In one of our schools we have multiple Cat3750 stacks. Recently a student/teacher plugged an ethernet cable into two wall jacks and created a physical loop on one of the switches in the stack. When this happened all traffic leaving/entering the stack stopped and only traffic local to the stack would flow. Is there anything we can add/remove form our configuration that could prevent this from happening again.
As Global mentioned, spanning-tree bpdu-guard will prevent this issue in the future.
With that said, there are 2 ways of implementing this feature; global or interface level.
At the global level, you use the command spanning-tree portfast bpduguard default while at the interface level, you use the command spanning-tree bpduguard enable
The main difference of the two commands is that the global will only enable bpduguard protection on portfast enabled port, for instance client ports while the second command will enable bdpuguard at the interface level regardless its portfast status.
If you implement portfast only on client ports, the first option would be the recommended choice as you don't need to worry about not enabling bpduguard on inter-switch links (they don't have portfast enabled).
The second choice provides a higher degree of security but you need to be careful that isn't applied to a inter-switch link.
Please rate helpful posts