On Wed, 2011-02-09 at 14:10 -0500, schilling wrote: > Thanks all for the info. > I am familiar with these features. I talked with Cisco TAC several > times, they are not recommending the storm control since it can not > differentiate control data from user data, this might cause > instability of layer 2 network.
On the Catalyst 2k/3k you can use "storm-control action shutdown" to prevent this instability. I don't know of a similar knob on Catalyst 6k or other platforms. > port-security to only allow specific > mac address might be helpful, but will not be useful for a hub. > So there is no good way to prevent rogue hub/switch from messing with > our network? BPDU Guard on every port connecting to something that's not your equipment should protect you from most loops. If you have foreign switches (running STP) connected to your network you of course cannot use that. -- Peter _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/