07-03-2013 02:36 PM - edited 03-07-2019 02:13 PM
Hi,
I have BPDU guard on all my access ports on the network. I dont usually allow hubs to be plugged in but i need to allow a netgear hub to connect to one of my ports for a short time. I set the port to default configuration so it doesnt have BPDU guard enabled but when i plug the netgear into it it still error disables the port. Any ideas whats wrong - is it something thats configured on the netgear?
Also - i do not have port security enabled anywhere on this switch.
regards,
Kevin
Solved! Go to Solution.
07-03-2013 02:46 PM
Hi Kevin,
Check whether you have the BPDU Guard enabled globally using the spanning-tree portfast bpduguard default global configuration command. If that is the case then on the individual port, the BPDU Guard can be disabled using the spanning-tree bpduguard disable command.
If the port is indeed err-disabled thanks to the BPDU Guard (check the cause of the err-disabled state using the show interfaces status err-disabled command) then the NetGear must be sending its own BPDUs, or there must be some other switch connected to it that sends the offending BPDUs.
Best regards,
Peter
07-03-2013 02:46 PM
Hi Kevin,
Check whether you have the BPDU Guard enabled globally using the spanning-tree portfast bpduguard default global configuration command. If that is the case then on the individual port, the BPDU Guard can be disabled using the spanning-tree bpduguard disable command.
If the port is indeed err-disabled thanks to the BPDU Guard (check the cause of the err-disabled state using the show interfaces status err-disabled command) then the NetGear must be sending its own BPDUs, or there must be some other switch connected to it that sends the offending BPDUs.
Best regards,
Peter
07-09-2013 11:42 AM
Exactly right - BPDU guard was also enabled globally on the switch. As soon as i removed that everything was fine.
regards,
Kevin
04-27-2023 01:42 AM
What if we only enable (spanning-tree root guard) on the switch port that is connecting netgear, in that case bpdu guard can be kept as enabled in global config. ?
Please suggest.
04-27-2023 03:08 AM
If the netgear device is truly a hub, then it wouldn't generate BPDU's. If you are getting BPDU's then it is either a managed switch, or that hub is connected to the port of some other managed switch. Your other option would be to turn off portfast on the port in question. Portfast should only be configured on ports that connect only to a single end station. A device to device port will not be going up and down, so there is no reason for portfast.
04-27-2023 03:40 AM
i will put it this way, let's say it's another managed device (customer device) which generates BPDUs and we don't want customer device or port connecting to this device participate in spanning tree election, but also on our side (provider) we don't want to disable ( spanning-tree bpduguard disable ).
-Customer device/port should participate in spanning tree election.
-Provider doesn't want to do ( spanning-tree bpduguard disable ).
so in that case if we enable ( spanning-tree guard root ) this would mean BPDUs on that port (connecting customer) will be ignored and customer device/port will also not participate in spanning tree elections.
Is that correct or i'm mistaken ?
04-27-2023 06:06 AM
My understanding of BPDU guard is that it is something that only applies when port fast is enabled. For this type of port, port fast should absolutely NOT be enabled. Root guard or BPDU filter might be things you want to investigate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide