Solved: Access port issues noticed when using wireshark

parakiteiz · ‎08-03-2016

1. I noticed CDP on my workstation port I could see how this could be useful using a sniffer to know what port on a switch your are connected to. I found out running no cdp enable on that port prevent cdp advertisements on the port. Do most of you leave this turned off or on? If so is it a company policy to do so?

2. The next odd packet I saw running was spanning tree packet (BPDU?). I thought this is access port why would you see spanning tree on an access port? I used the command spanning-tree bpudguard enable thinking that would stop me from recieving bpdu's on an access port. This did not work, what command do you us just to not receive bpdu's?

3. The last one I find extremely weird is I receive eigrp hello packets from my core switch to this access layer switch. Should the eigrp just broadcast to other switches running eigrp?

johnd2310 · ‎08-03-2016

Hi,

1, This depends.If you have Cisco phones, you will need to have cdp enabled on the interfaces. If you are not using phones, you can disable cdp on interfaces.

2, Spanning-tree is a loop prevention mechanism. you want to use spanning tree on all interfaces where a loop can occur. You can introduce loops on access port if you connect a switch to that port. A switch will always send out bpdu packets on access ports unless you specifically configure the switch not to do so. Spanning-tree bpduguard is used to protect a port from bpdu packets. If a bpdu is received on a port with bpdu guard enabled, the port is shutdown because this is an invalid configuration. Bpdu guard does not filter bpdu packets on a port. If you would like to filter bpdu packets on an interface, you use spanning-tree bpdufilter. spanning-tree bpdufilter will stop bpdu packets being sent out an interface.

3, Eigrp hello packet are sent out all interfaces enabled for eigrp. To prevent eigrp packet going out all interfaces running eigrp, use the passive-interface command in eigrp configuration.

Thanks

John

**Please rate posts you find helpful**

View solution in original post

johnd2310 · ‎08-03-2016

Hi,

1, This depends.If you have Cisco phones, you will need to have cdp enabled on the interfaces. If you are not using phones, you can disable cdp on interfaces.

2, Spanning-tree is a loop prevention mechanism. you want to use spanning tree on all interfaces where a loop can occur. You can introduce loops on access port if you connect a switch to that port. A switch will always send out bpdu packets on access ports unless you specifically configure the switch not to do so. Spanning-tree bpduguard is used to protect a port from bpdu packets. If a bpdu is received on a port with bpdu guard enabled, the port is shutdown because this is an invalid configuration. Bpdu guard does not filter bpdu packets on a port. If you would like to filter bpdu packets on an interface, you use spanning-tree bpdufilter. spanning-tree bpdufilter will stop bpdu packets being sent out an interface.

3, Eigrp hello packet are sent out all interfaces enabled for eigrp. To prevent eigrp packet going out all interfaces running eigrp, use the passive-interface command in eigrp configuration.

Thanks

John

**Please rate posts you find helpful**