cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4897
Views
15
Helpful
4
Replies
Highlighted

how to disable nexus 2k BPDU guard on a single port.

Hi, 

How can i disable the BPDU guard on a single port of nexus 2k (2248TP-E). 

 

currently port is configured as spanning-tree port type edge

while i try to make the port type as normal its also not taking, showing "ERROR: Command not supported on fex port"

 

Also i tried with disabling command but no luck.

spanning-tree bpduguard disable
ERROR: Command not supported on FEX interfaces. BPDUGuard is enabled by default for FEX interfaces

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Hi there,

 

You cannot disable BPDUGuard on a FEX HIF; however, you can enable BPDUFilter on the interface and that way when you receive a BPDU from a connected switch, it is filtered and thus cannot trigger BPDUGuard.

 

Do understand the risk this poses as you're essentially disabling STP on this port and would have to guarantee a loop free network on the connecting switch in some fashion.

 

Fabric Extenders are intended for Host facing interfaces -- They were not built for switches to be connected to it and their buffers are not necessarily deep so do keep performance in mind as well.

 

Nexus# conf t
Nexus(config)# int e101/1/24
Nexus(config-if)# spanning-tree bpdufilter enable 
Nexus(config-if)# end
Nexus# show run int e101/1/24

!Command: show running-config interface Ethernet101/1/24
!Time: Fri Oct 19 15:40:24 2018

version 7.3(3)N1(1)

interface Ethernet101/1/24
  switchport access vlan 111
  spanning-tree bpdufilter enable <<<

Thank you,

 

- Andrea, CCIE #56739 R&S

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Hi Muhammed,


Have a look to below link: 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus2000/sw/configuration/guide/rel_521/Configuring_the_Cisco_Nexus_2000_Series_Fabric_Extender_rel_5_2_chapter1.html#con_1046083

 

**All Fabric Extender host interfaces run as spanning tree edge ports with BPDU Guard enabled and cannot be configured as Spanning Tree network ports.**

 

Please rate if you find it helpful.

 

Regards,

MJ

Highlighted

Thank you for the information but i am looking for the solution on the nexus 2k box itself, which i could not found yet. The only solution i found is that i have to move this legacy device connectivity from 2k to any other switch. 

Highlighted
Cisco Employee

Hi there,

 

You cannot disable BPDUGuard on a FEX HIF; however, you can enable BPDUFilter on the interface and that way when you receive a BPDU from a connected switch, it is filtered and thus cannot trigger BPDUGuard.

 

Do understand the risk this poses as you're essentially disabling STP on this port and would have to guarantee a loop free network on the connecting switch in some fashion.

 

Fabric Extenders are intended for Host facing interfaces -- They were not built for switches to be connected to it and their buffers are not necessarily deep so do keep performance in mind as well.

 

Nexus# conf t
Nexus(config)# int e101/1/24
Nexus(config-if)# spanning-tree bpdufilter enable 
Nexus(config-if)# end
Nexus# show run int e101/1/24

!Command: show running-config interface Ethernet101/1/24
!Time: Fri Oct 19 15:40:24 2018

version 7.3(3)N1(1)

interface Ethernet101/1/24
  switchport access vlan 111
  spanning-tree bpdufilter enable <<<

Thank you,

 

- Andrea, CCIE #56739 R&S

View solution in original post

Highlighted

Please add this to the Nexus Configuration Guides because they all now say after NXOS 5.2 or 7.x the following......

 

 

You can configure BPDU Guard at the interface level. When configured at the interface level, BPDU Guard shuts the port down as soon as the port receives a BPDU, regardless of the port type configuration. When you Configure BPDU Guard globally , it is effective only on operational spanningtree edge ports. In a valid configuration, LAN edge interfaces do not receive BPDUs. A BPDU that is received by an edge LAN interface
signals an invalid configuration, such as the connection of an unauthorized host or switch. BPDU Guard,
when enabled globally , shuts down all spanning tree edge ports when they receive a BPDU.
 
Which we all now know to be Wrong! I just had to try to configure this just to be sure that the Cisco Docs were wrong.
 
There used to be a Note about it not working on a FEX - but not any more.
This widget could not be displayed.