Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

BPDU guard feature

Hi,

I am trying to use BPDU guard feature but I am not able to make it work. I am configuring one switch port, with portfast (even in trunking mode), and I am enabling bpduguard feature. After this, I am connecting another switch to this port, which has stp enable, thus is sending BPDUs every 2 s (I have already tested it with sniffer), and as far as I know, the port from first switch should enter in errdisable state, but no way.

Can anyone help me?

Thanks in advance.

5 REPLIES

Re: BPDU guard feature

Are you configuring bpduguard globally or on the interface? I have the feeling that you configured it globally, which may explain why it fails (I'll detail this later if this is the case). Try configuring it locally on the port, or do a shut/no shut of the interface first.

Regards,

Francois

New Member

Re: BPDU guard feature

Hi Francois,

I was doing it port-basis, not globally. The problem was the shut/no shut. Thanks a lot.

Anyway, can you tell me why when doing it globally doesnt work?

Thanks in advance,

Regards,

Jorge

Re: BPDU guard feature

Weird. The shut/no shut trick should only have had an impact if you had enabled the feature globally.

It is generally desirable to enable bpduguard on "edge" ports, ports that are connected to devices not participating to the bridging operation. The global bpduguard configuration just assumes that all the ports that have portfast operational are edge ports, and the feature is applied to them. That's supposed to be a simple way of applying bpduguard to all your edge ports in one configuration command.

However, portfast has an operational state. If a port receives a bpdu, it is not to be considered an edge port any more (someone is talking stp on this port) and thus the operational portfast flag is cleared. So in (what I think was) your case, it is possible that you configured bpduguard after the port has already received a bpdu. That means that the operational portfast bit was clear on your port, and that bpduguard would not apply on it. By doing shut/no shut, you are setting the operational portfast bit again, and then a receiving a bpdu would trigger bpduguard (before it has a change to clear the operational flag of portfast). I'm not sure all this is clear, let me know;-)

On the other hand, the per port configuration of bpduguard is not dependent on portfast. As soon as you enable it, receiving a bpdu should bring down the port.

Regards,

Francois

New Member

Re: BPDU guard feature

Ok, undertood. Weird but it is working ;-)

Thanks a lot for your help.

Regards,

jorge

Bronze

Re: BPDU guard feature

Nevermind... Saw you received answer.

140
Views
4
Helpful
5
Replies
CreatePlease to create content