Ask the Expert

  • 1.  setting up and configuring BPDU guard to prevent loops/broadcast storms

    Posted 03-01-2021 09:51
    Hello,

    all of our buildings I work in use juniper ex series switches. Each building has a Cisco 9300 on the edge our layer 3 switch and the internal lan has mostly layer 2 juniper ex3300 - 3400 and some ex2200s. They are interconnected primarily through fiber and sometimes copper if the fiber was too old to join the newer 3400 chassis. 

    I work in a school system where sometimes children inadvertently plug in ethernet cables into open jacks on a wall or sometime a network switch (not layer 2) is connected to itself and can cause a broadcast storm. 

    For us to troubleshoot these issues it can be frustrating and time consuming esp if some people are not as familiar with our network landscape and do not want to enter every room to find the source of the issue. 

    Question: What would I need to do to set up features of the rstp protocols, bpduguard, storm control or all 3 to help mitigate these issues. Many ports on our switches are connected to computers or printers some are uplinked to other switches as well (trunk ports) Most of the ports are access ports unless it is connected to a wireless ap (which have multiple vlans and is a trunk port) I know RSTP is enabled by default but many of our switches defaults have not been changed or modified and I'd like to stop any future accidents as it is a big inconvenience and waste of time to deal with. Any configuration suggestions as to how best to implement this across all switches would be very helpful and welcomed. Thank you so much in advance. I am having trouble understanding how to implement this on my ex series switches and also port considerations in doing this project. 


    ------------------------------
    David
    ------------------------------


  • 2.  RE: setting up and configuring BPDU guard to prevent loops/broadcast storms

    Posted 03-01-2021 10:42
    You can enable BPDU protection on any edge port regardless of whether STP is enabled or not. This feature causes the interface to be disabled if a BPDU is detected.  So, if someone connected a switch on a given port, and that switch started to send STP BPDUs, the interface would be shutdown. 


    Also, check that STP is actually enabled.  The statement "enabled by default" can be misleading.  In reality, RSTP is "enabled by default" IF the factory default configuration is in place.  The factory default configuration includes rstp under protocols. 


    If the protocols sections have been removed for any reason (some people remove the factory default  and build the configuration from scratch, or they do a load override of their own config...)  and RSTP is NOT configured back under protocols, then RSTP is NOT running.  Check with show spanning-tree interface.