Dan Letkeman wrote: > On Wed, Mar 5, 2008 at 4:42 PM, <[EMAIL PROTECTED]> wrote: >> switchport nonegotiate - so link cant become a trunk with malicious >> endpoint, spanning-tree portfast, (its not a trunk)
This is OT for this discussion but nonegotiate doesn't actually prevent a trunk from forming. It's a common misconception, one that I used to suffer from myself. The possible modes are: Acccess - Forces non-trunking mode and will negotiate to set up non-trunking links (though I don't know of a case when this negotiation actually does something) Dynamic Desirable - default for all LAN interfaces - makes the port use DTP to negotiate a trunk if possible but will fall back to access if needed. To create a trunk the neighbor must be auto, desirable or trunk. Dynamic Auto - Same as Desirable only the other side must be either a trunk of desirable port. Trunk - Forces trunking and negotiates to set up trunks with Desirables and Autos. No-negotiate - Forces trunking but will not negotiate anything. So by setting ports to nonegotiate you're actually forcing the port into trunk mode. The wording is a little weird unless the admin has a clear understanding of the 5 possible modes, even when most people only ever use 2 of them. Justin _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
