Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
4
Replies

Switchport configuration ?

darren-carr
Level 2
Level 2

‎04-09-2009 06:08 AM - edited ‎03-06-2019 05:05 AM

Guys

I have a developer in our team who uses virtual box for development purposes. Virtual box has built in switching capabilities which means the switch sends BPDU's on the interface. Throughout my LAN I have BPDUGuard enabled and PortFast for access ports. Obviously when he plugs in it causes the switchport to go into a err-disable state. I really dont want this on my LAN but fear I will have to suport it. What is the safest way to manage this? I looked into BPDUFilter Enable which seems a reasonable solution? Your thoughts? I am concerned as today we had STP convergance and we traced it down to his machine! Fortunately this was early in the morning and didn't cause a major issue! Thanks

Labels:
0 Helpful
4 Replies 4

dario.didio
Level 4
Level 4

‎04-09-2009 06:15 AM

Hi,

you can just remove the spanning-tree portfast command from the port your developer is connected to.

You can also go for BPDUfilter.

When BPDUfilter is used globally (in global config mode) it will remove portfast automatically when a BPDU is received on a port with port-fast configured on.

When BPDUfilter is used on a port level (interface config mode) it will just not send BPDUs out that port.

I personally don't like BPDUfilter, especially not in combination with BPDUguard (which I like :)

Also, you can use rootguard on the port connected to your developer virtual box, preventing it from becoming STP root and causing STP recalculations.

I personally would go for the no spanning-tree portfast.

HTH,

Dario

0 Helpful

darren-carr
Level 2
Level 2
In response to dario.didio

‎04-09-2009 06:32 AM

Hi

Thanks Dario.

Given at this stage the port is configured as BPDUFilter enable from what you are suggesting I should remove BPDUFilter, add rootguard and disable spanning-tree portfast at the interface level?

Thanks

0 Helpful

dario.didio
Level 4
Level 4
In response to darren-carr

‎04-09-2009 06:44 AM

That is what I should do.

By:

- Disabling portfast, you let STP negotiate listening, learning, forwarding.

- Enabling root guard, you specify that this port can never become root port.

You will loose some time when the port comes up because it needs to pass the different states, but you will be sure no loop exists.

Good luck.

0 Helpful

lamav
Level 8
Level 8

‎04-09-2009 07:36 AM

Can you create a vlan just for him?

I guess you're running pvst+, yes?

If so, an STP instance will be created for each vlan.

So, configure his port as an access port, put his device alone in the vlan and you'll be OK..

HTH

Victor

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card