[c-nsp] EoMPLS or VPLS loop prevention/storm control
Peter Rathlev
peter at rathlev.dk
Wed Feb 9 14:41:28 EST 2011
On Wed, 2011-02-09 at 14:10 -0500, schilling wrote:
> Thanks all for the info.
> I am familiar with these features. I talked with Cisco TAC several
> times, they are not recommending the storm control since it can not
> differentiate control data from user data, this might cause
> instability of layer 2 network.
On the Catalyst 2k/3k you can use "storm-control action shutdown" to
prevent this instability. I don't know of a similar knob on Catalyst 6k
or other platforms.
> port-security to only allow specific
> mac address might be helpful, but will not be useful for a hub.
> So there is no good way to prevent rogue hub/switch from messing with
> our network?
BPDU Guard on every port connecting to something that's not your
equipment should protect you from most loops. If you have foreign
switches (running STP) connected to your network you of course cannot
use that.
--
Peter
More information about the cisco-nsp
mailing list