Comprar o Renovar
Comprar o Renovar
cancelar
Activar sugerencias
La sugerencia automática le ayuda a obtener, de forma rápida, resultados precisos de su búsqueda al sugerirle posibles coincidencias mientras escribe.
Mostrando los resultados de 
Buscar en lugar de 
Quiere decir: 
cancel
Iniciar una conversación
119
Visitas
0
ÚTIL
2
Respuestas

How to take out ports out from spanning-tree (globally enabled)

mauricio2099
Level 1
Level 1

el ‎05-15-2024 09:27 AM

Hi All,

I have some 9300 switches with spanning-tree globally enabled: 

spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4049 priority 24576

These are setup under the global configuration mode. I understand that this command enables spanning-tree with all these features on all access-mode ports.

My issue is that a firewall sent out a BPDU while rebooting and the port on the switch where it is attached was put on err-disabled. This cause a downtime to the facility's network.

This the port configuration.

interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
spanning-tree portfast
speed 100
duplex full
end

Even if I remove spanning-tree portfast from it, will the global spanning-tree configuration still have effect on it, correct?

If this is true how to tell the switch to take out the firewall ports from spanning-tree domain.
I am concerned to have this issue again.

Temporarily I added spanning-tree bpdufilter enable to the port to avoid processing BPDUs.



 

 

0 Útil
2 RESPUESTAS 2

MHM Cisco World
VIP
VIP

‎05-15-2024 09:32 AM - editado ‎05-15-2024 09:33 AM

You config bpduguard globally apply to any port that config as portfast'

So if you remove portfast then the bpduguard no more apply to interface anymore 

To be more sure use any port not connect to any device abd dont config portfast under this interface' 

Then do 

Show spanning tree interface x/x

Check if bpduguard is enable or not

MHM

0 Útil

balaji.bandi
Hall of Fame
Hall of Fame

el ‎05-15-2024 09:47 AM

First i would check what is the reason of port gone error-disable - show logging on the switch give you indicaton what is wrong ?

when they go error-disable, how are you fixing the issue ? shut and no shut or auto recovery ?

only single Firewall or HA ?  what Firewall ?

worth looking error-disable cause - check some tips :

https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/69980-errdisable-recovery.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Útil

Navegue y encuentre contenido personalizado de la comunidad

Videos de R&S Documentos de R&S Blogs de R&S
Customers Also Viewed These Support Documents