cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3924
Views
15
Helpful
15
Replies

How to enable BPDU packet enabled over the layer 2 link

Juliet
Level 1
Level 1

Hi,

I have one of my customers requested us to enable BPDU packets to send over between their L2 connection and later I have found BPDU filters are enabled.

 

Therefore, I have deleted the BPDU filter from our (ISP) L2 path but still, they are advising me that they do not receive any BPDUs. 

 

Here with the outcome from our Switch:

 

AlbaniCom-SW#show spanning-tree interface fa0/2 detail
Load for five secs: 5%/0%; one minute: 5%; five minutes: 5%
Time source is NTP, *10:06:22.580 AWST Sat Mar 19 1994

Port 2 (FastEthernet0/2) of VLAN0500 is root forwarding
Port path cost 19, Port priority 128, Port Identifier 128.2.
Designated root has priority 25076, address 203a.0701.f500
Designated bridge has priority 33268, address ccd5.3932.7680
Designated port id is 128.22, designated path cost 3
Timers: message age 3, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 2, received 1703

Port 2 (FastEthernet0/2) of VLAN0666 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.2.
Designated root has priority 33434, address 34bd.c8e9.f880
Designated bridge has priority 33434, address 34bd.c8e9.f880
Designated port id is 128.2, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 1700, received 0

Port 2 (FastEthernet0/2) of VLAN0700 is root forwarding
Port path cost 19, Port priority 128, Port Identifier 128.2.
Designated root has priority 33468, address 203a.0701.f500
Designated bridge has priority 33468, address ccd5.3932.7680
Designated port id is 128.22, designated path cost 3
Timers: message age 3, forward delay 0, hold 0
Number of transitions to forwarding state: 1
Link type is point-to-point by default
BPDU: sent 2, received 1703

 

Please let me know if you need more details!!

1 Accepted Solution

Accepted Solutions

Hello,

 

As Deepak mentioned above, BPDUs only travel in one direction in a normal spanning-tree environment. If you want to have bidirectional BPDUs, you need to look into deploying bridge assurance. 

 

Hope that helps!

-Bradley Selzer
CCIE# 60833

View solution in original post

15 Replies 15

Deepak Kumar
VIP Alumni
VIP Alumni

Hi,

Let check what is happening with BPDU in your network but first, read this statement:

 

In either event (802.1d or RSTP) BPDUs are NEVER transmitted out of Blocked ports or Root Ports.  BPDUs are ONLY transmitted out of Designated Ports.

Port 2 (FastEthernet0/2) of VLAN0500 is root forwarding
!
BPDU: sent 2, received 1703

Sw1(Root_for_VLAN500) (DS Port)----->--->--->(BDPU Direction)---->-->(Root Poot)(Sw2 <This switch>)

In the above example: You are seating at Sw2 and it is Root port for the VLAN500 Root Bridge Switch (Sw1) so as per law only Designated port will send the BPDU so you are receiving the BPDU on Sw2 port.

 

Port 2 (FastEthernet0/2) of VLAN0666 is designated forwarding
!
BPDU: sent 1700, received 0

Sw1(Root port)<---<---<(BDPU Direction)----<--<(DS port)(Sw2 <This switch> Root_for_VLAN666)

Above example, You are seating at Sw2 and it is Root Bridge for the VLAN666 so this port is Designated port and it is only responsible to send the BPDU. 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Hello,

 

As Deepak mentioned above, BPDUs only travel in one direction in a normal spanning-tree environment. If you want to have bidirectional BPDUs, you need to look into deploying bridge assurance. 

 

Hope that helps!

-Bradley Selzer
CCIE# 60833

Thank you, I'm still waiting to get outcomes from the customer connected interface and deploying the bridge assurance> isn't it going to make looping?

It should not, no. All bridge assurance does is turn on BPDUs in both directions so that each side knows if their peer goes down. It does not change your spanning-tree topology. It will still block in the correct places. 

 

Hope that helps!

-Bradley Selzer
CCIE# 60833

Need a hand  here again customer is expecting BPDUs being received and sent per VLAN 500

but our network is not transparent to customer's STP traffic and this is not possible in the current platform.

 

Is there any possible way we can make this work?

Need a hand  here again customer is expecting BPDUs being received and sent per VLAN 500

but our network is not transparent to customer's STP traffic and this is not possible in the current platform.

 

Is there any possible way we can make this work?

Can you provide some more details? You customer network is connected to your network and they expect to get BPDUs from you? Not sure I understand the problem. Thanks!

-Bradley Selzer
CCIE# 60833

Hi Brad,

 

The customer is expecting BPDUs being received and sent per VLAN 500 (our network is not transparent to customer's STP traffic and this is quite not possible in the current platform)

 

Customer-managed sw----> ISP SW (we manage)----------> ISP SW 2----------> Dot1q tunnel>> ISP SW3 --->third party carrier network(EV2 Trunk)

 

At first, I have tested by removing/adding VLAN 500 and found that DP ports are sending BPDUs, Root ports are receiving BPDUs and Blocking ports only receive BPDUs after root election process is completed. 

Interface Role Sts Cost Prio.Nbr Type 
------------------- ---- --- --------- -------- -------------------------------- 
Fa0/2 Root FWD 19 128.2 P2p 
Fa0/7 Desg FWD 19 128.7 P2p 

Port 2 (FastEthernet0/2) of VLAN0500 is root forwarding 
Port path cost 19, Port priority 128, Port Identifier 128.2. 
Designated root has priority 25076, address 203a.0701.f500 
Designated bridge has priority 33268, address ccd5.3932.7680 
Designated port id is 128.22, designated path cost 3 
Timers: message age 3, forward delay 0, hold 0 
Number of transitions to forwarding state: 1 
Link type is point-to-point by default 
BPDU: sent 2, received 56 

Port 7 (FastEthernet0/7) of VLAN0500 is designated forwarding 
Port path cost 19, Port priority 128, Port Identifier 128.7. 
Designated root has priority 25076, address 203a.0701.f500 
Designated bridge has priority 33268, address 34bd.c8e9.f880 
Designated port id is 128.7, designated path cost 22 
Timers: message age 0, forward delay 0, hold 0 
Number of transitions to forwarding state: 1 
Link type is point-to-point by default 
BPDU: sent 16608619, received 92

 

Regards,

Julie.

Network Engineer (CCNA)

I see, you have a dot1q tunnel configured and the customer expects to get their own BPDUs over the ISP (you), right? Do you have l2protocol tunnel stp configured on your side? Do you mind sharing your customer facing interface config? Thanks!

-Bradley Selzer
CCIE# 60833

Hi Brad,

 

Please find the customer connected port config below:

 

interface FastEthernet0/2
description TRUNK to AAW-SW01 G1/0/43
switchport trunk native vlan 666
switchport trunk allowed vlan 500,666,700
switchport mode trunk
no cdp enable
end

 

Regards,

Julie

Hello,

 

Thanks for the config. This is your config on the port connected to the customer? If so, you are not doing a dot1q tunnel, you are just trunking their vlan through your network. There is no way to tunnel BPDUs through your network with this config. You would need to setup a dot1q tunnel and add STP tunneling. 

 

Hope that helps!

-Bradley Selzer
CCIE# 60833

Hi Brad,

So you want us to set up a dot1q tunnel and add STP tunneling from where to where?

Regards,
Julie

Hello Julie,

 

Let me make sure I understand the problem. You have a customer that wants to pass BPDUs over your network. They have two sites. They want a BPDU that leave one site, to arrive at the other. Is that correct?

 

Right now from the config you sent, you are connected to the customer with just a trunk port. Because BPDUs are link local traffic, your switch will consume the BPDU instead of forwarding it. 

 

If you want to forward BPDUs then you need to configure a protocol tunnel so that way traffic that comes in your switch from the customer is forwarded instead of consumed. Here is a document that describes how to configure it:

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/l2pt.html

 

Basically you need to configure it on your devices on the ports that connect to the customer. 

 

Hope that helps!

-Bradley Selzer
CCIE# 60833

Hi Brad,
Thanks for the information. (They want a BPDU that leave one site, to arrive at the other-Yes)

Regards,
Julie
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco