BPDU Guard not working and loops happened

ali ezzat1 · ‎08-22-2020

Dears,

user takes a network cable and plugs it into two wall jacks, this creates a loop, a broadcast storm will likely follow. This happened to us by having an end user hooking up their IP phone to two network jacks. It brought down the entire network.

- BPDU guard enabled globally

- BPDU filter not enabled

- Port Fast Enabled

switch

3750

logs

STP-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV

what is the solution ?

balaji.bandi · ‎08-22-2020

Technically if the configuration is done correctly - if you connect 2 ports of the same switch together, STP should detect the loop and should place one of the ports into a blocking state.

edge port even if you configured portfast (which move directly forward state - this should only be configured for the end device or edge ports) still STP should detect and block the port. the configuration should be applied rest of the network devices too were necessary to get optimal results.

here is the example : (on IOS)

global config - spanning-tree portfast bpdufilter default

interface - spanning-tree portfast

But we would like to see your configuration what configured to suggest better.

Good guide :

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_53_se/configuration/guide/3750xscg/swstpopt.html#wp1059167

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ali ezzat1 · ‎08-22-2020

The configuration like your example

But bpdu guard not bpdu filter in global

And all access ports configured as port fast

balaji.bandi · ‎08-23-2020

But is this possible to see some of your configuration along with spanning tree?

post below information :

show version

show run

show spanning-tree brief

Tell us what interface that was accidentally connected to each other. ( post all the more logs if you have copied).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

marce1000 · ‎08-22-2020

- Ref : https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/system_messages/reference/sl_nxos_book/sl_5600_S.html

Whilst not related to your platform , from this guide I get :

Error Message STP-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on [chars] [chars].

Explanation The list interface received a SSTP BPDU that was missing the VLAN id tag. The BPDU is discarded.

This makes me suspect that this could be a software bug. Check current software version on your device , make sure it is not too old. If applicable , available and or feasible upgrade to advisory release and check if the problem persists or nor.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

paul driver · ‎08-23-2020

Hello

@ali ezzat1 wrote:

This happened to us by having an end user hooking up their IP phone to two network jacks. It brought down the entire network.

Do you have spaaning-tree enabled for the vlans those ports are assined too?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

kennith981 · ‎08-23-2020

you cant have bpdu on trunk ports, ensure you have spanning tree enabled, also check for any un-managed switches connected as they are a pain in the backside.

Joseph W. Doherty · ‎08-23-2020

What variant of STP are you running?

BTW, I've read that sometimes Cisco STP protection features, to prevent L2 loops when using port fast, might not engage fast enough. I.e. a L2 loop can impact your network, adversely, including further preventing the protection feature from working at all.