[c-nsp] Broadcast storm Cisco Solution
Rich Trinkle
rtrinkle at heartofiowa.coop
Thu Jul 26 12:07:39 EDT 2012
Thanks Nick. I did some research on storm control. If I set this up for broadcast and this happens again, all broadcast traffic stops on this port thus affecting all my subs. Here is a quick breakdown:
Cisco 7206 - I have a vlan set up on a sub interface with a dhcp pool in it. This Vlan is then trunked out to a 3750.
Cisco 3750 - From here it gets trunked out 3 different gig ports to Ethernet uplink cards (Tellabs AFC equipment) in different geographical locals and then gets dumped to shelves, adsl cards and then to sub.
The AFC equipment does not have the capability of controlling or monitoring for this type of excessive traffic. In the event of a storm, or ddos attack, I'd like to be able to just isolate that mac or ip that's causing it and not affect any of the other subs on that dhcp network.
Rich
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Hilliard
Sent: Thursday, July 26, 2012 10:35 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Broadcast storm Cisco Solution
On 26/07/2012 15:52, Rich Trinkle wrote:
> Greeting fellow Cisconians. I'm hoping someone can point me in the
> right direction. Is there a way for my Cisco 7206 to detect if one of
> my dhcp subs gets infected and starts a broadcast storm? If so, can I
> also set this up to automatically isolate that mac/ip and notify me
> via email? If not, what device would you recommend that I would pass
> my internet through to accomplish this. Thanks.
This is a layer 2 problem - you protect against it on your switches with the "storm-control" command.
Nick
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list