Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
982
Views
0
Helpful
2
Replies

3com and cisco switches (802.1q)vlan integration problem - broadcast storm?

paulnigel
Level 1
Level 1

‎08-20-2006 10:05 PM - edited ‎03-03-2019 04:36 AM

Hi forum,

we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.

my questions:

1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?

2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?

3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?

4) is there a way on the design side to effectly counter this problem?

Kind regards,

paul

Labels:
0 Helpful
2 Replies 2

ilya.varlashkin
Level 3
Level 3

‎08-21-2006 02:39 PM

It sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.

As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.

P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do.

0 Helpful

paulnigel
Level 1
Level 1
In response to ilya.varlashkin

‎08-21-2006 04:20 PM

Hi ilya,

Thanks much for your reply. Thanks for the remark on "member of VLAN" with "native vlan" or else I might still use the wrong concept.

I guess I will drop those VLANs not allowed on the port.

Thanks and regards,

paul

0 Helpful
Customers Also Viewed These Support Documents