[unisog] Cisco 2950 protected ports in residential halls
John C. Gale
jcgale at uncg.edu
Tue Nov 22 17:58:53 GMT 2005
UNCG implemented this in new replacement switch fabric in several
buildings during an upgrade earlier this year. Overall, it was a large
success. As some will point out, it will prevent some legitimate
computing use. However, the main use of the residential network on our
campus is Internet access. Anything that impedes the use of email,
instant messangers, and a web browser use is far worse to our users
(from their point of view) than intra building connections. The
reduction of noise and general pollution is seen as a large positive.
When the next big outbreak hits, I'm sure we'll enjoy the benefits even
more. It is harder to measure success in the lack of complaints
admittedly, but our users seem to not notice the difference.
We enabled other security features (1 mac per port, dhcp snooping, bpdu
guard, strom control, etc) at the same time and the only real fallout
was we did not have the errdisable recovery set initially. I would
remind you to set that up or you will have to manually chase them down
(if you are using any of these features). Once enabled, even these
features presented very few incidents while improving stability greatly.
More information about the unisog