Someone plugs a home router or hub into a wall jack and the network grinds.
BPDU guard is a switch feature that disables an access port the moment a Spanning Tree packet shows up. In short: if a user plugs in a router or switch that runs STP, the port locks instead of causing a loop that takes the whole network down. Default-on for every new switch on every access port.
Try this first
- 1Enable BPDU guard on all ports that lead to workstations, meeting-room jacks and guest sockets.
- 2Leave trunk ports and inter-switch uplinks alone, STP must still work there.
- 3Set auto-recovery to something like 5 minutes, otherwise you have to re-enable the port by hand each time someone realises their mistake.
- 4Log err-disable events to syslog, that is literally a free BYOD detector.
- 5Combine with port security (max 1 or 2 MACs per access port) and you stop most mishaps at the source.
When to bring us in
You have meeting rooms with legitimate dock stations that fan multiple devices through one RJ45: that specific port needs an exception, it is no longer a pure access port.
See also
- Wi-Fi drops randomly across the officeFirst rule out whether it is the access points or the internet connection itself. Different fix.
- One room or corner has no or bad Wi-FiNot always "add another AP"; often one is poorly positioned, or there is a metal wall in the way.
- Internet is suddenly slow for everyoneThree suspects: your provider, a colleague soaking the line, or a backup or update kicking in unexpectedly.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.