- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: enable spanning-tree without add bpdu protecti...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2017 05:04 AM
тАО02-09-2017 05:04 AM
enable spanning-tree without add bpdu protection
Hi.
I've just enable spanning-tree on my switches, and add this parameter : bpdu-protection-timeout 60 & I enable RSTP version.
This is just what I did.
So if I'm not mistaken, automatically, the switch detect if it needs to enable edge or not to a port (If there is an switch connected to a port, the edge is not enable).
So my question is do I need to manually enable on each port "bpdu-protection" and "admin-edge-port" on those where I have computers connected..?
As I understand these 2 options is to secure at a better level the setup and alert the network admin if someone plug an swich (stp) on an edge port, right?
If I only enable Spanning-tree, does it prevent against loop ?
regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2017 03:33 PM
тАО02-09-2017 03:33 PM
Re: enable spanning-tree without add bpdu protection
Some people are content simply enabling STP.
admin-edge-port on your access ports is a good idea, the port will come up more quickly - not so important for PCs, but definitely a very good idea for IP phones.
BPDU protection is good on all access ports, or you could enable BPDU filtering instead
You should also configure loop-protect on all access ports, to guard against loops that are occurring outside your spanning-tree, eg somebody creates a loop on an unmanaged switch that they've connected to one of your access ports.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-10-2017 12:33 AM
тАО02-10-2017 12:33 AM
Re: enable spanning-tree without add bpdu protection
Can you confirm please this :
By default If I only enable STP, the switch makes the ports automatically in Edge or not.
But, doest it protect my network against loop or not?
If Not, I will have to edit my ports & enable more options like bpdu etc..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-12-2017 04:51 PM
тАО02-12-2017 04:51 PM
Re: enable spanning-tree without add bpdu protection
Yes, turning on STP will protect you from any loops that occur locally on any of your switches.
Switchports that don't see any BPDUs for 3 seconds will put themselves in auto-edge mode.
You can manually set all your access switchports to admin-edge-port so they don't wait 3 seconds before coming up.
BPDU protection/filtering are useful to protect your STP topology from being changed by unauthorised devices.
Loop-protection is useful to protect your network from loops that are created on devices outside your STP topology.