RE: Simple Interpretation Question.

From: Victor Cappuccio (cvictor@protokolgroup.com)
Date: Thu Dec 15 2005 - 16:54:52 GMT-3

• Next message: Henk de Tombe: "RE: IEWB 3.0 - 10.1 command accounting to syslog?"
• Previous message: Chris Lewis: "Re: MQC ?"
• Maybe in reply to: Victor Cappuccio: "Simple Interpretation Question."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

aaaaaaaaaaaaaaaaa ok, Thanks that clarify a lot!!!

  _____

De: Chris Lewis [mailto:chrlewiscsco@gmail.com]
Enviado el: jueves, 15 de diciembre de 2005 15:50
Para: Victor Cappuccio
CC: ccielab@groupstudy.com
Asunto: Re: Simple Interpretation Question.

Victor,

I believe for bpdu guard the functionality with turning it on globally is
the same as turning it on at the interface, so from that perspective I have
been told to treat the exam like an emperor that does not really know what
he wants, but when he wants something, he wants exactly what he asked for,
nothing more and nothing less, so my inclination would be to apply it to the
interface.

However, BPDU filter does have a different behavior if you apply it globally
compared to at the interface. If BPDU filter is applied globally with
portfast, the effect is that BPDU filter will enable the switch to take a
port out of portfast state if a BPDU is detected, whereas applying BPDU
filter at the interface is like creating a boundary, no BPDUs pass the
interface either inbound or outbound.

Chris

On 12/15/05, Victor Cappuccio <cvictor@protokolgroup.com> wrote:

Hello Guys

Ok a simple one, this is more an interpretation question than a Technical
Problem..

Ports in vlan 2, is presenting a problem with convergence time so the
administrator has decided to configure port-fast..

Here is how we configure that,
http://www.cisco.com/en/US/products/hw/switches/ps646/products_configuration
_guide_chapter09186a00800c9fde.html#93249

More simple than that could not be.

Now the interpretation question.

In Order to prevent problems in the future ensure that any port in Vlan 2
will be shut down if a device running spanning-tree protocol is detected (We
need to guard from others <the way that this fits in my mind)

Vlan 2 has 2 interfaces fa0/10 and fa0/11, in switch 1

So we can do this by configuring bpud-guard, in global process or at
interface level..

If I do it at interface level (with or without the use of smart ports) to
all ports of Vlan 2 will be the same as doing it at Global Level??

http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12225sec/3550scg/s

wstpopt.htm#wp1051443

My question here is because we could also have other ports in other vlans
(not indicated in the wording) using PortFast, and if we configure this at
global level would not be correct right?? And also the only difference I can

see is that BPDU Guard will also work at Interface level without turning on
PortFast?

Thanks

Victor.

• Next message: Henk de Tombe: "RE: IEWB 3.0 - 10.1 command accounting to syslog?"
• Previous message: Chris Lewis: "Re: MQC ?"
• Maybe in reply to: Victor Cappuccio: "Simple Interpretation Question."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:51 GMT-3