Press "Enter" to skip to content

How can I prevent VLAN bridging on a Cisco switch

Last updated on December 25, 2018

        A Cisco switch (IOS) on our network configured with VLAN 7 and VLAN 8 as access VLANs (7 being the native for the trunk on the switch) had the VLANs bridged by someone who connected a patch cable from one network jack to another network jack (essentially connecting two ports together one with access VLAN 7, the other with access VLAN 8). 
This created a bridge that caused all static IP devices from VLAN 8 to stop working, and any DHCP requests that came from a port that was configured to VLAN 8 was answered by the subnet on VLAN 7. I've found a great deal of documentation on how and why people would want this enabled, however, I want this type of behavior to be errdisabled, and I'm not sure which spanning tree configuration (if any) would allow me to block this behavior. The two ports just had a 3 basic configurations:
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast

 switchport access vlan 7
 switchport mode access
 spanning-tree portfast
From my understanding, spanning-tree guard root would only errdisable a port if it detects a potential switching loop, however this wasn't a loop, but a bridge. What would be the best practice here?

Be First to Comment

Leave a Reply

%d bloggers like this: