As per routing Freak
Cat3560-3#sh run int g1/0/23
Building configuration...
Current configuration : 190 bytes
!
interface GigabitEthernet1/0/23
switchport access vlan 10
switchport mode access
speed 100
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
end
Cat3560-3#show spanning-tree interface g1/0/23
Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- --------
--------------------------------
VLAN0010 Desg FWD 19 128.23 P2p Edge
Cat3560-3#show spanning-tree interface g1/0/24 detail
Port 24 (GigabitEthernet1/0/24) of VLAN0010 is designated forwarding
Port path cost 19, Port priority 128, Port Identifier 128.24.
Designated root has priority 32778, address 30e4.db1d.1c80
Designated bridge has priority 32778, address 30e4.db1d.1c80
Designated port id is 128.24, designated path cost 0
Timers: message age 0, forward delay 0, hold 0
Number of transitions to forwarding state: 1
The port is in the portfast mode
Link type is point-to-point by default
Bpdu guard is enabled
Bpdu filter is enabled
BPDU: sent 0, received 0
Cat3560-3(config)#int g1/0/23
Cat3560-3(config-if)#no spanning-tree bpdufilter
Cat3560-3(config-if)#end
00:43:23: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi1/0/23 with
BPDU Guard enabled. Disabling port.
Cat3560-3(config-if)#end
00:43:23: %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/23, putting
Gi1/0/23 in err-disable state
Cat3560-3#
00:43:24: %SYS-5-CONFIG_I: Configured from console by console
00:43:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet1/0/23, changed state to down
Cat3560-3#
00:43:25: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/23, changed state to
down
On 3 December 2012 16:47, Tony Singh <mothafungla_at_gmail.com> wrote:
> Sorry meant to say err disable not inconsistent, but my guess is that it
> would be err disabled rather then bpdu's being filtered
>
> Will lab it later
>
> --
> BR
>
> Sent from my iPhone on 3
>
> On 3 Dec 2012, at 16:24, Tauseef Khan <tasneemjan_at_googlemail.com> wrote:
>
> Hi Tony, I think you mean spanningtree gurad root interface level config
> command which will disable the prot on which it configured if sees a
> superior BPDU. My question is about bpdugurad and bpdufilter commands.
> KR
>
> On 3 December 2012 15:56, Tony Singh <mothafungla_at_gmail.com> wrote:
>
>> Filter would drop the bpdu frames, guard is where you do not want any
>> bpdu's i.e rogue switch and enforcement of your root bridge.
>>
>> I would think having both on, then it would go into inconsistent state,
>> but I'm not near a switch what happened when you tried?
>>
>> --
>> BR
>>
>> Tony
>>
>> Sent from my iPhone on 3
>>
>> On 3 Dec 2012, at 15:34, Tauseef Khan <tasneemjan_at_googlemail.com> wrote:
>>
>> > I know Anthony Sequeira has expalined it beautifully on the blog but
>> > appreciate if someone could clarify.
>> > If I have spanntree portfast bpdugurad enabled globally which in-effect
>> > will apply to all access ports and will err-disable any accessports if
>> it
>> > sees an ingress BPDU. Now I enable "spanntree bpdufilter enable"
>> interface
>> > config commands on one of the access port interfaces with "spanning-tree
>> > portfast default" globally configured, which action will take
>> precedence.
>> > ie port will be err-disable or will lose its host status on receipt of
>> > BPDUs. Also what is the best practice in this scenario. disbale the
>> > bpdugurad (spanningtree bpduguard disable) on the interface level before
>> > enabling bpdufilter (spanntree bpdufilter enable) or both actions can
>> > coexist.....
>> > Thanks in advance
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Mon Dec 03 2012 - 20:37:45 ART
This archive was generated by hypermail 2.2.0 : Tue Jan 01 2013 - 09:36:53 ART