07-24-2013 05:41 AM - edited 03-07-2019 02:33 PM
good day, i have a question regarding a loop in my network.
we have arround 200 L2 (cisco) switches true out the factory,
when there are not enough network ports, the people from our utility department connects 3com switches to the L2 cisco switch.
the 3com is at the place the users are and many times the user creating loops.
is there a command to prevent this.
i have tried with stp but it seems like the interface is not going down.
I have set up here at my desk a 2960 switch attcahed a 3com switch and when i create the loop it does not shut or err disable one interface, does someone have an idea for this problem ?
!
spanning-tree mode pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/4
switchport access vlan 25
switchport mode access
switchport voice vlan 244
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
Thanks a lot!
Solved! Go to Solution.
07-24-2013 07:08 AM
Hi Michael,
when you enable the BPDU Filtering, it takes precedence over the BPDU Guard. So with configuration like this, BPDU Guard is totally ineffective.
Solution:
I recommend disabling BPDU Filtering globally and also on that interface so that BPDU Guard will be functional.
Another thing that might help you with switching loops of this type: consider using port-security with maximum MAC addresses defined. This will discourage multiple users to connect through their switches to yours.
If you want more information or need additional help feel free to ask!
Best regards,
Jan
07-24-2013 07:08 AM
Hi Michael,
when you enable the BPDU Filtering, it takes precedence over the BPDU Guard. So with configuration like this, BPDU Guard is totally ineffective.
Solution:
I recommend disabling BPDU Filtering globally and also on that interface so that BPDU Guard will be functional.
Another thing that might help you with switching loops of this type: consider using port-security with maximum MAC addresses defined. This will discourage multiple users to connect through their switches to yours.
If you want more information or need additional help feel free to ask!
Best regards,
Jan
09-10-2013 08:03 AM
Hello Jan,
Thank you for your answer it works great, no problems with loops anymore.
I also applyed errdisable recovery so i dont have to enable the ports again.
I have one more question, maybe you also have an answer for that.
I would like to see or get some message when a port goes in to errdisable, i know it is possible with SNMP but i dont know what program to use for this.
we are using here ORION but it only show when a port goes down or up and not when it goes in to err disable.
i enabled the snmp trap in the switch but now i only need a program that shows me when it happens.
Do you have an idea ?
snmp-server enable traps errdisable
Thanks a lot.
Sorry for de delayed answer.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: