RE: BPDUGuard - interconnecting 2 switches

From: Antonio Soares (amsoares@netcabo.pt)
Date: Thu Jul 05 2007 - 07:21:04 ART

In the example i gave, the connection is not a trunk. So we will have BPDU's
only in the access VLAN. In that segment, one port will be designated and
the other will be a root port. Only the designated port send BPDU's so we
must take this into account when enabling those BPDU filtering options:

1) (config-if)# spanning-tree bpdufilter enable

Never sends or receives BPDUs.

2) (config-if)# spanning-tree bpduguard enable

If a BPDU is received, the Port is put in the errDisable state.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sadiq Yakasai
Sent: quinta-feira, 5 de Julho de 2007 9:53
To: ccie2k4@gmail.com
Cc: Cisco certification
Subject: Re: BPDUGuard - interconnecting 2 switches

hey guys,

i have been thinking about this subject actually and thot,

Do BPDU's get sent out a normal access port? I thot the whole idea BPDU
Guard/Filter only affects incoming BPDU's and not outgoing in the first
place.

Antonio,

The link between SW1 and SW2 is a trunk link isnt it? Would BPDU's get sent
out the link if the port were an access port between the 2 switches?

On 7/5/07, ccie2k4@gmail.com <ccie2k4@gmail.com> wrote:
> Hi Antonio,
>
> Thanks for replying. In the case I was using the port would be a L2
> port however it would be an access port. So I was trying to find out
> what would be the problem if I configured an L2 port as an access port
> going to another switch which would have an SVI interface and that
> would be the default gateway for any devices attached to the L2
> switch. Would that port still send out BPDU's and if so would that cause a
loop if there is redundancy?
>
> On 7/4/07, Antonio Soares <amsoares@netcabo.pt> wrote:
> >
> > BPDU's are sent by L2 designated ports. A L3 port does not run STP
> > unless you attach to it a bridge-group.
> >
> > +++++++++++++++++++++++++++++++++++++++++++++++++
> > SW1 is receiving BPDU's on its Root Port from SW2
> > +++++++++++++++++++++++++++++++++++++++++++++++++
> > SW1#
> > 01:48:37: STP: VLAN0001 rx BPDU: config protocol = ieee, packet from
> > GigabitEthernet0/23 , linktype IEEE_SPANNING , enctype 2, encsize
> > 17
> > 01:48:37: STP: enc 01 80 C2 00 00 00 00 0F 90 5F 5B 19 00 26 42 42
> > 03
> > 01:48:37: STP: Data
> > 00000000018001000F905F5B00000000008001000F905F5B0080190000140002000F
> > 00
> > 01:48:37: STP: VLAN0001 Gi0/23:0000 00 00 01 8001000F905F5B00
> > 00000000 8001000F905F5B00 8019 0000 1400 0200 0F00
> > 01:48:37: STP(1) port Gi0/23 supersedes 0 SW1#
> > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > As soon as i configured SW2 port as L3, BPDU's are not received
> > +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > 01:48:39: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > GigabitEthernet0/23, changed state to down
> > 01:48:40: %LINK-3-UPDOWN: Interface GigabitEthernet0/23, changed
> > state to down SW1#
> > 01:48:42: %LINK-3-UPDOWN: Interface GigabitEthernet0/23, changed
> > state to up
> > 01:48:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> > GigabitEthernet0/23, changed state to up SW1#
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > ccie2k4@gmail.com
> > Sent: quarta-feira, 4 de Julho de 2007 23:16
> > To: Cisco certification
> > Subject: BPDUGuard - interconnecting 2 switches
> >
> > Hi Folks,
> >
> > Just trying to get an idea of how SPT and BPDU guard would affect this
> > scenario. Say I have 2 * 3550 switches and I am using one as a pure L2
> > switch while the other one is being used as a router.
> >
> > Can I connect them without using a trunk? What I mean is can I make that
> > port that interconnect's the 2 devices an access port with portfast
> > configured and than use a SVI interface on that router as the default
> > gateway? I have done this and it works without issues as far as I know
> > however just thinking about it now I am wondering why it doesn't cause
any
> > problems. When you make a port an access port it usually is to connect
end
> > devices like pc's etc however in this case the other device is also a
> > switch
> > and that port on that device will also be an access port in a vlan. I
tend
> > to think that it would send out BPDU's and if the other end has
BPDUguard
> > configured than it would disable the port wouldn't it?
> >
> > Does the device acting as a router still send out a BPDU on that port?
> >
> > I would like to make the L2 switch the root of the spanning tree hence
> > just
> > want to confirm if I have BPDU guard configured on that port will be a
> > problem.
> >
> > When does a switch send out a BPDU? I mean I have read all about how
when
> > there is a topology change or during root election etc but say for
> > instance
> > in this scenario if I didn't have any spanning-tree on the 3550 being
used
> > as a router would it still send out a BPDU?
> >
> > Thx
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:39 ART