From: johngibson1541@yahoo.com
Date: Wed Jul 25 2007 - 12:49:15 ART
You see, if you block unknown unicast for the port toward
your gateway router, and if the router runs quietly without
sending any any packet to this port, when mac-address
table ages out the gateway router's MAC, every host
still sends packets across your switch.
If you reload your switch, even worse, the mac-addr
table can age out before your client comes to use the
hosts while you sit at home thinking your client
will give you a pass. They will turn you down.
Your switch sees packets destined to unknown MAC and
drops all of them.
God knows how I am supposed to know "mac-address-table aging-time 10"
together with "switchport block unicast" is a lethal
combination.
The only workaround is to clear arp.
But can you access a provider's command line to clear arp
if your gateway is on the provider side ?
No.
Can you wait until ARP cache ages out ?
No. You have only 2 hours before the end of the world.
Can you force the provider's gateway to go power outage
and reload ?
Go feature.
You are screwed.
Fail your network.
Go home.
John
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:42 ART