Re: Hub connected to an access port

Hi Joe,

 Thank you very much and thanks for the port-security feature suggestion
here.One question on this is,can we enable port security on access port in
addition to bpduguard/portfast feature.

Thanks

Regards
Anantha Subramanian Natarajan

On Sun, Jun 7, 2009 at 11:44 PM, Joe Astorino <jastorino_at_ipexpert.com>wrote:

> Well, I would use bpduguard as you said to start with...this will do what
> you want generally if somebody plugs in any kind of switch that actually
> runs STP. BUT regarding the hub like you said, or switches that just are
> not that advanced you have to dig deeper. How about port-security with a
> maximum of 1 MAC address? As soon as more than 1 user MAC address comes on
> the port, it will shut down. Of course they could technically have a hub
> plugged in with only 1 user but ... Not likely. I think those 2 things
> will
> solve about 99% of your issues.
>
>
> Regards,
>
> Joe Astorino
> CCIE #24347 (R&S)
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com <http://www.ipexpert.com/>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Anantha Subramanian Natarajan
> Sent: Monday, June 08, 2009 12:37 AM
> To: Cisco certification
> Subject: Hub connected to an access port
>
> Hi All,
>
> I am trying to find an soultion on the below requirement.Any help is
> really appreciated.
>
> The requirement is,an access port should be put in error disabled state if
> an switch or hub is connected to that port.I am assuming that having
> portfast enabled with bpdu guard feature on it would put the access port on
> error disable state if an switch is connected.One problem which I have in
> this solution is,if the connected switch has disabled BPDU on that port,how
> this access port would knaow about it and put the port in error disable
> state.
>
> Also,if the hub is connected,how the access port knows about it, as I am
> assuming, Spanning tree protocol only runs on bridges and switches which
> are
> 8012.1D compliant and so not in hub.I am thinking,may be I am wrong in this
> assumption.Kindly help me to understand the same.
>
> Any other method to acheive the same.
>
> Thanks for the assistance
>
> Regards
> Anantha Subramanian Natarajan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.339 / Virus Database: 270.12.54/2158 - Release Date: 06/07/09
> 05:53:00

Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 07 2009 - 23:52:22 ART