- Community Home
- >
- Networking
- >
- Legacy
- >
- Switches, Hubs, Modems
- >
- Re: STP recommendations to configure end-user port...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-19-2009 07:22 AM
тАО11-19-2009 07:22 AM
STP recommendations to configure end-user ports
I'm configuring LAN for a big office with 2510-24 switches at access level.
What is your opinion regarding STP configuration for end-user ports ?
Is admin-edge-port parameter enough ? Or root-guard or even bpdu-protection is necessary ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-19-2009 08:30 AM
тАО11-19-2009 08:30 AM
Re: STP recommendations to configure end-user ports
I've never had an issue with just the admin-edge port value set, although that's mostly on 2610/2650/2810 switches (I've haven't used a 2510 series yet).
I've only used BPDU filter on ports to other switches that I *definitely* don't want spanning tree running too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-19-2009 11:32 AM
тАО11-19-2009 11:32 AM
Re: STP recommendations to configure end-user ports
I'm also worry about unicast floods (packets to unknown MAC addresses) which can be run by user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-20-2009 03:02 AM
тАО11-20-2009 03:02 AM
Re: STP recommendations to configure end-user ports
Hmm, well the possibilities I see are:
- A user adds a device that drops/ignores BPDU packets to an edge port and creates a loop on that device.
There, you want to enable to loop-protect feature.
- A user adds a device that sends BPDU packets out intefering with your MSTP config
I'm not sure how much an issue this can be if you're using MSTP as the other device would have to match the config-name and config-revision parameters but I might be missing something.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-09-2009 02:43 PM
тАО12-09-2009 02:43 PM
Re: STP recommendations to configure end-user ports
my recommendation to tune/secure edge ports:
1) STP Admin Edge port: will save you ~3 seconds when bringing a port online, but will not protect your port.
2) BPDU Protection: Will protect that a rogue switch will be connected
3) Loop Protection: Will cover some loop scenarious which cannot be covered by STP.
Cheers,
Michael
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-20-2009 09:32 AM
тАО12-20-2009 09:32 AM
Re: STP recommendations to configure end-user ports
Issuing the command:
spanning-tree bpdu-protection-timeout 60
Will mean the switch re-enables the port after 60 seconds.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-21-2009 06:20 AM
тАО12-21-2009 06:20 AM