first it was like that:

G1/1:  #  switchport mode trunk

          #   spanning-tree bpdufilter enable

          #   spanning -tree portfast trunk          ! i dont want the spoke switch to participate in STP !

f2/1 : 

          #  switchport mode trunk

          #   spanning-tree bpdufilter enable

          #   spanning -tree portfast trunk 

i got err-disable state with above configuration, after clearing the error (shut , no shut) both ports are comming to (not connected) state and stay like that.

when reading error log i see interface is gone to err-disable because of receiving bpdu packet with bpdu guard is enabled (global configuration for the switch on G1/1).

then i did this

G1/1:  #  switchport mode trunk

f2/1  :  #  switchport access vlan x

          #  spanning-tree portfast

Now it is working properly , when i issue (# sh interfaces status ) i got the port f2/1 as a trunk

i am not sure if above configuration is stable (port is sconfigured as access but operates as trunk)

Well, if you have bpduguard enabled, then the port leading to the new switch you're adding is going to go in err-disable if the switch you add to the network has a lower spanning tree value then the current root bridge. This is the point of bpdu guard. Now, I see that you have bpdufilter enabled so I can't explain why a BPDU is being sent. Also, it appears dynamic trunking is kicking in.

If all your switches have the default spanning tree priority, the switch you're adding may have a lower mac address. Try raising the spanning tree priority for the vlans configured on the switch you are adding (if you are running a per-vlan spanning tree). Also, don't forget that vlan 1. A lot of people forget about vlan 1. Also, it's bpdu's don't go accross trunks tagged.

For my layer2 domains, I follow the following setup. I'm not saying this is the way to do it, this is just how I do it. Others may do it a different way. As always, test first in a lab any setup you plan to introduce into production.

On my root bridge:

spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree extend system-id
spanning-tree vlan priority 4096

On my backup root bridge:

spanning-tree mode rapid-pvst
spanning-tree portfast default
spanning-tree extend system-id
spanning-tree vlan priority 8072

On trunk ports:

  switchport

  switchport nonegotiate

  switchport trunk encap 8021q (may or may not be supported depending on your software version)

  switchport mode trunk

  switchport trunk allowed vlan add

  spanning-tree portfast trunk

Now, if I am going to connect a switch to another switch and I'm not going to use spanning tree, I will actually do a no spanning tree per each vlan on that switch. However, I keep very tight control over the ports on my network. I don't disable spanning tree on any switch users connect to. The only time I will disable spanning tree is if the switch I'm connecting will only be used for a special purpose. Also, I keep all non-user ports in my switch environment admin down.

Now, some people have much larger networks where this may be impossible. Therefore, keeping your layer2 domain consistant is very important. I like keeping control over which vlans cross trunks but some folks prefer a more dynamic setup.