I would like to gather feedbacks on best hardening or prevention techniques available on cisco equipments to prevent spanning tree loop or broadcast-storm.
I have the below already configured:
All FA ports are configured with portfast and BPDU guard.
**QN: What other settings need to be confgured?
I have this query in mind, and need some expert to advise on this.
Qn: BPDU guard is capable of err-disable a port when receiving BPDU packets/request, If the device connecting to this port is non-cisco equipment, will it work? or it will only NOT WORK on devices not running Spanning Tree tecniques (be it cisco or non- cisco).
Qn: for broadcast storm prevention, is there a need to configure the storm-control action? will it work if there isn't an action configured but a threshold level is configured?
Will the above settings protect against such malicious acts:
1) User plug in a rogue switch directly to the port
2) user plug in a hub to the port , then a rogue switch to the hub
3) user plug in a cable on point A and plug the other end to point B on the same switch
4) user with ip-phone has their PC-port plug to another LAN point (be it same switch/ different switch)
Thanks a lot