Re: Verizon FiOS Distribution Switch

["Kaegler, Mike" <KaeglerM () tessco com>]

On 1/19/11 3:56 PM, "Chris Burwell" <cburwell () gmail com> wrote:
> Any advice or tips would be helpful.

If all you need the ActionTek for is a MoCA bridge (to make the cable boxes
talk to the larger world), my experience is you can move it to the inside of
your NAT if you like. One does not need to burn a routable IP for it.


On 1/19/11 5:25 PM, "Mike" <mike-nanog () tiedyenetworks com> wrote:
> also add 'nonegotiate' and turn off spanning tree on the port while
> you're at it. There's a list somewhere of standard stuff when connecting
> to an untrusted l2 network, which is what you should treat anything
> (including FiOS) connecting to you that you don't own.

Nonegotiate doesn't touch STP. It stops the switchport from sending DTP
frames, but one wouldn't be attempting to establish a trunk to a FiOS ONT.
http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/1
2.1_11_ea1/command/reference/cli2.html#wpmkr3005909

To stop a port from participating in spanning tree, one would want some
combination of global and interface bpduguard and bpdufilter. Which
combination you want seems to vary with every Cisco Press book and document,
and every engineer has a different idea of which is correct. One is best off
labbing it out themselves with the equipment they intend to use.
-porkchop


-- 
Michael Kaegler, TESSCO Technologies: Engineering, 410 229 1295
Your wireless success, nothing less. http://www.tessco.com/