[c-nsp] WS-C2950-EI as ISP access, best practices

Peter Rathlev peter at rathlev.dk
Wed Mar 16 16:08:53 EDT 2011


On Wed, 2011-03-16 at 14:21 -0500, Neal Rauhauser wrote:
> I've seen 2950s just melt down when small dumb access switch on the
> far end had one cable plugged into two ports - 99.44% usage no way to
> gain remote access. Will switchport protected put a stop to stuff like
> that?

For this specific scenario, BPDU Guard is very helpful. Any loop beyond
the edge port would also return BPDUs from your switch and thus disable
the port.

Some moron might add a device allowing a loop but filtering BPDUs of
course. In that case "switchport port-security maximum" and "switchport
port-security violation shutdown" might help, but it does add other
problems.

-- 
Peter




More information about the cisco-nsp mailing list