Tag: Switch

What is a non-blocking switch?

It is fairly common to hear about switch being non-blocking. It’s because almost all switches today are non-blocking. But what that means? When I asked people around me on what exactly non-blocking switch means, they were unable to get to the same conclusion.

I was going through a lot of different internet places and vendor documents before I wrote this here, but, do not hesitate to add something in comments if you have different view on the subject.

Line-rate switch means the same as if you would said wire-speed switch. It basically means that this switch has the forwarding capacity that supports concurrently all ports at full port capacity. It should be true for minimum packet sizes to. Non-blocking switch means the same thing. Non-blocking Switch internal bandwidth can handle all the port bandwidths, at the same time, at full capacity. Sometimes for high end switches non-blocking is also refereed to switch architecture ability to significantly reduce head-of-line blocking (HOL blocking).

VLAN hopping attack – Switch Spoofing and Double tagging

VLAN hopping attack can be possible by two different approaches, Switch Spoofing or Double tagging.

When you are in a situation where you need to configure and set up the security of VLAN trunks, also consider the potential for an exploit called VLAN hopping.

An attacker can craft and send positioned frames on one access VLAN with spoofed 802.1Q tags so that the packet end up on a totally different VLAN and all this without the use of a router.

MAC Address Flooding – MAC address table overflow attacks

MAC address flooding attack is very common security attack. MAC address table in the switch has the MAC addresses available on a given physical port of a switch and the associated VLAN parameters for each.

MAC flooding attacks are sometimes called MAC address table overflow attacks. To understand the mechanism of a MAC address table overflow attack we must recall how does a switch work in the first place.