1) design the network to not have loops (not always possible); use LACP and stacking technologies to provide the redundancy without messing with spanning tree if possible. 2) enable spanning tree. multiple-spanning tree is the latest incarnation and has the most flexibility, but is the hardest to configure. rapid spanning tree is probably the most-compatible and least-effort and best second choice. (this is where BPDUs come in). it works on all the major vendors. 3) enable bpduguard on edge ports. A command like spanning-tree rstp edge-port bpduguard (or similar) will disable a port that only a workstation should be plugged into. When a switch gets plugged in, it will send out a BPDU and your switch should disable the port in response, thus preventing a loop. In a network where users might be tempted to plug things in like this, you can protect yourself this way. 4) avoid unmanaged switches. You won't be able to configure things very easily and will be setting yourself up for problems. If you must use them, use them only at the edge and not in the core of your network. (only one uplink)
On Fri, Feb 24, 2012 at 4:49 PM, Chuong Dao <[email protected]> wrote: > I just spent about 2 hours trying to isolate at loop caused by and > ex-employee(kidding). > > I am aware of some methods out there with HP and Cisco switches like BDPU, > or loop-protect in HP. What do you think the best solution for this using > those cheap switches without such features? > > I also looking at limiting MAC address per port on Cisco switches. Do you > know what's the cheapest model that supports this feature? > > Thank you for your inputs. > > -CD > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
