[c-nsp] Question - VLAN tagging Catalyst 6500 to Linux Host
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Apr 6 14:40:20 EDT 2010
Hi,
> >> switchport nonegotiate
> >> !
> >> interface GigabitEthernet4/32
> > [...]
> >> switchport nonegotiate
> >
> > Are you sure you want to disable autonegotiation? Unless the other side
> > also configures this, the link will not come up.
>
> The other side is hard wired to GigE so it's OK in this case.
'switchport nonegotiate' is more tricksie than that - it stops the ends of
the link from negotiating whether they are trunk or access - ie it stops
a host from asking an access port to become a trunk...or a trunk
link from providing just an access layer. its a security mechanism
and isnt to be confused with speed/duplex. best practice is to
use it on edge ports to stop Mr Haxor from asking for a trunk link and
all the VLANs that the switch knows
alan
More information about the cisco-nsp
mailing list