cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
819
Views
0
Helpful
4
Replies

BPDUguard does not shut down port when bridge connected

sprosons
Level 1
Level 1

I have a port configured as follows:-

test01#

test01#sh run int fa0/10

Building configuration...

Current configuration : 217 bytes

!

interface FastEthernet0/10

description <user ports>

switchport access vlan 10

switchport mode access

switchport nonegotiate

no snmp trap link-status

spanning-tree portfast

spanning-tree bpduguard enable

end

test01#

It is still participating in STP

test01#sh spanning-tree vlan 10

VLAN0010

Spanning tree enabled protocol ieee

Root ID Priority 4106

Address 001f.6dcf.3000

Cost 3004

Port 25 (GigabitEthernet0/1)

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 49162 (priority 49152 sys-id-ext 10)

Address 0025.b40c.3880

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Aging Time 300

Uplinkfast enabled

Interface Role Sts Cost Prio.Nbr Type

---------------- ---- --- --------- -------- --------------------------------

Fa0/10 Desg FWD 3019 128.10 Edge P2p

Gi0/1 Root FWD 3004 128.25 P2p

test01#

test01# sh cdp ne

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch Fas 0/10 170 S I WS-C2960- Fas 0/4

test01#

If I turn snmp trap link-status on then it works as expected.

Bug search does not come back with anything relevant

I am running WS-C2960-24TC-L 12.2(35)SE5

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Steven,

have you enabled BPDU guard before connecting the other switch of after ?

because the port is Designated the other switch doesn't talk on the link.

to test BPDU guard on other switch you need to cause it to send a BPDU for example by changing state of a port that is not portfast so that it has to send a TCN BPDU upstream towards root bridge.

I had the same problem first time I tested BPDU guard.

Hope to help

Giuseppe

thanks for the reply Giuseppe

I tried it both ways and it still didn't work. However, I have since upgraded to 12.2.44SE6

and it works fine now. Must be a bug.

Hello Steven,

if adding the switch after having enabled bpdu guard still no reaction well it is a SW bug.

I'm glad that you solved with an IOS upgrade.

Hope to help

Giuseppe

Could be a timing issue too. F0/10 is designated. That means typically that the bridge on the remote end of f0/10 has a root/alternate/backup role. In those role, no bpdu is sent. So it might well be that f0/10 never received a bpdu.

If you saw some bpdu received on f0/10 in "show spanning-tree detail", then it would obviously be a bug.

regards,

Francois

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: