We have some 2900xl switches, the main link is set to 100Mbytes/s and servers links are setup to 10Mbytes/s and during a DDOS using fragmented packets. During a DDOS attack, the MRTG stats on the workstations ports (10Mbytes limited on switch using the speed command) went up to ~90Mbytes by peaks.
How it is possible to exceed the speed limit? When we tried to spray for testing, we couldn't go over 10Mbytes/s.
Anyone experience this? Is it possible to bypass the 10Mbytes/s limit on one port?
-The port is indeed set to 10mbs (do a show port x/x)
-MRTG is set to bits, not bytes - In your mrtg.cfg file, is your MaxBytes[xxxxx]: 125000 or 1250000 (ethernet) or 12500000 (fast)? Are you using the "Options[xxxx]: bits"?
There is a free app called Qcheck (from NetIQ) that can measure the throughput on a link. Download it and try what it says.
If the port is 10Mbs and mrtg is set up correct, it is strange. It's not possible to exceed the practical limits - ie you can't get 110mbs on a 100Mbs link, but I guess it would be possible to get more from a 10Mbs switch port through a internal error or bug as the port and cable can go up to 100Mbs - but I haven't heard of that before.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...