I am trying to connect a 3com switch to our Cisco 3750 stack, however when I connect it to the switchport on the Cisco stack it goes into err-disabled mode.
After a little investigation I found that this was becasue the bpduguard and portfast had been enbaled on the switchport. However I would like your advise as to what to do next? should I remove the BPDU Guard feature from this switchport, if so what are the implications?
Yes remove both . This feature is to protect the network from users who would stick a switch on the network without permission and not for known devices that you want on the network . Only remove it for the one port that this switch is attached to .
The BPDU guard feature can be globally enabled on the switch or can be enabled per port.
At the global level, you enable BPDU guard on Port Fast-enabled ports by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down ports that are in a Port Fast-operational state if any BPDU is received on them. In a valid configuration, Port Fast-enabled ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port means an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the port in the error-disabled state. When this happens, the switch shuts down the entire port on which the violation occurred.
With that explanation, BPDU guard should not be enabled on port connecting to other switches because those are surely to send BPDU. Portfast should never be enabled on ports connecting to other intermediate devices such as switch, hubs, routers.
You should configure the connecting ports on both the switches as trunk (if the 3com switch supports dot1q), that will solve you problem and if the 3com switch does not support trunking, you should configure the 3750 port as static access but disable the portfast feature.
The port on cat 3750 is an access port and that means it should essentially connect to a host device e.g. a PC. Access ports usually take 50 seconds to move into fully operational state when you first connect it to a device and that's a bridging loop prevention mechanism that takes up the time to evaluate and prevent any potential loops. With the portfast feature enabled the port instantaneously moves into operational state without pre-checking for any possible bridging loops in the network. BPDU is a sort of a probe that is sent by every switch to negotiate a loop free topology and a port configured with portfast should not receive a BPDU. Thus to guard against accidental Bridging loops the BPDU Guard is enabled. You should never disable it on a port configured with portfast. The "no Switchport Host" command will disable spanning-tree portfast. Thus you wont need BPDU Guard and hence your port will not go into err-disable mode...
All active ports in portfast state (designated) will transmit bpdu for active vlans on the interfaces. this is because STP needs to know the state of those ports in thr STP topology. As long as STP is concern, any port in portfast mode should not receive bpdu's except transmit. Portfast should always be in forwarding state when the port is active.
Trunks ports for example towards the root brige will receive bpdu's for all active vlans in spanning forwarding state and they are taking part in STP and can be in either blocking or forwarding state.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...