Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentCatalyst 6880-X
31323334353637383940
Access Layer April 2014
29
Step 4: Configure ARP inspection on the data and voice VLANs.
ip arp inspection vlan [data vlan],[voice vlan]
Step 5: Configure the Bridge Protocol Data Unit (BPDU) Guard global setting to protect PortFast-enabled
interfaces.
spanning-tree portfast bpduguard default
This automatically disables any PortFast-enabled interface if it receives BPDUs protecting against an accidental
topology loop which could cause data packet looping and disrupt switch and network operation. You configure
the PortFast feature for interfaces in a later step.
If a PortFast-configured interface receives a BPDU, an invalid configuration exists, such as the connection of
an unauthorized device. The BPDU guard feature prevents loops by moving a nontrunking interface into an
errdisable state when a BPDU is received on an interface when PortFast is enabled.
Figure 11 - Scenario that BPDU Guard protects against
2093
Loop caused by mis-cabling the switch
User-Installed
Lo
w-End Switch
Access-Layer
Switch
Spanning tree doesn’t detect the
loop because PortFast is enabled
Procedure 4 Configure client connectivity
To make configuration easier when the same configuration is applied to multiple interfaces on the switch, use
the interface range command. This command allows you to issue a command once and have it apply to many
interfaces at the same time. Since most of the interfaces in the access layer are configured identically, it can
save a lot of time. For example, the following command allows you to enter commands on all 24 interfaces (Gig
0/1 to Gig 0/24) simultaneously.
interface range GigabitEthernet 0/1-24
Step 1: Configure switch interfaces to support clients and IP phones.
The host interface configurations support PCs, phones, or wireless access points. Inline power is available on
switches that support 802.3AF/AT for capable devices.
interface range [interface type] [port number]–[port number]
switchport access vlan [data vlan]
switchport voice vlan [voice vlan]
Step 2: Because only end-device connectivity is provided at the access layer, optimize the interface for device
connectivity by applying the switchport host command.
switchport host
This command does three things: it applies switchport access mode, which disables negotiation of trunking, and
enables participation as an access port in a VLAN; it enables PortFast, which moves the interface directly into
spanning-tree forwarding state, reducing the time it takes for the interface to start forwarding packets; it also
disables any channel-group configuration, which is incompatible with an access configuration.