Cisco 3500 switch, PIX 525 and PortFast

Discussion in 'Cisco' started by Gary, Apr 7, 2004.

  1. Gary

    Gary Guest

    From what I read a switch to Pix should be hardcoded 100MB/Full but as the
    PIX is layerIII should the switch also have portfast set ?

    Can this cause any problems or is it just to stop the listening/learning
    phases so should always be applied as standard ?

    Apart from 100MB Full/Portfast what else should be applied as standard if

    Many thanks
    Gary, Apr 7, 2004
    1. Advertisements

  2. Gary

    chris Guest

    There's no real reason to set the portfast option. It only comes into
    play when the link first comes up. It is normally set for clients
    that use DHCP to avoid the initial blocking that interfers with a
    client sending out a DHCP request.
    chris, Apr 8, 2004
    1. Advertisements

  3. Gary

    SysAdm Guest

    wrote in
    So what if the primary pix fails ? Do you wanna wait till SPT goes
    through its full cycle until your secondary pix becomes active ?

    Rule of thumb with connectivity to FWs is make set the L2 port as

    SysAdm, Jun 27, 2004
  4. Gary

    Kevin Widner Guest

    Actually the secondary pix will have negotiated a link already, you
    will not have to wait for the STP negotiations for the secondary pix
    to take over. However, I would still recommend portfast on a port that
    the PIX connects to.

    When do you not want to use it? Portfast should be disabled on any
    port where you might see a spanning tree BPDU come from, this is
    generally only other switches, hubs, or routers. However, just because
    you turn portfast on, that doesn't mean that you have turned spanning
    tree off for that port, it's just that the switch will not do a check
    for loops before bringing up the port. If BPDU's are recieved on that
    port a standard STP calculation will take place and may end up putting
    the port in blocking mode, but the damage from a possible loop may
    have already been done by this point.

    Why should you use it, other than helping DHCP hosts which was
    mentioned above, and MS domain authentication, a better reason might

    Every time a link becomes active and moves to the forwarding state in
    STP, the switch will send a special STP packet named a Topology Change
    Notification (TCN). The TCN notification is passed up to the root of
    the Spanning Tree where it is propagated to all the switches in the
    VLAN. This causes all the switches to age out their table of MAC
    addresses using the forward delay parameter, which is usually set to
    15 seconds. So every time a workstation joins the bridge group, the
    MAC addresses on all the switches will be aged out after 15 seconds
    instead of the normal 300 seconds.

    When a workstation becomes active, it does not change the topology to
    any significant degree. As far as all the switches in the VLAN are
    concerned, it is unnecessary for them to have to go through the
    fast-aging TCN period. If you turn on PortFast, the switch will not
    send TCN packets when a port becomes active.
    Kevin Widner, Jul 16, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.