[c-nsp] What is The Best Configuration per Interface (CatalystSwitch 3500)?

Wojtek Zlobicki wojtek.zlobicki at gmail.com
Sun Oct 31 09:44:22 EST 2004


Portfast also reduces the time that the port takes to come up.. 
Instead of waiting for a full spanning tree calculation, you are up in
seconds.  This is important when the network device connected to the
port expects an instant connection upon link up.


On Sun, 31 Oct 2004 00:59:19 +0800 (WST), Ian Henderson
<ianh at chime.net.au> wrote:
> On Sat, 30 Oct 2004, Michael Smith wrote:
> 
> > 1) Why have an IP Access Group on a Switchport?  Even though your device
> > may be routing, I'm fairly certain Layer 3 ACL's won't be processed by a
> > Layer 2 port.
> 
> Yes they can be, depending on the model. Its a very cool thing - with no
> switch impact, we can block a few hundred megabits of small packet DoS on
> a 2950G, before it hits a 7200-G1 (which would usually melt).
> 
> Kudos to the Web Central guys for pointing us to this. :) Who would have
> thought the $1500AUD~ 2950 would be so useful.
> 
> > 2) On your Client interface turn off Portfast.
> 
> BPDU guard and root guard should protect the switching network from rogue
> loops on the client facing ports. Shouldn't it...? BPDU guard will
> errdisable the port if it sees any BPDUs while root guard will disable the
> port if it sees a root bridge BPDU (kind of pointless with BPDU guard on
> aswell). What am I missing?
> 
> Rgds,
> 
> - I.
> 
> --
> Ian Henderson CCNA, CCNP
> Senior Network Engineer, Chime Communications
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


-- 
----------------------------------------
wojtek.zlobicki at gmail.com


More information about the cisco-nsp mailing list