Cisco Switch Help!

[PlenumRated]

Hello everyone, I have 2 Cisco 3750 Catalyst switches that I use for my home network. When a link is first initialized, the switch takes over 30 seconds to be fully ready to pass traffic. Before then I have no DNS or DHCP etc. I want to disable this feature if possible but I don't know what to call the feature. I know that in Dell switches there is a feature like this to save power but I want to disable this. 

 

 

Thanks, 

Matthew

 

[brwainer]

If you have STP enabled then this is normal. The time you are waiting is so that the switch can make sure enabling that port won't cause a loop in the network - specfically the reason STP is used. RSTP makes this quicker, a few seconds I believe. Or you can disable both completely and just rely on your management skills to prevent causing a loop.

[Lurick]

You need to enable 'spanning-tree portfast' on the ports.

[harry4742]

On 11.7.2017 at 6:18 PM, Lurick said:

You need to enable 'spanning-tree portfast' on the ports.

And please add the bpdu guard

[Sir Asvald]

16 hours ago, harry4742 said:

And please add the bpdu guard

Why? No one will be plugging any switches through the ports. 

[Lurick]

19 minutes ago, Abdul201588 said:

Why? No one will be plugging any switches through the ports. 

There's always the chance of someone doing so  

[Sir Asvald]

11 minutes ago, Lurick said:

There's always the chance of someone doing so  

Use mac address sticky on the ports. 

[Lurick]

1 minute ago, Abdul201588 said:

Use mac address sticky on the ports. 

I know of a production network that killed all the wireless on a campus that went on for months because of someone somehow plugging an old switch into the distribution/core switches and stealing the priority for just the wireless VLAN but only when the firmware was a certain level on the wireless APs so it was hell to troubleshoot since it was intermittent as well. Always better to be safe than sorry, never know when a port will sit unused until someone plugs in a switch. Sticky + BPDUGuard for extra safeness.

[Sir Asvald]

23 minutes ago, Lurick said:

I know of a production network that killed all the wireless on a campus that went on for months because of someone somehow plugging an old switch into the distribution/core switches and stealing the priority for just the wireless VLAN but only when the firmware was a certain level on the wireless APs so it was hell to troubleshoot since it was intermittent as well. Always better to be safe than sorry, never know when a port will sit unused until someone plugs in a switch. Sticky + BPDUGuard for extra safeness.

Or turn off unused ports? best security feature ever.  

[leadeater]

52 minutes ago, Lurick said:

I know of a production network that killed all the wireless on a campus that went on for months because of someone somehow plugging an old switch into the distribution/core switches and stealing the priority for just the wireless VLAN but only when the firmware was a certain level on the wireless APs so it was hell to troubleshoot since it was intermittent as well. Always better to be safe than sorry, never know when a port will sit unused until someone plugs in a switch. Sticky + BPDUGuard for extra safeness.

I know of a similar issue. A switch failed and it got replaced with a spare, a really really old switch. The oldest switch on the network . That switch was out in the middle of nowhere on an unreliable link, I think you can guess what happened.

 

This was also on a flat network with basically no VLANs or subnets, first place in "How to break a network".

[brwainer]

BPDU guard is a definite must - enabling BPDU guard doesn't really cost anything, barely noticable on top of the existing STP cost. 

 

We manage networks for student housing, and people come to us to fix bad networks... there is one competitor we keep taking customers from who always installs completely flat networks, and will put hundreds of thousands of residents into a Public IPv4 /22 subnet - they actually have a single flat network that spans an entire city, you can see broadcast traffic from MACs on the other side of town. The only "security" thing they do is that over the summer they disable all the ports, and residents have to call them to get the port in their room turned on. They may also filter DHCP offers but we haven't seen proof of that one way or another. And they wonder why they keep losing properties to us.