Solved: Re: BPDU guard - err-disabled port

ohareka70 · ‎07-03-2013

Hi,

I have BPDU guard on all my access ports on the network. I dont usually allow hubs to be plugged in but i need to allow a netgear hub to connect to one of my ports for a short time. I set the port to default configuration so it doesnt have BPDU guard enabled but when i plug the netgear into it it still error disables the port. Any ideas whats wrong - is it something thats configured on the netgear?

Also - i do not have port security enabled anywhere on this switch.

regards,

Kevin

Peter Paluch · ‎07-03-2013

Hi Kevin,

Check whether you have the BPDU Guard enabled globally using the spanning-tree portfast bpduguard default global configuration command. If that is the case then on the individual port, the BPDU Guard can be disabled using the spanning-tree bpduguard disable command.

If the port is indeed err-disabled thanks to the BPDU Guard (check the cause of the err-disabled state using the show interfaces status err-disabled command) then the NetGear must be sending its own BPDUs, or there must be some other switch connected to it that sends the offending BPDUs.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎07-03-2013

Hi Kevin,

Check whether you have the BPDU Guard enabled globally using the spanning-tree portfast bpduguard default global configuration command. If that is the case then on the individual port, the BPDU Guard can be disabled using the spanning-tree bpduguard disable command.

If the port is indeed err-disabled thanks to the BPDU Guard (check the cause of the err-disabled state using the show interfaces status err-disabled command) then the NetGear must be sending its own BPDUs, or there must be some other switch connected to it that sends the offending BPDUs.

Best regards,

Peter

ohareka70 · ‎07-09-2013

Exactly right - BPDU guard was also enabled globally on the switch. As soon as i removed that everything was fine.

regards,

Kevin

jhanzb · ‎04-27-2023

What if we only enable (spanning-tree root guard) on the switch port that is connecting netgear, in that case bpdu guard can be kept as enabled in global config. ?

Please suggest.

Elliot Dierksen · ‎04-27-2023

If the netgear device is truly a hub, then it wouldn't generate BPDU's. If you are getting BPDU's then it is either a managed switch, or that hub is connected to the port of some other managed switch. Your other option would be to turn off portfast on the port in question. Portfast should only be configured on ports that connect only to a single end station. A device to device port will not be going up and down, so there is no reason for portfast.

jhanzb · ‎04-27-2023

i will put it this way, let's say it's another managed device (customer device) which generates BPDUs and we don't want customer device or port connecting to this device participate in spanning tree election, but also on our side (provider) we don't want to disable ( spanning-tree bpduguard disable ).

-Customer device/port should participate in spanning tree election.

-Provider doesn't want to do ( spanning-tree bpduguard disable ).

so in that case if we enable ( spanning-tree guard root ) this would mean BPDUs on that port (connecting customer) will be ignored and customer device/port will also not participate in spanning tree elections.

Is that correct or i'm mistaken ?

Elliot Dierksen · ‎04-27-2023

My understanding of BPDU guard is that it is something that only applies when port fast is enabled. For this type of port, port fast should absolutely NOT be enabled. Root guard or BPDU filter might be things you want to investigate.