Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

BPDU Filtering doesn't work

Hello,

Cisco Catalyst 3560 switch. SW version 12.2(25) SEE3.

Interface Gi 0/25 (optical SFP connector) is connected to external equipment. Switchport mode trunk.

I don't need Spannnig tree on VLAN's which are allowed on this trunk port.

So I have disabled Spanning tree for these VLAN's.

no spannig-tree vlan xxx

Additionally I have set this port to PortFast Mode

spanning-tree portfast trunk

And enabled BPDU Filtering

spanning-tree bpdufilter enable

But I still see with Wireshark Analyzer outgoing BPDU from this Interface. Source MAC is Gi 0/25 port MAC address.

I have attached spanning tree configuration and Wireshark capture file.

Could You explain why BPDU messages are not filtered ?

With Best Regards

Tomas

11 REPLIES
New Member

Re: BPDU Filtering doesn't work

Hello all,

Any idea ?? I tried to reboot switch, but problem still exists. Also I have found some other places in our network, where we have the same situation. SW and HW version are the same.

Best Regards,

Tomas

New Member

Re: BPDU Filtering doesn't work

I have an idea.

When a portfast enabled port with bpdu filtering receives a bpdu packet it disables the filtering and will start sending bpdu's as normal.

Perhaps you can confirm if this is the case or not by sniffing for incoming bpdu packets on Gi0/25.

New Member

Re: BPDU Filtering doesn't work

Hello Sannie,

Thank You for response.

I have checked this version. No STP BPDUs enter Gi 0/25 port.

So mystery still exists for me.

Tomas

New Member

Re: BPDU Filtering doesn't work

I have another idea then.

It is a bit of a long shot because it was documented under a router but I guess it is worth a try.

I found the following:

no spanning-tree bpdufilter - This state enables BPDU filtering on the interface if the interface is in operational PortFast state and if the spanning-tree portfast bpdufilter default command is configured.

So try removing the bpdu filter from the Gi0/25 interface.

New Member

Re: BPDU Filtering doesn't work

Didn't help.

New Member

Re: BPDU Filtering doesn't work

Hi,

Could you send the output for

show spanning-tree interface gi 0/25 detail

and

show run int gi 0/25

Chao

Vishwa

New Member

Re: BPDU Filtering doesn't work

Hello,

Show spannig-tree int gi 0/25 doesn't show any info for VLAN's for which Spanning-tree is disabled. So I have nothing to send to You.

sh run output

switchport trunk encapsulation dot1q

switchport trunk native vlan 1000

switchport mode trunk

switchport nonegotiate

srr-queue bandwidth share 15 35 35 15

srr-queue bandwidth shape 4 0 0 0

mls qos trust dscp

no cdp enable

spanning-tree portfast trunk

spanning-tree bpdufilter enable

Hall of Fame Super Silver

Re: BPDU Filtering doesn't work

Hello Tomas,

verify with

sh int gi0/25 switchport

which vlans are in forwarding state and see if there is at least one with an STP instance running.

Hope to help

Giuseppe

New Member

Re: BPDU Filtering doesn't work

hmmm.

You might want to consider just leaving STP on in conjunction with bpdu guard, loop guard, root guard and port fast.

Just becuase you don't "need" it, shouldn't hurt anything to let it run.

New Member

Re: BPDU Filtering doesn't work

This may or may not be helpful (as I don't think you have BPDU Filtering enabled globally).  However:

BPDU Filtering when enabled in global configuration mode - Upon startup, the port transmits ten BPDUs.  If this port receives any BPDUs during that time, PortFast, and PortFast BPDU Filtering are disabled.

I suggest you open a case with the Cisco TAC.  There could be just be a bug in your IOS image.  If that's the case, TAC will create and/or inform you of the BUG tracking number...you can receive updates to see which IOS release has fixed the issue.

Best of luck...

Silver

Re: BPDU Filtering doesn't work

If you have disabled STP on the switch for VLANs, it might forward BPDU packets received on other ports from other switches/devices. If you really want to disable STP (after making sure there's no L2 loop in your network), try disabling it on all switches so none of them will send BPDU packets.

590
Views
0
Helpful
11
Replies
CreatePlease login to create content