09-04-2017 12:01 AM - edited 03-01-2019 06:06 PM
Hello,
I have a Nexus 5672Up and want to trunk a C3560X.
I have configured on Nexus:
interface Ethernet100/1/14
switchport trunk allowed vlan 990
spanning-tree port type edge
spanning-tree guard none
and on 3560X:
interface GigabitEthernet0/46
switchport trunk encapsulation dot1q
switchport trunk native vlan 990
switchport trunk allowed vlan 990
switchport mode trunk
spanning-tree portfast
spanning-tree bpduguard disable
spanning-tree guard none
The port on Nexus is all the time on disable with the following logging:
2017 Sep 4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-SPEED: Interface Ethernet100/1/14, operational speed changed to 1 Gbps
2017 Sep 4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_DUPLEX: Interface Ethernet100/1/14, operational duplex mode changed to Full
2017 Sep 4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet100/1/14, operational Receive Flow Control state changed to off
2017 Sep 4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet100/1/14, operational Transmit Flow Control state changed to on
2017 Sep 4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_UP: Interface Ethernet100/1/14 is up in mode access
2017 Sep 4 07:53:52 cpbs-swi-nx-ix-03 %STP-2-BLOCK_BPDUGUARD: Received BPDU on port Ethernet100/1/14, vlan 1 with BPDU Guard enabled. Disabling port.
2017 Sep 4 07:53:52 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet100/1/14 is down (None)
2017 Sep 4 07:53:52 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet100/1/14 is down (None)
2017 Sep 4 07:53:52 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_DOWN_ERROR_DISABLED: Interface Ethernet100/1/14 is down (Error disabled. Reason:BPDUGuard)
What di I do wrong?
Regards
09-04-2017 01:02 AM - edited 09-04-2017 01:02 AM
Andreas,
Technically, you did not disable BPDU Guard on the FEX port. BPDU Guard is enabled on FEX ports by default, and in fact, it cannot be disabled:
switch(config-if)# spanning-tree bpduguard disable ERROR: Command not supported on FEX interfaces. BPDUGuard is enabled by default for FEX interfaces
The spanning-tree guard none you have used applies to Loop Guard but not to BPDU Guard.
What you could do is to enable the BPDU Filter on the FEX port using spanning-tree bpdufilter enable - this will drop any incoming BPDUs before the BPDU Guard can act on them, and will prevent your FEX port from being err-disabled.
However, I need to point out that you should never, ever, connect a switch to a FEX - this is an unsupported topology. FEX are positioned as fanouts for end hosts, and they are not intended to aggregate other switches. You can play tricks like the one shown above to make it "just work", but it is at your own risk; once again, this is an officially unsupported scenario.
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide