Solved: error message BPDU Port errdisabled

mahesh18 · ‎05-09-2008

i got gollowing err in sh log of router

May 9 13:39:42.441 PDT: %SPANTREE-SP-2-BLOCK_BPDUGUARD: Received BPDU on port FastEthernet4/21 with BPDU Guard enabled. Disabling port.

May 9 13:39:42.441 PDT: %PM-SP-4-ERR_DISABLE: bpduguard error detected on Fa4/21, putting Fa4/21 in err-disable state

any help please

cisco_lad2004 · ‎05-15-2008

BPDUGUARD will protect u against loops.

View solution in original post

rsohi · ‎05-09-2008

Hi there, basically, BPDU Guard is used on the port which applies PortFast. As long as the port received any BPDUs, the BPDU Guard ports will kept in errdisable status.

Seems someone maybe trying to insert a switch into that port which sends bpdu packets. The port is configured to not allow this so it goes into an error disable mode and shuts the port down. You have to do a shut and no shut on the port to bring it back up. However, it may go down again if the device sending bpdu's is still active on the port.

If your intention is connect this device you must turn bpdu guard off on the port.

hope this helps, regards,

Raj

Istvan_Rabai · ‎05-09-2008

Hi Mahesh,

Raj is right, turn off BPDUguard with the "no spanning-tree bpduguard enable" interface command on Fa4/21, if you want to connect a switch to this port.

Otherwise you should leave it as it is, because it will protect your network from connecting rogue switches to that port. Enabling a rogue switch can change the entire topology of your network:

If it is configured with a lower bridge priority, then it will take over the role of the root switch and the traffic patterns may change to the worse within your network.

In addition, if this new switch is configured as a VTP server or client with a higher VTP revision number, then it will overwrite all the vlan information in all switches. This can simply disrupt the whole network.

So take care.

Cheers:

Istvan

bvsnarayana03 · ‎05-10-2008

BPDUguard puts a port in err-disable state when it recv a bpdu on access port. To reuse the port, you need to shut/noshut the port.

You may also use the rootguard command as replacement of bpdu guard, this also disables the port when it recv a superior bpdu & recovers the port by itself when it ceases to hear bpdu's on the port.

mahesh18 · ‎05-10-2008

Thanks for reply,

so BPDU should not be received at access port?

cisco_lad2004 · ‎05-10-2008

When u define an access port, you would typically have an end station at the other end. so no BPDUs should be received.

Hoover to protect yourself against mis cabling, on malicious activity. you need to be prepared in case an access port start receiving BPDU, meaning a switch is connected to access port.

This is where bpdu guard comes in handy.

Rootguard is useful but will only protect u against superior BPDUs. if u have a loop due to miscabling, BPDUs might not be superior. SPT loop will kill ur switched network.

a recommendation is to leave BPDU guard on and add "errdisable recovery interval x

" where X is ur time to try to bring port up automatically instead of doing shutdown and no shutdown.

Pls rate all helpful posts.

HTH

Sam

mahesh18 · ‎05-15-2008

thanks for reply,

if someone plug cable on two ports on same

switch will it cause loop?

how we can protect in this case if cabling

loop occurs?

thanks

cisco_lad2004 · ‎05-15-2008

BPDUGUARD will protect u against loops.

mahesh18 · ‎05-16-2008

thanks for reply,

so u mean to say we should apply BPDU guard

on all ports??????????

access ports right ????????????

not on trunk ports right?????????

cisco_lad2004 · ‎05-16-2008

1-No not needed on trunks as SPT takes care of loops.

2-Only needed on access ports that are configured to be portfast, ie where you practically have SPT disabled.

Sam

mahesh18 · ‎05-16-2008

Thanks for reply

so STP takes care of loops only on Trunk

ports not on access ports right?

cisco_lad2004 · ‎05-16-2008

STP takes care of both Trunk and access ports.

for access ports in old days when only STP was around as opposed to RSTP, an access port still had to wait for 50 sec convergence before forwarding frames, so portfast was introduced to speed this up.

Portfast assumes no switch is at other end on access sport and therefore speeds up convergence, effectively it skips SPT steps. BPDUGUARD was used in case a port that is portfast, start receiving BPDUs.

so in short :-) STP takes care of loops everywhere.

HTH

Sam

pizpan · ‎07-23-2023

hi, I seem to have the same problem with OP but instead, I can't bring the port up after shut, no shut command, is there any other solution to this problem?