[c-nsp] bpduguard and trunks?
Lincoln Dale
ltd at cisco.com
Sat Dec 5 05:12:37 EST 2009
On 05/12/2009, at 7:18 AM, Geert Nijs wrote:
> Lincoln,
>
> Just to be clear:
>
> >>all 'edge' ports should be running with BPDU guard enabled. 'edge ports' (those facing >>hosts) should NEVER send BPDUs out. BPDU guard is there to detect if they do - and if >>they do, its a sign that they have caused a loop in the network.
>
> ports with BPDU guard configured still send out BPDUs, but they will not allow incoming
> BDPUs
> if you also want to stop sending out BPDUs (not recommended), you configure the port additionally with BPDU filter
i'm well aware of what BPDU Guard is and how it works.
> On 04/12/2009, at 1:29 AM, Howard Jones wrote:
> > [c1]---[Sw1]----------[Sw2]---[c2]
in this problem case, "sw2" complains that an inconistent BPDU is received seemingly originating from "c1". i'd say that points to a likely case of c1 causing a loop.
BPDU Guard would normally pick this up, however probably isn't, since "sw1" also has 'no spanning-tree 1-4090', so would not be issuing BPDUs on its own.
"edge" ports (portfast w/ BPDU Guard enabled) will periodically transmit BPDUs out those edge ports too - so if there is a loop and they come back, it has the trigger to detect them with.
that "c1" is seemingly doing something is not good.
but disabling STP on "sw1" is perhaps the real issue here. STP is there to build a loop free topology. disabling STP and you no longer have any guarantee of switch-to-switch there aren't any loops.
cheers,
lincoln.
More information about the cisco-nsp
mailing list