802.1w/RSTP edge port vs. PortFast and BPDU Guard?
We're presently using the Spanning Tree PortFast feature on all end-user ports, including the PortFast BPDU Guard feature, to protect ourselves from end-users connecting bridges/switches to end-user ports and or users looping such ports. A great thing about BPDU Guard is, that it puts a port in ErrDisable state if a BPDU shows up on that port.
When moving to 802.1w/RSTP a PortFast configured port becomes an RSTP Edge port. If an RSTP edge port receives a BPDU it becomes a normal Spanning Tree port.
Is there a way to force en RSTP edge port to go into ErrDisable state like with BPDU Guard rather than just reverting to a normal Spanning Tree port?
Re: 802.1w/RSTP edge port vs. PortFast and BPDU Guard?
For 12.1(13)E the following is true for MST, iyt uses the modified RSTP version called the Multiple Spanning Tree Protocol (MSTP) thus the port role of EDGE is for MST and not RSTP..:))
According to CCO MST does support the following:
MST supports some of the PVST+ extensions in MSTP as follows:
UplinkFast and BackboneFast are not available in MST mode; they are included in RSTP.
- PortFast is supported.
- BPDU filter and BPDU guard are supported in MST mode.
- Loop guard and root guard are supported in MST. MST preserves the VLAN 1 disabled functionality except that BPDUs are still transmitted in VLAN 1.
So following the normal rules of BPDUguard, when configured on a port basis BPDU Guard shuts down a port that receives a BPDU, If configured globally then BPDU Guard is only effective on ports in the operational PortFast state.
Also in 12.1(11b)E if BPDU Guard is configured at the interface level then BPDU Guard shuts the port down as soon as the port receives a BPDU even if PortFast is not configured. If globally configured BPDU Guard applies to all interfaces that are configured with PortFast enabled.
You can then set the errdisable detect cause all command or just errdisable detect casue bpduguard to be more specific unless you are lazy like me..:)) then configure your desired timeout value with errdisable recovery cause all or bpduguard and then errdisable recovery interval xxx in seconds.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...