1. If you have a switch that you are not sure if someone is going to connect
a hub and cause problems, I would suggest using the spanning-tree bpduguard
enable
as with that option the switch is going to keep transmitting spanning tree
bpdu and If you will connect a loop using a hub the switch will get his own
bpdu and will go into err-disable.
Note that if you use the bpdu filter it will prevent also the switch
from transmitting bpdu out on that port (where it is enabled) and that may
cause loop so I would suggest to avoid using that in an
un-trusted environment
2. as for multi users I will suggest you use the port security feature to
allow a max of one MAC or 2 (in some cases)
*
*
*Hope that help*
*
*
*:-)*
*
*
On Wed, Aug 31, 2011 at 3:45 PM, Calin C. <calin_at_engineer.com> wrote:
> Hello all,
>
> My problem is not directly related to CCIE exam, but rather to CCIE topics.
> I have an issue and I don't know what solution to propose, so maybe you can
> help me a little bit.
>
> 1. Let's assume that we have a L2 switch, with one or two uplinks, with
> BPDU guard / filter enable and also portfast. Everything is running fine.
>
> 2. Somebody come and connected to one of the edge ports of L2 a hub. L2
> switch will start to send BPDUs, but since at the other end there is no
> switch, but a hub, it will get nothing back (in terms of BPDU packets) and
> assume that an end device (e.g. PC) is connected there. Still, everything is
> running fine.
>
> 3. Another (smart) somebody come and plug a loop in the hub (one cable;
> both ends in the same hub). Since the port is already UP on the L2 port, no
> BPDU flow through there, the BDPU guard / filter will not react, but the hub
> will loop all other packets and send them to L2 switch. From this point a
> little bit of disaster in the spanning-tree environment.
>
> I have no idea how to stop this issue from happening, beside adding there a
> sign on L2 switch with "you plug something here and you die" or enabling
> port-security (which let's say I don't want for certain personal reasons).
>
> Please let me know if I miss something in my problem (from logical point of
> view) and if you have any possible solution to my problem.
>
> Thanks for your time!
>
> Cheers,
> Calin
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Shiran Guez MCSE CCNP NCE1 JNCIA-ENT JNCIS-ENT CCIE #20572 http://cciep3.blogspot.com http://www.linkedin.com/in/cciep3 http://twitter.com/cciep3 Blogs and organic groups at http://www.ccie.netReceived on Wed Aug 31 2011 - 16:13:57 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART