[c-nsp] Switch port with BPDU guard

Ian Dickinson iand at eng.pipex.net
Mon Jan 30 07:13:45 EST 2006 

I believe you need to enable portfast in addition on the port before
the bpdufilter has any effect. So adding

 spanning-tree portfast
 spanning-tree bpdufilter enable

should solve this...

Ian

Vincent De Keyzer wrote:
> Hello,
> 
>  
> 
> I am trying to connect a switch of us to the IX switch, and things are not
> working.
> 
>  
> 
> My config is:
> 
>  
> 
> interface FastEthernet0/18
> 
> load-interval 30
> 
>  switchport access vlan 880
> 
>  spanning-tree bpdufilter enable
> 
>  no cdp enable
> 
> end
> 
>  
> 
> When I do a "sh spanning-tree vlan 880", I get
> 
>  
> 
> Spanning tree 880 is not currently active
> 
> The following parameters have been configured :
> 
>  
> 
> Stp Status         : Disabled
> 
> Protocol           : IEEE
> 
> Max Age (sec)      : 20
> 
> Hello time (sec)   : 2
> 
> Forward Delay (sec): 15
> 
> Bridge Priority    : 32768
> 
>  
> 
> You will notice that enabling BPDU filter on the interface is kind of
> overkill if STP is disabled for VLAN 880 anyway.
> 
>  
> 
> But nonetheless, the IX guy gets the following when he 'no shuts' its
> interface (where BPDU guard is enabled) :
> 
>  
> 
> .Jan 30 09:50:07: %LINK-3-UPDOWN: Interface GigabitEthernet2/5, changed
> state to up
> 
> .Jan 30 09:50:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> GigabitEthernet2/5, changed state to up
> 
> Jan 30 09:50:07: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/5, changed
> state to up
> 
> Jan 30 09:50:07: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface
> GigabitEthernet2/5, changed state to up
> 
> .Jan 30 09:50:08: %SYS-5-CONFIG_I: Configured from console by pieter on vty0
> (193.190.198.37)
> 
> .Jan 30 09:50:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> GigabitEthernet2/5, changed state to down
> 
> Jan 30 09:50:11: %SPANTREE-SP-2-BLOCK_BPDUGUARD: Received BPDU on port
> GigabitEthernet2/5 with BPDU Guard enabled. Disabling port.
> 
> Jan 30 09:50:11: %PM-SP-4-ERR_DISABLE: bpduguard error detected on Gi2/5,
> putting Gi2/5 in err-disable state
> 
> .Jan 30 09:50:11: %LINK-3-UPDOWN: Interface GigabitEthernet2/5, changed
> state to down
> 
> Jan 30 09:50:11: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface
> GigabitEthernet2/5, changed state to down
> 
> Jan 30 09:50:11: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/5, changed
> state to down
> 
> Jan 30 09:50:11: %PM-SP-STDBY-4-ERR_DISABLE: bpduguard error detected on
> Gi2/5, putting Gi2/5 in err-disable state
> 
>  
> 
> Does anybody have a clue ?
> 
>  
> 
> It's IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC13,
> RELEASE SOFTWARE (fc1)


-- 
Ian Dickinson
Development Engineer
PIPEX
ian.dickinson at pipex.net
http://www.pipex.net

This e-mail is subject to: http://www.pipex.net/disclaimer.html

More information about the cisco-nsp mailing list