cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
776
Views
0
Helpful
2
Replies

Blocking cascading switches.

ronald.ramzy
Level 1
Level 1

Hi,

We have cisco 4507 ; all department 2960 switches get connected to it.

How could I block different departments from cascading switches with department switches.

cisco4507=========2960====cascaded-switch2960

2 Replies 2

andrew.prince
Level 10
Level 10

are you talking about devices on vlans not being able to talk to other devices on the same vlan but connected to a seperate switch - if the answer is yes, Private VLANS:-

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml

HTH>

c.captari
Level 1
Level 1

Set "spanning-tree portfast" on ports in which you do not expect a switch to be connected (in essence on ports on which no loop will occur due to a device being connected there).

Along with that set "spanning-tree bpduguard enable"

When connecting a switch to a bpdu guard enabled port, this port will become disabled automatically as spanning tree bpdu messages are not expected to come from those ports.

You may want to read more about bpdu guard

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

This can have limited success though if anyone puts in a switch without spanning tree running on it.

If that's the case a solution to consider is to limit the number of mac addresses that are allowed to communicate on that port.

If on any port the number of hosts is expected to be 1 (there will be 2 if on that port there is an ip phone as well) adjust the allowed maximum mac-addresses on that port.

This is done by enabling port-security

switchport port-security

switchport port-security maximum 1

switchport port-security violation {protect | restrict | shutdown}

for further information read

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco