RSSAll Entries Tagged With: "layer 2"

Cisco: Layer 2 traffic filtering

Cisco: Layer 2 traffic filtering

Layer 2 traffic filtering can be very useful when you want to drop packets closer to
the source because you can do this on L2 next-hop which is the switch where the
devices are connected. Based on mac-address, Layer 2 filtering can be apply using
one of the two most common method: Port Security and MAC Access Groups.

Port Security is the more secure method of the two. To use it, map a switch port to the
specific MAC address of the connected device. It gives you more possibility than just
drop the packets from a specific source, depending on what you want to achieve on
the interface where it is applied.

MAC Access Groups are generally used for small networks of 20 devices or less. Add
a permit statement for all of your devices interface MAC addresses and apply the access
list to switch interface. This will limit inbound traffic to that interface to only those
MAC addresses on your list. Is not recommended when you have many MAC addresses,
because MAC access-list are the same like IP address access-list, so they consume a
lot of resources of the machine where it is applied.

For this tutorial we will use a Cisco 3750 in which it is connected a router ( R4 ). To test
Layer 2 traffic filtering, we have a point-to-point Layer 3 connection in between
( 10.0.0.0 /30 ), with physical interface used on the R4 and a Vlan 4 interface on the
switch. The port on the switch were R4 is connected is an access port in vlan 4.

Please see the tutorial below:

Digg This
Reddit This
Stumble Now!
Buzz This
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Popularity: 4% [?]

Calin | Nov 27, 2008 | Comments 0
Read More
Limit traffic on a Cisco switch L2 port with minimal configuration

Limit traffic on a Cisco switch L2 port with minimal configuration

Let’s say that somebody (or some task in a test) ask you to limit the inbound traffic on a switch Layer 2 port by using minimal configuration possible. I must say that in the first steps I failed this task miserable, but actually is very simple to do it.

I will use a plain layer 2 Cisco 2950 switch for this task. I observed that I could not implement this on a Cisco 3500XL. I don’t know if the IOS image was wrong, but I didn’t investigate too much in that area as I cannot stand 3500XL switches and they are actually pretty old piece of hardware.

No topology is needed for this as I will only show how to do it and not testing it with real traffic. I will do testing later when I’ll have some more time, or you can do it on your own.

See the tutorial below:

Digg This
Reddit This
Stumble Now!
Buzz This
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Popularity: 4% [?]

Calin | Nov 14, 2008 | Comments 0
Read More