cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
41299
Views
19
Helpful
3
Replies

spanning-tree etherchannel guard misconfig

gnijs
Level 4
Level 4

What EXACTLY does this command check or verify ? And how does it check this ?

(do you need Pagp or LACP or does it also work in mode on ?)

3 Replies 3

Francois Tallet
Level 7
Level 7

It's a hack based on STP.

A channel is supposed to be point to point and the feature is adding a consistency check based on the source mac address of the BPDU received.

If you keep receiving BPDUs from several source mac addresses, this feature will assume that you have a bundling problem and shut down the port.

You can disable this behavior.

I think the feature should be removed because it is making an incorrect assumption on the source mac address of the BPDUs, but it has been there for ever and some people think it is necessary.

The "dispute mechanism" is able to detect bundling errors using STP and without those assumption, but it's only working with MST, and recently with Rapid-PVST (no support possible for PVST).

Regards,

Francois

Thanks. So if the remote side has STP disabled (for example because it does not support per-vlan RPVST, genre...HP?) and is not sending BPDUs at all, it will not make any difference ?

PS. (i am using LACP to build the channel)

No relation to LACP. Just STP.

Yes, it should not complain if it's not receiving any BPDUs. Now... you have to be sure that no BPDUs are coming from your HP;-) In particular, be careful that PVST+ BPDUs are flooded through third party devices. So if your HP bridge has some other Cisco switches behind it, it might be forwarding some PVST+ BPDUs on your channel, certainly with different source macs. That's one of the reasons why I don't like this feature!

Regards,

Francois

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: