I know this post is a little old, but I also use portfast and bpduguard. One issue we ran into was very similar, in that APs would go off line because of bpduguard. What we found was that a developer had installed a Hyper-V tool on his laptop that bridged the wired and wireless networks which was causing the ports to go down.
Just my 2 cents.
The strange thing is that i actually have almost the exact same configuration running on another site (same customer) the only differences are the switches in the edge(Nortel BPS425) and the Cisco AP(1242 instaed of 2602).
Perhaps the issue lies in the software Version 12.4(25d)JA2 & Version 15.2(2)JA?
The configuration i used-
description *** AP *** switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,320 switchport mode trunk speed 100 duplex full no snmp trap link-status end
AP interface configuration:
interface GigabitEthernet0 no ip address no ip route-cache duplex 100 speed full no keepalive ! interface GigabitEthernet0.1 encapsulation dot1Q 1 native no ip route-cache bridge-group 1 bridge-group 1 spanning-disabled no bridge-group 1 source-learning ! interface GigabitEthernet0.320 encapsulation dot1Q 320 no ip route-cache bridge-group 220 bridge-group 220 spanning-disabled no bridge-group 220 source-learning
I also tried simulating it in our test lab but didnt see anything strange will do some more testing this week.
Step 1 Choose Administration > System > Settings > System Time .
Step 2 Enter unique IP addresses for your NTP servers.
Step 3 Check the Only allow authenticated NTP servers check box if you want to restrict Cisco ISE to use only authenticated NTP servers to keep system and network time.
Step 4 Click the NTP Authentication Keys tab and specify one or more authentication keys if any of the servers that you specify requires authentication via an authentication key, as follows:
a. Click Add .
b. Enter the necessary Key ID and Key Value , specify whether the key in question is trusted by activating or deactivating the Trusted Key option, and click OK . The Key ID field supports numeric values between 1 to 65535 and the Key Value .field supports up to 15 alphanumeric characters.
c. Return to the NTP Server Configuration tab when you are finished entering the NTP Server Authentication Keys.