Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
456
Views
0
Helpful
3
Replies

Access Ports at Distribution Layer

Go to solution
mark.j.hodge
Level 3
Level 3

‎07-09-2007 07:26 AM - edited ‎03-05-2019 05:11 PM

In the Cisco BCMSN Study-Guide it says that Root Guard should be applied on Access Ports at the Distribution Layer. I am a little perplexed, I thought the Distribution Layer is intended as an aggregation of Access Layer, and a translation from Layer2 to Layer3 traffic. Therefore what, if any, devices are appropriate for the Distribution Layer switches?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gearnsc
Level 1
Level 1
In response to mark.j.hodge

‎07-09-2007 08:22 AM

Your access layer may consist of dumb layer 2 switches which are not capable of trunking forcing you to use access ports in your distribution layer to put those hosts connected to those access switches in the correct vlan. For security reasons you may also want to limit the number of trunks in a network to prevent vlan hopping or double tagging attacks.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Amit Singh
Cisco Employee
Cisco Employee

‎07-09-2007 07:38 AM

Mark,

In a redundant configuration, your distribution layer switches are configured as Primary and secondry root bridges for you access layer switches. To maintain a stable topology it is always suggested enable root guard on all ports where the root bridge should not appear. In a way, you can configure a perimeter around the part of the network where the STP root is able to be located.

Please see the link below for more understanding :

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00800ae96b.shtml

HTH,Please rate if it does.

-amit singh

0 Helpful

Go to solution
mark.j.hodge
Level 3
Level 3
In response to Amit Singh

‎07-09-2007 08:06 AM

Amit,

I don't have a problem with Root Guard, that seems straightforward enough. What I don't get is why there would be Access Ports at the Distribution Layer. Surely Access Ports should be at the Access Layer, hence the name, at least in a perfect Cisco modelled environment. In real life things may be different.

0 Helpful

Go to solution
gearnsc
Level 1
Level 1
In response to mark.j.hodge

‎07-09-2007 08:22 AM

Your access layer may consist of dumb layer 2 switches which are not capable of trunking forcing you to use access ports in your distribution layer to put those hosts connected to those access switches in the correct vlan. For security reasons you may also want to limit the number of trunks in a network to prevent vlan hopping or double tagging attacks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card