cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4280
Views
0
Helpful
15
Replies

Connection to 3Com switch blocked due to BPDU

gordon.ross
Level 1
Level 1

I've got a 3Com 2226 switch. It has a trunk connection uplink to another switch (Actually a Cat 6509). I've connected an 877 router to one of the normal, non-trunk, ports on the switch.

Whenever I plug in the router, I get:

*Mar 1 00:18:01.679: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0 VLAN1.

*Mar 1 00:18:01.679: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet0 on VLAN1. Inconsistent port type.PVST+: restarted the forward delay timer for FastEthernet0

Either I'm doing something wrong on the 3Com switch, or doing something wrong on the 877 router. (At this stage the router has no config apart from an IP address on VLAN1) Can anyone point me in the right direction ?

Thanks,

GTG

15 Replies 15

paul.matthews
Level 5
Level 5

The message is telling you you have received a packet tagged as a dot1q packet on an access port - you need to make fas 0/1 a trunk, The port is behaving as a trunk. To make the port a trunk from the router's POV (assuming the 877 will trunk):

int fas 0/1

no ip address

int fas 0/1.1

enc dot1q 1

ip address

Please note that features such as PVST are Cisco features, and using them in a mixed vendor envirnment can be interesting!

I assume the flip side is that the 3Com is lying, and the non-trunk port is in fact a trunk...

GTG

Almost certainly!

There is the possibility that there is a bug in the code, and somehow tagged pacets are being forwarded without the tags being removed.

also .1q has native VLANs - I assume 2Com will do the same as Cisco and default to 1 as native - that means there must be traffic from other VLANs making it to the port.

Hi.

Is there any way to completely disable this annoying feature ? I have no use for it at all, and it prevents me from upgrading the software

on the boxes easily. And no, I can't change the configuration on ports connecting my office to my company LAN.

What *exact* feature do you want to disable, and on which device? BTW disabling the feature will probably mean changing the config of a port.

BTW I still suspect the message on the router is because you have the port on the 3com trunking.

I have no need for having every port in trunk mode, and I know myself where I plug my cables.

I do not want to be forced to have links configured as trunks just because there happens to turn up a BPDU now and then. I think this is a useless feature and to have to log into the box and turn on bpdu-filtering to get it to talk to the DHCP-server even is quite annoying.

Do we have anyone who actually thinks this is a good feature, please tell us about it ?

/Per

Oh, 3560 and 3750, for now.Latest softwares.

Isn't the switch you are talking about a 3Com switch?

A Cisco switch will normally only trunk if it is either statically configured ot if it negotiates it. Early switches all ports defaulted to access ports.

Aroun the 2950/3550 is ranges, the default was changed to "desirable" which means the switch will request the other end to trunk. If the other end does cannot trunk or has trunking switched off then it will not trunk. This default behaviour was changed to fit in with IP Phones hitting the market - they need trunking.

Any cisco switch port that you don't want to trunk, simply configure "switch mode access" on the port. Simple.

Ah, I see that you really didn't get my question: Can I disable the annoying "feature" that disables any nontrunk port as soon as it sees an BPDU-packet.

I am not the one wwith the 3com, I just jumped in because this thread actually discussed this "feature".

BPDUguard is configurable and "disableable":

int fas 0/12

spanning-tree bpduguard disable

will turn it off.

In modern networks though we are getting to the point where switch ports tend to be either trunks or edge ports.

I think BPDU guard is an EXCELLENT feature - it stops users adding switches on their desks. If you are getting BPDUs on edge ports, you really want to look at why. an occasional BPDU may sound innocuous, but can cause chaos on a network, especially if the BPDU appears to offer a better option for root bridge than the current root.

I am sorry if I got you confused with the original poster.

No, that is not it.

Look:

Switch#sh spanning-tree summary

Switch is in mst mode

Root bridge for: MST00

EtherChannel misconfig guard is enabled

Extended system ID is enabled

Portfast Default is disabled

PortFast BPDU Guard Default is disabled

Portfast BPDU Filter Default is disabled

No BPDU guard.

Still:

00:33:24: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0/9 VLAN1.

00:33:24: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet0/9 on MST00. Inconsistent port type.

00:33:39: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking FastEthernet0/9 on MST00. Port consistency restored.

00:33:40: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0/9 VLAN1.

If I had had BPDU-guard enabled I wouldn't have had a problem with this behaviour.

I don't and I do.....

The feature you described was bpdu guard.

What you have here is that you are getting BPDU packets tagged as trunk port BPDUs.

You should only get those on a trunk port. If you are getting them on an edge port you need to find out where they are coming from. What device is originating them?

I rather suspect you don't know the network as well as you think.

I'm sorry if that sounds a bit harsh, but something somehere is putting trunk link BPDUs onto access ports. You need to sort that out, not get your network to ignore them.

The only way I can think of is the aforementioned BPDU filter, but that can lead to loops not getting detected.

No, that is not a trunk link BPDU, there is in my configuration no such thing as a trunk link BPDU. It is a normal RSTP or MST BPDU, coming out of a normal switchport, to protect from users making loops in their offices. Cisco suddenly dictates that i should configure my switch I want to upgrade to use trunk port just to be able to put new software in it, and I don't need or wan't that feature, so I asked if anybody knows how to get rid of it. BPDU-filter works, but I don't see why I should have to reconfigure my whole world just because some Cisco guy want to dictate to me what I am supposed to use, like, whatever.

Paul, this is in no way a critisism directed at you, just a frustration of having Cisco deliever features I do not want. The whole "smartports" concept is something I'd rather have a big red disable-button for.

We can argue all you want, but you have dot1q tagged BPDUs coming in that port. The switch is seeing behaviour that suggests to it that the other end is a trunk port, and is behaving appropriately.

What is connected to that port? What is beyond that?

whatever you think, you can take one of two options. You can use BPDU Filter to drop BPDUs, but that needs to be used carefully as you can easily cause loops. The other option is to find the misconfiguration in your network and correct that. You may be able to tell I prefer the second option. Th first option is risky as you are seeing BPDUs that appear to be from another switch.

Whatever combination of defaults Cisco pick, they will not be right for everyone. I'd rather the default state of switchports be access ports, but I know why the default is trunking desirable - it is to make implementaion of VoIP easier.

Review Cisco Networking for a $25 gift card