Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4059
Views
0
Helpful
1
Replies

Nexus 5672UP - Error disabled. Reason:BPDUGuard

Andreas Sinn
Level 1
Level 1

‎09-04-2017 12:01 AM - edited ‎03-01-2019 06:06 PM

Hello,

 

I have a Nexus 5672Up and want to trunk a C3560X.

I have configured on Nexus:

interface Ethernet100/1/14
  switchport trunk allowed vlan 990
  spanning-tree port type edge
  spanning-tree guard none

 

and on 3560X:

interface GigabitEthernet0/46
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 990
 switchport trunk allowed vlan 990
 switchport mode trunk
 spanning-tree portfast
 spanning-tree bpduguard disable
 spanning-tree guard none

 

The port on Nexus is all the time on disable with the following logging:

2017 Sep  4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-SPEED: Interface Ethernet100/1/14, operational speed changed to 1 Gbps
2017 Sep  4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_DUPLEX: Interface Ethernet100/1/14, operational duplex mode changed to Full
2017 Sep  4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet100/1/14, operational Receive Flow Control state changed to off
2017 Sep  4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet100/1/14, operational Transmit Flow Control state changed to on
2017 Sep  4 07:53:47 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_UP: Interface Ethernet100/1/14 is up in mode access
2017 Sep  4 07:53:52 cpbs-swi-nx-ix-03 %STP-2-BLOCK_BPDUGUARD: Received BPDU on port Ethernet100/1/14, vlan 1 with BPDU Guard enabled. Disabling port.
2017 Sep  4 07:53:52 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet100/1/14 is down (None)
2017 Sep  4 07:53:52 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_DOWN_NONE: Interface Ethernet100/1/14 is down (None)
2017 Sep  4 07:53:52 cpbs-swi-nx-ix-03 %ETHPORT-5-IF_DOWN_ERROR_DISABLED: Interface Ethernet100/1/14 is down (Error disabled. Reason:BPDUGuard)

 

What di I do wrong?

 

Regards

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Peter Paluch
Cisco Employee
Cisco Employee

‎09-04-2017 01:02 AM - edited ‎09-04-2017 01:02 AM

Andreas,

Technically, you did not disable BPDU Guard on the FEX port. BPDU Guard is enabled on FEX ports by default, and in fact, it cannot be disabled:

switch(config-if)# spanning-tree bpduguard disable 
ERROR: Command not supported on FEX interfaces. BPDUGuard is enabled by default for FEX interfaces

The spanning-tree guard none you have used applies to Loop Guard but not to BPDU Guard.

What you could do is to enable the BPDU Filter on the FEX port using spanning-tree bpdufilter enable - this will drop any incoming BPDUs before the BPDU Guard can act on them, and will prevent your FEX port from being err-disabled.

However, I need to point out that you should never, ever, connect a switch to a FEX - this is an unsupported topology. FEX are positioned as fanouts for end hosts, and they are not intended to aggregate other switches. You can play tricks like the one shown above to make it "just work", but it is at your own risk; once again, this is an officially unsupported scenario.

Best regards,
Peter

0 Helpful
Customers Also Viewed These Support Documents