Re: switchport protected from Joe Astorino on 2010-02-01 (Ccielab archives /201002)

From: Joe Astorino <jastorino_at_ipexpert.com>
Date: Mon, 1 Feb 2010 15:08:35 -0500

Another idea that would not kill EVERYTHING between clients would be
to use a VACL. Perhaps you could write a VACL that only permits DHCP
traffic on your VLAN to/from the REAL dhcp server. I don't recall if
that is supported on the 3500 though, I'd have to check.

On Mon, Feb 1, 2010 at 3:04 PM, Joe Astorino <jastorino_at_ipexpert.com> wrote:
> I think it would probably accomplish what you want, but I'm not sure
> it would be the best thing : ) I fear it might be like trying to kill
> a little rabbit with a 12 gauge shotgun. You would be cutting off any
> communication at L2 between devices on protected interfaces.
>
>
> On Mon, Feb 1, 2010 at 2:11 PM, Jack <ccie.unnumbered_at_gmail.com> wrote:
>> Old 3500 XL switches do not have DHCP snooping.
>> I was wondering if we set "sw prot" on all client ports, will it address the
>> DHCP bogie server problem? What is the drawback of setting all client ports
>> to protected mode?
>>
>> Thanks,
>> Jack
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
>
> --
> Regards,
>
> Joe Astorino CCIE #24347 (R&S)
> Sr. Technical Instructor - IPexpert
> Mailto: jastorino_at_ipexpert.com
> Telephone: +1.810.326.1444
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
>
> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
> (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
> Security & Service Provider) Certification Training with locations
> throughout the United States, Europe and Australia. Be sure to check
> out our online communities at www.ipexpert.com/communities and our
> public website at www.ipexpert.com
>

-- 
Regards,
Joe Astorino CCIE #24347 (R&S)
Sr. Technical Instructor - IPexpert
Mailto: jastorino_at_ipexpert.com
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
(R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice,
Security & Service Provider) Certification Training with locations
throughout the United States, Europe and Australia. Be sure to check
out our online communities at www.ipexpert.com/communities and our
public website at www.ipexpert.com
Blogs and organic groups at http://www.ccie.net

Received on Mon Feb 01 2010 - 15:08:35 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART