cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1767
Views
0
Helpful
26
Replies

getting a spantree block on cisco 4510 when plug in rj45

robertkwild
Spotlight
Spotlight

hi all,

 

keep on getting this error when i plug in a cable into my cisco 4510 to another cisco 3850 switch

 

i have untagged it ie made it into an access on both switch ends on vlan 250

 

*Mar 12 10:51:17.586: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk GigabitEthernet1/1 VLAN250.
*Mar 12 10:51:17.586: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking GigabitEthernet1/1 on VLAN0250. Inconsistent port type.
Switch#

 

cheers,

rob

2 Accepted Solutions

Accepted Solutions

Hello,

try it:
remove this: switchport port-security mac-address sticky

add this command on both switches: spanning-tree bpdufilter disable

and shutdown and no shutdown on these interfaces that link these switches.

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

Why are you only allowing one vlan , vlan 250 ? when there is multiple vlans specified on the 4510
The 3850 cannot speak to any of these vlans if there not allowed on the link between the 2 switches

The 2 links should match and i think unless theres a specific reason only to allow the vlan 250 , this may work better for you , exact same on each side

interface g1/0/1
description .....................
switchport mode trunk
spanning-tree link-type point-to-point
switchport trunk allowed vlan 10,110,130,170,240,250


int g1/1
description .....................
switchport mode trunk
spanning-tree link-type point-to-point
switchport trunk allowed vlan 10,110,130,170,240,250


Either way if its access or trunk you chose both sides should match as closely as possible

if it needs to be vlan 250 only then default it as you said and match it to the 4510 port in config , it looks like it was previously setup for a pc and phone on the 3850 port

View solution in original post

26 Replies 26

shaps
Level 3
Level 3
Firstly make sure that the port is an access port and see if any BPDU guard is in place, if so you can add this to the port

spanning-tree bpduguard disable

BPDUGuard is likely enabled on at least one of these ports. Try manually disabling on both and test again.

"Show spanning-tree int XXXX detail" should show if this is enabled or not.

Jaderson Pessoa
VIP Alumni
VIP Alumni

Hello,

When you input port as access, it sounds like a end devices like desktop, laptop and etc. When you plugg a switch on this port, news bpud are generated to looking for a root bridge on the topology. If you need use it as access mode, you need disable the BPUD Guard on this port.

spanning-tree bpduguard disable

 

check it, i hope that you will understand better: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html

 

Regards

Jaderson Pessoa
*** Rate All Helpful Responses ***

thanks all

 

what about portfast, do i need to disable that aswell?

Portfast shouldnt used on a switch to switch link.

As it effectively brings up a port as soon as an end device is detected it allows loops to form if used on a switch to switch link and makes STP redundant.

 

So to answer your question, yes disable portfast.

Yes, when you enable portfast normally is used to end devices. But i suggest to you use RSTP or MST and all these features running automatic on all ports.

check it to more information: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/20ew/configuration/guide/config/mst.html
Jaderson Pessoa
*** Rate All Helpful Responses ***

do i need to do this aswell

 

spanning-tree link-type point-to-point

Its an optional command but good practice to have it in place , works with RPVST and PVST and will speed up convergence if there is an STP issue

ok this config is the 4510

 

vlan 10,110,130,170,240,250

interface GigabitEthernet1/1
switchport access vlan 250
switchport mode access
spanning-tree portfast disable
spanning-tree bpduguard disable
spanning-tree link-type point-to-point

interface Vlan250
ip address 10.110.250.19 255.255.255.0
!
ip default-gateway 10.110.250.1
ip forward-protocol nd
no ip http server
no ip http secure-server

 

exactly the same on the other switch apart from the ip of the other switch is 10.110.250.1 ie its the other switch as the other switch is every vlans gateway for all the vlans we have here

It has solved your problem?


Dont forget mark all post that was help you as helpful and solved.

Jaderson Pessoa
*** Rate All Helpful Responses ***

this is the other switches port config -

interface GigabitEthernet1/0/1
switchport access vlan 250
switchport mode access
switchport nonegotiate
switchport voice vlan 35
switchport port-security mac-address sticky
trust device cisco-phone
auto qos voip cisco-phone
spanning-tree portfast disable
spanning-tree bpduguard disable
spanning-tree link-type point-to-point
service-policy input AutoQos-4.0-CiscoPhone-Input-Policy
service-policy output AutoQos-4.0-Output-Policy

 

im thinking of doing a #default interface G1/0/1

 

as its still not working

Hello,

try it:
remove this: switchport port-security mac-address sticky

add this command on both switches: spanning-tree bpdufilter disable

and shutdown and no shutdown on these interfaces that link these switches.

Jaderson Pessoa
*** Rate All Helpful Responses ***

sorted it -

 

i did a #default int g1/0/1

and started to configure the port again

Why are you only allowing one vlan , vlan 250 ? when there is multiple vlans specified on the 4510
The 3850 cannot speak to any of these vlans if there not allowed on the link between the 2 switches

The 2 links should match and i think unless theres a specific reason only to allow the vlan 250 , this may work better for you , exact same on each side

interface g1/0/1
description .....................
switchport mode trunk
spanning-tree link-type point-to-point
switchport trunk allowed vlan 10,110,130,170,240,250


int g1/1
description .....................
switchport mode trunk
spanning-tree link-type point-to-point
switchport trunk allowed vlan 10,110,130,170,240,250


Either way if its access or trunk you chose both sides should match as closely as possible

if it needs to be vlan 250 only then default it as you said and match it to the 4510 port in config , it looks like it was previously setup for a pc and phone on the 3850 port
Review Cisco Networking products for a $25 gift card