RE: Catalyst Specialties Question Interpretation

From: Dennis J. Hartmann (dennisjhartmann@hotmail.com)
Date: Tue Sep 20 2005 - 12:27:55 GMT-3

• Next message: Leigh Harrison: "Re: smurf attack"
• Previous message: Rajib Khan: "smurf attack"
• Maybe in reply to: Dennis J. Hartmann: "Catalyst Specialties Question Interpretation"
• Next in thread: Christopher M. Heffner: "RE: Catalyst Specialties Question Interpretation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

        Let's think about the wording of the question a little bit more here
though. They said to filter bpdu(s), not to guard against bpdus. Would
bpdufilter be a better answer than bpduguard? I think bpdufilter would be a
better answer here. Any comments?

Sincerely,
 
Dennis J. Hartmann
White Pine Communications
dh8@pobox.com /
CCSI#23402 / CCVP / CCIP / CCNP
Cisco Optical, VPN & IDS Specialist
MCSE
 

-----Original Message-----
From: Arun Arumuganainar [mailto:aarumuga@hotmail.com]
Sent: Monday, September 19, 2005 11:53 PM
To: Dennis J. Hartmann; ccielab@groupstudy.com
Subject: Re: Catalyst Specialties Question Interpretation

While answering a question . There could be a implicit answers and Explicit
answers .

Explicit Answer : Enable BPDU Filiter !!!!
Implicit Answer : Enable Portfast ( you can not enable bpdu guard feature )

I too do not agree with disabling STP as a solution to this problem . Port
fast with BPDU Guard looks much cleaner solution .

Thanks and Regards
Arun

----- Original Message -----
From: "Dennis J. Hartmann" <dennisjhartmann@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Tuesday, September 20, 2005 6:23 AM
Subject: Catalyst Specialties Question Interpretation

> I'm wondering how everyone would interpret the following question:
>
> Create VLAN 200 and assign port fast 0/20 to it on CAT2. Do not allow
BPDU
> traffic on this VLAN.
>
> The answer says to turn off STP on VLAN 200, but I disagree with
> this solution. Would turning off STP on a VLAN disallow STP traffic?
> I would think that STP could still propagate the switch, but it will
> not be interpretted by the switch because there will not be a static
> mac-address-table entry pointed to the CPU for this particular VLAN.
>
> I believe the solution is to enable one of the follwing commands
>
> (config-if)# spanning-tree portfast bpdufilter enable (the scenario
> did
not
> call for portfast though)
> (config-if)# spanning-tree bpdufilter enable (the scenario asked to
> not allow bpdu traffic on this VLAN. Since there's no global command
> that can not simultaneously filter the traffic from only VLAN 200, I
> think this is the correct answer). If there's any other ports in vlan
> 200, they must
have
> the same command applied to them.
> spanning-tree bpdufilter enable
>
>
> Comments?
>
> Sincerely,
>
> Dennis J. Hartmann
>
> White Pine Communications
>
> dh8@pobox.com
>
> CCSI#23402 / CCVP / CCIP / CCNP
>
> Cisco Optical, VPN & IDS Specialist
>
> MCSE
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Leigh Harrison: "Re: smurf attack"
• Previous message: Rajib Khan: "smurf attack"
• Maybe in reply to: Dennis J. Hartmann: "Catalyst Specialties Question Interpretation"
• Next in thread: Christopher M. Heffner: "RE: Catalyst Specialties Question Interpretation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3