HomeCisco networkingCisco switchProtect Against Unauthorized Switches

Protect Against Unauthorized Switches

The following recipe contains one method to protect against the addition of unauthorized switches to a Cisco Catalyst. This refers to the 6500 series, but it may be available on other platforms as well.


Unauthorized switches can pose a significant problem for networks. Oddball switches can win a spanning-tree root election or can increase network diameter beyond accepted specifications.

One way to prevent the addition of an unauthorized switch is to enable BPDU Guard.

In global configuration mode, enter:spanning-tree portfast bpduguard default

This command enables the switch to disable a port that receives a BPDU (Bridge Protocol Data Unit).

Normally, a port configured for portfast will be connected to an end device, like a workstation, server, or printer. End devices do not send BPDUs, so this condition is not triggered. A switch, however, will normally send BPDUs on every port. When a switch is connected, the 6500 receives a BPDU and shuts down the offending port.

After 12.1, this configuration may be applied to interfaces. When configured in this manner, the 6500 will disable the port upon receipt of a BPDU, regardless of the portfast configuration.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments

Cleveland Furia on How to Clear Google Activity
Sid Wohlfarth on How to Clear Google Activity
Riley Magsayo on How to Clear Google Activity
สมัครรับเครดิตฟรี ทันที on How to improve Remote Desktop Protocol Performance
Neal Wangstad on How to Clear Google Activity
Slavcho Andov on How to install Ubuntu
Slavcho Andov on How to fix bad sectors
Sheraz Ali on How to Backup Android