Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4485
Views
5
Helpful
5
Replies

BPDUguard and portfast on Cisco packet tracer causes network to collapse

Go to solution
alfista16
Level 1
Level 1

‎05-08-2018 05:53 AM - edited ‎03-08-2019 02:56 PM

Hello,

I am having a common triangle 3-switch topology (2960) eligible to loop, as in the attached image.

My first config includes switchport mode access for all involved ports and spanning-tree portfast default. When the top switch is connected and the loop "closes", despite the portfast command, STP takes action and blocks F0/2 from the bottom Switch2. This is expected, according to this article ( https://learningnetwork.cisco.com/blogs/vip-perspectives/2016/03/10/advanced-stp-features-portfast-bpdu-guard-and-bpdu-filter ) since portfast does not disable STP, it just forces an access port to enter to the FWD state instantly. Even with portfast, if a BPDU is detected, the port is set to BLK state.

Here comes the interesting part:

While in Cisco Packet tracer, when i enable bpduguard on all involved ports (conf t - - > interface range f0/1-3 - - > spanning-tree bpduguard enable) and then connect the top switch to the loop, the network literally collapses. All three switches consider themselves as STP root bridges, the ports are coloured dark green and PC0 can never ping PC1. Even more, all ports on all switches are showing to be in FWD state, while the sh int f0/1-2-3 command shows all interfaces as up-up!

Again, all ports are access ports, just configured them like that for testing purposes, to see what happens if i connect a switch to an access port with portfast and bpduguard.

My question:

Is this a Cisco Packet tracer bug or a real life scenario?

Thank you in advance,

George

 stp.jpg

 

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to alfista16

‎05-12-2018 04:30 AM

Hello,

 

in GNS3 (which is considered pretty much the same as a real network), an access port with portfast and bpduguard enabled gets put in err-disable state. So it definitely looks like a 'bug' in Packet Tracer. That said, Packet Tracer doesn't run a real IOS, but rather a set of predefined commands with predefined results. I don't find it very useful for testing...

View solution in original post

5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎05-12-2018 01:06 AM

Hello,

 

post the Packet Tracer project file (save as .pkt and rename to .jpg before posting, otherwise the system will not let you upload the file)...

0 Helpful

Go to solution
alfista16
Level 1
Level 1
In response to Georg Pauwen

‎05-12-2018 01:38 AM - edited ‎05-12-2018 01:39 AM

Please find attached an image of the setup (image_bpdugrd.png) and the actual packet tracer file, which is renamed to STP.jpeg, so that the system allows me to upload it. Just rename "STP.jpg" to STP.pkt" and open it in Cisco Packet tracer. The setup on the left blocks one port, while the setup on the right (including bpduguard) creates a broadcast storm. I tested on real equipment and this is not what happens.

It is certainly a CPT bug.

Preview file
40 KB
Preview file
27 KB
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to alfista16

‎05-12-2018 04:30 AM

Hello,

 

in GNS3 (which is considered pretty much the same as a real network), an access port with portfast and bpduguard enabled gets put in err-disable state. So it definitely looks like a 'bug' in Packet Tracer. That said, Packet Tracer doesn't run a real IOS, but rather a set of predefined commands with predefined results. I don't find it very useful for testing...

Go to solution
alfista16
Level 1
Level 1
In response to Georg Pauwen

‎05-12-2018 04:37 AM

Thank you very much for confirming Georg.

By the way, how do you test switches in GNS3?

As far as I am aware, it only supports routers.

I assume you use the bridge command in some router?

Or maybe a router supporting switchport command?

Sorry for the silly question, I am kind of new at this whole thing.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to alfista16

‎05-12-2018 04:45 AM

Hello,

 

I am using the IOSv images for GNS3 (which come from Cisco VIRL, I am not sure they are available elsewhere). On GNS3 Marketplace I think you can download appliances for IOU L2 as well...

 

https://gns3.com/marketplace/appliances

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card