SGE2010 switches, VLAN's and a blocked port in spanning-tree

Similar Messages

• Firewall/Switching/VLAN Design and Security considerations

  Hi,
  Consider the following:
  /SW3---|
  External--S1--FW---/ |Subnet 1
  | \ \ |
  | \__\SW4---|
  | /\
  | / /SW5--|
  External--S2--FW-/ |Subnet 2
  \ |
  \SW6--|
  Requirements:
  Router/Switch/Firewall/NIC resiliency. We can pretty much cover this with HSRP/redundant links(STP)/HA between firewalls/ and (HP) NIC Teaming.
  Question:
  Is it unreasonable to have SW3-SW6 physically on the one switch due to lack of available ports?
  I take it this wouldn't be the securtiy purists choice of implementation?
  If it is reasonable/doable, what are the features on IOS on switches eg. 2950's to implement this?
  Any help appreciated.
  Thanks
  Mark

  You can configure network security by using ACLs by either using the Cluster Management Suite (CMS) or through the command-line interface (CLI). You can also use the security wizard to filter inbound traffic on the Catalyst 2950 switches. Filtering can be based on network addresses or TCP/UDP applications. You can choose whether to drop or forward packets that meet the filtering criteria. To use this wizard, you must know how the network is designed and how interfaces are used on the filtering device. For more information refer to following url:
  http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a008007e8ed.html#36127

• How can switch night mode and add block mode

  i cant see night mode in mozilla

  hi, i'not sure what you are referring to by "night mode" - this is not something that is present in the normal firefox release channel, but the firefox developer edition does feature a dark theme: firefox.com/developer
  in order to block ads in firefox, you can use an extension like adblock:
  https://addons.mozilla.org/firefox/addon/adblock-plus/

• Port fast spanning tree

  Hi All,
  What happen when port fast enable port start receiving BPDU from other end.
  Is it loose port fast capability and start working as normal port and after listening learning it will block the port. or is it work as a port fast to allow BPDU so that loop might be occur?
  Regards
  Rishav

  Hi Jon,
  If a portfast enabled port receives a BPDU it will transition to a normal port and go through the listening and learning processes of STP.
  This is what most textbooks say, and this leads you to believe that when a PortFast-enabled port receives a BPDU, it will fall back to Listening, thereby stopping the traffic flow, and will need 30 seconds to become Forwarding again.
  In reality, what happens is that the port will consume the BPDU, disable the PortFast on the port, but whether the port truly changes its role and state depends on the contents of the received BPDU. If it is inferior to that port's BPDUs, nothing will happen at all, as the port will remain Designated Forwarding. If it is superior to that port's BPDU then the port will become either Blocking (i.e. Alternate Discarding) or Root Forwarding, depending on how good the incoming BPDU is.
  Best regards,
  Peter

• Dot1q trunk causes block port go to forwarding

  Hi
  I have three 3560 switches in a fully-meshed scenario, an access switch and 2 distribution switches. when connecting these switches in the triangle topology, since STP running by default one of port go to blocking mode and then loop is prohibited. But when in access switch i set tow ports connected toward distribution switches in trunk mode with command "switch port mode trunk" the Blocked port go to forwarding and i can't understand why?because i think the loop there is yet and spanning tree must block one of ports.
  Spanning tree mode is PVST+ and there are 8 VLANs on switches.
  The question is how does this situation occur? i couldn't find reason of this situation.
  Thanks in advance

  Hi, 
         It would be good that if you can provide the configuration that you had on each switch ports.
  Cheers
  Zarni

• Multiple switch vlan routing, almost there!

  Hello,
  I'm hoping this is a blatantly obvious issue, but we all know how late night thinking tends to be fairly foggy!
  Anyway, I have 3 3400cl HP switches and a 2610 Poe switch.  One of the 3400's is acting as the core, with the other 3 switches lacp trunked into it.
  Currently trying to get vlan 40 traffic properly routed for internet access.  This is a leap into vlan configs, so the existing domain traffic is still on vlan 1 (yes I know, not ideal).
  The config so far successfully allows clients on vlan 40 to receive DHCP addresses via the ip helper, but no access to internet sites.  I can resolve a dns address just can't see any hopes beyond the vlan 40 IP.
  Two other points if anyone wishes to comment:
  The HP 2610 is slotted to be replaced with a Cisco 3750 Poe switch. Any comments and making cisco and HP play nicely together?
  And second, if anyone wants to suggest best practice words of wisdom for migrating existing services into a more detailed vlan setup, please type away!
  Here is the config:  The 'lower' named switch will mirror the 3rd 3400 so I didn't see the need to include that one.
  hostname "NHB-Core"
  interface 19
     no lacp
  exit
  interface 20
     no lacp
  exit
  interface 21
     no lacp
  exit
  interface 22
     no lacp
  exit
  interface 23
     no lacp
  exit
  interface 24
     no lacp
  exit
  trunk 19-20 Trk1 LACP
  trunk 21-22 Trk2 LACP
  trunk 23-24 Trk3 LACP
  ip routing
  snmp-server community "public" Unrestricted
  vlan 1
     name "DEFAULT_VLAN"
     untagged 1-18,Trk1-Trk3
     ip address 10.10.4.59 255.255.255.0
     exit
  vlan 40
     name "VLAN40"
     ip address 10.10.10.1 255.255.255.0
     ip helper-address 10.10.4.29
     tagged Trk1-Trk3
     exit
  ip route 0.0.0.0 0.0.0.0 10.10.4.98
  spanning-tree Trk1 priority 4
  spanning-tree Trk2 priority 4
  spanning-tree Trk3 priority 4
  hostname "NHB-Poe"
  trunk 25-26 Trk1 LACP
  ip default-gateway 10.10.4.59
  snmp-server community "public" Unrestricted
  vlan 1
     name "DEFAULT_VLAN"
     untagged 1,3-24,27-28,Trk1
     ip address 10.10.4.62 255.255.255.0
     no untagged 2
     exit
  vlan 40
     name "VLAN40"
     untagged 2
     tagged Trk1
     exit
  spanning-tree Trk1 priority 4
  hostname "NHB-lower"
  interface 23
     no lacp
  exit
  interface 24
     no lacp
  exit
  trunk 23-24 Trk1 LACP
  ip default-gateway 10.10.4.59
  snmp-server community "public" Unrestricted
  vlan 1
     name "DEFAULT_VLAN"
     untagged 1-22,Trk1
     ip address dhcp-bootp
     exit
  vlan 40
     name "VLAN40"
     tagged Trk1
     exit
  spanning-tree Trk1 priority 4

  I am sorry, but to get your issue more exposure, I would suggest posting it in the commercial forums, since this is a commercial product. You can click here for the link.
  TwoPointOh
  I work on behalf of HP
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos, Thumbs Up" on the bottom to say “Thanks” for helping!

• Vlan 1 and STP

  Hi,
  Have a client whose IOS 6500/sup720 shows the following output:
  ----------show output--------
  Core_2#sho spanning-tree vlan 1
  Spanning tree instance(s) for vlan 1 does not exist.
  --------Config Excerpt--------
  no spanning-tree vlan 1025-1045,1055-1062,1065-1083
  spanning-tree vlan 101,169,504,516-518,520,571,800 priority 16384
  spanning-tree vlan 523,572,900,999 priority 8192
  This puzzles me, why dont I see 'no spanning-tree vlan 1' in the config? I have recommended enabling stp for Vlan 1 but dont understand why this was not apparent in the config. Any ideas please?
  rgds Les

  Hi Francois,
  There are some ports active in vlan 1 (see below). Any other ideas why I see stp not enabled for vlan 1 but this does not show in the config ?
  Core_1#sho vlan id 1
  VLAN Name Status Ports
  1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4
  Gi1/9, Gi1/10, Gi1/11, Gi1/12
  Gi1/20, Gi1/21, Gi1/22, Gi1/23
  Gi1/26, Gi1/27
  VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
  1 enet 100001 1500 - - - - - 0 0
  Remote SPAN VLAN
  Disabled
  Primary Secondary Type Ports
  rgds
  Les

• Challenge: Spanning Tree Control Between 2 links from Switch DELL M6220 to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior like one switch for redundancy)

  Hello,
  I have an Spanning tree problem when i conect  2 links from Switch DELL M6220 (there are blades to virtual machines too) to 2 links towards 2 switches CISCO 3750 connected with an stack (behavior  like one switch  for redundancy, with one IP of management)
  In dell virtual machine is Spanning tree rapid stp, and in 3750 is Spanning tree mode pvst, cisco says that this is not important, only is longer time to create the tree.
   I dont know but do you like this solutions i want to try on sunday?:
   Could Spanning tree needs to work to send one native vlan to negociate the bdpus? switchport trunk native vlan 250
  Is it better to put spanning-tree guard root in both 3750 in the ports to mitigate DELL to be root in Spanning Tree?
  Is it better to put spanning- tree port-priority in the ports of Swicht Dell?
  ¿could you help me to control the root? ¿Do you think its better another solution? thanks!
   CONFIG WITH PROBLEM
  ======================
  3750: (the 2 ports are of 2 switches 3750s conected with a stack cable, in a show run you can see this)
  interface GigabitEthernet2/0/28
   description VIRTUAL SNMP2
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   logging event trunk-status
   shutdown
  interface GigabitEthernet1/0/43
   description VIRTUAL SNMP1
   switchport trunk encapsulation dot1q
   switchport trunk allowed vlan 4,13,88,250
   switchport mode trunk
   switchport nonegotiate
   shutdown
  DELL M6220: (its only one swith)
  interface Gi3/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit
  interface Gi4/0/19
  switchport mode trunk
  switchport trunk allowed vlan 4,13,88,250
  exit

  F.Y.I for catylyst heroes - here is the equivalent config for SG-300 - Vlan1 is required on the allowed list on the catylyst side (3xxx/4xxx/6xxx)
  In this example:
  VLANS - Voice on 188, data on 57, management on 56.
  conf t
  hostname XXX-VOICE-SWXX
  no passwords complexity enable
  username xxxx priv 15 password XXXXX
  enable password xxxxxx
  ip ssh server
  ip telnet server
  crypto key generate rsa
  macro auto disabled
  voice vlan state auto-enabled !(otherwise one switch controls your voice vlan….)
  vlan 56,57,188
  voice vlan id 188
  int vlan 56
  ip address 10.230.56.12 255.255.255.0
  int vlan1
  no ip add dhcp
  ip default-gateway 10.230.56.1
  interface range GE1 - 2
  switchport mode trunk
  channel-group 1 mode auto
  int range fa1 - 24
  switchport mode trunk
  switchport trunk allowed vlan add 188
  switchport trunk native vlan 57
  qos advanced
  qos advanced ports-trusted
  exit
  int Po1
  switchport trunk allowed vlan add 56,57,188
  switchport trunk native vlan 1
  do sh interfaces switchport po1
  !CATYLYST SIDE
  !Must Explicitly allow VLan1, this is not normal for catalysts - or spanning tree will not work ! Even though it’s the native vlan on both sides.
  interface Port-channel1
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1,56,57,189
  switchport mode trunk

• Identifying spanning-tree root switch

  Looking at a network with a 6509 at the core running in pvst mode. I think the 6509 is the root switch but need to confirm this.
  Show spanning-tree gives a bridge id and a root id. My understanding is that the root id should be the MAC address of the root switch.
  However I can't find the MAC address given as the root id in the 6509s mac address table, nor in the access switches mac address tables.
  I'm sure I'm missing something here - any ideas?

  Hi,
  in the output of "show spanning-tree" you should look for a line "This bridge is the root". The output will give you the root id and the bridge id of the switch, where you execute the command.
  The output looks like this:
  Router# show spanning-tree vlan 200
  VLAN0200
  Spanning tree enabled protocol ieee
  Root ID Priority 32768
  Address 00d0.00b8.14c8
  This bridge is the root
  Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
  Bridge ID Priority 32768
  Address 00d0.00b8.14c8
  Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
  Aging Time 300
  ------------- snip -----------
  The MAC used for creating the bridge id is not used for forwarding BPDUs and thus does not show up in the CAM table afaik.
  To find the root in a switch network, follow the root ports for a given spanning tree instance.
  Hope this helps! Please rate all posts.
  Regards, Martin

• Do I configure spanning-tree port type ed trunk on LACP port-channels

  Hello,
  Can't seem to see a clear answer and wondering if something could offer some advice please?
  We are using LACP aggregation across all our 10 gig attached servers and also trunking them.  We're running a VPC pair of 5596 Nexus.
  For a standard trunk port I always add the spanning-tree port type edge trunk to the interface config.
  However I think I should be adding this to the overiding port-channel config.  At present a colleague has configured the VPC below omitting the spanning-tree port type config.
  interface port-channel100
    description a-server
    switchport mode trunk
    switchport trunk allowed vlan 100
    vpc 100
  The port member configs are these which do contain the spanning tree port type:
  interface Ethernet1/1
    description a-server(1)
    switchport mode trunk
    switchport trunk allowed vlan 100
    spanning-tree port type edge trunk
    channel-group 100 mode active
  I always try to keep the overiding port channel config the same as its members and obviously for most config, you can't have disparate configs anyway.
  However for the spanning tree config the NexOS allows you to have the members with spanning tree port types and not have to reflect that in the port-channel.
  However I have this issue with STP:
  Switch1# show spanning-tree interface po100
  Vlan             Role Sts Cost      Prio.Nbr Type
  VLAN0100         Desg BKN*200       128.4996 (vPC) Network P2p *BA_Inc
  Is this due to the inconsistency with my port channel to member configs?
  Any advice would be gratefully accepted.
  Thanks!

  Hi Paul, there are some parameters you can define on individual ports and there are some of them that will be inherited from the port-channel configuration no matter what has been configured under the infidividual ports. Spanning-tree configuration is one of the inherited ones. As soon as the port joins into a port-channel, it will start to use spanning-tree settings under the port-channel. When it leaves the channel, then it can continue to use the individual configuration.
  There is a nice summary here under NX-OS Interface Conf Guide > Port-Channel Conf:
  http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/interfaces/configuration/guide/if_portchannel.html#wp1798338
  Evren

• Spanning tree for VLANS

  Hi,
  I need an answer to this puzzling scenerio i have been asked to work with.I have two vlans with about 10 switches on each end and there is a link switch that has a connection to both sides of the VLAN. I have been asked to create a singular spanning tree for the entire scenerio. how can i go about this.
  please i am awaiting the opinions of anyone knowledgable in this line. thanks.

  Hi, I agree you can config MST on your router to reduce the number of spanning tree instances runing on the switch from one per vlan. You will have to map your vlan range to the MST, useful CLI commands are
  spanning-tree mode mst
  spanning-tree mst configuration
  name (name)
  revision( revision number)
  instance (number) vlan (vlan range)
  check your config using
  show spanning-tree mst configuration.
  Hope thsi will hlep you get started.
  DW

• Core (4500x vss) with Access HP switch spanning tree

  Hello Friends,
  i need your support to guide me for this type of topology network in-order to avoid loops...
  like
  2  4500X series switch configure as a VSS working as core switch
  in access layer i have HP switches which are connected with 1G fiber uplinks to each other (cascaded) and back to these Core switch for Vlan forwarding.
  i need help to configure  spanning tree  for such topology and avoid loops.
  Topology is in attached..

  Hi,
  you mean to say, connect each HP switch back to core (VSS) with 2 uplinks and configure as a ether-channel?
  Yes, exactly.
  actually that is  not possible because the lack of fiber cable between the cabinets (core to access) are not much cores.
  How could it not be possible? According to your drawing in your current design ASW-HP1 and ASW-HP3 both connect to the core VSS, core anyway. So it is just a matter of connecting ASW-HP2 to the core.
  Of course you want 2 uplinks from each HP.
  HTH

• Peer-Switch with vPC and non-vPC Vlan Port-Channels

  Hi,                 
  in a design guide i have noticed that it is best practice to split vPC and non-vPC vlans on different inter-switch port-channels. Now, if i want to use the Peer-Switch function, but the port-channel interface of the non-vPC-vlan channel moves into blocking state. The option spanning-tree pseudo-information has no influence. Is peer-switch possible in my kind of topology?
  Greeting,
  Stephan

  I believe absolutly possible. specifically coz peer-switch and spt pseudo-info are specific and local to cisco fabric services running as part of  vpc technology. Personally me has lab with vpc-domain compounded of 2 N5Ks. They are peer-switches with spt-pseudoinfo and they have MST running on non VPC links independantly from vpc.

• Blocked Stack Ports on 2960X-48FPD-L Stack (Unstable Switch Stack!) Spanning Tree?

  I am having an issue where 2 2960X-48FPD-L Switches in a redundant flexstack (stack port 1 SW1 to port  2 SW2 and port 2 SW1 to port 1 SW2) ring. 
  At first running the 15.0(2).EX5 (and earlier EX3, and EX4) version IOS yielded all the ports on the stack master switch refusing to run spanning tree and would only link in amber and not pass any traffic other than CDP information (the slave switch linked in fine). 
  I upgraded to 15.2(3)E and this solved the problem of the ports not linking in green and participating in spanning tree. 
  Now, however, about every week or two I lose connectivity to the switch stack and I was able to go to the switch stack locally and found that for some reason the switch stack is blocking and unblocking VLANs on StackPort1 frequently (see below).  When I was at the site, I sometimes had connectivity, sometimes not.  A stack hard reboot brought everything back up, but this is the second time this has occurred and I would expect the same problem in the next week or so. 
  Has anyone else run into these issues, and have you found a solution?
  I'm guessing that if I either get rid of the redundancy on the switch stack or stack using Ethernet cables between switches the problem will go away, but then what is the point of using stackable switches in a non redundant low speed stack.  It seems to me that Spanning tree thinks that I have a spanning tree loop going on with the stack ports which I didn't even think was possible.   
  What do you think?
  Jim
  _BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:02:59: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:16: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:27: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:03:42: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:03:46: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:03:47: %SPANTREE-2-BLOCK_PVID_PEER: Blocking StackPort1 on VLAN0307. Inconsistent peer vlan.
  Mar 11 09:04:12: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:04:22: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:04:56: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:05:13: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:05:13: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:05:30: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:00: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:06:04: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.
  Mar 11 09:06:32: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:02: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:03: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 207 on StackPort1 VLAN307.
  Mar 11 09:07:03: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking StackPort1 on VLAN0307. Inconsistent local vlan.
  Mar 11 09:07:34: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on StackPort1 VLAN1.
  Mar 11 09:07:45: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking StackPort1 on VLAN0307. Port consistency restored.

  Jim,
  We have also the same problem with our 2960-X switches (access) connecting to a pair of 4500x (VSS) except our issue is with Portchannel with 2 physical links connecting the 2960xs to the 4500.
  If we disconnect one of the physical links from the portchannel everything works fine, but when we connect the same physical link back all users lose connectivity and the physical link starts flapping. Here are some of the messages we see in the logs when both physical links are in the portchannel:
  Mar 10 18:00:43 EST: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 1 on Port-channel5 VLAN90.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_PEER: Blocking Port-channel5 on VLAN0001. Inconsistent peer vlan.
  Mar 10 18:00:43 EST: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking Port-channel5 on VLAN0090. Inconsistent local vlan.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0001. Port consistency restored.
  Mar 10 18:00:58 EST: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking Port-channel5 on VLAN0090. Port consistency restored.
  Mar 10 18:01:29 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:37 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  Mar 10 18:01:48 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to down
  Mar 10 18:01:51 EST: %LINEPROTO-5-UPDOWN: Line protocol on Interface TenGigabitEthernet1/0/1, changed state to up
  We have upgraded to 15.0(2a).EX5 and still have the same issue.
  We have a ticket open with Cisco and have sent them all the logs and debugs and waiting to hear back from IOS developers.
  HTH

• SGE2010 Does not block ports even with STP enabled

  Good day,
  We are experiencing bridge storms and network slow downs and we believe we have traced the issue down to users plugging a cat 5/6 cable between 2 ports on the wall both wired back to a SGE2010 switch.
  So we did a test - we plugged a single short cat 6 cable between 2 ports on a SGE2010, our access switch. Suprisingly, even with STP enabled, the switch DID NOT block one of the ports and in a few minutes the ENTIRE NETWORK was down, as CDP, STP, and ARP traffic became a multi-gigabit storm throughout the network.
  Why on earth does this switch not block a port that is obviosly looped?
  Every other cisco switch since I started on 1900XL's did this in 1999.
  Thanks!
  -Joe
  #19366

  Dear Joe,
  STP would conrol multiple links (for redundancy) between switches (endpoints) turning an inactive link on when the active goes down and preventing duplicate active links between them. More about STP at page 258 of the
  SFE-SGE2xxx Admin Guide PDF.
  The function you might be interested in is called "Storm Control" which limits the number of packets per second so to prevent the switch and the network from storms. See page 82 of the SFE-SGE2xxx Admin Guide PDF available here: http://www.cisco.com/en/US/docs/switches/lan/csbms/sfe2000/administration/guide/SFE-SGE2xxx_Admin_Guide.pdf
  Thanks and regards,
  Zsolt