Skip to main content

Cisco Protected Port

I can see in my network any customer can communicate to any one on the same VLAN. Basically when ever any unknown packets ingress into the switch. Switch found no record in CAM table, so that frame flood every port of the respected VLAN, except the frame received port. Such a communication can very dangerous for the service provider and its customer. Because any one can sniff or send information to other customer in same VLAN. 

Broadcast packet also flooded into the network that can bottleneck our network. The way to protect such a bottleneck of the network we can configure switch port as protected port thus no port can directly communicated in a same broadcast domain.

Command:
interface fa0/2
switchchport mode access
switchport access vlan 30
switchport protected

This way we can protect the user in same VLAN. Protected port only be configured in edge port not the trunk port or L3 connected port. Now the protected port prevent any unicast, broadcast or multicast packet entering to the same switch interface. But traffic forwarded to same domain can be communicated through L3 device like router. 

Comments

Popular posts from this blog

Unable to open kernel device . global vmx86 windows 7

Suddenly I encounter a weird problem with VMware 9 version. I install different OS for my education and testing purposed. Like MAC os, Ubuntu, CentOS, BT, WinXP, Win-server 2003. When I tried to run one of this OS a error message appear. unable to open kernel device "\\.Global\vmx86": The system cannot find the file specified. Did you reboot after installing VMware Workstation? Failed to initialize monitor device. Click ok you can see this window After googling I found one solution in developer forum but thread starter never use that method. So I tried it and here is my finding. Go to the directory of vmware installed  (In my case I run it as Administrator) C:\Program Files (x86)\VMware\VMware Workstation>   ( I've 32-bit apps on 64-bit OS, your may be different) Run this command vnetlib -- uninstall vmx86  reboot Go to the same directory and check net start command - this time it should say "service name  is invalid&quo

Simple Failover Mikrotik

Simple fail-over Mikrotik router configuration. Most of the user wants backup link (Fiber link with Wireless backup), in case fiber down wireless link auto up. No downtime for the user. Here is simple setting on Mikrotik for fail-over. I'm very great full to Anton to point out the mistake in src-address. It has been corrected now. ****default routes for new outgoing traffic.**** /ip route add dst-address=0.0.0.0/0 gateway=ISP-GW-ADDR-1 distance=1 check-gateway=ping add dst-address=0.0.0.0/0 gateway=ISP-GW-ADDR-2 distance=2 ++masquerade both WAN connections++ /ip firewall nat add chain=srcnat src-address=192.168.0.0/24 out-interface=WAN-1 action=masquerade add chain=srcnat src-address=192.168.0.0/24 out-interface=WAN-2 action=masquerade Thats it.

Mikrotik SXT 5nD r2 setup in bridge mode

How to connect two Mikrotik RouterBoard SXT 5nD r2 devices together in Bridge Mode Upgrading you SXT's to the Latest version of RouterOS Doing a Bandwidth Test between two RouterBoard SXT-5nD's Mikrotik routerboard default IP is 192.168.88.1 You can connect with routerboard by WinBox through IP and MAC address. You need to download WinBox from mikrotik website. By default routerboard have Admin as username and blank password. If you want to connect with device through IP then don't forget to add same network address into your pc NIC, otherwise connection isn't established. Else you can connect through MAC so choose MAC address from Elipsis next to " connect " field. When you login, "RouterOS Default configuration" screen is popup. click okay. Do same for other device to login to routerOS If you followed the process then you already open both device. Now you can set a HostName for those devices. Click on the system button o