This problem is happening in our student dormitory. Cisco TAC configured global portfast and BPDUguard on our 3560 switches. A couple of the ports have gone into err-disable state.
I've tried re-enabling the port with shut / no shut but it immediately err-disables again. This is the error I get "SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port GigabitEthernet0/33 with BPDU Guard enabled. Disabling port."
One of the students is using a Netgear WNR2000 / N300 wifi router. Does it send BPDU's? I can't find anything regarding spanning-tree in the user manual.
Any advice would be greatly appreciated! Thanks in advance!
Do you just have a single cable running between the 3560 and the Netgear router?
If you have connected two ports from each Netgear to two ports on the switch, I could believe the Netgear is passing the BPDU out the second port and back towards the switch.
Thanks for your reply, devils_advocate - I appreciate you taking the time offer a suggestion.
There is just one connection (cable) from the switch to the Netgear router - each apartment has only one connection per room. The student sent me a photo with the cable plugged in to the WAN port on the router, so it appears that she has it cabled correctly.
I had a chat session with a Netgear tech and he said that model router (WNR2000v5) is not STP capable.
If the Router is not STP capable then it suggests the Cisco is sending a BPDU and the Netgear is sending it back.
If you use BPDU filter instead of BPDU guard then you will be able to prove this. Guard will still send a BPDU out the port but will disable the port on receiving one. If you change it to BPDU filter it will tell the switch port not to send them.
The downside the not sending a BPDU is that somebody could daisy chain two switch ports together and you would have a loop of all ports were configured with BPDU guard.