Solved: In short, yes.Blinking Amber

angelicdalli · ‎10-09-2014

Hi,

Yesterday I encountered an issue on our network in which we had the port channel between our hubrooms constantly flapping. We isolated the issue by disconnecting all the fibre connected for the fibres and connected them back one by one till the port flapping started once again.

I found out that someone connected two trendnet switches with two links between them and an uplink to the network. This I am assuming that could have bought down the network.

However we do have RSTP which should block the BPDUs no?

PS...

We are currently running on a /16 network on a single VLAN and we have over 20 - 48 port switches within the company thus the broadcasts are huge to start with...

Am I making the right assumptions or would the port be blocked the second the trendnet switches are connected?

Thanks for your input.

Ian Walker · ‎10-09-2014

BPDU Guard is disabled on all switch ports by default - you'd need to enable it either per-port or globally.

Switch(config)# spanning-tree portfast bpduguard default

Switch(config-if)# spanning-tree bpduguard enable

Ian.

View solution in original post

Ian Walker · ‎10-09-2014

BPDU Guard is disabled on all switch ports by default - you'd need to enable it either per-port or globally.

Switch(config)# spanning-tree portfast bpduguard default

Switch(config-if)# spanning-tree bpduguard enable

Ian.

angelicdalli · ‎10-09-2014

Thanks,

I tried to replicate the scenario on a spare 3750x using two TP-Link switches. I connected as described in my previous post and the port on the switch turned to blinking orange (fast blinking). However the port was not error disabled, it still showed connected on the cisco and broadcasts were still being received.

Is this still due to the fact that the BDPU guard was not enabled?

Many Thanks.

Ian Walker · ‎10-09-2014

In short, yes.

Blinking Amber = "Port is blocked by STP and is sending and receiving packets."

"Spanning-tree problems generally have a major impact on the network and can involve massive network meltdowns. Almost always, the problem is because of one simple issue—configuration BPDUs are not being propagated correctly on segments with blocking ports.

This issue causes those blocking ports to forward traffic (even though a blocking port does not forward traffic, it is very important to understand that the port still receives BPDUs, which are processed by the switch). This forwarding has the effect of introducing loops, which quickly leads to total network chaos"

CCNP Practical Studies: Switching (CCNP Self-Study) - Justin Menga

angelicdalli · ‎10-12-2014

Brilliant, I tried it out in a test environment and switched everything to portfast and implemented the bpdu gurad. As soon as I connected the looped network it disabled the port immediately.

Many thanks for your help.

Oussama.bachiri · ‎10-09-2014

please any help with https://supportforums.cisco.com/discussion/12321536/cisco-auto-qos-cisco-4500

thanks a lot

Port Flapping & RSTP