[c-nsp] Cisco 3550-12G <-> Cisco 5500 in a service provider
environment.
Matthew Crocker
matthew at crocker.com
Tue Dec 27 17:57:25 EST 2005
Hello,
I'm an ISP which has a Cisco 3550-12G. I have G0/3 connected to a
customers Cisco 5500 switch. What is the best way to protect both of
our switches so VTP & STP traffic don't intermingle and wipe each
other out?
Currently, my 3550 has the following config.
c3550-12G-1#show version
Cisco IOS Software, C3550 Software (C3550-IPSERVICES-M), Version 12.2
(25)SEB2, R
ELEASE SOFTWARE (fc1)
Copyright (c) 1986-2005 by Cisco Systems, Inc.
Compiled Tue 07-Jun-05 22:16 by yenanh
ROM: Bootstrap program is C3550 boot loader
c3550-12G-1 uptime is 26 weeks, 5 days, 7 hours, 54 minutes
System returned to ROM by power-on
System image file is "flash:c3550-ipservices-mz.122-25.SEB2/c3550-
ipservices-mz.
122-25.SEB2.bin"
interface GigabitEthernet0/3
switchport access vlan 202
switchport mode access
service-policy input 10mbps
service-policy output 10mbps
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
VLAN 202 is connected to a Cisco 12000 with this config:
interface GigabitEthernet5/0.202
encapsulation dot1Q 202
ip address a.b.c.d 255.255.255.252
ip verify unicast reverse-path
no ip directed-broadcast
My customer has a Cisco 5500 with the following config:
interface GigabitEthernet3/47
switchport access vlan 210
I've asked him to add:
switchport mode access
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
What else should I be adding to the interfaces to protect them from
other layer 2 nastiness?
--
Matthew S. Crocker
Vice President
Crocker Communications, Inc.
Internet Division
PO BOX 710
Greenfield, MA 01302-0710
http://www.crocker.com
More information about the cisco-nsp
mailing list