Doubt regarding Switching Principle

You're right about the problem, but that's the way a switch works. In normal networks the percentage of flooded frames to normal frames is low so it isn't a problem. And I have to wonder given, say, a 24-port switch with a backplane capable of several gigabits of throughput, how much impact one device on one port would have. It certainly could generate a fair amount of traffic but I don't think it would bring the switch to its knees. The more likely outcome would be that a few users might complain of slow response, you'd monitor the switch and see the problem, then you'd go visit the user with an offer of alternative employment

There are some features to limit the impact like broadcast and multicast storm control. Look at the offenders source MAC and To solve the issue, shutdown his/her switchport.

There are some features to limit the impact like broadcast and multicast storm control. Look at the offenders source MAC and To solve the issue, shutdown his/her switchport.

Could you please discuss out those configurations ?

On a 3350:
Switch_3(config)#int fa 0/22

Switch_3(config-if)#storm-control ?
broadcast Broadcast address storm control
multicast Multicast address storm control
unicast Unicast address storm control

Switch_3(config-if)#storm-control broadcast level ?
<0 - 100> Enter Integer part of storm suppression level

Switch_3(config-if)#storm-control broadcast level 50

Switch_3#sh storm-control fa0/22
Interface Filter State Level Current

---

---

---

---

Fa0/22 Forwarding 50.00% 0.00%
Switch_3#

These will help, but do remember that a broadcast and a flooded frame are not necessarily the same thing - you'll need to read the switch documentation carefully to find out what types of frames each of these commands actually work with

On some higher models of Cisco switches, you can detect such excessive flooding using the mac-address-table unicast-flood command, and then take specified action if flooding exceeds a specified amount. I've never tried it my self, so this might help:

www.cisco.com/en/US/products/hw/switches...01d0808.shtml#detect

www.cisco.com/en/US/docs/switches/lan/ca...ecure.html#wp1078807

On the other hand Port Security is a partial but not definite solution to this problem. You could configure the switch (if it supports port security) to allow only trusted source MAC addresses to use a switch port. An outsider/hacker will have to be smart enough to CHANGE his MAC address to match the one you configured on the port he is connected to. That to be able to send any traffic at all using the switch. It's not impossible to hack into this, but certainly is less possible. Surely, if naughtiness comes from within your own users/organization then this is no use :lol: