I'm preparing for some network switch upgrades at work and stumbled across a few questions regarding ESX host connections to a switch.
- Should PortFast be enabled on the ESX trunk port?
- Consensus seems to be yes
- How about BPDUguard / BPDUfilter?
- This seems personal preference based on probability of a VM sending BPDUs. We have some random appliances from Avaya for example, so I'm not sure I would trust BPDU Guard.
- VLAN tagging / VTP v3
- How does an ESX host respond to VTP pruning?
- Depending on how pruning is handled, and since VTP allows all VLANs on a trunk link by default, should VTP be disabled entirely on that trunk port?
- This seems ideal from a security and ESX host performance standpoint - why make the ESX host process all that broadcast traffic?
- Only concern would be forgetting the switchport trunk allowed vlan ADD keyword and nuking a host.
Appreciate any input. I never really considered the possibility of PortFast on a trunk port before and we don't currently rock Cisco gear so not the simplest setup to test in a lab (can't even get pruning to work with vIOS in EVE).
No comments:
Post a Comment