Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
419
Views
4
Helpful
2
Replies

blocking loops between ports

ericgarnel
Level 7
Level 7

‎09-23-2009 10:34 AM - edited ‎03-06-2019 07:51 AM

I am curious if there is a way to block loops between ports.

Here is a situation:

client orders 3 network lines. they decide to plug all three lines into an unmanaged switch that they did not inform us about.

I am guessing that storm-control broadcast level x is my best option and use errdisable detect storm-control enabled without errdisabled storm-control recovery enabled.

Edge switches are 3560 running 12.2(44)SE1

Here are some snippets from and edge switch config:

#sh spanning-tree summary

Switch is in rapid-pvst mode

Root bridge for: VLAN0201

Extended system ID is enabled

Portfast Default is disabled

PortFast BPDU Guard Default is disabled

Portfast BPDU Filter Default is disabled

Loopguard Default is enabled

EtherChannel misconfig guard is enabled

UplinkFast is enabled but inactive in rapid-pvst mode

BackboneFast is disabled

Configured Pathcost method used is short

Guest port setting:

interface GigabitEthernet0/1

description port1

power inline never

switchport access vlan 24

switchport mode access

switchport port-security

switchport port-security aging time 5

switchport port-security violation restrict

srr-queue bandwidth limit 10

priority-queue out

no mdix auto

storm-control broadcast level 10.00

storm-control multicast level 40.00

storm-control action shutdown

storm-control action trap

macro description ROLLBACK

no cdp enable

spanning-tree portfast

spanning-tree bpdufilter enable

spanning-tree bpduguard enable

spanning-tree guard loop

ip dhcp snooping limit rate 90

end

Thanks,

Eric

Labels:
0 Helpful
2 Replies 2

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-23-2009 10:45 AM

Hello Eric,

I strongly recommend to remove the following line:

spanning-tree bpdufilter enable

this can cause only problems here.

have two links with STP bpdu filter enabled and you are in good position to get a loop.

spanning-tree bpduguard + broadcast storm-control

spanning-tree loop guard looks for the opposite events in comparison to STP bpdu guard.

BPDU guard reacts to the fact of receiving unexpected BPDUs on a port.

BPDU root guard can be of help instead of BPDU guard if you need to connect a third-party switch to the port.

BPDU root guard reacts to receiving BPDUs that would cause a change of Root Bridge ID.

BPDU loop guard reacts to the fact that BPDUs stop to be received on an uplink by putting the port in inconsistent state instead of moving the port to forwarding state.

so the right tool if a switch will be connected should be root guard.

loop guard is useful on uplinks.

on user ports bpdu guard

Hope to help

Giuseppe

ericgarnel
Level 7
Level 7
In response to Giuseppe Larosa

‎09-23-2009 10:55 AM

Thanks, I will update all our guest ports

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card