2960 Help

Answered Question
May 5th, 2010

Hi

On a Remote Site When a switch or hub are connected to switchport, the port needs to be disabled. What configuration is needed on the switch.

The switch is 2960.

I have this problem too.
0 votes
Correct Answer by Ganesh Hariharan about 6 years 7 months ago

Hi

On a Remote Site When a switch or hub are connected to switchport, the port needs to be disabled. What configuration is needed on the switch.

The switch is 2960.

Hi,

What i understand from your requirement on switch port if somebody connects another switch or hub then ports goes to disable mode or on some non functioning mode.If yes then configure spanning tree bpdu gaurd on port,If any BPDU is found on the port where BPDU gaurd is enabled then port will automatically move into errdisable state.

Check out the below link for more info on BPDU gaurd

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Ganesh Hariharan Wed, 05/05/2010 - 01:16

Hi

On a Remote Site When a switch or hub are connected to switchport, the port needs to be disabled. What configuration is needed on the switch.

The switch is 2960.

Hi,

What i understand from your requirement on switch port if somebody connects another switch or hub then ports goes to disable mode or on some non functioning mode.If yes then configure spanning tree bpdu gaurd on port,If any BPDU is found on the port where BPDU gaurd is enabled then port will automatically move into errdisable state.

Check out the below link for more info on BPDU gaurd

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

rajatsetia Wed, 05/05/2010 - 02:06

Hi,

BPDU guard fits the bill in case of switch but in case hub is connected then you will not recieve any BPDU.

I think then you have to opt for port security feature.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_25_see/configuration/guide/swtrafc.html

Still recommendation is to enable BPDU guard on all the ports along with port security.

Regards,

Rajat

vvasisth Wed, 05/05/2010 - 01:54

Configuring BPDU guard will do what you are looking for.

Cisco IOS Software Command

CatSwitch-IOS(config)# spanning-tree portfast bpduguard 
CatSwitch-IOS(config)

When STP BPDU guard disables the port, the port remains in the disabled state unless the port is enabled manually. You can configure a port to reenable itself automatically from the errdisable state. Issue these commands, which set the errdisable-timeout interval and enable the timeout feature:

CatSwitch-IOS(config)# errdisable recovery cause bpduguard

CatSwitch-IOS(config)# errdisable recovery interval 400

Note: The default timeout interval is 300 seconds and, by default, the timeout feature is disabled.

Hope that helps.

Regards,

Varun

Actions

This Discussion