Here's a photo of my new switch sitting on my routers. :)
I spent a bit of time today reviewing spanning tree protections.
Can be enabled globally or per interface (for portfast ports)
Puts a port into err-disable status if a BPDU is received on it
Drops BPDUs both inbound and outbound on an interface.
If enabled per interface, it can cause a switching loop because it will just silently and continually drop BPDUs both inbound and outbound. This is a way of terminating a STP domain.
Enabling it globally is safer. It is only enabled on portfast ports and will terminate when a BPDU is received. The port will go into STP negotiation.
Similar to BPDU Guard, except it only errdisables the port if the BPDU is declaring that it is coming from a superior root bridge.
LoopGuard & UDLD
'nuff said :P
Something new... (for me)
How cool is the errdisable recovery feature. In production this could cause a lot of flapping on a port, but when testing BPDUguard it is great. Using "errdisable recovery interval 120", the interface comes back up every 2 minutes and errors again.
Post a Comment