Skip to main content

Cisco Protected Port

I can see in my network any customer can communicate to any one on the same VLAN. Basically when ever any unknown packets ingress into the switch. Switch found no record in CAM table, so that frame flood every port of the respected VLAN, except the frame received port. Such a communication can very dangerous for the service provider and its customer. Because any one can sniff or send information to other customer in same VLAN. 

Broadcast packet also flooded into the network that can bottleneck our network. The way to protect such a bottleneck of the network we can configure switch port as protected port thus no port can directly communicated in a same broadcast domain.

Command:
interface fa0/2
switchchport mode access
switchport access vlan 30
switchport protected

This way we can protect the user in same VLAN. Protected port only be configured in edge port not the trunk port or L3 connected port. Now the protected port prevent any unicast, broadcast or multicast packet entering to the same switch interface. But traffic forwarded to same domain can be communicated through L3 device like router. 

Comments

Popular posts from this blog

Unable to open kernel device . global vmx86 windows 7

Suddenly I encounter a weird problem with VMware 9 version. I install different OS for my education and testing purposed. Like MAC os, Ubuntu, CentOS, BT, WinXP, Win-server 2003. When I tried to run one of this OS a error message appear. unable to open kernel device "\\.Global\vmx86": The system cannot find the file specified. Did you reboot after installing VMware Workstation? Failed to initialize monitor device. Click ok you can see this window After googling I found one solution in developer forum but thread starter never use that method. So I tried it and here is my finding. Go to the directory of vmware installed  (In my case I run it as Administrator) C:\Program Files (x86)\VMware\VMware Workstation>   ( I've 32-bit apps on 64-bit OS, your may be different) Run this command vnetlib -- uninstall vmx86  reboot Go to the same directory and check net start command - this time it should say "service name  is invalid&quo

Simple Failover Mikrotik

Simple fail-over Mikrotik router configuration. Most of the user wants backup link (Fiber link with Wireless backup), in case fiber down wireless link auto up. No downtime for the user. Here is simple setting on Mikrotik for fail-over. I'm very great full to Anton to point out the mistake in src-address. It has been corrected now. ****default routes for new outgoing traffic.**** /ip route add dst-address=0.0.0.0/0 gateway=ISP-GW-ADDR-1 distance=1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=ISP-GW-ADDR-2 distance=2 ++masquerade both WAN connections++ /ip firewall nat add chain=srcnat src-address=192.168.0.0/24 out-interface=WAN-1 action=masquerade add chain=srcnat src-address=192.168.0.0/24 out-interface=WAN-2 action=masquerade Thats it.

Mikrotik Hotspot Redirect After Login

This tutorial assumed you already create Hotspot in your router. If you don't know how to create a hotspot in Mikrotik router, click here and create the Hotspot. . After successfully creating the hotspot server go to "Files" Menu of  the main Window of Mikrotik router Copy "hotspot" folder into your PC. Open "alogin" file with text editor Replace "link-redirect" text with your desire URL Now you're done! After successfully logging into the Hotspot server your client automatically redirects to your external link.  Don't forget to copy this folder into Mikrotik Router "Files" Menu. You can also drag and drop this folder into "Files" menu.