Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

BPDUGuard - Where am I going wrong!! Please Help

Hi,

I hope someone can point out what is going with what should be a simple setup I believe!!

Basically I am trying to get BPDUGuard working so that if I plug it into a switch port the port is disabled.

What I am struggling with is consistency and fear that one or more of the switches is faulty.

From 5 different sources I have read that to enable bpduguard all I need to do is go to the interface and enter the command:

spanning-tree bpduguard enable

Clearly either all of the Cisco documents I have read are wrong (I doubt this) or there is a fault with my switches or actually there are more commands that need to be entered.

Is anyone able to help me before I go completely nuts!!!!!

Please and help greatly appreciated!!

Thanks

P.s.

I have set all ports to portfast and configured :spanning-tree portfast bpduguard default - this seemed to work on one switch but not the other!

4 REPLIES
New Member

BPDUGuard - Where am I going wrong!! Please Help

the BPDU guard operation       disables the port that has PortFast configured. so dont enable porttfast on the ports that you expect to receive BPDUs

reference:

http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

Cisco Employee

BPDUGuard - Where am I going wrong!! Please Help

Hello,

the BPDU guard operation       disables the port that has PortFast configured

This is not entirely precise. BPDUGuard can be activated in two distinct ways: either on all PortFast-enabled ports globally using the spanning-tree portfast bpduguard default command, or on a per-port basis using spanning-tree bpduguard enable command.

To the original poster:

From 5 different sources I have read that to enable bpduguard all I need to do is go to the interface and enter the command:

spanning-tree bpduguard enable

This is correct.

Basically I am trying to get BPDUGuard working so that if I plug it into a switch port the port is disabled.

If you want to test this you have to make sure that the BPDUGuard-protected port actually receives a BPDU. That means that the BPDUGuard-protected port must either be chosen as a root port by normal STP rules, or it must be an alternate port. If the port ends up as a designated port, then it is not going to receive BPDUs from the other switch and the BPDUGuard will not be triggered.

best regards,

Peter

New Member

BPDUGuard - Where am I going wrong!! Please Help

Thanks usasugcis

I have found that the problem is mainly due to me trying to plug another cisco switch into the cisco switch with BPDUGuard enabled. If I use a newgear switch the port is disabled consistently but the Cisco switch clearly has some mechanism to bypass it so the port is not disabled.

New Member

BPDUGuard - Where am I going wrong!! Please Help

thanks Peter,

Glad I have the right command.

As per above, I have found that if I plug in another cisco switch I have it doesn't seem to affect the BPDUGuard but a netgear I have works every time. I checked the spanning tree stat and it was designated so that does confirm what you said above.

Then only thing that I seem to now be confused by and I hope it is ok to ask here in this post although drifiting slightly away from topic is.....

Spanning tree - I understand that it prevent loops but is it not still used when you just have two switches plugged together with 1 cable?

Is there still not a root port etc?

205
Views
0
Helpful
4
Replies