[c-nsp] What is The Best Configuration per Interface (CatalystSwitch 3500)?

Alexandra Alvarado aaaa at telconet.net
Sun Oct 31 01:44:23 EDT 2004 

Hello,

I tried to set up static mac address on the Catalyst 3550 like this:

    mac address-table static 0007.50b7.3576 vlan 1 interface fastethernet
0/1

but I got this error:

switch1ops(config)#$mac address-table static 0007.50b7.3576 vlan 1 interface
fastethernet 0/6
Static address : 0007.50b7.3576 could not be added as it is already a secure
add
ress on Fa0/6

I think becuase I have the next config on the interface fastethernet 0/6:

 switchport port-security
 switchport port-security maximum 2
 switchport port-security violation restrict
 switchport port-security mac-address 0007.50b7.3576
 switchport port-security mac-address 0040.f446.147b

Then, to verify that the error message was for the port-security comands I
executed on the interface:

no switchport port-security mac-address 0007.50b7.3576
no switchport port-security mac-address 0040.f446.147b
shutdown

Then, I configure de mac address in static way like this:

    mac address-table static 0007.50b7.3576 vlan 1 interface fastethernet
0/6

And it works:

switch1ops#show mac-address-table interface fastEthernet 0/6
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0007.50b7.3576    STATIC      Fa0/6
   1    0040.f446.147b    STATIC      Fa0/6
Total Mac Addresses for this criterion: 2
switch1ops#

But, when I recovered de port-security config on the interface:

 switchport port-security mac-address 0007.50b7.3576
 switchport port-security mac-address 0040.f446.147b

I lost the static state and returned the dynamic state for that mac
addresses:

switch1ops#show mac-address-table interface fastEthernet 0/6
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    0007.50b7.3576    DYNAMIC     Fa0/6
   1    0040.f446.147b    DYNAMIC     Fa0/6
Total Mac Addresses for this criterion: 2
switch1ops#


WHY??????????


Thanks,

Alexandra Alvarado

----- Original Message ----- 
From: "Andrew Metcalf" <andrew.metcalf at natnet.com>
To: "'Alexandra Alvarado'" <aaaa at telconet.net>
Sent: Saturday, October 30, 2004 1:47 PM
Subject: RE: [c-nsp] What is The Best Configuration per Interface
(CatalystSwitch 3500)?


> Alexandra,
>
> I have not used the switchport block unicast/multicast command before, but
I
> would think that it would break connections where you do not have
statically
> defined entries in the switch's CAM because there would be no way of the
> normal port flooding method to work for creating a dynamic CAM entry for a
> MAC/Port. Further, if the MAC entry for the root bridge aged out of the
CAM
> was was not able to re-populate you could have some real issues, although
I
> wouldn't think that would be the case here because the root is hopefully
on
> the backbone network.
>
> Hope that helps somewhat, like I said, I've never used that particular
> configuration option.
>
> Thanks,
> Andrew
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Alexandra Alvarado
> Sent: Saturday, October 30, 2004 9:56 AM
> To: cisco-nsp at puck.nether.net; Alexandra Alvarado
> Subject: [c-nsp] What is The Best Configuration per Interface
> (CatalystSwitch 3500)?
>
> Hello,
>
> We are looking for the best posible configuration to a catyalyst 3550
switch
> per interface.  Until now we have two types of configuration:
>
> Backbone Example
> -----------------------------
>
> interface FastEthernet0/1
>  description Backbone
>  switchport trunk encapsulation dot1q
>  switchport mode trunk
>  switchport nonegotiate
>  ip access-group 135 in
>  storm-control broadcast level 5.00
>  storm-control multicast level 5.00
>  no cdp enable
>  arp timeout 1800
>  spanning-tree mst 0 cost 200
>  spanning-tree mst 1 cost 200
> !
>
> Client Interface Example
> -------------------------------------
>
> interface FastEthernet0/7
>  description Client
>  switchport access vlan 139
>  switchport mode access
>  switchport nonegotiate
>  ip access-group 135 in
>  storm-control broadcast level 5.00
>  storm-control multicast level 5.00
>  no cdp enable
>  arp timeout 1800
>  spanning-tree portfast trunk
>  spanning-tree bpduguard enable
>  spanning-tree guard root
>
> We have been trying to put two new comands on the "client interface":
>
> switchport block unicast
> switchport block multicast
>
> But clients experienced micro down times (2 minutes).
>
> Today was a terrible day.  All network goes down for 3 hours, Initially I
> suposse was a mstp loop but
> it wasn't because I open the phisical loops and we still had the problem.
> After in the MRTG web page I saw
> a client with a high input traffic and after I saw in all switches the
same
> traffic but in the other sens "output".
> The problem was a hub or switch of one of my clients.  How can avoid that
a
> client problem cause that my network goes down too?.
>
> Can somebody recommend to me a best way to configure a switch interface to
> avoid down times?
>
>
> Thanks.
>
>
> Alexandra Alvarado
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list