Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2797
Views
0
Helpful
6
Replies

bpdu loop on different vlan

zafar_118
Level 1
Level 1

‎03-11-2014 05:35 PM - edited ‎03-07-2019 06:39 PM

Hello,

 

Does spanning tree block port when a bpdu sent on an interface (access port vlan 1) is looped back on a different interface (access port vlan 2)  or it will only be blocked when vlans are same?
 

Labels:
0 Helpful
6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-11-2014 07:51 PM

If BPDU Guard is enabled, the switch will block the port(s) regardless of VLANs.
0 Helpful

zafar_118
Level 1
Level 1
In response to Leo Laohoo

‎03-12-2014 06:18 AM

What about if bpdu guard is not enabled?

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to zafar_118

‎03-12-2014 07:30 AM

If you connect ports together on the same switch but the ports are in different vlans then no it shouldn't block but it is not a good thing to do because assuming those ports are access ports ie. not trunks you have effectively joined two vlans together.

There are certain designs where something like this is actually required though eg. if you use a firewall in L2 mode then you actually do want to join two vlans together but the vlans use the same IP subnet eg.

vlan 10 -> firewall -> vlan 11

where the IP subnet is 192.168.5.0/24 for both vlans.

The vlans are created on the same switch so you have to use two vlans because if you used just one on both sides you would actually create an STP loop.

So there are some designs where you do need to in effect join vlans together but they are the exception rather than the norm.

Just to clarify for a firewall in L3 mode (the more common) the above does not apply.

Jon

0 Helpful

Parvesh Paliwal
Level 3
Level 3

‎03-11-2014 10:46 PM

What I can understand is, it is dependent on the flavor of STP.

0 Helpful

zafar_118
Level 1
Level 1
In response to Parvesh Paliwal

‎03-12-2014 06:17 AM

So will it block for MST and not when PVST is running?

0 Helpful

Michael Turkstra
Level 1
Level 1

‎03-12-2014 01:16 PM

Spanning tree BPDU guard will always work if you connect two interfaces together of the same switch.

 

but you have to whatch out that the STP BPDU guard is set correctly.

First of all remove the bpdufilter in global and interface, or this will make that the bpduguard will not work.

then set the bpduguard in global and interface level (access ports) then it will alway work, even tough when the interfaces are in a different vlan.

 

spanning-tree mode pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default

interface FastEthernet0/1 

switchport access vlan 00
 switchport mode access
 switchport voice vlan 00
 spanning-tree portfast
 spanning-tree bpduguard enable
end

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card