From: James Ventre (messageboard@ventrefamily.com)
Date: Fri Dec 09 2005 - 15:07:56 GMT-3
Hard code an ARP entry on the router ..... then flood it from another
port (to the destinatin IP). If it's the same L2 ... hardcode the arp
on a PC ... then send data to it (from that same PC).
The goal is to send data to a destination MAC that the switch doesn't
know about. Normally it's dropped because there is no ARP ... so it's
just dropped. If you fake the IP/MAC mapping (bypassing arp) and send
data ... the switch will unicast flood it.
James
san wrote:
How can i trigger a unknown unicast DMAC packet ?
/SAN
On 12/8/05, Brian Dennis <bdennis@internetworkexpert.com> wrote:
The command is used to stop the switch from forwarding unicast packets
with an unknown destination MAC address out a port. It's not used to
stop all unicast traffic from being sent out a port.
Here is an example:
R1 (10.1.1.1) and R2 (10.1.1.2) are connected to ports Fa0/1 and Fa0/2
on the switch. The switch is configured with "switchport block unicast"
on Fa0/1 and Fa0/2.
Switch#clear mac-address-table dynamic
Switch#sho mac-address-table int fa0/1
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
Switch#sho mac-address-table int fa0/2
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
Switch#
R2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R2#clear arp
R2#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
...!!
Success rate is 40 percent (2/5), round-trip min/avg/max = 1/2/4 ms
R2#
Switch#sho mac-address-table int fa0/1
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0030.9410.4820 DYNAMIC Fa0/1
Total Mac Addresses for this criterion: 1
Switch#sho mac-address-table int fa0/2
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0003.e38e.6140 DYNAMIC Fa0/2
Total Mac Addresses for this criterion: 1
Switch#
HTH,
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security) bdennis@internetworkexpert.com
Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [ mailto:nobody@groupstudy.com ] On Behalf Of
san
Sent: Thursday, December 08, 2005 10:47 PM
To: lab
Subject: switchport block question
Could not understand, what does "switchport block unicast" does ?
How to test/verify this behaviour ?
Router3(F0/0)---------F0/3-Switch-F0/5--------F0/0Router5
Question:
If enabled on F0/3, Does it block unicast traffic from R3 to R5 or
R5 to R3 ?
I tried pinging from R3 & its successful.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_2_25a/con f/uniflood.htm
Thanks
SAN
_______________________________________________________________________
Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
_______________________________________________________________________
Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3