[c-nsp] What is The Best Configuration per Interface (Catalyst
Switch 3500)?
Per Carlson
ml at carlson.homeunix.net
Mon Nov 1 03:31:44 EST 2004
On 2004-10-30 16:55, Alexandra Alvarado wrote:
Depending who your 'client' are, I've some comments. I'll assume the
clients are external .
> Client Interface Example
> -------------------------------------
>
> interface FastEthernet0/7
> description Client
> switchport mode access
> spanning-tree portfast trunk
'switchport mode access' and 'spanning-tree portfast trunk' seams a bit
contradicting, is it an access-port or a trunk-port?
> no cdp enable
Even if CDP is disabled on the port, the swich does process CDP-packets
entering the port. You should consider an inbound mac-access-list to
filter them (handled in hardware on 3550's).
> spanning-tree bpduguard enable
Yeah, this is saying 'we don't accept BDPU's from you' the hard way. I'm
not sure your operations staff will be very happy re-enabling ports
shutdown by a single BDPU. The easy scalable solution here is
mac-access-lists (inbound and outbound) as well.
Remember that you will also send out BDPU's on an access-port. The
client might not accept incoming BDPU's.
Per
More information about the cisco-nsp
mailing list