Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Blocking cascading switches.

Hi,

We have cisco 4507 ; all department 2960 switches get connected to it.

How could I block different departments from cascading switches with department switches.

cisco4507=========2960====cascaded-switch2960

2 REPLIES

Re: Blocking cascading switches.

are you talking about devices on vlans not being able to talk to other devices on the same vlan but connected to a seperate switch - if the answer is yes, Private VLANS:-

http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008013565f.shtml

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a0080094830.shtml

HTH>

New Member

Re: Blocking cascading switches.

Set "spanning-tree portfast" on ports in which you do not expect a switch to be connected (in essence on ports on which no loop will occur due to a device being connected there).

Along with that set "spanning-tree bpduguard enable"

When connecting a switch to a bpdu guard enabled port, this port will become disabled automatically as spanning tree bpdu messages are not expected to come from those ports.

You may want to read more about bpdu guard

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

This can have limited success though if anyone puts in a switch without spanning tree running on it.

If that's the case a solution to consider is to limit the number of mac addresses that are allowed to communicate on that port.

If on any port the number of hosts is expected to be 1 (there will be 2 if on that port there is an ip phone as well) adjust the allowed maximum mac-addresses on that port.

This is done by enabling port-security

switchport port-security

switchport port-security maximum 1

switchport port-security violation {protect | restrict | shutdown}

for further information read

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/port_sec.html

201
Views
0
Helpful
2
Replies