[c-nsp] Switch port with BPDU guard

Boštjan Fele Bostjan.Fele at avtenta.si
Mon Jan 30 08:52:46 EST 2006 

 BPDU filter at interface level blocks all STP BPDU's (no transmit or receive)!!! Put interface in access mode (switchport mode access) and if you want fast transition enable portfast (spaning-tree portfast). Portfast interface still send BPDUs and watches for . I would not advise you to enable bpdu filter at interface level ...

Take care,
Bostjha

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Ian Dickinson
Sent: Monday, January 30, 2006 1:14 PM
To: Vincent De Keyzer
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Switch port with BPDU guard

I believe you need to enable portfast in addition on the port before the bpdufilter has any effect. So adding

 spanning-tree portfast
 spanning-tree bpdufilter enable

should solve this...

Ian

Vincent De Keyzer wrote:
> Hello,
> 
>  
> 
> I am trying to connect a switch of us to the IX switch, and things are 
> not working.
> 
>  
> 
> My config is:
> 
>  
> 
> interface FastEthernet0/18
> 
> load-interval 30
> 
>  switchport access vlan 880
> 
>  spanning-tree bpdufilter enable
> 
>  no cdp enable
> 
> end
> 
>  
> 
> When I do a "sh spanning-tree vlan 880", I get
> 
>  
> 
> Spanning tree 880 is not currently active
> 
> The following parameters have been configured :
> 
>  
> 
> Stp Status         : Disabled
> 
> Protocol           : IEEE
> 
> Max Age (sec)      : 20
> 
> Hello time (sec)   : 2
> 
> Forward Delay (sec): 15
> 
> Bridge Priority    : 32768
> 
>  
> 
> You will notice that enabling BPDU filter on the interface is kind of 
> overkill if STP is disabled for VLAN 880 anyway.
> 
>  
> 
> But nonetheless, the IX guy gets the following when he 'no shuts' its 
> interface (where BPDU guard is enabled) :
> 
>  
> 
> .Jan 30 09:50:07: %LINK-3-UPDOWN: Interface GigabitEthernet2/5, 
> changed state to up
> 
> .Jan 30 09:50:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
> GigabitEthernet2/5, changed state to up
> 
> Jan 30 09:50:07: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/5, 
> changed state to up
> 
> Jan 30 09:50:07: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface 
> GigabitEthernet2/5, changed state to up
> 
> .Jan 30 09:50:08: %SYS-5-CONFIG_I: Configured from console by pieter 
> on vty0
> (193.190.198.37)
> 
> .Jan 30 09:50:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
> GigabitEthernet2/5, changed state to down
> 
> Jan 30 09:50:11: %SPANTREE-SP-2-BLOCK_BPDUGUARD: Received BPDU on port
> GigabitEthernet2/5 with BPDU Guard enabled. Disabling port.
> 
> Jan 30 09:50:11: %PM-SP-4-ERR_DISABLE: bpduguard error detected on 
> Gi2/5, putting Gi2/5 in err-disable state
> 
> .Jan 30 09:50:11: %LINK-3-UPDOWN: Interface GigabitEthernet2/5, 
> changed state to down
> 
> Jan 30 09:50:11: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface 
> GigabitEthernet2/5, changed state to down
> 
> Jan 30 09:50:11: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/5, 
> changed state to down
> 
> Jan 30 09:50:11: %PM-SP-STDBY-4-ERR_DISABLE: bpduguard error detected 
> on Gi2/5, putting Gi2/5 in err-disable state
> 
>  
> 
> Does anybody have a clue ?
> 
>  
> 
> It's IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC13, 
> RELEASE SOFTWARE (fc1)


--
Ian Dickinson
Development Engineer
PIPEX
ian.dickinson at pipex.net
http://www.pipex.net

This e-mail is subject to: http://www.pipex.net/disclaimer.html
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list