Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Spantree questions

I have a couple of questions on spanning tree. We want to implement bpdu-guard on our Cisco switches to prevent users from bringing in switches from home and connecting them to our network. My questions are: do the simple, non-managed switches that you can pickup at any WalMart run spanning tree? If spanning tree isn't running on a rogue switch, will it send or process bpdu's? If the answer to those questions is no, then bpdu-guard won't err-disable the port, correct?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Spantree questions

The devices sold at Wal-mart, office depot, office max, etc. are usually hubs. A hub does not run spanning-tree. If a user does get a switch, most switches, managed or not, run spanning-tree, oherwise they create bridge loops, however spanning-tree can be disabled on most vendor switches.

So to answer the first question, a device bought at wal-mart will most likely not be running spanning-tree.

Second answer, yes you are correct. If a switch does not receive BPDU's, then it can not err-disable the port.

3 REPLIES
New Member

Re: Spantree questions

The devices sold at Wal-mart, office depot, office max, etc. are usually hubs. A hub does not run spanning-tree. If a user does get a switch, most switches, managed or not, run spanning-tree, oherwise they create bridge loops, however spanning-tree can be disabled on most vendor switches.

So to answer the first question, a device bought at wal-mart will most likely not be running spanning-tree.

Second answer, yes you are correct. If a switch does not receive BPDU's, then it can not err-disable the port.

New Member

Re: Spantree questions

Thanks for the quick response. That anwers my question! I appreciate it. -Rich

Re: Spantree questions

I think you could use port security to limit the number of MAC addresses on the port ... to one only. That would stop rogue switches working.

106
Views
0
Helpful
3
Replies
CreatePlease login to create content