I understand that a blocking port on a switch that is part of a spanning tree relies on recieving the BPDU packets every 2 seconds and shoudl it not then the port is changed to forwarding mode. I worries my that should this happen I would get some loops and serious issues on my network, how can I tell a port to always be in blocking mode, is it the BPDU guard option on the port?
How do you guys get alerted should the switch recieve a spanning tree issue/loop?
So if you are adding a switch into your enfironment and you are not sure if it will create a STP look it's best to put the BPDU port guard on and leave it for a bit? Otherwise if there is a loop it could shutdown a link somewhere else in your switching environment?
Let me try to explain with some more detail about usage of BPDU gaurd
In our network we enable BPDU Guard only on access ports (access ports lead to end user devices) so that any end user devices on these ports that have BPDU Guard enabled are not able to influence the Spanning-tree topology.
BPDU Guard is enabled on an access port:
Swith(config-if)#spanning-tree bpduguard enable
Once BPDU Guard is enabled it will keep an eye open for any BPDU's entering the access ports. The only devices which can reliably create and transmit BPDU's are switches.We want to keep a predictable topology and not allow other switches outside our control onto our network. If a rogue switch is introduced into our topology it will in most cases transmit a BPDU, if the rogue switch has "better" values than the existing Root Bridge it will cause a topology change in the switched network. Any topology change is bad news for the users.
By configuring the "BPDU Guard" feature on the access-ports enables the spanning-tree protocol to shut the port down in the event that is receives a BPDU. As a rule of thumb, BPDU's are really only expected across trunk links.
If a rogue switch is plugged into a port configured for BPDU Guard, the port will disable as soon as the first BPDU is received, by shutting the port down we prevent the rogue switch from affecting our spanning-tree topology.
To re-enable a port disabled by BDPU Guard you will need to remove the offending device and then bounce the port by issuing the shut/no shut command.
Hope to Help !!
Remember to rate the helpful post