eric.ndn at gmail
Apr 5, 2011, 10:06 AM
Post #3 of 6
What is the natural of your traffic then ? Do you allow broadcast,
unknown unicast to be flooded by the edge-switches ?
Applying L2 ACL at the edge switches might be you answer, if you only
allow traffics sourcing from one MAC addresses.
IMHO, allow the broadcast packets hitting your CPU is bad, just drop
broadcast traffic from unknown source L2 ACL.
On 4/5/11 6:47 PM, Mark Johnson wrote:
> Anyone out there know of a good way to protect against customer broadcast
> storms? We use a few MLX switches with customer ports on them. Occasionally,
> a customer will create a loop in their equipment which causes a storm all
> the way back to our MLXs. The line cards are pretty good at handling (CPU
> goes to 30-40%) but would like to know of a good way to protect our MLX.
> Also, any have best security practices they apply on customer ports to help
> keep the core switching stable?
> foundry-nsp mailing list
> foundry-nsp [at] puck