※noteから引っ越してきた記事
ええ加減はっきり覚えたい。
BPDUガード
設定
Switch7(config)#int gi1/3
Switch7(config-if)#span bpduguard enable
span portfast bpduguard defaultでグローバルに設定することもできる。
errdisable
Switch7#
*Oct 11 12:20:42.446: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi1/3 with BPDU Guard enabled. Disabling port.
Switch7#
*Oct 11 12:20:42.449: %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/3, putting Gi1/3 in err-disable state
*Oct 11 12:20:43.504: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/3, changed state to down
Switch7#
*Oct 11 12:20:44.802: %LINK-3-UPDOWN: Interface GigabitEthernet1/3, changed state to down
Switch7#sh ip int bri
Interface IP-Address OK? Method Status Protocol
<略>
GigabitEthernet1/3 unassigned YES unset down down
<略>
復旧(してない)
Switch7(config)#errdisable recovery cause bpduguard
~約5分後~
Switch7(config)#
*Oct 11 12:27:58.602: %PM-4-ERR_RECOVER: Attempting to recover from bpduguard err-disable state on Gi1/3
*Oct 11 12:27:59.336: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi1/3 with BPDU Guard enabled. Disabling port.
*Oct 11 12:27:59.339: %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/3, putting Gi1/3 in err-disable state
Switch7#sh ip int bri
Interface IP-Address OK? Method Status Protocol
<略>
GigabitEthernet1/3 unassigned YES unset down down
<略>
予めerrdisable recoveryを設定しておく必要はなかった。
ただ、SWの接続は続いているのでrecoveryを上書きする形でerrdisableになる。
errdisable recovery cause [XXX]
備忘録
Switch7(config)#errdisable recovery cause ?
all Enable timer to recover from all error causes
arp-inspection Enable timer to recover from arp inspection error
disable state
bpduguard Enable timer to recover from BPDU Guard error
channel-misconfig Enable timer to recover from channel misconfig error
(STP)
dhcp-rate-limit Enable timer to recover from dhcp-rate-limit error
dtp-flap Enable timer to recover from dtp-flap error
gbic-invalid Enable timer to recover from invalid GBIC error
inline-power Enable timer to recover from inline-power error
l2ptguard Enable timer to recover from l2protocol-tunnel error
link-flap Enable timer to recover from link-flap error
link-monitor-failure Enable timer to recover from link monitoring failure
loopback Enable timer to recover from loopback error
mac-limit Enable timer to recover from mac limit disable state
oam-remote-failure Enable timer to recover from OAM detected remote
failure
pagp-flap Enable timer to recover from pagp-flap error
port-mode-failure Enable timer to recover from port mode change failure
pppoe-ia-rate-limit Enable timer to recover from PPPoE IA rate-limit error
psecure-violation Enable timer to recover from psecure violation error
psp Enable timer to recover from psp
security-violation Enable timer to recover from 802.1x violation error
sfp-config-mismatch Enable timer to recover from SFP config mismatch error
storm-control Enable timer to recover from storm-control error
udld Enable timer to recover from udld error
unicast-flood Enable timer to recover from unicast flood error
vmps Enable timer to recover from vmps shutdown error
BPDUフィルター
設定
ラグはあるものの、Gi0/0はBPDUフィルタが設定されるとBPDUを送信しなくなった。
bpduguard同様、span portfast bpdufilter defaultでグローバルに設定も可能。
Switch#debug span bpdu
Switch#
*Oct 11 12:57:00.962: RSTP(1): sending BPDU out Gi0/0
*Oct 11 12:57:00.970: RSTP(1): sending BPDU out Gi0/1
*Oct 11 12:57:00.980: RSTP(1): sending BPDU out Gi0/2
*Oct 11 12:57:00.992: RSTP(1): sending BPDU out Gi0/3
*Oct 11 12:57:01.007: RSTP(1): sending BPDU out Gi1/0
*Oct 11 12:57:01.021: RSTP(1): sending BPDU out Gi1/1
*Oct 11 12:57:01.038: RSTP(1): sending BPDU out Gi1/2
*Oct 11 12:57:01.052: RSTP(1): sending BPDU out Gi1/3
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#
Switch(config)#int gi0/0
Switch(config-if)#
*Oct 11 12:57:18.663: RSTP(1): sending BPDU out Gi0/0
*Oct 11 12:57:18.672: RSTP(1): sending BPDU out Gi0/1
*Oct 11 12:57:18.688: RSTP(1): sending BPDU out Gi0/2
*Oct 11 12:57:18.700: RSTP(1): sending BPDU out Gi0/3
*Oct 11 12:57:18.711: RSTP(1): sending BPDU out Gi1/0
*Oct 11 12:57:18.725: RSTP(1): sending BPDU out Gi1/1
*Oct 11 12:57:18.739: RSTP(1): sending BPDU out Gi1/2
*Oct 11 12:57:18.750: RSTP(1): sending BPDU out Gi1/3
Switch(config-if)#span bpdufilter enable
Switch(config-if)#
*Oct 11 12:57:21.393: RSTP(1): sending BPDU out Gi0/0
*Oct 11 12:57:21.409: RSTP(1): sending BPDU out Gi0/1
*Oct 11 12:57:21.424: RSTP(1): sending BPDU out Gi0/2
*Oct 11 12:57:21.441: RSTP(1): sending BPDU out Gi0/3
*Oct 11 12:57:21.457: RSTP(1): sending BPDU out Gi1/0
*Oct 11 12:57:21.475: RSTP(1): sending BPDU out Gi1/1
*Oct 11 12:57:21.487: RSTP(1): sending BPDU out Gi1/2
*Oct 11 12:57:21.494: RSTP(1): sending BPDU out Gi1/3
Switch(config-if)#
*Oct 11 12:57:24.094: RSTP(1): sending BPDU out Gi0/1
*Oct 11 12:57:24.101: RSTP(1): sending BPDU out Gi0/2
*Oct 11 12:57:24.111: RSTP(1): sending BPDU out Gi0/3
*Oct 11 12:57:24.116: RSTP(1): sending BPDU out Gi1/0
*Oct 11 12:57:24.122: RSTP(1): sending BPDU out Gi1/1
*Oct 11 12:57:24.126: RSTP(1): sending BPDU out Gi1/2
*Oct 11 12:57:24.137: RSTP(1): sending BPDU out Gi1/3
Switch(config-if)#end
復旧(した)
BPDUフィルターを設定し、BPDUを送信しないようにすることでerrdisable recoveryが働き復旧。
Switch7#
*Oct 11 12:53:03.954: %PM-4-ERR_RECOVER: Attempting to recover from bpduguard err-disable state on Gi1/3
Switch7#
*Oct 11 12:53:06.116: %LINK-3-UPDOWN: Interface GigabitEthernet1/3, changed state to up
*Oct 11 12:53:07.187: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/3, changed state to up
Switch7#sh ip int bri
Interface IP-Address OK? Method Status Protocol
<略>
GigabitEthernet1/3 unassigned YES unset up up
<略>
まとめ
BPDUガード:BPDUを受信するとerrdisableに
BPDUフィルタ:BPDUを受信できないし送信しない
errdisable recovery: デフォルトは300s
実際に設定してみると違いがはっきりよくわかる。