> > ""Erick B."" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Greg, > > Windows XP does this by default in some situations.
Talk about giving the users enough rope to hang themselves! ;-) I guess Microsoft does that as much as Cisco does. One final comment on the idea of giving the users a low-end switch. The comment also applies to the XP machine becoming a bridge. You will want to have good control of which switch in your campus network becomes the root, using the various Cisco featuers like root guard, etc. This could make for a great troubleshooting exercise. Have a low-end user's Windows XP machine become the root of a large campus network and see what happens!? Anyway, please keep us posted if you can, John. It will be informative for us all to learn how you work this out, even if the major issues are L8 and not the more technical lower layers. Thanks. _______________________ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > If > you have a PC with a Ethernet NIC and firewire > adapter, it will bridge the 2 interfaces together and > create a logical L3 interface that the protocols are > bound to all by default. > > --- Greg Reaume wrote: > > John, > > > > If WindowsXP is bridging two NICs it actually runs > > spanning-tree. It is a > > very nice feature for L1 redundancy. Though in your > > scenario I don't really > > see why they think that's necessary. I'm planning to > > use this functionality > > in the upcoming Windows.NET server to multihome all > > my servers, as long as > > it supports the concept of a loopback or virtual > > interface for L3 > > connectivity, to two different switches to protect > > against 48 servers > > failing because a switch burns out. I just wish MS > > had an add-on for > > Windows2K Server with this functionality so I don't > > have to wait. > > > > Check out these links: > > > > > http://www.microsoft.com/WindowsXP/pro/techinfo/administration/homenetbridge > > /default.asp > > > > > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/c > > ableguy/cg0102.asp > > > > > > > > Correct me if I'm wrong but, from what I gather in > > your previous postings, > > loops seem to be your main concern. You say that it > > may very well be > > justified that these users need up to 5 PCs in their > > cube, or that you don't > > really want to get into that fight (whichever way > > you want to put it). You > > also say that it is very hard to run new drops. Why > > don't you take the > > approach of supporting them then, and instead of > > going through the work of > > running new drops, provide them with a small switch > > that runs spanning-tree. > > > > A 1548M (8-port desktop chassis) would do nicely for > > around $1K list. It > > allows for up to 4 local VLANs so the techs can do > > whatever they want on > > their own little switch. It also runs CDP so you can > > keep track of where > > they are through management tools like CiscoWorks, > > etc. If they want to clog > > up their link to the rest of the network with 5 PCs > > doing whatever, why not > > let them (as long as they do it safely)? > > > > Check here for more info on the 1548M: > > > http://www.cisco.com/en/US/products/hw/switches/ps211/index.html > > > > HTH > > > > Greg Reaume > > > > > > > > ""JohnZ"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Well, when I wrote the orginal post I knew I will > > have these questions. > > Basically the first layer of support or help desk if > > you will have more PCs > > then the drops in their cubes. This is an old > > building not meant for an IS > > staff so there is some frustration on their part. I > > am not going to question > > if there is a legit need for folks to have 5 PCs > > when there is infact a > > seperate staging area to set up and test pcs for > > users. Any ways they know > > enough to be dangerous and there is no standard on > > hubs and I have seen > > where folks have created loops. Now with Windows XP > > I have seen some configs > > where 2 nics have been bridged via software I am not > > sure with what intent. > > Although it's been made clear many times not to use > > hubs but this is never > > enforced and I did not want to spend my time daily > > trying to hunt down the > > lawless. So that's when I thought if I could config > > the switch this will > > discourage the hub usage or bridging within pcs. I > > hope that answers most of > > the questions here. > > ""David j"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > See inline.. > > > Chuck's Long Road wrote: > > > > > > > > as much of a rulemeister as I am, I still have > > to look at this > > > > from the user > > > > standpoint. Why are users throwing their own > > hubs onto the > > > > network? Is there > > > > a business case to be made? Is facilities too > > slow getting > > > > requested cable > > > > pulls done? > > > > > > > > what is the concern with a user plugging a hub > > in at the desk > > > > and then > > > > connected a couple of extra PC's? if the problem > > is one of dual > > > > homing by > > > > accident or otherwise, I can see the issue with > > spanning tree > > > > recalculations. But in a single home situation, > > what do you > > > > see as the > > > > issues? > > > > > > > > > > I see one issue: collisions, if you have a > > switched network you don't want > > > to deal with collisions that hubs normally > > produce. I have to recognize, > > > though, that hubs sometimes are very convenient > > and I'm the first on using > > > them. > > > > > > > when you say that "politically, it's a mess" > > what does that > > > > mean? high > > > > powered sales people throwing their weight > > around? management > > > > does not > > > > respect your input or concerns? something bad is > > happening, and > > > > it's rolling > > > > downhill? > > > > > > > In some environments it's politically > > unacceptable, I know some hospitals > > in > > > which you have to fill in a lot papers before > > being allowed to use a PC, > > so > > > in that environments this could perfectly be part > > of the policy. > > > > > > > I'm not questioning the wisdom or the necessity > > for doing what > > > > others have > > > > suggested. I'm just wondering why it is > > necessary for the > > > > network manager / > > > > network staff to unilaterally cut off user > > access. > > > > > > > > > > > > > > > > > > > > ""John Zaggat"" wrote in message > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > Thanks guys that's pretty good information, > > but do you think > > > > in your > > > > opinion > > > > > is that good approach to deal with this > > problem. Do you see > > > > any caveats > > > > and > > > > > are there any other ways this can be dealt > > with. > > > > > ""Kevin Wigle"" wrote in message > > > > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > > take a look into Port Security. > > > > > > > > > > > > > > > > > > > > > > > > > > > http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration > > > > > > _guide_chapter09186a008007f2dd.html > > > > > > > > > > > > In the event of a security violation, you > > can configure the > > > > port to go > > > > > into > > > > > > shutdown mode or restrictive mode. The > > shutdown mode option > > > > allows you > > > > to > > > > > > specify whether the port is permanently > > disabled or > > > > disabled for only a > > > > > > specified time. The default is for the port > > to shut down > > > > permanently. > > > > The > > > > > > restrictive mode allows you to configure the > > port to remain > > > > enabled > > > > during > > > > > a > > > > > > security violation and drop only packets > > that are coming in > > > > from > > > > insecure > > > > > > hosts. > > > > > > > > > > > > Kevin Wigle > > > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > From: "John Zaggat" > > > > > > To: > > > > > > Sent: Saturday, October 05, 2002 5:01 PM > > > > > > Subject: How to restrict hubs in a LAN > > [7:54937] > > > > > > > > > > > > > > > > > > > I am just trying to think of how to > > restrict Hubs from > > > > being used in > > > > the > > > > > > > LAN. Politically it's a mess and despite a > > lot of > > > > discussions certain > > > > > > people > > > > > > > are able to add hubs at will where ever > > they want. So I > > > > was trying to > > > > > > think > > > > > > > of a way to stop that within the switch. > > Now normally > > > > these ports that > > > > > the > > > > > > > hubs are connected to show several mac > > addresses when I > > > > do "show cam" > > > > > > which > > > > > > > gives me an idea is there any way to > > restrict host ports > > > > to only > > > > accept > > > > > > one > > > > > > > mac-address. I don't want to hardcode the > > mac-address > > > > because that > > > > would > > > > > > be > > > > > > > too much a administrative burden. But if I > > could restrict > > > > the port to > > > > > > accept > > > > > > > just one mac-address then that will make > > these hubs > > > > useless. Well > > > > > anyways > > > > > > > let me know if I am way off here but are > > there any other > > > > tricks in > > > > use > > > > > by > > > > > > > any of you guys. I'll appreciate any > > pointers. > > > > > > > JZ > [EMAIL PROTECTED] > > > __________________________________________________ > Do you Yahoo!? > Faith Hill - Exclusive Performances, Videos & More > http://faith.yahoo.com > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=55036&t=54937 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
