Solved: Re: getting a spantree block on cisco 4510 when plug in rj45

robertkwild · ‎03-12-2019

hi all,

keep on getting this error when i plug in a cable into my cisco 4510 to another cisco 3850 switch

i have untagged it ie made it into an access on both switch ends on vlan 250

*Mar 12 10:51:17.586: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk GigabitEthernet1/1 VLAN250.
*Mar 12 10:51:17.586: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking GigabitEthernet1/1 on VLAN0250. Inconsistent port type.
Switch#

cheers,

rob

Jaderson Pessoa · ‎03-12-2019

Hello,

try it:
remove this: switchport port-security mac-address sticky

add this command on both switches: spanning-tree bpdufilter disable

and shutdown and no shutdown on these interfaces that link these switches.

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

Mark Malone · ‎03-12-2019

Why are you only allowing one vlan , vlan 250 ? when there is multiple vlans specified on the 4510
The 3850 cannot speak to any of these vlans if there not allowed on the link between the 2 switches

The 2 links should match and i think unless theres a specific reason only to allow the vlan 250 , this may work better for you , exact same on each side

interface g1/0/1
description .....................
switchport mode trunk
spanning-tree link-type point-to-point
switchport trunk allowed vlan 10,110,130,170,240,250

int g1/1
description .....................
switchport mode trunk
spanning-tree link-type point-to-point
switchport trunk allowed vlan 10,110,130,170,240,250

Either way if its access or trunk you chose both sides should match as closely as possible

if it needs to be vlan 250 only then default it as you said and match it to the 4510 port in config , it looks like it was previously setup for a pc and phone on the 3850 port

View solution in original post

shaps · ‎03-12-2019

Firstly make sure that the port is an access port and see if any BPDU guard is in place, if so you can add this to the port

spanning-tree bpduguard disable

LukesWANadventure · ‎03-12-2019

BPDUGuard is likely enabled on at least one of these ports. Try manually disabling on both and test again.

"Show spanning-tree int XXXX detail" should show if this is enabled or not.

Jaderson Pessoa · ‎03-12-2019

Hello,

When you input port as access, it sounds like a end devices like desktop, laptop and etc. When you plugg a switch on this port, news bpud are generated to looking for a root bridge on the topology. If you need use it as access mode, you need disable the BPUD Guard on this port.

spanning-tree bpduguard disable

check it, i hope that you will understand better: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html

Regards

Jaderson Pessoa
*** Rate All Helpful Responses ***

robertkwild · ‎03-12-2019

thanks all

what about portfast, do i need to disable that aswell?

LukesWANadventure · ‎03-12-2019

Portfast shouldnt used on a switch to switch link.

As it effectively brings up a port as soon as an end device is detected it allows loops to form if used on a switch to switch link and makes STP redundant.

So to answer your question, yes disable portfast.

Jaderson Pessoa · ‎03-12-2019

Yes, when you enable portfast normally is used to end devices. But i suggest to you use RSTP or MST and all these features running automatic on all ports.

check it to more information: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/20ew/configuration/guide/config/mst.html

Jaderson Pessoa
*** Rate All Helpful Responses ***

robertkwild · ‎03-12-2019

do i need to do this aswell

spanning-tree link-type point-to-point

Mark Malone · ‎03-12-2019

Its an optional command but good practice to have it in place , works with RPVST and PVST and will speed up convergence if there is an STP issue

robertkwild · ‎03-12-2019

ok this config is the 4510

vlan 10,110,130,170,240,250

interface GigabitEthernet1/1
switchport access vlan 250
switchport mode access
spanning-tree portfast disable
spanning-tree bpduguard disable
spanning-tree link-type point-to-point

interface Vlan250
ip address 10.110.250.19 255.255.255.0
!
ip default-gateway 10.110.250.1
ip forward-protocol nd
no ip http server
no ip http secure-server

exactly the same on the other switch apart from the ip of the other switch is 10.110.250.1 ie its the other switch as the other switch is every vlans gateway for all the vlans we have here

Jaderson Pessoa · ‎03-12-2019

It has solved your problem?

Dont forget mark all post that was help you as helpful and solved.

Jaderson Pessoa
*** Rate All Helpful Responses ***

robertkwild · ‎03-12-2019

this is the other switches port config -

interface GigabitEthernet1/0/1
switchport access vlan 250
switchport mode access
switchport nonegotiate
switchport voice vlan 35
switchport port-security mac-address sticky
trust device cisco-phone
auto qos voip cisco-phone
spanning-tree portfast disable
spanning-tree bpduguard disable
spanning-tree link-type point-to-point
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

im thinking of doing a #default interface G1/0/1

as its still not working

Jaderson Pessoa · ‎03-12-2019

Hello,

try it:
remove this: switchport port-security mac-address sticky

add this command on both switches: spanning-tree bpdufilter disable

and shutdown and no shutdown on these interfaces that link these switches.

Jaderson Pessoa
*** Rate All Helpful Responses ***

robertkwild · ‎03-12-2019

sorted it -

i did a #default int g1/0/1

and started to configure the port again

Mark Malone · ‎03-12-2019

Why are you only allowing one vlan , vlan 250 ? when there is multiple vlans specified on the 4510
The 3850 cannot speak to any of these vlans if there not allowed on the link between the 2 switches

The 2 links should match and i think unless theres a specific reason only to allow the vlan 250 , this may work better for you , exact same on each side

interface g1/0/1
description .....................
switchport mode trunk
spanning-tree link-type point-to-point
switchport trunk allowed vlan 10,110,130,170,240,250

int g1/1
description .....................
switchport mode trunk
spanning-tree link-type point-to-point
switchport trunk allowed vlan 10,110,130,170,240,250

Either way if its access or trunk you chose both sides should match as closely as possible

if it needs to be vlan 250 only then default it as you said and match it to the 4510 port in config , it looks like it was previously setup for a pc and phone on the 3850 port