[c-nsp] What is The Best Configuration per Interface (CatalystSwitch 3500)?

Michael Smith mksmith at noanet.net
Sat Oct 30 12:33:42 EDT 2004 

A couple of things come to mind in your config.

1) Why have an IP Access Group on a Switchport?  Even though your device
may be routing, I'm fairly certain Layer 3 ACL's won't be processed by a
Layer 2 port.
2) On your Client interface turn off Portfast.

Mike

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Alexandra
Alvarado
Sent: Saturday, October 30, 2004 7:56 AM
To: cisco-nsp at puck.nether.net; Alexandra Alvarado
Subject: [c-nsp] What is The Best Configuration per Interface
(CatalystSwitch 3500)?

Hello,

We are looking for the best posible configuration to a catyalyst 3550
switch per interface.  Until now we have two types of configuration:

Backbone Example
-----------------------------

interface FastEthernet0/1
 description Backbone
 switchport trunk encapsulation dot1q
 switchport mode trunk
 switchport nonegotiate
 ip access-group 135 in
 storm-control broadcast level 5.00
 storm-control multicast level 5.00
 no cdp enable
 arp timeout 1800
 spanning-tree mst 0 cost 200
 spanning-tree mst 1 cost 200
!

Client Interface Example
-------------------------------------

interface FastEthernet0/7
 description Client
 switchport access vlan 139
 switchport mode access
 switchport nonegotiate
 ip access-group 135 in
 storm-control broadcast level 5.00
 storm-control multicast level 5.00
 no cdp enable
 arp timeout 1800
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
 spanning-tree guard root

We have been trying to put two new comands on the "client interface":

switchport block unicast
switchport block multicast

But clients experienced micro down times (2 minutes).

Today was a terrible day.  All network goes down for 3 hours, Initially
I suposse was a mstp loop but
it wasn't because I open the phisical loops and we still had the
problem. After in the MRTG web page I saw
a client with a high input traffic and after I saw in all switches the
same traffic but in the other sens "output".
The problem was a hub or switch of one of my clients.  How can avoid
that a client problem cause that my network goes down too?. 

Can somebody recommend to me a best way to configure a switch interface
to avoid down times?


Thanks.


Alexandra Alvarado
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list