Follow Us

On the Frontline

When it comes to router features, less is more

The other week I had a bit of a rant about people not spending enough time configuring network devices—basically letting the networks do their own thing. I should have known better.

Last week I was in seeing a company that wanted some design advice—the (mainly Cisco-based) network was growing pretty dramatically, and they wanted to be sure it was built so that they could add to it without major upheaval. I started having a look at some of the configurations and one thing instantly sprang to mind.

“Okay guys, who’s studying for their Cisco exams?”

Every feature known to man (or at least to Cisco IOS developers) was enabled somewhere. Some were set up in one part of the network; some in others. The same thing was done in different ways in different places. Some things were configured where they couldn’t possibly work, and some just didn’t make sense at all.

An example: Spanning Tree (I know it keeps cropping up, but we haven’t yet figured out how to do away with it completely). There’s this thing called BPDUGuard — if you configure it on a port on a switch, it tells the switch that it shouldn’t be seeing BPDUs on that port. It’s a user port or something. If the switch does see a BPDU, then it should shut the port down, because someone’s plugged in a switch somewhere they shouldn’t.

There’s also another feature called RootGuard that you can set. Configure that one on a switch port, and the port is quite happy unless it receives a BPDU that claims that the Spanning Tree root bridge is connected out that port (called a superior BPDU), at which point it will shut the port down to prevent rogue root bridges playing havoc with your Spanning Tree layout.

These are both excellent features to configure—but not on the same port! Spot the issue? BPDUGuard will shut the port down if it sees any BPDU. So what’s RootGuard supposed to be doing?

Okay it might not cause a major problem—after all, neither of these features will kick in until someone connects the wrong thing to the switch, and then it’s their own fault anyway. But they’re not designed to work together like that, it’s a bad config, and it’s likely to confuse matters at 3am when some poor soul is called out for a fault and is trying to understand the configuration.

Just because there are thousands of possible commands listed in the command reference doesn’t mean you have to use them all. If you want to see how something works, by all means try it out, but don’t leave it there after, In fact, you shouldn’t be experimenting on live networks anyway—that’s what test networks are for, remember?

Just as too little control and configuration is bad, so is too much. Especially when the configurations you’re saving conflict with each other. It’s a waste of time, the configs get too big and complex, and troubleshooting becomes a nightmare. Pick the key features that you need to protect your network, and that make sense in your environment, and apply them consistently. This is a production network—not a playground.

Tags: bpduguard, cisco, ios, rootguard, routers, spanning tree

RSSSubscribe to this blog

More from Techworld

More relevant IT news

Contact Us

For editorial queries:
Mike Simons

For website issues:

For commercial queries
Russell Kearney

For more contact details click here.

Email this to a friend

* indicates mandatory field

Techworld White Papers

Optimising data protection for virtual environments

VM environments require the same level of data protection as does the physical server environment. Companies may use data protection tools built for the physical environment in the virtual world, but this has serious disadvantages.

Download Whitepaper

PCI Compliance: Are UK businesses ready?

Exploring the results of a recent survey, including: ? Levels of understanding of the standard ? Current perceptions of actual compliance status ? Attitudes toward addressing compliance

Download Whitepaper

Mobility Management for Dummies

Your complete guide to managing and securing mobile devices such as laptops and smartphones.

Download Whitepaper

Magic Quadrant for midrange and high-end NAS solutions

It is difficult to find one midrange or high-end NAS product that can cater to all needs. File systems embedded in NAS are often designed to solve one major pain point, with additional features being added later to broaden use cases and benefits.

Download Whitepaper

Techworld UK - Technology - Business

Oracle Video

Enabling agile and intelligent businesses

 Changing markets, competitive pressures and evolving customer needs are placing increasing pressure on IT to deliver greater flexibility and speed. Explore truly flexible SOA foundations with this Oracle video.

COLT White Paper

IT Misuse Survey

Complete this survey and you could win a Nexus One

Techworld are running a short survey to discover how UK businesses are managing Internet and email misuse in the Enterprise.

Complete Survey

Complete our survey and you could win a Sony E-book Reader.
Techworld have teamed up with HP to compile a survey relating to server virtualisation. Complete the short survey and you could be the lucky winner of a Sony E-book reader.

Complete the survey here

Site Map