From: Noble (noble.ccie@gmail.com)
Date: Thu Dec 07 2006 - 06:32:11 ART
Hi Narbik,
Thank you very much for clarifying this.
On 12/7/06, Narbik Kocharians <narbikk@gmail.com> wrote:
> What you are blocking in unknown Multicast and Unicast, remember the
> philosophy of the transparent switches (I shall do no harm) this means that
> if the switch receives a frame destined to an unknown unicast or multicast,
> it will flood it out of all ports but the port it received it on, if this
> traffic is forwarded to a port that is configured as protected, there could
> be some security issues. Therefore, to change the default behavior of
> transparent switching for the ports that are configured as protected, you
> need to configure the "switchport block unicast" and "switchport block
> multicast".
>
>
> On 12/6/06, Noble <noble.ccie@gmail.com> wrote:
> >
> > Hi Group,
> >
> > I am trying to understand the need of adding "switchport block
> > multicast" and "switchport block unicast" along with "switchport
> > protected".
> >
> > I understand that traffic arriving on one protected port will not be
> > forwarded out other protected ports. If this is the case why would we
> > need to block multicast and unicast using switchport block command.
> >
> > --
> > Thank you,
> >
> > -Noble
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
>
> --
> Narbik Kocharians
> CCIE# 12410 (R&S, SP, Security)
> CCSI# 30832
> Network Learning, Inc. (CCIE class Instructor)
> www.ccbootcamp.com (CCIE Training)
-- Thank you,-Noble
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:37 ART