Here's a photo of my new switch sitting on my routers. :)
I spent a bit of time today reviewing spanning tree protections.
BPDU Guard
Can be enabled globally or per interface (for portfast ports)
Puts a port into err-disable status if a BPDU is received on it
BPDU Filter
Drops BPDUs both inbound and outbound on an interface.
If enabled per interface, it can cause a switching loop because it will just silently and continually drop BPDUs both inbound and outbound. This is a way of terminating a STP domain.
Enabling it globally is safer. It is only enabled on portfast ports and will terminate when a BPDU is received. The port will go into STP negotiation.
Root Guard
Similar to BPDU Guard, except it only errdisables the port if the BPDU is declaring that it is coming from a superior root bridge.
LoopGuard & UDLD
'nuff said :P
Something new... (for me)
How cool is the errdisable recovery feature. In production this could cause a lot of flapping on a port, but when testing BPDUguard it is great. Using "errdisable recovery interval 120", the interface comes back up every 2 minutes and errors again.
No comments:
Post a Comment