bpduguard to disable the port automatically

Unanswered Question
Giuseppe Larosa Sun, 04/19/2009 - 04:04

Hello Arun,

spanning-tree bpduguard action is triggered by the reception of an STP BPDU on the port so it is a good tool to detect unauthorized switches carried by users in offices.

if you connect an hub (that doesn't speak STP) STP bdpuguard doesn't detect it.

the presence of an hub can be inferred from the following facts:

port duplex is half duplex

multiple MAC addresses are seen on the port.

for the second you can use port security that can put the port in errordisable if more then X MAC addresses are seen on the port.

Hope to help



This Discussion