[c-nsp] Determining which ports have another switch attached?
Phil Mayers
p.mayers at imperial.ac.uk
Fri Jul 22 04:49:21 EDT 2011
On 07/21/2011 11:42 PM, Martin T wrote:
> Phil, Gabriel,
> one situation where this MAC counting does not work is when there is a
> virtual machine hypervisor connected to a switch port and virtual
> machines have NIC's configured to bridge mode.
Well, you've got a database containing all of your kit and their MAC
addresses, right, so you can just exclude ports with VMs?
;o)
>
> IMHO counting MAC addresses in combination of checking incoming BPDU
> frames on particular interface is probably the best option if CDP is
> not enabled..
What if the downstream switch doesn't have STP enabled?
Hell, what if the downstream switch doesn't have any other hosts on it
at the moment? There will only be 1 (or maybe 0) MACs on the port.
There's no perfect way to magically find unmanaged switches (managed
ones are not a problem, because they're managed!).
One approach that hasn't been mentioned is: just enable BPDU guard and
see what breaks. That's essentially how we handled it.
The switches are unmanaged, so presumably shouldn't be connected to the
network anyway, or should be managed, or you're dealing with a customer
handoff point, in which case liase with the customer contact address.
More information about the cisco-nsp
mailing list