Solved: Re: Hub didnt disable with bpduguard enable

ohareka70 · ‎11-06-2012

Hello,

I have the following configuration on my access layer switch.

interface FastEthernet0/1 - 20

switchport access vlan 4

switchport mode access

spanning-tree portfast

spanning-tree bpduguard enable

But when i plug in a netgear hub into one of the user ports it didnt err-disable the port.

I need this to stop users plugging in a hub onto our network so they have extra access ports.

Any ideas why the bpduguard did not work.

thanks

Kevin

Abzal · ‎11-06-2012

Hi,
For this situation you can use
#switchport port-security
#switchport port-security max address 3 (for example)
#switchport port-security mac address sticky
To allow only three PCs to be connected from hub.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

View solution in original post

Abzal · ‎11-06-2012

Hi,
For this situation you can use
#switchport port-security
#switchport port-security max address 3 (for example)
#switchport port-security mac address sticky
To allow only three PCs to be connected from hub.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

ohareka70 · ‎11-06-2012

Yeah - port security is a fall back option.

Enabling bpduguard on client facing ports will err-disable the switchport if it receives a bpdu from a connected device. But BPDUs are sent by switches so old hubs won't send bpdus. For this reason i dont think its possible to err-disable a hub using bpduguard enable

thanks

Kevin