Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12116
Views
5
Helpful
10
Replies

RSTP Issue

Go to solution
JonP
Level 3
Level 3

‎04-01-2022 02:53 AM

I have an odd problem with my Meraki switches. Different models, but the same behaviour.

We have RSTP and BPDU Guard enabled on all our switches across the estate with the RSTP root being our core stack. We have a couple of managed Cisco (non-Meraki) switches which we installed in some key areas this week, however when connecting the switches to our network, the Meraki switch shuts down the port citing an RSTP/BPDU Guard issue. The only way I can get these other Cisco switches to function correctly on the network is to turn off RSTP for this port, which I don't like to do. This occurs even when the non-Meraki switch is the only thing connected to the Meraki switchport.

Can anyone offer me some guidance on why Meraki would see a fellow Cisco switch as a loop?

Thanks all! 🙂

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to JonP

‎04-01-2022 03:26 AM

Well,

The BPDU guard feature can be globally enabled on the switch or can be enabled per interface, but the feature operates with some differences.

At the global level, you enable BPDU guard on Port Fast-enabled STP ports by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down STP ports that are in a Port Fast-operational state if any BPDU is received on those ports. In a valid configuration, Port Fast-enabled STP ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the error-disabled state.

I understand that in this case you should not use BPD guard between two switches.

I would be better to use the root guard on the core switch ports that uplink with other switches.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

10 Replies 10

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star

‎04-01-2022 03:04 AM

What is the bridge priority configured on your switch core:

image.png

Is the RSTP enabled on Cisco IOS switches? The ports are configured as trunk or access?

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Helpful

Go to solution
JonP
Level 3
Level 3
In response to aleabrahao

‎04-01-2022 03:13 AM

The core stack is priority 0:

image.png

The Cisco IOS devices have RSTP enabled, and the uplink is a trunk port:

POD-SW1#sh span
Spanning tree enabled mode: RSTP
Default port cost method: long
Loopback guard: Disabled
Root ID Priority: 0
Address: a8:46:9d:d9:1e:11
Cost: 50000
Port: gi1
Hello Time: 2 sec Max Age: 20 sec Forward Delay: 15 sec
Bridge ID Priority: 32768
Address: 2c:1a:05:26:39:e8
Hello Time: 2 sec Max Age: 20 sec Forward Delay: 15 sec
Number of topology changes: 2 last change occurred: 165:24:43 ago
Times: hold: 1, topology change: 35, notification: 2
hello: 2, max age: 20, forward delay: 15
Interfaces
Name State Prio.Nbr Cost Sts Role PortFast Type
--------- -------- --------- -------- ------ ---- -------- -----------------
gi1 enabled 128.1 20000 Frw Root No P2P (RSTP)
gi2 enabled 128.2 2000000 Dsbl Dsbl No -
gi3 enabled 128.3 20000 Frw Desg Yes P2P (RSTP)
gi4 enabled 128.4 20000 Frw Desg Yes P2P (RSTP)
gi5 enabled 128.5 20000 Frw Desg Yes P2P (RSTP)
gi6 enabled 128.6 20000 Frw Desg Yes P2P (RSTP)
gi7 enabled 128.7 200000 Frw Desg Yes P2P (RSTP)
gi8 enabled 128.8 20000 Frw Desg Yes P2P (RSTP)
Po1 enabled 128.1000 20000 Dsbl Dsbl No -
Po2 enabled 128.1001 20000 Dsbl Dsbl No -
Po3 enabled 128.1002 20000 Dsbl Dsbl No -
Po4 enabled 128.1003 20000 Dsbl Dsbl No -
_____________________________________________________________________
POD-SW1#sh run int ge1
interface GigabitEthernet1
switchport mode trunk
0 Helpful

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to JonP

‎04-01-2022 03:26 AM

Well,

The BPDU guard feature can be globally enabled on the switch or can be enabled per interface, but the feature operates with some differences.

At the global level, you enable BPDU guard on Port Fast-enabled STP ports by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down STP ports that are in a Port Fast-operational state if any BPDU is received on those ports. In a valid configuration, Port Fast-enabled STP ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the error-disabled state.

I understand that in this case you should not use BPD guard between two switches.

I would be better to use the root guard on the core switch ports that uplink with other switches.

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

Go to solution
JonP
Level 3
Level 3
In response to aleabrahao

‎04-01-2022 03:49 AM

Of course! I'm dumb. When I connected the switch it was sending out BPDU's like crazy, and because we had BPDU guard enabled, the Meraki port transitioned to a disabled state. Because it is a switch and not a client device it would always send BPDU's.

Thank you @jdb1 and @alessandrodematos for the info.

Go to solution
ww^
Meraki Community All-Star
Meraki Community All-Star

‎04-01-2022 03:24 AM

You are running bpdu guard on trunk ports connecting to the cisco catalyst?

0 Helpful

Go to solution
JonP
Level 3
Level 3
In response to ww^

‎04-01-2022 03:29 AM

They are not Catalyst switches. These are CBS-250's and 350's. BDPU guard is not enabled on those switches.

0 Helpful

Go to solution
ww^
Meraki Community All-Star
Meraki Community All-Star
In response to JonP

‎04-01-2022 03:30 AM

But are you running bpdu guard on the meraki trunk port?

0 Helpful

Go to solution
JonP
Level 3
Level 3
In response to ww^

‎04-01-2022 03:32 AM

Yes, BDPU guard was enabled on the Meraki trunk port, but I had to switch it off to get the CBS switch to work.

0 Helpful

Go to solution
ww^
Meraki Community All-Star
Meraki Community All-Star
In response to JonP

‎04-01-2022 03:34 AM

Yes because switches send bpdu's. Else it will never work

Go to solution
aleabrahao
Meraki Community All-Star
Meraki Community All-Star
In response to JonP

‎04-01-2022 03:39 AM

Ok, But like @jdb1 said, switches send bpdu's. Else it will never work. 🙂

I am not a Cisco employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
Customers Also Viewed These Support Documents