Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
7
Replies

Info needed on use of BPDU guard

Nishant Kumar
Level 1
Level 1

‎07-03-2014 11:26 AM - edited ‎03-04-2019 11:16 PM

The place where I am working, we have 7606 router which is connected to various LAN segments. Sub-interfaces are defined in Ethernet ports for VLAN segments. Each LAN segment is running RSTP in rings, so BPDU packets is expected on VLAN subinterfaces of router, but spanning-tree BPDU Guard is enabled on interface(not subinterface) as shown below.

 

interface GigabitEthernet1/6
 description "Towards xyz"
 mtu 9000
 no ip address
 storm-control broadcast level 0.10
 storm-control multicast level 0.10
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/6.852
 description "Cluster 14"
 encapsulation dot1Q 852
 ip address 172.19.129.188 255.255.255.224
 standby version 2
 standby 83 ip 172.19.129.190
 standby 83 timers msec 300 1
 standby 83 priority 110
 standby 83 preempt
!
interface GigabitEthernet1/6.853
 description "Cluster 14"
 encapsulation dot1Q 853
 ip address 172.19.145.188 255.255.255.224
 standby version 2
 standby 84 ip 172.19.145.190
 standby 84 timers msec 300 1
 standby 84 priority 110
 standby 84 preempt
!
interface GigabitEthernet1/6.854
 description "Cluster 14"
 encapsulation dot1Q 854
 ip address 172.19.161.188 255.255.255.224
 standby version 2
 standby 85 ip 172.19.161.190
 standby 85 timers msec 300 1
 standby 85 priority 110
 standby 85 preempt
!
interface GigabitEthernet1/6.855
 description "Cluster 14"
 encapsulation dot1Q 855
 ip address 172.19.177.188 255.255.255.224
 standby version 2
 standby 86 ip 172.19.177.190
 standby 86 timers msec 300 1
 standby 86 priority 110
 standby 86 preempt
!
 

I need to know that will there be any effect of BPDU Guard in this situation?

Whats the point of enabling BPDU Guard here?

Will BPDU packets received on subinterface VLAN will disable the whole interface as BPDU Guard is enabled?

Labels:
0 Helpful
7 Replies 7

Vasilii Mikhailovskii
Level 7
Level 7

‎07-05-2014 08:25 AM

Hello.

Try to check if any span-tree instanced are bound to the interface.

If there is no instances, I would guess that the command has no effect.

0 Helpful

Nishant Kumar
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎07-13-2014 11:48 PM

Hi,

 

Try to check if any span-tree instanced are bound to the interface.

How can I check this ??

 

Thanks,

Nishant

0 Helpful

Vasilii Mikhailovskii
Level 7
Level 7
In response to Nishant Kumar

‎07-14-2014 12:47 AM

show span int ...

0 Helpful

Nishant Kumar
Level 1
Level 1
In response to Vasilii Mikhailovskii

‎07-14-2014 06:19 AM

 

Please find spanning tree command output:

R1#sh spanning-tree  int gi1/6
no spanning tree info available for GigabitEthernet1/6

R1#sh spanning-tree interface GigabitEthernet1/6.852
no spanning tree info available for GigabitEthernet1/6.852

R1#sh spanning-tree

MST0
  Spanning tree enabled protocol mstp
  Root ID    Priority    4096
             Address     588d.09b5.8740
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    4096   (priority 4096 sys-id-ext 0)
             Address     588d.09b5.8740
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/1               Desg FWD 20000     128.1    P2p
Gi1/2               Desg FWD 20000     128.2    P2p
Gi1/3               Desg FWD 20000     128.3    P2p
Gi1/4               Desg FWD 20000     128.4    P2p
Gi1/15              Desg FWD 20000     128.15   P2p
Gi1/16              Desg FWD 20000     128.16   P2p
Gi2/4               Desg FWD 200000    128.260  P2p
Te2/11              Desg FWD 2000      128.267  P2p

 

I think port is not involved in STP. Now, I would like to know what will happen if BPDU packet is received on any VLAN sub-interface of this interface. Will it simply drop BPDU packet as STP not running on it or, BPDU guard will disable the port completely ??

0 Helpful

paul driver
VIP
VIP

‎07-14-2014 08:54 AM

Hello

STP is a layer 2 feature - your ports are not switched ports they are routed so stp wont be active.

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Nishant Kumar
Level 1
Level 1
In response to paul driver

‎07-14-2014 11:10 PM

So, what role will BPDU Guard play in this scenario.?? What will happen if BPDU packet is received on any VLAN sub-interface of this interface. Will it simply drop BPDU packet as STP not running on it or, BPDU guard will disable the port completely ??

0 Helpful

prajithtr_2
Level 1
Level 1

‎07-15-2014 01:10 AM

please provide switch interface configuration also.Perhaps the interface may be configured as edge port.

 

Regards

Prajith

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card