[c-nsp] bpduguard and trunks?

Howard Jones howie at thingy.com
Thu Dec 3 09:29:54 EST 2009


I've just run into an odd problem, and was wondering if anyone else
could clarify this for me.

[c1]---[Sw1]----------[Sw2]---[c2]

c1 and c2 are client devices. Sw1 and Sw2 are 3750Gs with a trunk
between them. c1 has a trunk to Sw1. One of the vlans in that trunk as
passed along the sw1-sw2 trunk to c2.

The port facing c1 has bpduguard enabled. Halfway through adding vlans,
Sw2 complains about inconsistent BPDUs, and the root bridge mac address
is that of c1. It shuts down the trunk port, which is kind of annoying.

Does bpduguard only affect access ports and not trunks? That's the only
explanation I can see for what is going on. The manual doesn't exactly
say either way: "At the interface level, you enable BPDU guard on any
interface by using the spanning-tree bpduguard enable interface
configuration command without also enabling the Port Fast feature.". Sw1
also has '|no spanning-tree vlan 1-4090|' - will that help or hinder, here?

I think the real answer is to stop using switches to ship stuff between
sites like this, but that is a battle for another day.

Thanks in advance for any illumination...

Howie


More information about the cisco-nsp mailing list