[c-nsp] What is The Best Configuration per Interface
(CatalystSwitch 3500)?
Mark Tinka
mtinka at africaonline.co.sz
Mon Nov 1 01:32:42 EST 2004
On Sunday 31 October 2004 16:44, Wojtek Zlobicki wrote:
> Portfast also reduces the time that the port takes to come up..
> Instead of waiting for a full spanning tree calculation, you are up in
> seconds. This is important when the network device connected to the
> port expects an instant connection upon link up.
True, but I think it should be disabled in a large switched environment,
especially one where administrative access/management may not be limited to a
single person.
Unless the connected device requires immediate connectivity (BootP, e.t.c.),
and of course, where client connections are concerned, and more especially,
where access may be diverse, I'd suggest keeping STP active on all ports.
Mark.
>
>
> On Sun, 31 Oct 2004 00:59:19 +0800 (WST), Ian Henderson
>
> <ianh at chime.net.au> wrote:
> > On Sat, 30 Oct 2004, Michael Smith wrote:
> > > 1) Why have an IP Access Group on a Switchport? Even though your
> > > device may be routing, I'm fairly certain Layer 3 ACL's won't be
> > > processed by a Layer 2 port.
> >
> > Yes they can be, depending on the model. Its a very cool thing - with no
> > switch impact, we can block a few hundred megabits of small packet DoS on
> > a 2950G, before it hits a 7200-G1 (which would usually melt).
> >
> > Kudos to the Web Central guys for pointing us to this. :) Who would have
> > thought the $1500AUD~ 2950 would be so useful.
> >
> > > 2) On your Client interface turn off Portfast.
> >
> > BPDU guard and root guard should protect the switching network from rogue
> > loops on the client facing ports. Shouldn't it...? BPDU guard will
> > errdisable the port if it sees any BPDUs while root guard will disable
> > the port if it sees a root bridge BPDU (kind of pointless with BPDU guard
> > on aswell). What am I missing?
> >
> > Rgds,
> >
> > - I.
> >
> > --
> > Ian Henderson CCNA, CCNP
> > Senior Network Engineer, Chime Communications
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list