From: Michael Zuo (mzuo@ixiacom.com)
Date: Tue Nov 21 2006 - 18:35:53 ART
If A and B can not communicate to each other, how can flooded frames go
between the two?
Does "vlan protected" distinguish between known MAC and unknown MAC?
thanks
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Kal Han
Sent: Monday, November 20, 2006 12:37 PM
To: V Shekhar
Cc: Groupstudy; Cisco certification
Subject: Re: Switch security.
when you enable two ports as protected,
those two ports cannot communicate at all.
( not unicast, broadcast, multicast )
But for unknown destination mac addresses, switch
by default will flood to all ports.
This way some packets from one protected port can
go to the other.
If you do not want this behavior, you need to configure
switchport block unicast | multicast
Thanks
Kal
On 11/19/06, V Shekhar <vshekhar25@yahoo.com> wrote:
>
> If the 1st requirent asks, to make sure two hosts (A &B) connected via
a
> switch should not communicate directly. (Should do Via host C).
> Hence I configure A & B connected to protected ports.
> And the second requirement asks to block any unicast and multicast
> exchange between A &B,
> Do I really need to use the "switchport block unicast|Multicast" on A
& B
> switch port?
> I think "Switchport protected" will block any unicast and multicast
> between A & B as well.
>
> Comments?
> -sHekHar.
>
>
>
>
>
>
>
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART