We have had a few times where a user has plugged a loop in to the network via and unmanaged switch. This has caused the traffic to bleed in the WAN vlan affecting multiple sites. We have STP enabled, but it is not always effective. I just discovered the DOS-CONTROL in the B5 series switch setting that allows for traffic to get dropped matching the rules that are enabled. I was looking for some experience on which to enable. Some of these seem like they could block legit traffic like TCP source ports matches TCP destination port. Any help is appreciated.