[c-nsp] Switch port with BPDU guard
Dale.Francis at barclayscapital.com
Dale.Francis at barclayscapital.com
Mon Jan 30 08:55:51 EST 2006
Vincent,
Firstly if you are disabling STP for the VLAN there is no real need to
use BPDU filtering, its clear that the remote switch is sending BPDU and
the remote switch will disable the port upon receipt as it thinks it's
an end host which is why people are saying use portfast.
If you are 100% sure you do not need to run STP then remove the BDPU
filter command. Also see what the status the switch think the port is in
with sh spanning-tree int fa 0/18
Regards
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Vincent De
Keyzer
Sent: 30 January 2006 11:11
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Switch port with BPDU guard
Hello,
I am trying to connect a switch of us to the IX switch, and things are
not working.
My config is:
interface FastEthernet0/18
load-interval 30
switchport access vlan 880
spanning-tree bpdufilter enable
no cdp enable
end
When I do a "sh spanning-tree vlan 880", I get
Spanning tree 880 is not currently active
The following parameters have been configured :
Stp Status : Disabled
Protocol : IEEE
Max Age (sec) : 20
Hello time (sec) : 2
Forward Delay (sec): 15
Bridge Priority : 32768
You will notice that enabling BPDU filter on the interface is kind of
overkill if STP is disabled for VLAN 880 anyway.
But nonetheless, the IX guy gets the following when he 'no shuts' its
interface (where BPDU guard is enabled) :
.Jan 30 09:50:07: %LINK-3-UPDOWN: Interface GigabitEthernet2/5, changed
state to up
.Jan 30 09:50:07: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet2/5, changed state to up
Jan 30 09:50:07: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/5,
changed state to up
Jan 30 09:50:07: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface
GigabitEthernet2/5, changed state to up
.Jan 30 09:50:08: %SYS-5-CONFIG_I: Configured from console by pieter on
vty0
(193.190.198.37)
.Jan 30 09:50:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet2/5, changed state to down
Jan 30 09:50:11: %SPANTREE-SP-2-BLOCK_BPDUGUARD: Received BPDU on port
GigabitEthernet2/5 with BPDU Guard enabled. Disabling port.
Jan 30 09:50:11: %PM-SP-4-ERR_DISABLE: bpduguard error detected on
Gi2/5, putting Gi2/5 in err-disable state
.Jan 30 09:50:11: %LINK-3-UPDOWN: Interface GigabitEthernet2/5, changed
state to down
Jan 30 09:50:11: %LINEPROTO-SP-5-UPDOWN: Line protocol on Interface
GigabitEthernet2/5, changed state to down
Jan 30 09:50:11: %LINK-SP-3-UPDOWN: Interface GigabitEthernet2/5,
changed state to down
Jan 30 09:50:11: %PM-SP-STDBY-4-ERR_DISABLE: bpduguard error detected on
Gi2/5, putting Gi2/5 in err-disable state
Does anybody have a clue ?
It's IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC13,
RELEASE SOFTWARE (fc1)
Vincent
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
------------------------------------------------------------------------
For more information about Barclays Capital, please
visit our web site at http://www.barcap.com.
Internet communications are not secure and therefore the Barclays
Group does not accept legal responsibility for the contents of this
message. Although the Barclays Group operates anti-virus programmes,
it does not accept responsibility for any damage whatsoever that is
caused by viruses being passed. Any views or opinions presented are
solely those of the author and do not necessarily represent those of the
Barclays Group. Replies to this email may be monitored by the Barclays
Group for operational or business reasons.
------------------------------------------------------------------------
More information about the cisco-nsp
mailing list