cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3839
Views
0
Helpful
5
Replies

Best Practice Edge Ports in a real network

as00001111
Level 1
Level 1

Hi,

I would like to know what is the best practice for Edge Ports.

On our edge ports, we always configure spanning tree portfast and bpdu guard enable.

Are there other useful commands?

Thanks.

 

5 Replies 5

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

These are useful commands:

To prevent loops from occurring in a network, the PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.

PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.

more info:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/stp_enha.html#wp1047408

HTH

That's exactly that what I wrote. I Would like to know if there are other useful commands, which every (access)switchport should have.

There are lots of useful commands.  It really depends on your environment and what you are trying to do.

Link below points to a best practices document for a 6500 switch.  Provides some good information. 

 

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/best/practices/recommendations.html#wp1061957

 

Hope this helps.

Please rate helpful posts.

Thanks.

 

Our standard edge port configuration for an IP phone/PC

interface GigabitEthernet1/0/12
 switchport access vlan 501
 switchport mode access
 switchport voice vlan 800
 srr-queue bandwidth share 10 10 60 20
 priority-queue out
 mls qos trust dscp
 auto qos trust
 spanning-tree bpduguard enable

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco