05-16-2015 03:31 AM - edited 03-08-2019 12:01 AM
Hi,
I would like to know what is the best practice for Edge Ports.
On our edge ports, we always configure spanning tree portfast and bpdu guard enable.
Are there other useful commands?
Thanks.
05-16-2015 06:10 AM
Hi,
These are useful commands:
To prevent loops from occurring in a network, the PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.
PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.
more info:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html#wp1047408
HTH
05-16-2015 09:35 AM
That's exactly that what I wrote. I Would like to know if there are other useful commands, which every (access)switchport should have.
05-16-2015 10:28 AM
There are lots of useful commands. It really depends on your environment and what you are trying to do.
05-16-2015 07:10 PM
Link below points to a best practices document for a 6500 switch. Provides some good information.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/best/practices/recommendations.html#wp1061957
Hope this helps.
Please rate helpful posts.
Thanks.
05-20-2015 08:23 AM
Our standard edge port configuration for an IP phone/PC
interface GigabitEthernet1/0/12
switchport access vlan 501
switchport mode access
switchport voice vlan 800
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust dscp
auto qos trust
spanning-tree bpduguard enable
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: