If you have users that are supposed to have single connections, you can set
port security and lock them in.
> -----Original Message-----
> From: Christopher Neill [mailto:noise@cow.org]
> Sent: Saturday, July 07, 2001 7:50 PM
> To: cisco-nsp@puck.nether.net
> Subject: Re: portfast
>
>
> On Sat, Jul 07, 2001 at 03:23:18PM -0700, Jim Warner wrote:
> > | i don't see the point of running STP on any port that's
> attached to a single
> > | host. i only run it for the ports connected to my routers,
> hubs, CSS, PIX,
> > | trunks to other switches..
> > |
> > | am i missing something or is this kinda the dog chasing his tail?
> >
> > First, you need to know the effect of a topological loop if you
> > don't have spanning tree. Our experience is that the switch
> > completely locks up, using all its BW to feed the loop. If
> > you've got a big L2 network, you'll be out there disconnecting
> > jacks one at a time looking for the loop. "Portfast" and friends
> > from other vendors will permit a loop to form as a transient and
> > then clip it off.
>
> there cannot be a spanning tree loop on a port connected to one host.
>
> like i said, none of my trunks, routers, ports connected to hubs
> are running
> portfast because i /do/ have redundant paths in my switching environment..
>
> >
> > At Universities, the switch ports are in the hands of our students.
> > And our users will eventually hook everything together in all
> > possible combinations -- as long as the connectors fit. And
> > when we finally track down the student and ask them why they did
> > it, we'll get some lame answer like "I didn't want to let the
> > connector fall on the floor while I wasn't using one end so I
> > plugged it into the spare wall jack."
>
> oh, yeah, heh, i don't let college kids near my switches.. i'm assuming
> that this is the case for the person who posed the original
> posit; obviously
> the safe thing to do with all ports is to not run portfast on them until
> you know for sure what's going to be connected to them (and it
> helps to have
> some control over this)..
>
> as for NSPs, the industry isn't /as/ full of clumsy college kids as it was
> 4 years ago.. although with some of the colo providers here in
> the bay area
> it's hard to tell ;)
>
> >
> > Your intention that any particular port only goes to a "single host"
> > can be blunted by a visit to the Microwarehouse catalog. Any user
> > can show up with a repeater and go into the connectivity business.
>
> then why do i pay exodus several thousand dollars a month to give me a
> locked cage?
>
> >
> > Perhaps STP is like President Bush's hopes for his missle shield.
> > It's not going to some some with real malice. But it's enough
> > to deflect the clueless. [I am not making any claim about the
> > relative merits of ABMs and STP -- except that I'm sure STP costs
> > less.]
>
> hey now, nothing like a few hundred billion in government construction
> and rand contracts to.. uh.. oh, wait, i forgot, that doesnt boost the
> economy! silly me..
>
> >
> > -jim
>
> --
> $Id: .sig,v 1.43 2001/04/07 18:00:44 noise Exp $
> "It's a kind of love affair. If you spend half an hour making
> scrambled eggs
> in the morning for someone, then you really love them." -Chef Boulud
>
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:44 EDT