cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
494
Views
0
Helpful
7
Replies
ali ezzat1
Beginner

BPDU Guard not working and loops happened

Dears,

 

user takes a network cable and plugs it into two wall jacks, this creates a loop, a broadcast storm will likely follow. This happened to us by having an end user hooking up their IP phone to two network jacks. It brought down the entire network.

 

- BPDU guard enabled globally 

- BPDU filter not enabled

- Port Fast Enabled 

 

switch 

3750

 

logs

STP-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV

 

what is the solution ?

7 REPLIES 7
balaji.bandi
VIP Expert

Technically if the configuration is done correctly - if you connect 2 ports of the same switch together, STP should detect the loop and should place one of the ports into a blocking state.

 

edge port even if you configured portfast (which move directly forward state - this should only be configured for the end device or edge ports) still STP should detect and block the port. the configuration should be applied rest of the network devices too were necessary to get optimal results.

 

here is the example : (on IOS)

 

global config  -  spanning-tree portfast bpdufilter default

interface  - spanning-tree portfast

 

But we would like to see your configuration what configured to suggest better.

 

Good guide :

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/12-2_53_se/configuration/guide/3750xscg/swstpopt.html#wp1059167

 



BB


*** Rate All Helpful Responses ***

The configuration like your example

But bpdu guard not bpdu filter in global

And all access ports configured as port fast

But is this possible to see some of your configuration along with spanning tree?

 

post below information :

 

show version

show run

show spanning-tree brief

 

Tell us what interface that was accidentally connected to each other. ( post all the more logs if you have copied).

 

 



BB


*** Rate All Helpful Responses ***

marce1000
VIP Advisor

 

 - Ref : https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/system_messages/reference/sl_nxos_book/sl_5600_S.html

 Whilst not related to  your platform , from this guide I get :

   Error Message STP-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on [chars] [chars].

Explanation The list interface received a SSTP BPDU that was missing the VLAN id tag. The BPDU is discarded.

 This makes me suspect that  this could be a software bug. Check current software version on your device , make sure it is not too old. If applicable , available and or feasible upgrade to advisory release and check if the problem persists or nor.

 M.

paul driver
VIP Mentor

Hello


@ali ezzat1 wrote:

This happened to us by having an end user hooking up their IP phone to two network jacks. It brought down the entire network.


Do you have spaaning-tree enabled for the vlans those ports are assined too?



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
kennith981
Beginner

you cant have bpdu on trunk ports, ensure you  have spanning tree enabled, also check for any un-managed switches connected as they are a pain in the backside.

Joseph W. Doherty
Hall of Fame Expert

What variant of STP are you running?

BTW, I've read that sometimes Cisco STP protection features, to prevent L2 loops when using port fast, might not engage fast enough. I.e. a L2 loop can impact your network, adversely, including further preventing the protection feature from working at all.