Thanks for the details, Chuck. The number of MAC addresses that a switch can learn can indeed be an issue, although the number tends to be pretty big these days. It's helpful to know that the actual number depends on features that are enabled, amount of memory, etc.
It's worth giving some thought to what happens if a switch can't remember all the addresses that it sees... Thought..... Thought..... and doesn't store all the addresses in a bridging table that says which port to use.... Thought..... Thought..... The switch floods! When frames arrive with a destiation MAC address that is not in the bridging table, the switch must flood the packet out all interfaces. Needless to say, this wastes bandwidth. Here's a story from Troubleshooting Campus Networks: One of the authors was called in to troubleshoot a hospital campus network consisting of several buildings, star-connected back to a central data center. Each remote building had an edge switch with a fiber connection back to the data center. In the data center it was found that entire bidirectional conversations between clients in remote buildings and servers in the same remote building were visible on the data center backbone. At first it was thought that the forwarding path between a client and server was extending through the data center somehow, which was not the intent of the network design. Upon further analysis, it was discovered that the switches used in the remote buildings only supported 256 MAC addresses in the bridging tables. Consequently, with over 500 users in each remote building, it was common for many addresses to become unknown. The recommendation was made to replace the remote building switches with ones having greater capacity, thereby eliminating the unnecessary traffic on the data center backbone. _______________________________ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com Chuck's Long Road wrote: > > ""Priscilla Oppenheimer"" wrote in > message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Daren Presbitero wrote: > > > > > > Isn't there a limitation on the number of MACs that a port > will > > > handle? > > > > Probably, but I bet the number is way bigger than he needs to > worry about. > > There's probably a max number of addresses for generic > learning purposes > > > CL: in case anyone is interested, the max number of macs > supported on any of > the Cisco switches is fluid, depending on other features turned > on, amount > of memory, etc. . The 3550 documentation states that depending > upon the SDM > template that is active, one may have anywhere from 2,000 to > 12,000 unicast > MAC's in the CAM table. I am assuming this means that if you > have lots of > hubs and switches daisy chanined down the line, that the MAC's > of end > stations will show up in the root switch CAM. Obviously, if all > you have are > end stations in a single switch, that number is smaller. > > CL: this does bring up a good point about size ( number of > devices - > servers, PC's, and other switches ) in a bridged network. > > > and > > a max number related to port security, which appears to be > 132 from an > > earlier post. > > > > There's also the issue of how many MACs can eat up all of the > available > 100 > > Mbps, but once again, that's the user's problem. > > > > > Won't hubs share all those macs with each port, and possibly > > > cause the max > > > limit to be reached? > > > > All the MAC addressess behind the hub will be visible to all > the switched > > ports. Is that what you're getting at? It's a good point. The > learning > > process will need to know about all the MACs. But the max > number of MAC > > addresses that a switch can learn is large and not something > he needs to > > worry about. > > > > _______________________________ > > > > Priscilla Oppenheimer > > www.troubleshootingnetworks.com > > www.priscilla.com > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, October 07, 2002 8:20 AM > > > To: [EMAIL PROTECTED] > > > Subject: Re: How to restrict hubs in a LAN [7:54937] > > > > > > > > > David j wrote: > > > > > > > > See inline.. > > > > Chuck's Long Road wrote: > > > > > > > > > > as much of a rulemeister as I am, I still have to look > at > > > this > > > > > from the user > > > > > standpoint. Why are users throwing their own hubs onto > the > > > > > network? Is there > > > > > a business case to be made? Is facilities too slow > getting > > > > > requested cable > > > > > pulls done? > > > > > > > > > > what is the concern with a user plugging a hub in at the > > > desk > > > > > and then > > > > > connected a couple of extra PC's? if the problem is one > of > > > > dual > > > > > homing by > > > > > accident or otherwise, I can see the issue with spanning > > > tree > > > > > recalculations. But in a single home situation, what > do you > > > > > see as the > > > > > issues? > > > > > > > > > > > > > I see one issue: collisions, if you have a switched > network > > > you > > > > don't want to deal with collisions that hubs normally > produce. > > > > I have to recognize, though, that hubs sometimes are very > > > > convenient and I'm the first on using them. > > > > > > Collisions are only a problem for the hubbed network that > the > > > user made for > > > him/her self. The switched network is isolated from the > > > collisions (with the > > > exception of the one switch port that connects the user's > hub). > > > > > > I say, let 'em do it! What's the harm? Don't you have way > more > > > bandwidth > > > than you need anyway?? ;-) A lot of companies do. Reference > the > > > disussion of > > > Cisco stock. Nobody's buying, because, guess what, we don't > > > need it!?? > > > > > > Tech support is an issue, though, of course, for example, > the > > > user that is > > > clueful enough to know he/she needs a hub but not clueful > > > enough to select > > > the right cable (x-over versus s/t) and duplex mode. Well a > hub > > > should > > > defaul to half, but a lot of devices that are marketed as > hubs > > > are really > > > switches or bridges. > > > > > > But could you say they aren't supported rather than out > right > > > disallowing > > > them? Is there a comprosmise somewhere?? > > > _______________________________ > > > > > > Priscilla Oppenheimer > > > www.troubleshootingnetworks.com > > > www.priscilla.com > > > > > > > > > > > > when you say that "politically, it's a mess" what does > that > > > > > mean? high > > > > > powered sales people throwing their weight around? > > > management > > > > > does not > > > > > respect your input or concerns? something bad is > happening, > > > > and > > > > > it's rolling > > > > > downhill? > > > > > > > > > In some environments it's politically unacceptable, I know > > > some > > > > hospitals in which you have to fill in a lot papers before > > > > being allowed to use a PC, so in that environments this > could > > > > perfectly be part of the policy. > > > > > > > > > I'm not questioning the wisdom or the necessity for > doing > > > what > > > > > others have > > > > > suggested. I'm just wondering why it is necessary for > the > > > > > network manager / > > > > > network staff to unilaterally cut off user access. > > > > > > > > > > > > > > > > > > > > > > > > > ""John Zaggat"" wrote in message > > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > Thanks guys that's pretty good information, but do you > > > think > > > > > in your > > > > > opinion > > > > > > is that good approach to deal with this problem. Do > you > > > see > > > > > any caveats > > > > > and > > > > > > are there any other ways this can be dealt with. > > > > > > ""Kevin Wigle"" wrote in message > > > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > > take a look into Port Security. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > > > > > > _guide_chapter09186a008007f2dd.html > > > > > > > > > > > > > > In the event of a security violation, you can > configure > > > > the > > > > > port to go > > > > > > into > > > > > > > shutdown mode or restrictive mode. The shutdown mode > > > > option > > > > > allows you > > > > > to > > > > > > > specify whether the port is permanently disabled or > > > > > disabled for only a > > > > > > > specified time. The default is for the port to shut > down > > > > > permanently. > > > > > The > > > > > > > restrictive mode allows you to configure the port to > > > > remain > > > > > enabled > > > > > during > > > > > > a > > > > > > > security violation and drop only packets that are > coming > > > > in > > > > > from > > > > > insecure > > > > > > > hosts. > > > > > > > > > > > > > > Kevin Wigle > > > > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "John Zaggat" > > > > > > > To: > > > > > > > Sent: Saturday, October 05, 2002 5:01 PM > > > > > > > Subject: How to restrict hubs in a LAN [7:54937] > > > > > > > > > > > > > > > > > > > > > > I am just trying to think of how to restrict Hubs > from > > > > > being used in > > > > > the > > > > > > > > LAN. Politically it's a mess and despite a lot of > > > > > discussions certain > > > > > > > people > > > > > > > > are able to add hubs at will where ever they > want. So > > > I > > > > > was trying to > > > > > > > think > > > > > > > > of a way to stop that within the switch. Now > normally > > > > > these ports that > > > > > > the > > > > > > > > hubs are connected to show several mac addresses > when > > > I > > > > > do "show cam" > > > > > > > which > > > > > > > > gives me an idea is there any way to restrict host > > > ports > > > > > to only > > > > > accept > > > > > > > one > > > > > > > > mac-address. I don't want to hardcode the > mac-address > > > > > because that > > > > > would > > > > > > > be > > > > > > > > too much a administrative burden. But if I could > > > > restrict > > > > > the port to > > > > > > > accept > > > > > > > > just one mac-address then that will make these > hubs > > > > > useless. Well > > > > > > anyways > > > > > > > > let me know if I am way off here but are there > any > > > > other > > > > > tricks in > > > > > use > > > > > > by > > > > > > > > any of you guys. I'll appreciate any pointers. > > > > > > > > JZ > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55118&t=54937 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
