Configuring Storm-Control, bpduguard, loopguard, diameter, root, errdisable

Unanswered Question

After much research I have decided on the following configuration methodologies for various switchports and global entries:

interface FastEthernet0/1

no cdp enable

switchport mode access

switchport port-security aging time 1

!** Causes mac-address-table to age out mac entries port-security in one second. ie you can add another mac address to the port in 1 second and port security won't kick in, but if you get to 200 entries, it will block the port. This effectively prevents the CAM from being flooded, which turns the switch into a hub, which might be used by someone plugging into an available port to set up a situation where vlan bleeding can occur.

storm-control broadcast level 75.00 20.00

storm-control multicast level 80.00 20.00

storm-control action shutdown

spanning-tree portfast

spanning-tree bpduguard enable



errdisable recovery cause all

errdisable recovery interval 30

udld enable

spanning-tree loopguard default

spanning-tree vlan 1 priority 61440 !*** I never want this switch to be root.

Never use BPDU filter. You want to be able to see another switch, should someone accidently plug one in.

Do not use bpduguard on your L2 uplinks.

Do not use switchport mode access on your L2uplinks.

Use switchport and switchport access vlan # on your L2 uplinks.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion