[c-nsp] Catalyst switches and %C4K_EBM-4-HOSTFLAPPING
Peter Rathlev
peter at rathlev.dk
Mon Oct 17 07:00:00 EDT 2011
On Mon, 2011-10-17 at 12:09 +0200, Henry-Nicolas Tourneur wrote:
> The customer device can be anything Ethernet based: switch, firewall,
> router.
> There are no STP, neither on our side, nor on the customer side.
> Restricting the customer MAC Adress isn't really an option,
> unfortunately.
> The only MAC Address we can disable learning for (I think) is our
> router MAC ADR, we could accept only 1 MAC ADR and block it after
> being learned.
You could add this specific MAC address as a static entry with
mac address-table static HHHH.HHHH.HHHH vlan N <interface>
This will avoid the log messages, but beware that it will not solve the
problem you're seeing, just hide it.
> The switchport commands looks interesting, how could we define the
> violation rule? What would be the trigger to that rule?
Take a look at this:
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750e_3560e/software/release/12.2_58_se/configuration/guide/swtrafc.html
It's for 3560E/3750E 12.2(58)SE, but it would be similar for most other
Catalyst switches.
>From what you're describing it sounds like there really isn't a lot to
do, other than educate the customers.
--
Peter
More information about the cisco-nsp
mailing list