[c-nsp] 2950 Questions

Curtis Doty Curtis at GreenKey.net
Thu Mar 24 15:23:03 EST 2005


4:41pm Andre Beck said:

> On Thu, Mar 24, 2005 at 01:12:01AM +1000, Virgil wrote:
> > On 24/3/05 12:33 AM, "Justin M. Streiner" <streiner at cluebyfour.org> wrote:
> > 
> > > The switch doesn't know what SIP is, and it doesn't care - it just
> > > forwards packets :-)
> > 
> > Being pedantic and all, but a switch (layer 2 device) forwards *frames*.
> > Routers (layer 3 device) forward packets.
> 
> Then again, the 2950 has "mls qos" capabilities. I'm not currently

Which reminds me. A few months ago, I had a 2950 go bonkers and started 
crashdumping when some knucklehead on the LAN got infected with the MS SQL 
Blaster worm or some flavor thereof.

It was on a small campus environment with a few dozen VLANs and siblings 
of mostly 2900/3500XL generation workgroup switches. What is most odd 
here is that the 2950 was at few segments away from the flood. And none of 
the other non-2950 switches had any problems. The 2950 wasn't even a 
member of the same VLAN as the infected host's port.

I'm no expert on Cisco engineering, but my bat-sense tells me this thing 
was tring to do far more than just toss frames out the right port. And the 
process that appeared to chew up RAM was called "MRD"...I think.

Does anyone know this process and what the heck it could have been doing? 
I've got the crashdumps laying around here somewhere if anyone's 
interested.

../C



More information about the cisco-nsp mailing list