[c-nsp] WS-C2950-EI as ISP access, best practices

Neal Rauhauser neal.rauhauser at gmail.com
Wed Mar 16 14:13:51 EDT 2011


    I've just inherited a plant with a few dozen WS-C2950-EI doing access
duty - an apartment complex. We've had just ridiculous stuff, like certain
models of customer NAT device that will helpfully reforward an unknown
unicast frame(!), and I've pretty well had my fill of Windows antics on this
thing.

   Right now this is applied to all ports. Limit seems to be 132 entries
spread across all ports, so 5 entries x 24 ports is all we could do.

ip access-list extended nbtetc4
 deny   udp any any eq netbios-ns
 deny   udp any any eq 5355
 deny   udp any any eq 5353
 deny   udp any any eq 1900
 permit ip any any


  We're also dumping unknown multicast.

interface FastEthernet0/11
switchport block multicast
 ip access-group nbtetc4 in

   Doing this brought it down to a dull roar & customer calls stopped, but
I'd like to know if there is a tidy cookbook for what to do with these
machines in an access environment.


More information about the cisco-nsp mailing list