I would like to know what is the best practice for Edge Ports.
On our edge ports, we always configure spanning tree portfast and bpdu guard enable.
Are there other useful commands?
These are useful commands:
To prevent loops from occurring in a network, the PortFast mode is supported only on nontrunking access ports because these ports typically do not transmit or receive BPDUs. The most secure implementation of PortFast is to enable it only on ports that connect end stations to switches. Because PortFast can be enabled on nontrunking ports connecting two switches, spanning tree loops can occur because BPDUs are still being transmitted and received on those ports.
PortFast BPDU guard prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port. When you enable BPDU guard on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs instead of putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. If a PortFast-configured interface receives a BPDU, an invalid configuration exists. BPDU guard provides a secure response to invalid configurations because the administrator must manually put the interface back in service.
Link below points to a best practices document for a 6500 switch. Provides some good information.
Hope this helps.
Please rate helpful posts.
Our standard edge port configuration for an IP phone/PC
switchport access vlan 501
switchport mode access
switchport voice vlan 800
srr-queue bandwidth share 10 10 60 20
mls qos trust dscp
auto qos trust
spanning-tree bpduguard enable