in the DHCP server and
lock the switches down with snooping and broadcast controls.
Works well, just need to optimize the settings.
From: Af <af-boun...@afmug.com> On Behalf Of Carl Peterson
Sent: Tuesday, April 17, 2018 3:24 PM
To: af@afmug.com
Subject: Re: [AFMUG] Switch Storm Control
Interesting thought.
-- Original Message --
From: "Carl Peterson" <cpeter...@portnetworks.com>
To: af@afmug.com
Sent: 4/17/2018 5:23:39 PM
Subject: Re: [AFMUG] Switch Storm Control
If you are doing fiber with active ethernet, why not just run QinQ with
a CVL
..@afmug.com> *On Behalf Of *Adam
> Moffett
> *Sent:* Tuesday, April 17, 2018 6:29 AM
> *To:* af@afmug.com
> *Subject:* Re: [AFMUG] Switch Storm Control
>
>
>
> Exactly what I was thinking.
>
>
>
> Is it a global setting for the switch or an ingress limit per p
*Sent:* Tuesday, April 17, 2018 6:29 AM
*To:* af@afmug.com
*Subject:* Re: [AFMUG] Switch Storm Control
Exactly what I was thinking.
Is it a global setting for the switch or an ingress limit per port?
If you can limit it per port then something like 5pps should be
plenty. They only need
necessarily block other types of bad
traffic like that.
One thing I have to be careful of is to not broadly limit the uplink ports as
well.
From: Af <af-boun...@afmug.com> On Behalf Of Adam Moffett
Sent: Tuesday, April 17, 2018 6:29 AM
To: af@afmug.com
Subject: Re: [AFMUG] Switch Storm Control
E
We route and segment to remove this from being an issue on the
infrastructure but as with any network a customer will always figure out
a way
to break stuff hence the isolation that we use on the AP. If its not a
routed packed then it doesnt get thru.
On 04/16/2018 04:49 PM, Sterling
--
From: "Forrest Christian (List Account)" <li...@packetflux.com>
To: "af" <af@afmug.com>
Sent: 4/17/2018 3:01:18 AM
Subject: Re: [AFMUG] Switch Storm Control
I don't have a good answer for you but I really wish more
devices would permit filtering such tha
I don't have a good answer for you but I really wish more devices
would permit filtering such that the only broadcasts/multicasts permitted
on customer facing segments were ARP and possibly DCHP if that's applicable
to you.
If you can exempt arp and dhcp from this, then the correct value
What are you guys using as a 'standard' for packets per second storm control on
your switches/devices?
I can limit broadcast, multicast and unknown unicast type packets
Is 100pps too low?
Would this be based on say a /24 network arping and DHCP request type traffic?