We have a client co-lo environment, and were recently hit by a clients server that was infected with SQL Slammer worm - It generated 100Mb/sec traffic, and bought our 7206VXR G1 to it's knees.
All client servers are currently connected to Cat4K's + 2950's - We are going to be replacing the Cat4k's with 3750's, and the 2950's with 2960's.
7200 is doing router on a stick(Dot1Q) via trunks to the 4K's.
What mitigation techniques are available to "police" switch ports - i.e. If excessive traffic is coming from client server, disable that switch port and notify us?
Are span ports to external monitoring device still a viable option to actively notify us when anomalies are detected?
Thanks in advance.