Link to home
Start Free TrialLog in
Avatar of liquidationworld
liquidationworldFlag for Canada

asked on

Adding L2 switch to extend the VLAN while BPDU guard in enable on L3 switch

I have a cisco 3950 L3 switch with BPDU guard enable on all ports , switch is configured with multiple VLAN's. One of the VLAN's "name vlan 50" needs to be extended. Because of BPDU guard as soon as i plug the L2 switch into L3 Switch it will disable the port with error "err-disable'. I would like to keep the BPDU guard enabled on all ports yet would like to connect the other switch to exisitng switch. I know that you could configure the switch so it wont send any BPDU packets out. How can i add the L2 switch to existing switch?
Avatar of JFrederick29
JFrederick29
Flag of United States of America image
Couple options.

1.  Turn off BPDU Guard only on the port that the switch will connect to (preferred).

2.  Turn off STP on the "extension" switch so it doesn't send BPDU's.

I would turn off BPDU Guard only on the port connected to the new switch.
Avatar of liquidationworld
liquidationworld
Flag of Canada image

ASKER

I turn off BPDU guard and enable the port again , works fine with just the switch but as soon as i connect a host /PC to extended switch , the port on other switch goes in err-disable.
So basically even though the BPDU guard is disable the port still goes on err-disbale state
Avatar of JFrederick29
JFrederick29
Flag of United States of America image
Sounds like BPDU guard is still enabled on the port connected to the extended switch.  Can you post switch port config attached to extended switch?  Also, turn off "portfast" on the port connected to the extended switch if it is enabled.
Avatar of liquidationworld
liquidationworld
Flag of Canada image

ASKER

I just confirmed it again , without any host connected to extended switch ( the switch which i am connecting to our other switch) its works fine , but as soon as i connect host it put the port on other switch into err-disbale mode.
Avatar of liquidationworld
liquidationworld
Flag of Canada image

ASKER

lets call the mother switch ( sw1 ) and the switch which i am connecting to mother switch the new one call it sw2, BPDU here is the config for sw1
interface GigabitEthernet1/0/49
 switchport access vlan 50
end
 
Now i am turning off BPDU GUARD AND PORT FAST for the 4 th time and enabling the port
LWIONRSW03(config)#int gi1/0/49
LWIONRSW03(config-if)#no sp
LWIONRSW03(config-if)#no spa
LWIONRSW03(config-if)#no spanning-tree bpdu
LWIONRSW03(config-if)#no spanning-tree bpdugu
LWIONRSW03(config-if)#no spanning-tree bpduguard
LWIONRSW03(config-if)#no spanning-tree portfast bpduguard
LWIONRSW03(config-if)#no spanning-tree portfast b
LWIONRSW03(config-if)#no spanning-tree portfast
LWIONRSW03(config-if)#shut
LWIONRSW03(config-if)#no shut
LWIONRSW03(config-if)#do show int gi1/0/49
GigabitEthernet1/0/49 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 001c.5719.39b1 (bia 001c.5719.39b1)
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:03, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 1000 bits/sec, 1 packets/sec
     2593 packets input, 272615 bytes, 0 no buffer
     Received 251 broadcasts (0 multicast)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 250 multicast, 0 pause input
     0 input packets with dribble condition detected
     57263 packets output, 5817439 bytes, 0 underruns
     0 output errors, 0 collisions, 43 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
 The ip address of the switch is 192.168.50.2 here is the ing
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=2ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=2ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=2ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=2ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
Reply from 192.168.50.2: bytes=32 time=1ms TTL=254
 Now here is the port config on SW1 after all this
 interface GigabitEthernet1/0/49
 switchport access vlan 50
!
interface GigabitEthernet1/0/50
 
I dont even see the any thing being BPDU Guard and port fast being disable , still connected to the sw2 as shown

interface GigabitEthernet1/0/49
 switchport access vlan 50
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
LWIONRSW03#show int gi
LWIONRSW03#show int gigabitEthernet 1/0/49
GigabitEthernet1/0/49 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 001c.5719.39b1 (bia 001c.5719.39b1)
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not set
  Full-duplex, 1000Mb/s, link type is auto, media type is 1000BaseSX SFP
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:11, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
 
Now i am going to hook up the PC to sw2 ( extended switch and look what happens) hang on let me run and do it Lost ping

C:\Documents and Settings\khurramm>ping 192.168.50.2 -t
Pinging 192.168.50.2 with 32 bytes of data:
Request timed out.
Request timed out.

GigabitEthernet1/0/49 is down, line protocol is down (err-disabled)
  Hardware is Gigabit Ethernet, address is 001c.5719.39b1 (bia 001c.5719.39b1)
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
 
AS SOON AS I HOOKED THE PC UP , i am so stuble as why is it doing it  
 
 
 
 
 
Avatar of JFrederick29
JFrederick29
Flag of United States of America image
Use this command instead:

conf t
int g1/0/49
spanning-tree bpduguard disable

If the port goes err-disabled again after using that command, do a "show log" and post the err-disabled reason.
Avatar of liquidationworld
liquidationworld
Flag of Canada image

ASKER

Just did , sweet it worked like a charm , thank you so much. Pinging the host for last 10 mins and its still going.
I will keep the post open till end of the day , how can i add your name to contact in here so in future i be able to direclty ask you question using this website
thank you
ASKER CERTIFIED SOLUTION
Avatar of JFrederick29
JFrederick29
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial