John, If WindowsXP is bridging two NICs it actually runs spanning-tree. It is a very nice feature for L1 redundancy. Though in your scenario I don't really see why they think that's necessary. I'm planning to use this functionality in the upcoming Windows.NET server to multihome all my servers, as long as it supports the concept of a loopback or virtual interface for L3 connectivity, to two different switches to protect against 48 servers failing because a switch burns out. I just wish MS had an add-on for Windows2K Server with this functionality so I don't have to wait.
Check out these links: http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge /default.asp http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c ableguy/cg0102.asp Correct me if I'm wrong but, from what I gather in your previous postings, loops seem to be your main concern. You say that it may very well be justified that these users need up to 5 PCs in their cube, or that you don't really want to get into that fight (whichever way you want to put it). You also say that it is very hard to run new drops. Why don't you take the approach of supporting them then, and instead of going through the work of running new drops, provide them with a small switch that runs spanning-tree. A 1548M (8-port desktop chassis) would do nicely for around $1K list. It allows for up to 4 local VLANs so the techs can do whatever they want on their own little switch. It also runs CDP so you can keep track of where they are through management tools like CiscoWorks, etc. If they want to clog up their link to the rest of the network with 5 PCs doing whatever, why not let them (as long as they do it safely)? Check here for more info on the 1548M: http://www.cisco.com/en/US/products/hw/switches/ps211/index.html HTH Greg Reaume ""JohnZ"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Well, when I wrote the orginal post I knew I will have these questions. Basically the first layer of support or help desk if you will have more PCs then the drops in their cubes. This is an old building not meant for an IS staff so there is some frustration on their part. I am not going to question if there is a legit need for folks to have 5 PCs when there is infact a seperate staging area to set up and test pcs for users. Any ways they know enough to be dangerous and there is no standard on hubs and I have seen where folks have created loops. Now with Windows XP I have seen some configs where 2 nics have been bridged via software I am not sure with what intent. Although it's been made clear many times not to use hubs but this is never enforced and I did not want to spend my time daily trying to hunt down the lawless. So that's when I thought if I could config the switch this will discourage the hub usage or bridging within pcs. I hope that answers most of the questions here. ""David j"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > See inline.. > Chuck's Long Road wrote: > > > > as much of a rulemeister as I am, I still have to look at this > > from the user > > standpoint. Why are users throwing their own hubs onto the > > network? Is there > > a business case to be made? Is facilities too slow getting > > requested cable > > pulls done? > > > > what is the concern with a user plugging a hub in at the desk > > and then > > connected a couple of extra PC's? if the problem is one of dual > > homing by > > accident or otherwise, I can see the issue with spanning tree > > recalculations. But in a single home situation, what do you > > see as the > > issues? > > > > I see one issue: collisions, if you have a switched network you don't want > to deal with collisions that hubs normally produce. I have to recognize, > though, that hubs sometimes are very convenient and I'm the first on using > them. > > > when you say that "politically, it's a mess" what does that > > mean? high > > powered sales people throwing their weight around? management > > does not > > respect your input or concerns? something bad is happening, and > > it's rolling > > downhill? > > > In some environments it's politically unacceptable, I know some hospitals in > which you have to fill in a lot papers before being allowed to use a PC, so > in that environments this could perfectly be part of the policy. > > > I'm not questioning the wisdom or the necessity for doing what > > others have > > suggested. I'm just wondering why it is necessary for the > > network manager / > > network staff to unilaterally cut off user access. > > > > > > > > > > ""John Zaggat"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > Thanks guys that's pretty good information, but do you think > > in your > > opinion > > > is that good approach to deal with this problem. Do you see > > any caveats > > and > > > are there any other ways this can be dealt with. > > > ""Kevin Wigle"" wrote in message > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > take a look into Port Security. > > > > > > > > > > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > > > _guide_chapter09186a008007f2dd.html > > > > > > > > In the event of a security violation, you can configure the > > port to go > > > into > > > > shutdown mode or restrictive mode. The shutdown mode option > > allows you > > to > > > > specify whether the port is permanently disabled or > > disabled for only a > > > > specified time. The default is for the port to shut down > > permanently. > > The > > > > restrictive mode allows you to configure the port to remain > > enabled > > during > > > a > > > > security violation and drop only packets that are coming in > > from > > insecure > > > > hosts. > > > > > > > > Kevin Wigle > > > > > > > > > > > > ----- Original Message ----- > > > > From: "John Zaggat" > > > > To: > > > > Sent: Saturday, October 05, 2002 5:01 PM > > > > Subject: How to restrict hubs in a LAN [7:54937] > > > > > > > > > > > > > I am just trying to think of how to restrict Hubs from > > being used in > > the > > > > > LAN. Politically it's a mess and despite a lot of > > discussions certain > > > > people > > > > > are able to add hubs at will where ever they want. So I > > was trying to > > > > think > > > > > of a way to stop that within the switch. Now normally > > these ports that > > > the > > > > > hubs are connected to show several mac addresses when I > > do "show cam" > > > > which > > > > > gives me an idea is there any way to restrict host ports > > to only > > accept > > > > one > > > > > mac-address. I don't want to hardcode the mac-address > > because that > > would > > > > be > > > > > too much a administrative burden. But if I could restrict > > the port to > > > > accept > > > > > just one mac-address then that will make these hubs > > useless. Well > > > anyways > > > > > let me know if I am way off here but are there any other > > tricks in > > use > > > by > > > > > any of you guys. I'll appreciate any pointers. > > > > > JZ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54974&t=54937 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
