Reference Guide

ManualsBrandsDell ManualsserversDell Force10 S55T

691

692

693

694

695

696

697

698

699

700

Spanning Tree Protocol | 693

Preventing Network Disruptions with BPDU Guard

The Portfast (and Edgeport, in the case of RSTP, PVST+, and MSTP) feature should be configured on

ports that connect to end stations. End stations do not generate BPDUs, so ports configured with Portfast/

Edgport (edgeports) do not expect to receive BDPUs. If an edgeport does receive a BPDU, it likely means

that it is connected to another part of the network, which can negatively effect the STP topology. The

BPDU Guard feature blocks an edgeport upon receiving a BPDU to prevent network disruptions, and

FTOS displays Message 1. Enable BPDU Guard using the option

bpduguard when enabling PortFast or

EdgePort. The

bpduguard shutdown-on-violation option causes the interface hardware to be shutdown when

it receives a BPDU. Otherwise, although the interface is placed in an Error Disabled state when receiving

the BPDU, the physical interface remains up and spanning-tree will only drop

packets after a BPDU

violation.

Figure 38-8 shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the

Dell Networking system is configured with Portfast. If the switch is connected to the hub, the BPDUs that

the switch generates might trigger an undesirable topology change. If BPDU Guard is enabled, when the

edge port receives the BPDU, the BPDU will be dropped, the port will be blocked, and a console message

will be generated.

Message 1 BPDU Guard Error

3w3d0h: %RPM0-P:RP2 %SPANMGR-5-BPDU_GUARD_RX_ERROR: Received Spanning Tree BPDU on BPDU guard

port. Disable GigabitEthernet 3/41.

Note: Note that unless the shutdown-on-violation option is enabled, spanning-tree only drops packets

after a BPDU violation; the physical interface remains up, as shown below.

FTOS(conf-if-gi-0/7)#do show spanning-tree rstp brief

Executing IEEE compatible Spanning Tree Protocol

Root ID Priority 32768, Address 0001.e805.fb07

Root Bridge hello time 2, max age 20, forward delay 15

Bridge ID Priority 32768, Address 0001.e85d.0e90

Configured hello time 2, max age 20, forward delay 15

Interface Designated

Name PortID Prio Cost Sts Cost Bridge ID PortID

---------- -------- ---- ------- --- ------- -------------------- --------

Gi 0/6 128.263 128 20000 FWD 20000 32768 0001.e805.fb07 128.653

Gi 0/7 128.264 128 20000 EDS 20000 32768 0001.e85d.0e90 128.264

Interface

Name Role PortID Prio Cost Sts Cost Link-type Edge

---------- ------ -------- ---- ------- --- ------- --------- ----

Gi 0/6 Root 128.263 128 20000 FWD 20000 P2P No

Gi 0/7 ErrDis 128.264 128 20000 EDS 20000 P2P No

FTOS(conf-if-gi-0/7)#do show ip int br gi 0/7

Interface IP-Address OK Method Status Protocol

GigabitEthernet 0/7 unassigned YES Manual up up