From: Narbik Kocharians (narbikk@gmail.com)
Date: Thu Dec 07 2006 - 06:15:04 ART
What you are blocking in unknown Multicast and Unicast, remember the
philosophy of the transparent switches (I shall do no harm) this means that
if the switch receives a frame destined to an unknown unicast or multicast,
it will flood it out of all ports but the port it received it on, if this
traffic is forwarded to a port that is configured as protected, there could
be some security issues. Therefore, to change the default behavior of
transparent switching for the ports that are configured as protected, you
need to configure the "switchport block unicast" and "switchport block
multicast".
On 12/6/06, Noble <noble.ccie@gmail.com> wrote:
>
> Hi Group,
>
> I am trying to understand the need of adding "switchport block
> multicast" and "switchport block unicast" along with "switchport
> protected".
>
> I understand that traffic arriving on one protected port will not be
> forwarded out other protected ports. If this is the case why would we
> need to block multicast and unicast using switchport block command.
>
> --
> Thank you,
>
> -Noble
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Narbik Kocharians CCIE# 12410 (R&S, SP, Security) CCSI# 30832 Network Learning, Inc. (CCIE class Instructor) www.ccbootcamp.com (CCIE Training)
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART