Wired Intelligent Edge

Hi.

I've just enable spanning-tree on my switches, and add this parameter : bpdu-protection-timeout 60 & I enable RSTP version.

This is just what I did.

So if I'm not mistaken, automatically, the switch detect if it needs to enable edge or not to a port (If there is an switch connected to a port, the edge is not enable).

So my question is do I need to manually enable on each port "bpdu-protection" and "admin-edge-port" on those where I have computers connected..?

As I understand these 2 options is to secure at a better level the setup and alert the network admin if someone plug an swich (stp) on an edge port, right?

If I only enable Spanning-tree, does it prevent against loop ?

regards

Some people are content simply enabling STP.

admin-edge-port on your access ports is a good idea, the port will come up more quickly - not so important for PCs, but definitely a very good idea for IP phones.

BPDU protection is good on all access ports, or you could enable BPDU filtering instead

You should also configure loop-protect on all access ports, to guard against loops that are occurring outside your spanning-tree, eg somebody creates a loop on an unmanaged switch that they've connected to one of your access ports.

Can you confirm please this :

By default If I only enable STP, the switch makes the ports automatically in Edge or not.
But, doest it protect my network against loop or not?

If Not, I will have to edit my ports & enable more options like bpdu etc..

Yes, turning on STP will protect you from any loops that occur locally on any of your switches.

Switchports that don't see any BPDUs for 3 seconds will put themselves in auto-edge mode.
You can manually set all your access switchports to admin-edge-port so they don't wait 3 seconds before coming up.

BPDU protection/filtering are useful to protect your STP topology from being changed by unauthorised devices.
Loop-protection is useful to protect your network from loops that are created on devices outside your STP topology.