rssLink RSS for all categories
 
icon_red
icon_green
icon_red
icon_red
icon_red
icon_green
icon_green
icon_red
icon_red
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_red
icon_blue
icon_red
icon_blue
icon_red
icon_red
icon_red
icon_red
icon_red
icon_red
icon_red
icon_green
icon_orange
 

FS#1036 — FS#5049 — switchport block unicast

Attached to Project— Network
Maintenance
the whole network
CLOSED
100%
For security reasons we have activated the "switchport block unicast"
on HG networks. This avoids that a MAC which is not known or not
yet configured or misconfigured, or "flood" on all vlans
of the router to find the sender. In the case of
client servers with arp ip proxy, these servers respond and create
confusion for customers who have not yet configured all
IP in IP RIPE.

By contrast, a bug on 6K in SXI4/5 prevents the mac acknowledgement if
the request comes from a vlan with "switchport block unicast". And so if
the router does not know the mac of an ip and we want to communicate
with this IP from a vlan on the same router, it won't work.

Workaround:
mac-address-table aging-time 0
to avoid that the mac expire
and ping all the IPs on the 2 routers HG

Date:  Wednesday, 19 January 2011, 11:30AM
Reason for closing:  Done