When the switch detects an EtherChannel misconfiguration, the EtherChannel Guard places the switch interface
in the error-disabled state and displays an error message.
The EtherChannel Guard feature can be enabled by using the spanning-tree etherchannel guard misconfig
global configuration command.
Loop Guard
The Loop Guard feature provides an additional layer of protection against the Layer 2 forwarding loops (STP
loops) by preventing alternative or root ports from becoming designated ports because of a failure resulting in a
unidirectional link. This feature works best when enabled on all switches across a network. By default, the
spanning tree does not send BPDUs on root or alternative ports.
The Loop Guard feature can be enabled by using the spanning-tree loopguard default global configuration
command.
Dynamic Host Configuration Protocol (DHCP) Snooping
The DHCP Snooping feature provides network protection from rogue DHCP servers. It creates a logical firewall
between untrusted hosts and DHCP servers. The switch builds and maintains a DHCP snooping table (also called
DHCP binding database), shown in Figure 4-4a. In addition, the switch uses this table to identify and filter
untrusted messages from the network.
Pages:
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189