-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Pavel,
Pavel Skovajsa schrieb: > by suboptimal I meant the fact it is possible (simply by sending to > ffff.ffff.ffff) to flood the traffic from one isolated access switch > port through distribution layer, into the rest of the switching fabric > infra simply due to the fact that all uplink/downlink ports are > "switchport mode trunks". Obviously the traffic does not get into the > end-user ports, but still the trunk are utilized -> hence the > functionality is little different then the expected "pseudowire" > functionality. Ah, okay. But that i try to limit with other features (things like limited broadcast for a port etc.) so this should not be a big deal, should it? The main goal is to prevent "local" attacks from one server to another, like having a compromised host sniffing the rest after flooding the mac table, or do some arp spoofing... or what so ever ;) This should be still the case, even with the trunks, right? Regards, Sven -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAktPGNQACgkQQoCguWUBzBwD/ACeNDAYcSG91XlsE9cCRnW7ZQK1 2GkAnitdSGedsjhj+u+lBkTEKznPULqe =/mF3 -----END PGP SIGNATURE----- _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
