Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2237
Views
0
Helpful
2
Replies

BPDU guard on SDA Fabric Edges

Go to solution
akinugas
Cisco Employee
Cisco Employee

‎06-11-2019 06:01 AM

[Question]

Is it supported to configure bpdu guard globally on Fabric Edges in a SDA environment? 

(Customer is looking to configure bpdu guard using Template Editor feature provided by DNA-C)

Version info :  DNA-C 1.2.10.4 ,  FabricEdges 16.9.3 (Cat9300 )

 

[Background]

Our customer is concerned that if someone connects multiple L2 switches to Fabric Edges creating loop topology, that causes a network outage due to the loop. They have confirmed that bpdu guard config on fabric edges alleviate the loop issue caused by mis-cablings.

  (As the network operations team does not know what end users would do to the network, they are concerned about this.)

 

[Other Information]

in DNAC 1.2.5 release note, below is stated .

Using the template-based configuration, approved SDA configurations can be manually pushed through template configuration via Cisco DNA Center. The following configurations are supported:

  • Switch Hardening : CoPP, SSH ACL, Line VTY, BPDU Guard, Root Guard

https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center/1-2/rn_release_1_2_5/b_dnac_release_notes_1_2_5.html

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Hodgdon
Cisco Employee
Cisco Employee

‎06-11-2019 06:46 AM

akinugas,

If your customer uses the "Closed Authentication" template for the ports, then if a user attaches  a switch it would not authenticate and the port would not pass any traffic.

As we do not have Layer 2 between Fabric Edges, there would be no Layer 2 loops anywhere. There could be a  loop within a Fabric Edge I suppose, but that would be only if multiple switches were connected to the same Fabric Edge node and if they were authenticated into the same VLAN.

All that said, the customer can use Template Editor to push out a BPDU Guard configuration if they wish.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking Group

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Scott Hodgdon
Cisco Employee
Cisco Employee

‎06-11-2019 06:46 AM

akinugas,

If your customer uses the "Closed Authentication" template for the ports, then if a user attaches  a switch it would not authenticate and the port would not pass any traffic.

As we do not have Layer 2 between Fabric Edges, there would be no Layer 2 loops anywhere. There could be a  loop within a Fabric Edge I suppose, but that would be only if multiple switches were connected to the same Fabric Edge node and if they were authenticated into the same VLAN.

All that said, the customer can use Template Editor to push out a BPDU Guard configuration if they wish.

Cheers,
Scott Hodgdon

Senior Technical Marketing Engineer

Enterprise Networking Group

0 Helpful

Go to solution
akinugas
Cisco Employee
Cisco Employee
In response to Scott Hodgdon

‎06-11-2019 07:01 AM

Thank you for your prompt response, Scott.

 

0 Helpful
Customers Also Viewed These Support Documents