From: Leigh Harrison (ccileigh@gmail.com)
Date: Thu May 24 2007 - 07:17:00 ART
Hi there Thomas,
I was on a Campus best practice seminar a few weeks ago.
The advice there is that you should not only design the network to do
what you want it to do, but also design it not to do what you don't want
it to.
They strongly suggested putting bpduguard, loopguard, rootguard, etc.
There are also lots or other "default" recommendations, such as dhcp
snooping and port-security for access ports. Storm control, why would a
box be broadcasting for more than 10% on it's link? True, in some cases
that may be how a node works, but your standard issue windows pc should
not be.
Check out this link for the fantastic presentations:-
http://www.cisco.com/global/EMEA/poweredby/uk/switching/index.shtml
And here for the best practice guides:-
http://www.cisco.com/go/srnd
LH
#15331
thomas.rader@freesurf.ch wrote:
> Hello,
>
> One of my clients configures BPDU Guard per default on all switch access ports.
>
> Switch(config-if)# spanning-tree bpduguard enable
>
> The reason for this is that they want to stop STP loop problems as a result of incorrectly patched access cables.
>
> I'm wondering if this (default config) is a good idea, or if there are situations that it could give you problems ?
>
> They also use errdisable to automatically recover a port after 10 minutes.
>
> Switch(config)# errdisable recovery interval 600
> Switch(config)# errdisable recovery cause bpduguard
>
> Any experience or feedback would be appreciated,
>
> Thanks, Thomas
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jun 01 2007 - 06:55:22 ART