From: Frank Bures [mailto:lisfrank@chem.toronto.edu]
Sent: Tuesday, March 29, 2005 4:41 AM
When user connects the same patch cable to two ports of the
switch, the
switch will ultimately bring down hierarchically higher
branches of the
LAN.
Ours is a rather large LAN. One part of it is served by
Extreme Networks
switches. None of the SGI machines behind these switches
were affected by
the short. In fact no adverse effects were observed in that
part of the
LAN.
This is natural behaviour of Ethernet ("natural" being dependent of your
network design, of course :) and has nothing to do with D-Link or any other
manufacturer.
Some switches offer automatic port disabling feature if BPDU is received on
a port defined as access port. All workstation ports should be defined as
access ports for this to work. Workstations are not taking part of any
Spanning Tree and they shouldn't generate any BPDUs and thus BPDUs shouldn't
come into the switch from any access port. When you interconnect two switch
ports defined as access ports, BPDUs generated by the switch reach another
access port and trigger the disabling feature. This works in case or a
single switch as well as between different switches as long as all your
switches are Spanning Tree enabled.
How the "short-circuit" affects specific switches depends how their unknown
frame forwarding is configured and where they stand in a multi-tier switch
topology.
In my opinion, a switch should be immune to this admittedly insane
manipulation. Otherwise, one can DoS the entire network just
by shorting
two RJ-45 network outlets in one's office together.
Switches _are_ immune to insane manipulation if configured correctly.
Excluding plugging out the power cord, unfortunately...
-tarmo-
