Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
597
Views
0
Helpful
1
Replies

Access port issues noticed when using wireshark

Go to solution
parakiteiz
Level 1
Level 1

‎08-03-2016 11:04 AM - edited ‎03-08-2019 06:52 AM

1.  I noticed CDP on my workstation port I could see how this could be useful using a sniffer to know what port on a switch your are connected to. I found out running no cdp enable on that port prevent cdp advertisements on the port. Do most of you leave this turned off or on?  If so is it a company policy to do so?

2. The next odd packet I saw running was spanning tree packet (BPDU?).  I thought this is access port why would you see spanning tree on an access port?  I used the command spanning-tree bpudguard enable thinking that would stop me from recieving bpdu's on an access port.  This did not work, what command do you us just to not receive bpdu's?

3.  The last one I find extremely weird is I receive eigrp hello packets from my core switch to this access layer switch. Should the eigrp just broadcast to other switches running eigrp?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
johnd2310
Level 8
Level 8

‎08-03-2016 05:30 PM

Hi,

1, This depends.If you have Cisco phones, you will need to have cdp enabled on the interfaces. If you are not using phones, you can disable cdp on interfaces.

2, Spanning-tree is a loop prevention mechanism. you want to use spanning tree on all interfaces where a loop can occur. You can introduce loops on access port if you connect a switch to that port. A switch will always send out bpdu packets on access ports unless you specifically configure the switch not to do so. Spanning-tree bpduguard  is used to protect a port from bpdu packets. If a bpdu is received on a port with bpdu guard enabled, the port is shutdown because this is an invalid configuration. Bpdu guard does not filter bpdu packets on a port. If you would like to filter bpdu packets on an interface, you use spanning-tree bpdufilter. spanning-tree bpdufilter will stop bpdu packets being sent out an interface.

3, Eigrp hello packet are sent out all interfaces enabled for eigrp. To prevent eigrp packet  going out all interfaces running eigrp, use the passive-interface command in eigrp configuration.

Thanks

John

**Please rate posts you find helpful**

View solution in original post

0 Helpful
1 Reply 1

Go to solution
johnd2310
Level 8
Level 8

‎08-03-2016 05:30 PM

Hi,

1, This depends.If you have Cisco phones, you will need to have cdp enabled on the interfaces. If you are not using phones, you can disable cdp on interfaces.

2, Spanning-tree is a loop prevention mechanism. you want to use spanning tree on all interfaces where a loop can occur. You can introduce loops on access port if you connect a switch to that port. A switch will always send out bpdu packets on access ports unless you specifically configure the switch not to do so. Spanning-tree bpduguard  is used to protect a port from bpdu packets. If a bpdu is received on a port with bpdu guard enabled, the port is shutdown because this is an invalid configuration. Bpdu guard does not filter bpdu packets on a port. If you would like to filter bpdu packets on an interface, you use spanning-tree bpdufilter. spanning-tree bpdufilter will stop bpdu packets being sent out an interface.

3, Eigrp hello packet are sent out all interfaces enabled for eigrp. To prevent eigrp packet  going out all interfaces running eigrp, use the passive-interface command in eigrp configuration.

Thanks

John

**Please rate posts you find helpful**
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card