> 'switchport nonegotiate' is more tricksie than that - it stops the ends of > the link from negotiating whether they are trunk or access - ie it stops > a host from asking an access port to become a trunk...or a trunk > link from providing just an access layer. its a security mechanism > and isnt to be confused with speed/duplex. best practice is to > use it on edge ports to stop Mr Haxor from asking for a trunk link and > all the VLANs that the switch knows
I would say that in service provider networks, best practice is to use "switchport nonegotiate" on all links between Cisco switches - because you *really* want this (trunk or access) to be hard coded. Steinar Haug, Nethelp consulting, sth...@nethelp.no _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
