RE: bpdufilter and bpduguard from Cisco Fanatic on 2011-03-01 (Ccielab archives 03/2011)

From: Cisco Fanatic <ebay_products_at_hotmail.com>
Date: Tue, 1 Mar 2011 11:15:22 -0800

We have 2 stack able switches connected to a hosting service provider.
Someone tried to connect to one of the switches and we are trying to put
some best practice in place to avoid this.

> From: Patrick.Laidlaw_at_wwt.com
> To: ebay_products_at_hotmail.com; ccielab_at_groupstudy.com
> Date: Tue, 1 Mar 2011 12:57:59 -0600
> Subject: RE: bpdufilter and bpduguard
>
> Yuri,
>
> What is your goal in using these configurations? Answer us that before we
give you recommendations. What is the scenario that dictates the need for
these features.
>
> IE bpdufilter I would use if connecting to a service provider.
> IE bpduguard I would use out to end user workstations that I want to ensure
there not placing a hub or switch or to protect from the infamous user
plugging both ports of an ipphone into the wall jacks.
>
> Patrick
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Cisco Fanatic
> Sent: Tuesday, March 01, 2011 10:46 AM
> To: ccielab_at_groupstudy.com
> Subject: bpdufilter and bpduguard
>
> This might have been asked multiple times. I understand the differences,
but
> could not really convenience myself is what recommendation should I follow
>
> !
> interface GigabitEthernet1/0/38
> switchport access vlan 10
> switchport mode access
> spanning-tree portfast
> spanning-tree bpdufilter enable
> spanning-tree bpduguard enable
> !
>
> Or,
> !
> spanning-tree portfast bpdufilter default
> !
> interface GigabitEthernet1/0/38
> switchport access vlan 10
> switchport mode access
> spanning-tree portfast
> spanning-tree bpduguard enable
> !
>
> The second option looks promising to me as bpduguard will take precedence
and
> will put the port in err-disable state before BPDUFilter can transition the
> port back to normal.
>
> -Yuri
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Mar 01 2011 - 11:15:22 ART

This archive was generated by hypermail 2.2.0 : Fri Apr 01 2011 - 06:35:41 ART