10-28-2009 08:31 PM - edited 03-06-2019 08:21 AM
Imagine someone develops a bogus application to set outbound packets/IP from a PC to DSCP = EF.
So the BogusApplication would be prioritize as if it was a voice packet.
Which mechanism again can protect against such scenario?
10-28-2009 08:42 PM
Never enable trust on client facing switchports.
I recommend going with conditional trust, here is an example
http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/QoS_SRND/QoSDesign.html#wp999584
There are more examples on that page
Regards
Edison.
10-29-2009 04:50 AM
"Which mechanism again can protect against such scenario?"
Trust, but verify at the first chance of doing so. If verification fails, either remark or drop.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
