Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

bpdu loop on different vlan

Hello,

 

Does spanning tree block port when a bpdu sent on an interface (access port vlan 1) is looped back on a different interface (access port vlan 2)  or it will only be blocked when vlans are same?
 

6 REPLIES
Hall of Fame Super Gold

If BPDU Guard is enabled, the

If BPDU Guard is enabled, the switch will block the port(s) regardless of VLANs.
New Member

What about if bpdu guard is

What about if bpdu guard is not enabled?

Hall of Fame Super Blue

If you connect ports together

If you connect ports together on the same switch but the ports are in different vlans then no it shouldn't block but it is not a good thing to do because assuming those ports are access ports ie. not trunks you have effectively joined two vlans together.

There are certain designs where something like this is actually required though eg. if you use a firewall in L2 mode then you actually do want to join two vlans together but the vlans use the same IP subnet eg.

vlan 10 -> firewall -> vlan 11

where the IP subnet is 192.168.5.0/24 for both vlans.

The vlans are created on the same switch so you have to use two vlans because if you used just one on both sides you would actually create an STP loop.

So there are some designs where you do need to in effect join vlans together but they are the exception rather than the norm.

Just to clarify for a firewall in L3 mode (the more common) the above does not apply.

Jon

New Member

What I can understand is, it

What I can understand is, it is dependent on the flavor of STP.

New Member

So will it block for MST and

So will it block for MST and not when PVST is running?

New Member

Spanning tree BPDU guard will

Spanning tree BPDU guard will always work if you connect two interfaces together of the same switch.

 

but you have to whatch out that the STP BPDU guard is set correctly.

First of all remove the bpdufilter in global and interface, or this will make that the bpduguard will not work.

then set the bpduguard in global and interface level (access ports) then it will alway work, even tough when the interfaces are in a different vlan.

 

spanning-tree mode pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default

interface FastEthernet0/1 

switchport access vlan 00
 switchport mode access
 switchport voice vlan 00
 spanning-tree portfast
 spanning-tree bpduguard enable
end

 

376
Views
0
Helpful
6
Replies
CreatePlease login to create content