Bill H
asked on
Cisco 3550 Switch Configuration
I am configuring a Cisco 3550 48 Port switch for a small office, and they dont have or need anything special. Now from a design perspective, I was thinking about what to beyond the basic configuration. So far I came up with shutting down unused ports, and setting up broadcast storm protection on each port (shut down at a certain level). Is there anything else you guys have found useful in your SMB setups?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You always want to have spanning tree enabled, and rapid is the improved version of spanning tree over the default mode of spanning tree that your switch will run. While you may only have one switch, there is always the possibility of someone plugging a dumb switch/hub at their desk into a port and then looping it somehow.
ASKER
Soulja,
Do you know what threshold i should use for the broadcast storm control?
Do you know what threshold i should use for the broadcast storm control?
Honestly the threshold is up to you. Just make sure make sure you set both multicast and broadcast to equal thresholds and never have multicast lower than broadcast.
ASKER
Do I need to put in a multicast threshold?
In your simple setup, I would just setup broadcast and maybe unicast storm control.
to explain these:
spanning-tree portfast
spanning-tree bpduguard enable
"portfast" ensures that an access port (i.e. end-user port not a trunk) will transition directly to a spanning-tree forwarding state without waiting for the spanning-tree topology to fully converge.
"bpduguard" prevents a loop in the network from occuring in the case where a switch is connected to an access port using portfast. Because the portfast doesn't wait for convergence to occur if another switch was connected to this port a loop could occur in the network. If a port configured with bpduguard receives a bpdu from another switch the port is error disabled.
--IJ
spanning-tree portfast
spanning-tree bpduguard enable
"portfast" ensures that an access port (i.e. end-user port not a trunk) will transition directly to a spanning-tree forwarding state without waiting for the spanning-tree topology to fully converge.
"bpduguard" prevents a loop in the network from occuring in the case where a switch is connected to an access port using portfast. Because the portfast doesn't wait for convergence to occur if another switch was connected to this port a loop could occur in the network. If a port configured with bpduguard receives a bpdu from another switch the port is error disabled.
--IJ
ASKER
For portfast, if i enable this and someone connects a switch to this port, would spanning-tree still detect this loop?
For bpduguard, would that shut a non-cisco or hp switch down (say an unmanaged netgear or dlink switch) i'm not sure if these switches send out bpdu's.
For bpduguard, would that shut a non-cisco or hp switch down (say an unmanaged netgear or dlink switch) i'm not sure if these switches send out bpdu's.
If someone plugs in a switch and you have Rapid PVST mode, the switch will detect the bpdu's coming into the port and will switch that port from and edge port (portfast) to a normal STP port. Plugging a switch into the port won't necessarily cause a loop, but the possibility is possible if the conditions are met.
If the switch doesn't send bpdu's then the port will not go err-disable.
If the switch doesn't send bpdu's then the port will not go err-disable.
For portfast, if i enable this and someone connects a switch to this port, would spanning-tree still detect this loop?
Not without bpduguard - that's what it's for
bpduguard applies to the local Cisco switch.
Not without bpduguard - that's what it's for
bpduguard applies to the local Cisco switch.
ASKER
Thanks soulja. So do unmanaged dlink or netgear switches send out bpdus?
Thanks soulja. So do unmanaged dlink or netgear switches send out bpdus?
If the switch supports spanning tree it will send out bpdu's.
If the switch supports spanning tree it will send out bpdu's.
ASKER
I understand the vlan and ip info.