From: Godswill Oletu (oletu@inbox.lv)
Date: Tue Sep 20 2005 - 09:11:44 GMT-3
Eugene,
I was thinking along that line also..........I felt that the "portfast/bpdu
filter' approach will only take care of bpdu at the port level and not at
the VLAN level.
But the question is, is there a better approach? Disabling STP on the VLAN
will not prevent bpdu from being flooded on the VLAN. BPDU are generated
when ports changes state, STP only use them to implement its loop avoidance
mechanism. There disabling the STP will not prevent BPDU from being
propagated across VLAN200, it will only disable the mechanism that acts on
the BPDUs.
With this in mind, I am finding myself choosing the not so comfortable
solution of "portfast/bpdu filter" One wish the task would have explain
more...
Lets keep this thread continue until, we all come to conclusion...
HTH
Godswill Oletu
----- Original Message -----
From: "Eugene Ward" <eward15@juno.com>
To: <dennisjhartmann@hotmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Tuesday, September 20, 2005 7:16 AM
Subject: Re: Catalyst Specialties Question Interpretation
> Dennis,
>
> The way I am interpreting the question is that no BPDUs should be allowed
> anywhere that VLAN 200 touches. Thinking about this and what devices
> would generate BPDUs, turning off spanning-tree on the switch(s) would
> stop locally generated BPDUs by the switch; however, filtering at the port
> would also take care of any BPDUs generated by any system attached to the
> switch(s) at VLAN 200. This is just my interpretation...
>
>
> Eugene Ward
>
> -----------------------------------------------------------------------
>
> I'm wondering how everyone would interpret the following question:
>
> Create VLAN 200 and assign port fast 0/20 to it on CAT2. Do not allow
> BPDU
> traffic on this VLAN.
>
> The answer says to turn off STP on VLAN 200, but I disagree with this
> solution. Would turning off STP on a VLAN disallow STP traffic? I would
> think that STP could still propagate the switch, but it will not be
> interpretted by the switch because there will not be a static
> mac-address-table entry pointed to the CPU for this particular VLAN.
>
> I believe the solution is to enable one of the follwing commands
>
> (config-if)# spanning-tree portfast bpdufilter enable (the scenario did
> not
> call for portfast though)
> (config-if)# spanning-tree bpdufilter enable (the scenario asked to not
> allow bpdu traffic on this VLAN. Since there's no global command that can
> not simultaneously filter the traffic from only VLAN 200, I think this is
> the correct answer). If there's any other ports in vlan 200, they must
> have
> the same command applied to them.
> spanning-tree bpdufilter enable
>
>
> Comments?
>
> Sincerely,
>
> Dennis J. Hartmann
>
> White Pine Communications
>
> dh8@pobox.com
>
> CCSI#23402 / CCVP / CCIP / CCNP
>
> Cisco Optical, VPN & IDS Specialist
>
> MCSE
>
>
> ___________________________________________________________________
> Try Juno Platinum for Free! Then, only $9.95/month!
> Unlimited Internet Access with 250MB of Email Storage.
> Visit http://www.juno.com/value to sign up today!
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3