Configuring manageable switch port to behave as unmanageable switch port

From Notes_Wiki

Home > Switch configuration notes > Configuring manageable switch port to behave as unmanageable switch port

Sometimes manageable switches when connected to a port may not work because of security settings done at other end. To use manageable switch in those situations we can disable all manageable features of the switch so that the switch at other end cant recognize manageable switch.

To make port behave as unmanageable, do following configuration changes

  1. Disable CDP on that port
    CDP is enabled by default and can give information about switch, its IP address, IOS information etc. Hence it is best to disable CDP on ports which connect to external network. Use 'no cdp enable' command on interface on which you want to disable CDP.
  2. Disable dynamic port configuration
    We can configure switch in 'switchport mode dynamic desirable'. In this configuration switch will try to use DTP (Dynamic Trunking Protocol) and try to negotiate switchport mode. To avoid this either configure port in access or trunk mode, or for additional safety configure 'switchport nonegotiate' to avoid use of DTP on given port.
  3. Disable STP for VLAN(s) being forwarded on given port
    The most distinguishing feature of manageable switches in their use of STP(Spanning Tree Protocol) to avoid loops in network. But this can be used to secure switch in manner such that as soon as switch receives BPDU (bpduguard) it should shutdown automatically. This can be used so that other manageable switches can't be connected to network end. So if the other end is getting shut automatically when connected to a manageable switch, we have to disable STP on VLANs being forwarded to the port. It is very important that all the switches where those VLANs are being forwarded, also do not use STP for those VLANs. Hence, on all the switches where those VLANs go, we have to disable STP for them. To disable STP for particular VLAN on some switch use 'no spanning-tree vlan <vlan_id>'.
  4. Do not use any link aggregation protocol
    The port should not be member of port-channel and hence should use protocol (LACP) Link Aggregation Control Protocol or Cisco's proprietary (PAgP) Port Aggregation Protocol.


Home > Switch configuration notes > Configuring manageable switch port to behave as unmanageable switch port

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Configuring_manageable_switch_port_to_behave_as_unmanageable_switch_port&oldid=5547"