BPDU guard is not a feature that you can enable on any port. It only makes sense on ports that will never be connected to another switch. You should push back on an administrative decision to enable the feature everywhere, as it looks like it is what you are facing. Just see on the CatOS console what port BPDU guard put in errdisable state to convince yourself, and the others;-)
I have two Vlans on this cat5000 and each Vlan has 20 some connections. Currently, we have turned BPDU guard off at this two Vlan. He (Netadmin corp) level installing new gear and he doesn't want me to continue with this practice. If i turned on this on my Vlan than i can't reach it his gateway which will provide me further corp connection. any suggestion...
BPDU guard is in fact applied per-port. On some version of CatOS (yours is probablyone of them), the command was applied to all the ports configured for portfast.
Portfast should only be configured on ports that are not connecting to other bridges. It seems that it is not the case in your setup. Go to the CatOS console, identify the ports that were shut down by BPDU guard (you cannot resolve this by staying at the level "I cannot reach my gateway anymore";-) Those ports must have portfast disabled.
First, your network team is actually getting you to do a Very Good Thing. BPDUGuard prevents idiot users from hooking up cheap hubs and switches unbeknownst to you and causing spanning tree loops. It allows you to maintain control over your network and provides proactive punishment to your users. If they do something bad they have to call you and meekly admit what they did, at which time you wave your favorite LART at them before re-enabling the port. After a couple of times they will stop doing it. Been there, done that.
If enabling BPDUGuard caused so many problems, you ALREADY have something broken that needs fixed. BPDUGuard did not break you, you were already broken, you just did not know it.
The other posters are right, if you have portfast enabled on ports connecting switches, hubs, or bridges you are doing a Very Bad Thing that can cause all kinds of spanning-tree issues. I believe that if you universally enable BPDUGuard (I recommend it) it is turned on on all portfast trunks. By default a port disabled by BPDUGuard stays disabled until you fix it (forcing the user to own up) but you can have a timer that re-enables the port after some time.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...