From: Eugene Ward (eward15@juno.com)
Date: Tue Sep 20 2005 - 08:16:16 GMT-3
Dennis,
The way I am interpreting the question is that no BPDUs should be allowed anywhere that VLAN 200 touches. Thinking about this and what devices would generate BPDUs, turning off spanning-tree on the switch(s) would stop locally generated BPDUs by the switch; however, filtering at the port would also take care of any BPDUs generated by any system attached to the switch(s) at VLAN 200. This is just my interpretation...
Eugene Ward
-----------------------------------------------------------------------
I'm wondering how everyone would interpret the following question:
Create VLAN 200 and assign port fast 0/20 to it on CAT2. Do not allow BPDU
traffic on this VLAN.
The answer says to turn off STP on VLAN 200, but I disagree with this
solution. Would turning off STP on a VLAN disallow STP traffic? I would
think that STP could still propagate the switch, but it will not be
interpretted by the switch because there will not be a static
mac-address-table entry pointed to the CPU for this particular VLAN.
I believe the solution is to enable one of the follwing commands
(config-if)# spanning-tree portfast bpdufilter enable (the scenario did not
call for portfast though)
(config-if)# spanning-tree bpdufilter enable (the scenario asked to not
allow bpdu traffic on this VLAN. Since there's no global command that can
not simultaneously filter the traffic from only VLAN 200, I think this is
the correct answer). If there's any other ports in vlan 200, they must have
the same command applied to them.
spanning-tree bpdufilter enable
Comments?
Sincerely,
Dennis J. Hartmann
White Pine Communications
CCSI#23402 / CCVP / CCIP / CCNP
Cisco Optical, VPN & IDS Specialist
MCSE
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3