10-28-2008 12:54 PM - edited 03-06-2019 02:11 AM
Hello,
Cisco Catalyst 3560 switch. SW version 12.2(25) SEE3.
Interface Gi 0/25 (optical SFP connector) is connected to external equipment. Switchport mode trunk.
I don't need Spannnig tree on VLAN's which are allowed on this trunk port.
So I have disabled Spanning tree for these VLAN's.
no spannig-tree vlan xxx
Additionally I have set this port to PortFast Mode
spanning-tree portfast trunk
And enabled BPDU Filtering
spanning-tree bpdufilter enable
But I still see with Wireshark Analyzer outgoing BPDU from this Interface. Source MAC is Gi 0/25 port MAC address.
I have attached spanning tree configuration and Wireshark capture file.
Could You explain why BPDU messages are not filtered ?
With Best Regards
Tomas
11-06-2008 01:00 AM
Hello all,
Any idea ?? I tried to reboot switch, but problem still exists. Also I have found some other places in our network, where we have the same situation. SW and HW version are the same.
Best Regards,
Tomas
11-06-2008 02:41 AM
I have an idea.
When a portfast enabled port with bpdu filtering receives a bpdu packet it disables the filtering and will start sending bpdu's as normal.
Perhaps you can confirm if this is the case or not by sniffing for incoming bpdu packets on Gi0/25.
11-06-2008 03:20 AM
Hello Sannie,
Thank You for response.
I have checked this version. No STP BPDUs enter Gi 0/25 port.
So mystery still exists for me.
Tomas
11-06-2008 03:57 AM
I have another idea then.
It is a bit of a long shot because it was documented under a router but I guess it is worth a try.
I found the following:
no spanning-tree bpdufilter - This state enables BPDU filtering on the interface if the interface is in operational PortFast state and if the spanning-tree portfast bpdufilter default command is configured.
So try removing the bpdu filter from the Gi0/25 interface.
11-06-2008 02:35 PM
Didn't help.
11-06-2008 04:15 AM
Hi,
Could you send the output for
show spanning-tree interface gi 0/25 detail
and
show run int gi 0/25
Chao
Vishwa
11-06-2008 02:59 PM
Hello,
Show spannig-tree int gi 0/25 doesn't show any info for VLAN's for which Spanning-tree is disabled. So I have nothing to send to You.
sh run output
switchport trunk encapsulation dot1q
switchport trunk native vlan 1000
switchport mode trunk
switchport nonegotiate
srr-queue bandwidth share 15 35 35 15
srr-queue bandwidth shape 4 0 0 0
mls qos trust dscp
no cdp enable
spanning-tree portfast trunk
spanning-tree bpdufilter enable
11-06-2008 05:37 AM
Hello Tomas,
verify with
sh int gi0/25 switchport
which vlans are in forwarding state and see if there is at least one with an STP instance running.
Hope to help
Giuseppe
11-09-2008 12:56 PM
hmmm.
You might want to consider just leaving STP on in conjunction with bpdu guard, loop guard, root guard and port fast.
Just becuase you don't "need" it, shouldn't hurt anything to let it run.
11-11-2010 06:26 AM
This may or may not be helpful (as I don't think you have BPDU Filtering enabled globally). However:
BPDU Filtering when enabled in global configuration mode - Upon startup, the port transmits ten BPDUs. If this port receives any BPDUs during that time, PortFast, and PortFast BPDU Filtering are disabled.
I suggest you open a case with the Cisco TAC. There could be just be a bug in your IOS image. If that's the case, TAC will create and/or inform you of the BUG tracking number...you can receive updates to see which IOS release has fixed the issue.
Best of luck...
11-11-2010 06:59 AM
If you have disabled STP on the switch for VLANs, it might forward BPDU packets received on other ports from other switches/devices. If you really want to disable STP (after making sure there's no L2 loop in your network), try disabling it on all switches so none of them will send BPDU packets.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide