Re: Do you think switchport block unicast is very hard to

From: John Gibson (johngibson1541@yahoo.com)
Date: Wed Jul 25 2007 - 10:40:34 ART

• Next message: Peter Kingston: "Re: Basic switching trunking question..please answer"
• Previous message: Kunle Ayodele: "Re: Job Opportunity !!!"
• Maybe in reply to: johngibson1541@yahoo.com: "Do you think switchport block unicast is very hard to"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thats define trunk links as all switch-to-switch
links.

If your hosts have resolved ARP then you enable
blocking unicast in all switches, then clear the
mac-addr table in all switches. What happens ?

Assuming your switching fabric have many switches
and the hosts' traffic needs to cross the trunk
links.

What happens is that the hosts send packets with
des MAC addresses unknown by the center switches.

Packets will be dropped. And if you don't have
access to clear a host's ARP, you can't make it
echo your ping.

There is a big difference between trunk port
and access ports. At the edge access ports, hosts
give the switch their MAC address (CDP or something).
So blocking unicast is not a concern here.

If you only have one switch, those CDP packets will
make all your MAC addresses known to the switch.

Packets will NOT be dropped.

John

--- Serhat Aslan <serhatworks@gmail.com> wrote:

> Hi John,
> Trunk mechanism is a carrier protocol for vlan
> informations, block-unicast
> mechanism is kind of broadcast preventation
> (Roughly/not technical sense ).
> For the unknown IP. The switch ca send to another
> switch. It can say that
> ip-mac is not mine " it could be yours, so I am
> sending" , or at the
> result of accessive cam table overflow behavior
> arp-flooding
> attack/asymetric routing problem/insufficient
> memory. We can assume that
> "flooding unicast" is switch last resort job, for
> unknown ips.
> So we can independently think the relation between
> trunk mechanism and
> block-unicast.
>
> Serhat Aslan
>
>
> On 7/25/07, johngibson1541@yahoo.com
> <johngibson1541@yahoo.com> wrote:
> >
> > I know ARP would bypass the blocking. Otherwise
> the blocking
> > would make the port useless.
> >
> > But which direction of ARP can "plumb" the
> blockage?
> >
> > You think the ARP request from the being protected
> > port would do the trick right?
> >
> > But what happens if we block the trunk links ?
> > Is it still analyzable ?
> >
> >
>

• Next message: Peter Kingston: "Re: Basic switching trunking question..please answer"
• Previous message: Kunle Ayodele: "Re: Job Opportunity !!!"
• Maybe in reply to: johngibson1541@yahoo.com: "Do you think switchport block unicast is very hard to"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:42 ART