RE: BPDU Guard not working

Hi,
Even though port fast is disabled by default on all the ports. I think
if port fast is enabled on the port before enabling bpdu-guard globally
then also bpduguard should be enabled on portfast enabled port.
 
That's said on getting bpdu on portfast enabled port, it should go into
down state on receiving bpdu.

I have tested this and this works in both rapid-pvst and pvst-plus mode.
It does not work in MST mode as expected.

My setup:

Sw1(fa0/0)----(fa0/0)Sw2

SW1 is in trunk mode and sending bpdu. Sw1 is root switch. I enabled
portfast on sw2's fa0/0 interface using interface command "spanning-tree
portfast". I enabled global command "spanning-tree portfast bpduguard
default" on sw2.

I see that sw2's fa0/0 interface goes into (err-disabled) state after
getting bpdu's from sw1.

Now for your problem, can you make sure if you are getting BPDU's from
the connected pbx avaya switch?

Hope it helps.

Thanks,
Sonu

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
shiran guez
Sent: Wednesday, July 14, 2010 9:04 PM
To: dls152_at_cox.net
Cc: ccielab_at_groupstudy.com
Subject: Re: BPDU Guard not working

spanning-tree portfast

http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/7.4/configurat
ion/guide/stp_enha.html

Switch is in rapid-pvst mode
Root bridge for: VLAN0001-VLAN0002, VLAN0010-VLAN0012, VLAN0014-VLAN0016
VLAN0018-VLAN0024, VLAN0030-VLAN0031, VLAN0034-VLAN0036, VLAN0046,
VLAN0052 VLAN0057, VLAN0070, VLAN0080, VLAN0090, VLAN0092-VLAN0093,
VLAN0095-VLAN009 VLAN0099-VLAN0100, VLAN0122, VLAN0135, VLAN0170,
VLAN0175, VLAN0210 VLAN0223, VLAN0227-VLAN0228, VLAN0230,
VLAN0232-VLAN0233, VLAN0235-VLAN0237 VLAN0300, VLAN0500-VLAN0506,
VLAN0610, VLAN0650, VLAN0700, VLAN0750-VLAN075 VLAN0801, VLAN0811,
VLAN0820, VLAN0895-VLAN0897, VLAN0900
Extended system ID is enabled
*Po**rtfast Default is disabled*
PortFast BPDU Guard Default is enabled
Portfast BPDU Filter Default is disabled
Loopguard Default is enabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

On Wed, Jul 14, 2010 at 5:55 PM, <dls152_at_cox.net> wrote:

> Hello,
>
> I am running spanning tree using portfast with bdpu gaurd. I have run
> into what I believe is a problem. I have a port that is configure with

> portfast and bdpu-uard. I have a pbx avaya switch connected to the
> port sending bdpu's but the port doesn't shutdown like it should? Any
thoughts?
>
>
>
> spanning-tree mode rapid-pvst
> spanning-tree loopguard default
> spanning-tree portfast bpduguard default spanning-tree extend
> system-id
>
> Switch is in rapid-pvst mode
> Root bridge for: VLAN0001-VLAN0002, VLAN0010-VLAN0012,
> VLAN0014-VLAN0016 VLAN0018-VLAN0024, VLAN0030-VLAN0031,
> VLAN0034-VLAN0036, VLAN0046,
> VLAN0052
> VLAN0057, VLAN0070, VLAN0080, VLAN0090, VLAN0092-VLAN0093,
> VLAN0095-VLAN009
> VLAN0099-VLAN0100, VLAN0122, VLAN0135, VLAN0170, VLAN0175, VLAN0210
> VLAN0223, VLAN0227-VLAN0228, VLAN0230, VLAN0232-VLAN0233,
> VLAN0235-VLAN0237
> VLAN0300, VLAN0500-VLAN0506, VLAN0610, VLAN0650, VLAN0700,
> VLAN0750-VLAN075
> VLAN0801, VLAN0811, VLAN0820, VLAN0895-VLAN0897, VLAN0900
> Extended system ID is enabled
> Portfast Default is disabled
> PortFast BPDU Guard Default is enabled Portfast BPDU Filter Default
> is disabled
> Loopguard Default is enabled
> EtherChannel misconfig guard is enabled
> UplinkFast is disabled
> BackboneFast is disabled
> Configured Pathcost method used is short
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

--
Shiran Guez
MCSE CCNP NCE1 JNCIA-ER CCIE #20572
http://cciep3.blogspot.com
http://www.linkedin.com/in/cciep3
http://twitter.com/cciep3
Blogs and organic groups at http://www.ccie.net