[c-nsp] 2950 Questions
Curtis Doty
Curtis at GreenKey.net
Thu Mar 24 15:23:03 EST 2005
4:41pm Andre Beck said:
> On Thu, Mar 24, 2005 at 01:12:01AM +1000, Virgil wrote:
> > On 24/3/05 12:33 AM, "Justin M. Streiner" <streiner at cluebyfour.org> wrote:
> >
> > > The switch doesn't know what SIP is, and it doesn't care - it just
> > > forwards packets :-)
> >
> > Being pedantic and all, but a switch (layer 2 device) forwards *frames*.
> > Routers (layer 3 device) forward packets.
>
> Then again, the 2950 has "mls qos" capabilities. I'm not currently
Which reminds me. A few months ago, I had a 2950 go bonkers and started
crashdumping when some knucklehead on the LAN got infected with the MS SQL
Blaster worm or some flavor thereof.
It was on a small campus environment with a few dozen VLANs and siblings
of mostly 2900/3500XL generation workgroup switches. What is most odd
here is that the 2950 was at few segments away from the flood. And none of
the other non-2950 switches had any problems. The 2950 wasn't even a
member of the same VLAN as the infected host's port.
I'm no expert on Cisco engineering, but my bat-sense tells me this thing
was tring to do far more than just toss frames out the right port. And the
process that appeared to chew up RAM was called "MRD"...I think.
Does anyone know this process and what the heck it could have been doing?
I've got the crashdumps laying around here somewhere if anyone's
interested.
../C
More information about the cisco-nsp
mailing list