Unanswered Question


I Have to know:

1)in when/where we design/use Ip dhcp snooping?

2)when/where we design/configure switchport no-negotiate mode with bpdu filter enable on each access port as per spanning tree best practices?

3)when/where we design/configure Cisco Content Swiched Network?

4)i want a useful link incluse like this operation:

on 6509 Core Switch Migration from SUP1A to SUP720 FABRIC MSFC with redundancy sup720

ur reply is very much appreciate



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Rajat Chauhan Fri, 03/09/2007 - 23:59
User Badges:
  • Cisco Employee,

=>Features like DHCP snooping and DAI can be used to mitigate various ARP-based network exploits.

Please refer:



Ideally, in a campus network with L2 access design, we have dhcp server on distribution layer. Thus, we assign dhcp server ports as trusted and keep rest as untrusted so that we do not recieve any DHCP server type response from anywhere else in the network.

2) "switchport noneg" is typically used while connecting to routers or third party devices that do not support DTP, to prevent inconsistencies while link negotiation and results in unconditional trunking.

BPDU filtering is not recommended as such by any best practice, and neither would I. If an attacker connects to a port with bpdu filering, the port will lose portfast status and start participating in stp, and can damage the network to some extent. Whatmore, after he's through and you connect some authorized device, it would take default stp time = 20-50 sec for him to be on the network. Thus, I would recommend using BPDU Guard anyday over BPDU filtering.

For further references:


BPDU Filtering:

3) Cisco Content Switches Network typically refers to the data center/server farm deployments using various techniques/designs/devices for load balancing traffic and L4-L7 services across multiple servers.

Some useful links:

Please rate as applicable.


Rajat Chauhan


This Discussion