[c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?
Sven 'Darkman' Michels
sven at darkman.de
Thu Jan 14 08:15:00 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Pavel,
Pavel Skovajsa schrieb:
> by suboptimal I meant the fact it is possible (simply by sending to
> ffff.ffff.ffff) to flood the traffic from one isolated access switch
> port through distribution layer, into the rest of the switching fabric
> infra simply due to the fact that all uplink/downlink ports are
> "switchport mode trunks". Obviously the traffic does not get into the
> end-user ports, but still the trunk are utilized -> hence the
> functionality is little different then the expected "pseudowire"
> functionality.
Ah, okay. But that i try to limit with other features (things like limited
broadcast for a port etc.) so this should not be a big deal, should it?
The main goal is to prevent "local" attacks from one server to another,
like having a compromised host sniffing the rest after flooding the mac
table, or do some arp spoofing... or what so ever ;)
This should be still the case, even with the trunks, right?
Regards,
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAktPGNQACgkQQoCguWUBzBwD/ACeNDAYcSG91XlsE9cCRnW7ZQK1
2GkAnitdSGedsjhj+u+lBkTEKznPULqe
=/mF3
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list