""Priscilla Oppenheimer"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Daren Presbitero wrote: > > > > Isn't there a limitation on the number of MACs that a port will > > handle? > > Probably, but I bet the number is way bigger than he needs to worry about. > There's probably a max number of addresses for generic learning purposes
CL: in case anyone is interested, the max number of macs supported on any of the Cisco switches is fluid, depending on other features turned on, amount of memory, etc. . The 3550 documentation states that depending upon the SDM template that is active, one may have anywhere from 2,000 to 12,000 unicast MAC's in the CAM table. I am assuming this means that if you have lots of hubs and switches daisy chanined down the line, that the MAC's of end stations will show up in the root switch CAM. Obviously, if all you have are end stations in a single switch, that number is smaller. CL: this does bring up a good point about size ( number of devices - servers, PC's, and other switches ) in a bridged network. and > a max number related to port security, which appears to be 132 from an > earlier post. > > There's also the issue of how many MACs can eat up all of the available 100 > Mbps, but once again, that's the user's problem. > > > Won't hubs share all those macs with each port, and possibly > > cause the max > > limit to be reached? > > All the MAC addressess behind the hub will be visible to all the switched > ports. Is that what you're getting at? It's a good point. The learning > process will need to know about all the MACs. But the max number of MAC > addresses that a switch can learn is large and not something he needs to > worry about. > > _______________________________ > > Priscilla Oppenheimer > www.troubleshootingnetworks.com > www.priscilla.com > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > Sent: Monday, October 07, 2002 8:20 AM > > To: [EMAIL PROTECTED] > > Subject: Re: How to restrict hubs in a LAN [7:54937] > > > > > > David j wrote: > > > > > > See inline.. > > > Chuck's Long Road wrote: > > > > > > > > as much of a rulemeister as I am, I still have to look at > > this > > > > from the user > > > > standpoint. Why are users throwing their own hubs onto the > > > > network? Is there > > > > a business case to be made? Is facilities too slow getting > > > > requested cable > > > > pulls done? > > > > > > > > what is the concern with a user plugging a hub in at the > > desk > > > > and then > > > > connected a couple of extra PC's? if the problem is one of > > > dual > > > > homing by > > > > accident or otherwise, I can see the issue with spanning > > tree > > > > recalculations. But in a single home situation, what do you > > > > see as the > > > > issues? > > > > > > > > > > I see one issue: collisions, if you have a switched network > > you > > > don't want to deal with collisions that hubs normally produce. > > > I have to recognize, though, that hubs sometimes are very > > > convenient and I'm the first on using them. > > > > Collisions are only a problem for the hubbed network that the > > user made for > > him/her self. The switched network is isolated from the > > collisions (with the > > exception of the one switch port that connects the user's hub). > > > > I say, let 'em do it! What's the harm? Don't you have way more > > bandwidth > > than you need anyway?? ;-) A lot of companies do. Reference the > > disussion of > > Cisco stock. Nobody's buying, because, guess what, we don't > > need it!?? > > > > Tech support is an issue, though, of course, for example, the > > user that is > > clueful enough to know he/she needs a hub but not clueful > > enough to select > > the right cable (x-over versus s/t) and duplex mode. Well a hub > > should > > defaul to half, but a lot of devices that are marketed as hubs > > are really > > switches or bridges. > > > > But could you say they aren't supported rather than out right > > disallowing > > them? Is there a comprosmise somewhere?? > > _______________________________ > > > > Priscilla Oppenheimer > > www.troubleshootingnetworks.com > > www.priscilla.com > > > > > > > > > when you say that "politically, it's a mess" what does that > > > > mean? high > > > > powered sales people throwing their weight around? > > management > > > > does not > > > > respect your input or concerns? something bad is happening, > > > and > > > > it's rolling > > > > downhill? > > > > > > > In some environments it's politically unacceptable, I know > > some > > > hospitals in which you have to fill in a lot papers before > > > being allowed to use a PC, so in that environments this could > > > perfectly be part of the policy. > > > > > > > I'm not questioning the wisdom or the necessity for doing > > what > > > > others have > > > > suggested. I'm just wondering why it is necessary for the > > > > network manager / > > > > network staff to unilaterally cut off user access. > > > > > > > > > > > > > > > > > > > > ""John Zaggat"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Thanks guys that's pretty good information, but do you > > think > > > > in your > > > > opinion > > > > > is that good approach to deal with this problem. Do you > > see > > > > any caveats > > > > and > > > > > are there any other ways this can be dealt with. > > > > > ""Kevin Wigle"" wrote in message > > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > take a look into Port Security. > > > > > > > > > > > > > > > > > > > > > > > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > > > > > _guide_chapter09186a008007f2dd.html > > > > > > > > > > > > In the event of a security violation, you can configure > > > the > > > > port to go > > > > > into > > > > > > shutdown mode or restrictive mode. The shutdown mode > > > option > > > > allows you > > > > to > > > > > > specify whether the port is permanently disabled or > > > > disabled for only a > > > > > > specified time. The default is for the port to shut down > > > > permanently. > > > > The > > > > > > restrictive mode allows you to configure the port to > > > remain > > > > enabled > > > > during > > > > > a > > > > > > security violation and drop only packets that are coming > > > in > > > > from > > > > insecure > > > > > > hosts. > > > > > > > > > > > > Kevin Wigle > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "John Zaggat" > > > > > > To: > > > > > > Sent: Saturday, October 05, 2002 5:01 PM > > > > > > Subject: How to restrict hubs in a LAN [7:54937] > > > > > > > > > > > > > > > > > > > I am just trying to think of how to restrict Hubs from > > > > being used in > > > > the > > > > > > > LAN. Politically it's a mess and despite a lot of > > > > discussions certain > > > > > > people > > > > > > > are able to add hubs at will where ever they want. So > > I > > > > was trying to > > > > > > think > > > > > > > of a way to stop that within the switch. Now normally > > > > these ports that > > > > > the > > > > > > > hubs are connected to show several mac addresses when > > I > > > > do "show cam" > > > > > > which > > > > > > > gives me an idea is there any way to restrict host > > ports > > > > to only > > > > accept > > > > > > one > > > > > > > mac-address. I don't want to hardcode the mac-address > > > > because that > > > > would > > > > > > be > > > > > > > too much a administrative burden. But if I could > > > restrict > > > > the port to > > > > > > accept > > > > > > > just one mac-address then that will make these hubs > > > > useless. Well > > > > > anyways > > > > > > > let me know if I am way off here but are there any > > > other > > > > tricks in > > > > use > > > > > by > > > > > > > any of you guys. I'll appreciate any pointers. > > > > > > > JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55079&t=54937 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
