nanog mailing list archives
Re: Auto MDI/MDI-X + conference rooms + bored == loop
From: John Kristoff <jtk () cymru com>
Date: Mon, 29 Mar 2010 17:07:44 -0500
On Fri, 26 Mar 2010 18:09:22 -0400 Chuck Anderson <cra () WPI EDU> wrote:
Anyone have suggestions on Ethernet LAN loop-prevention? With the advent of Auto MDI/MDI-X ports on switches, it seems way too easy to accidentally or maliciously create loops between network jacks. We
Some time ago I did some work on implementing what cisco called 'port security'. The idea was to add some layer 2 protection from a security perspective. It turns out in practice, at least in the environment I was in, they never happen. However, it did offer protection for loops since if a secured port saw a source address show up another another port, it would block it and generate logs, which we monitored and could then go deal with while the network remained up. There are some potential gotchas depending on how you implement port security so you need consider carefully how you implement it if you do it. Its been awhile since I've done anything in this space, but this better captures my experience since my memory of it is beginning to fade: <http://www.ops.ietf.org/lists/opsec/opsec.2005/msg00033.html> John
Current thread:
- Re: Auto MDI/MDI-X + conference rooms + bored == loop, (continued)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Chuck Anderson (Mar 27)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Steven King (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Owen DeLong (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Chuck Anderson (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Anton Kapela (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Chuck Anderson (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Anton Kapela (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Chuck Anderson (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Mark Foster (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Owen DeLong (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Mark Foster (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Owen DeLong (Mar 26)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop John Kristoff (Mar 29)
- RE: Auto MDI/MDI-X + conference rooms + bored == loop William Mullaney (Mar 30)
- RE: Auto MDI/MDI-X + conference rooms + bored == loop Trey Valenta (Mar 30)
- Re: Auto MDI/MDI-X + conference rooms + bored == loop Michael Sokolov (Mar 26)