Default port states
I have a lab work book for BCMSN and it states that
dynamic auto
should be the default port state for switches (3560 and 2960)
I have some 3550 and 2950 and they default to dynamic desireable...
Is this a fundamental difference between the two switch types?
Thanks
dynamic auto
should be the default port state for switches (3560 and 2960)
I have some 3550 and 2950 and they default to dynamic desireable...
Is this a fundamental difference between the two switch types?
Thanks
encrypt the encryption, never mind my brain hurts.
Comments
-
lildeezul Member Posts: 404The default port state is not dynamic auto... it is dynamic desirable.
think about it, if the defualt port state was dynamic auto, then the switches will not form a trunk, becuase both will be waiting for a DTP packet to be sentNHSCA National All-American Wrestler 135lb -
tiersten Member Posts: 4,505Read the documentation for the newer switches. It states that the default is now dynamic auto instead of dynamic desirable.
-
tiersten Member Posts: 4,505lildeezul wrote:think about it, if the defualt port state was dynamic auto, then the switches will not form a trunk, becuase both will be waiting for a DTP packet to be sent
-
Netwurk Member Posts: 1,155 ■■■■■□□□□□Dynamic auto makes more sense as a default, since automatically forming trunks could potentially cause VTP and/or STP problems
-
lildeezul Member Posts: 404wow.. news to me... Thanks for the info..
i guess is does make since, so make it dynamic auto for security reasons, such as rouge switches..
thanks again for the update.NHSCA National All-American Wrestler 135lb -
mikearama Member Posts: 749I don't get how that's any improvement. So if I have a rogue switch, all I have to do is have my uplink port set to desirable, so it sends DTP packets, and I've got a trunk? Well that's tough to configure. NOT. I wonder who the big-earner at cisco is who thought that's more secure than nonegotiate (or even better... OFF) as a default.There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project. -
Mrock4 Banned Posts: 2,359 ■■■■■■■■□□I think it's more of to prevent you from mistakingly hooking up a switch with a lower STP priority causing an election, or from blowing away your VLAN assignments with a switch that has a high revision number. At least with it set to auto, you have to consciously want it to trunk, not just plug it in, and say "oops..network is down". I've seen this, I've done this, you don't want this.
FYI, I love the movie "you don't mess with the zohan" -
JavonR Member Posts: 245Mrock4 wrote:I think it's more of to prevent you from mistakingly hooking up a switch with a lower STP priority causing an election, or from blowing away your VLAN assignments with a switch that has a high revision number. At least with it set to auto, you have to consciously want it to trunk, not just plug it in, and say "oops..network is down". I've seen this, I've done this, you don't want this.
FYI, I love the movie "you don't mess with the zohan"
LOL. Nice. -
mikearama Member Posts: 749Great movie... especially if you're from Haustralia!There are only 10 kinds of people... those who understand binary, and those that don't.
CCIE Studies: Written passed: Jan 21/12 Lab Prep: Hours reading: 385. Hours labbing: 110
Taking a time-out to add the CCVP. Capitalizing on a current IPT pilot project. -
lildeezul Member Posts: 404yeah especially when the part when the zohan was going to take the son to the disco party, and he said... wait i will **** your mother 1 more time and then we will go....
ahahah thats the greeatest.NHSCA National All-American Wrestler 135lb -
dtlokee Member Posts: 2,378 ■■■■□□□□□□Not totally sure why Cisco changed it but the 3550 defaults to dynamic desirable and the 3560 defaults to dynamic auto. It could be a security issue but if somone plugs in a rogue switch that switch can still become the spanning tree root for the access vlan on the port it is plugged into, using something like BPDU Guard and Root guard are better choices for preventing rogue switches from becoming the root.The only easy day was yesterday!
-
Netwurk Member Posts: 1,155 ■■■■■□□□□□I think they try to balance letting the switches work right out of the box versus making sure they are secure.
Otherwise they would just ship them with all ports admin down (shut)