portfast / global BPDU filtering / spanning tree portstates..
Hi all,
Im trying to get my head around the default config of bpdu filtering with portfast enabled. In the doc CD its says that when a portfast port received a bpdu it removed its portfast status.
I want to see this happen and watch spanning tree go blocking listening learning etc...
How can I lab this up..?
I have 2 (sw3 sw4) switches connected on f0/24 with portfast and bpdu filter enabled globally, sw3 has and access port config and sw4 is a host config, with debu spanning tree events on sw3. im hoping to change sw4s port to a trunk simulating the sending of bpdus and looking to get the spanning tree portstates shown in the debug on sw3.
!on both
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree portfast bpdufilter default
! sw3
interface FastEthernet0/24
switchport access vlan 2
switchport mode access
! sw4
interface FastEthernet0/24
no switchport
ip address 1.1.1.1 255.255.255.0
!
Rack12SW3(config-if)#do sh span | inc 0/24
Fa0/24 Desg FWD 19 128.26 P2p Edge
Rack12SW3(config-if)#do s debu
Spanning Tree:
Spanning Tree event debugging is on
! now for the change ...
!sw4
interface FastEthernet0/24
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
!
*Mar 3 22:44:24.550: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to down
*Mar 3 22:44:25.515: set portid: VLAN0002 Fa0/24: new port id 801A
*Mar 3 22:44:25.515: STP: VLAN0002 Fa0/24 ->jump to forwarding from blocking
Rack12SW3(config-if)#
*Mar 3 22:44:26.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/24, changed state to up
Rack12SW3(config-if)#do sh span | inc 0/24
Fa0/24 Desg FWD 19 128.26 P2p Edge
Rack12SW3(config-if)#
*Mar 3 22:45:06.241: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0/24 VLAN2.
*Mar 3 22:45:06.241: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet0/24 on VLAN0002. Inconsistent port type.
*Mar 3 22:45:06.241: STP: VLAN0002 Fa0/24 -> blockingdo sh span | inc 0/24
Fa0/24 Desg BKN*19 128.26 P2p Edge *TYPE_Inc
Rack12SW3(config-if)#!
it just blocks and then goes type inconsistant...:-(
I feel im going about this wrong ... Can anyone show me a way of labbing this up ..?
thanks...
Dave
Understanding BPDU Filtering
The BPDU filtering feature can be
globally enabled on the switch or can be enabled per interface, but the feature
operates with some differences.
At the global level,
you can enable BPDU filtering on Port Fast-enabled interfaces by using the spanning-tree
portfast bpdufilter default global configuration command. This command
prevents interfaces that are in a Port Fast-operational state from sending or
receiving BPDUs. The interfaces still send a few BPDUs at link-up before the
switch begins to filter outbound BPDUs. You should globally enable BPDU
filtering on a switch so that hosts connected to these interfaces do not
receive BPDUs. If a BPDU is received on a Port Fast-enabled interface, the
interface loses its Port Fast-operational status, and BPDU filtering is
disabled.
At the interface level, you can enable
BPDU filtering on any interface by using the spanning-tree bpdufilter enable
interface configuration command without also enabling
the Port Fast feature. This command prevents the interface from sending
or receiving BPDUs.
Caution 
Enabling
BPDU filtering on an interface is the same as disabling spanning tree on it and
can result in spanning-tree loops.
You can enable the BPDU filtering
feature for the entire switch or for an interface.
Comments
dave ,
instead of setting the port as a trunk , why not create a brdge-group on the switch ( if you can ..mpt sure never done it) then assign the switchport to the bridge
hth
The easiest way is like secondsight is saying. Connect a switchport to a router and make the router bridge.
bridge irb
bridge 1 protocol ieee
int x/x (connecting to switch)
bridge-group 1
I tried labbing it quickly in Dynamips but it is missing some switching features. Those 3 commands will be enough to generate BPDU's.
*Mar 1 00:03:21.975: %SPANTREE-2-RX_PORTFAST: Received BPDU on PortFast enabled port. Disabling FastEthernet1/0.
R2#
*Mar 1 00:03:21.975: %PM-4-ERR_DISABLE: bpduguard error detected on Fa1/0, putting Fa1/0 in err-disable state
Hi Yes ive tried that but I still cannot see the port go listening learning etc... it takes away the portfast status and goes blocking to forwarding ..?
ive done it here on r5 to sw2
Rack12R5(config-if)#do sh run | inc bridge
bridge irb
bridge-group 1
bridge 1 protocol ieee
Rack12R5(config-if)#do sh span
Bridge group 1 is executing the ieee compatible Spanning Tree protocol
Bridge Identifier has priority 32768, address 0017.e04a.aa91
Configured hello time 2, max age 20, forward delay 15
Current root has priority 45, address 0023.ace6.b480
Root port is 5 (FastEthernet0/1), cost of root path is 38
Topology change flag not set, detected flag not set
Number of topology changes 4 last change occurred 00:06:23 ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15
Timers: hello 0, topology change 0, notification 0, aging 300
Port 5 (FastEthernet0/1) of Bridge group 1 is forwarding
Port path cost 19, Port priority 128, Port Identifier 128.5.
Designated root has priority 45, address 0023.ace6.b480
Designated bridge has priority 32813, address 0023.ace6.d080
Designated port id is 128.7, designated path cost 19
Timers: message age 3, forward delay 0, hold 0
Number of transitions to forwarding state: 2
BPDU: sent 3, received 276
!
interface FastEthernet0/1
ip address 5.5.5.5 255.255.255.0
duplex auto
speed auto
!
Rack12SW2(config-if)#do sh span int f0/5 po
VLAN0045 enabled
Rack12SW2(config-if)#do sh span int f0/5
Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0045 Desg FWD 19 128.7 P2p Edge
!
Rack12R5(config-if)# bridge-group 1
Rack12R5(config-if)#
COMM_SERV#8
[Resuming connection 8 to sw2 ... ]
Rack12SW2(config-if)#
*Mar 3 23:50:21.691: STP: VLAN0045 heard root 32768-0017.e04a.aa91 on Fa0/5
*Mar 3 23:50:21.700: STP: VLAN0045 Topology Change rcvd on Fa0/5
*Mar 3 23:50:21.700: STP: VLAN0045 sent Topology Change Notice on Fa0/23do sh span int f0/5 po
VLAN0045 disabled
Rack12SW2(config-if)#do sh span int f0/5
Vlan Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0045 Desg FWD 19 128.7 P2p
Rack12SW2(config-if)#do sh debu
Spanning Tree:
Spanning Tree event debugging is on
Condition 1: interface Fa0/5 (1 flags triggered)
Flags: Fa0/5
Rack12SW2(config-if)#
....?
That could also be interesting for you!
http://ieoc.com/forums/p/16695/153218.aspx
Regards!
Markus
thanks Markus - but it still does not help ...
<!--
@page { margin: 0.79in }
P { margin-bottom: 0.08in }
-->
Hello,
Try This...
R----SW1----SW2
SW1----SW2 access ports both sides of this link, access vlan 3
SW1 :: spanning-tree portfast default and
spanning-tree portfast bpdufilter default
SW2::no spetial config.
R---SW1 SW1 port towards R (access vlan 3) remains portfast
operational and BPDU filter is active (ie dropping all sent and
received BPDUs) check with "show spanning-tree interface <> portfast"
SW1----SW2 this side port of SW1 is not
portfast operational because it received BPDUs and BPDU filter is not
active and Only 1 root bridge is elected.
Thanks and Regards,
Dinesh
Just some brainstorming here... Not sure this is the issue at all but lets give it a try. Since routers running STP don't use the extended sys-ID they usually get elected root bridges if priority is default.
In your case the router gets elected as root and the switch uses it as a root port. It seems the port goes to forwarding directly. Try decreasing priority on switch or increasing priority on router and see if the behavior changes.
If RPVST+ was running then I guess synchronize feature could put the port into forwarding very fast but I believe routers only talk 802.1D?
Try it out.