[c-nsp] BPDU Guard issue
Peter Rathlev
peter at rathlev.dk
Tue Nov 3 02:16:11 EST 2009
On Tue, 2009-11-03 at 09:25 +0300, Stanly Johns wrote:
> Is it possible for a BPDU guard enabled switch port to get disabled
> without connecting any other device than the IP Phone and a PC ?
If the PC sends BPDUs, yes. :-)
> I had to do a shut and no shut to bring it up !
You can use "err-disable recovery" to automate the shut/no shut
function, but IMHO that would be wrong in this case. You should find out
from where those BPDUs come. (One way would be to temporarily turn off
BPDU guard and "debug spanning-tree bpdu receive".)
> The logs are as follows. your inputs are highly appreciated.
>
> Nov 2 04:13:02.388: %VQPCLIENT-7-RECONF: Reconfirming VMPS responses
> Nov 2 04:19:15.286: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on
> port FastEthernet0/21 with BPDU Guard enabled. Disabling port.
Typically when we see this it's some creative user having connected both
the "=> Switch" and "=> PC" ports to the wall, with the phone forwarding
BPDUs between the switch ports. You wouldn't happen to see some of the
same messages from another switch at the same time? (The fact that you
can shut/unshut without the link going down again could also point
towards the other end maybe being err-disabled too.)
--
Peter
More information about the cisco-nsp
mailing list