wrote:
>
> If the 1st requirent asks, to make sure two hosts (A &B) connected via a
> switch should not communicate directly. (Should do Via host C).
> Hence I configure A & B connected to protected ports.
> And the second requirement asks to block any unicast and multicast
> exchange between A &B,
> Do I really need to use the "switchport block unicast|Multicast" on A & B
> switch port?
> I think "Switchport protected" will block any unicast and multicast
> between A & B as well.
>
> Comments?
> -sHekHar.
>
>
>
>
>
>
> ____________________________________________________________________________________
> Sponsored Link
>
> Online degrees - find the right program to advance your career.
> Www.nextag.com

• Next message: Bob Sinclair: "Working 3560 Vlan-Based QoS example"
• Previous message: elias.chari@gmail.com: "DHCP Server source address - how?"
• Maybe in reply to: V Shekhar: "Switch security."
• Next in thread: Michael Zuo: "RE: Switch security."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART