BPDU Guard without ERR-Disable

Hi Everyone,
I recently had an instance in one of my networks where a user plugged in a home router to our network. The router then started handing out incorrect IP addresses to clients.
I know I can use DHCP Snooping or BPDU guard to stop this happening again and we do have BPDU Guard running at other sites successfully. The problem has always been if we enable it in a new production network we might disable ports that have legitimate devices on the other end. For example someone is using a small switch to share a port between a PC and a printer.
Is there a way of turning on BPDU guard but without it putting ports into an Err-Disabled mode and just alerting in the logs instead?
Regards, Daniel

Hi Leo,
Thanks for your input in the discussion. However I think you are misunderstanding why I am asking this question.
I WANT to enable BPDU guard on this network, I know its not a PIA and I am well aware of what it does and why it would be implemented.
The reason I am asking this question is because I need to transition from a network that doesn't have BPDU guard enabled to one that does. If i turn the feature on it will start disabling ports on switches and stop peoples workflow until it is resolved. The reason people have unidentified switches plugged into the network might be legitimate, but the way they got around their problem wasn't the best.
My goal is to find out where these rogue switches are, find out why they are there. Find an alternative way to connect these devices to the network by either purchasing new switches or running more cabling. This network does not have any onsite IT and therefor all this needs to be figured out remotely.
So the crux of the problem is. How to find STP devices that are plugged into my switches.
Thoughts?

Similar Messages

BPDU guard - weird situation

Hi guys,
This morning unpleasant surprise happened to me. One of critical ports was err-disabled because of BPDU guard (device B). This wouldn't be surprise if this port (on Device B) wasn't configured as L3 port (I agree that BPDU filter shouldn't be enabled at all here, this is legacy config), and other end have BPDU filter enabled (Device A). Here is port config:
Device A:
interface GigabitEthernet4/0/24
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode access
switchport nonegotiate
logging event trunk-status
spanning-tree bpdufilter enable
Device B:
interface GigabitEthernet2/45
no switchport
ip address 10.0.0.1 255.255.252.0
ip helper-address 172.16.249.5
logging event link-status
logging event trunk-status
spanning-tree portfast
spanning-tree bpduguard enable
Log from Device B indicating that it was err-disabled:
Apr 20 20:08:52.336 CETS: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi2/45 with BPDU Guard enabled. Disabling port.
Apr 20 20:08:52.336 CETS: %PM-4-ERR_DISABLE: bpduguard error detected on Gi2/45, putting Gi2/45 in err-disable state
Log form Device A indicating that BPDU never sent from this port:
DeviceA#show spanning-tree vlan 10 detail
Port 186 (GigabitEthernet4/0/24) of VLAN0010 is designated forwarding
   Port path cost 4, Port priority 128, Port Identifier 128.186.
   Designated root has priority 28740, address 001a.6da4.f000
   Designated bridge has priority 28740, address 001a.6da4.f000
   Designated port id is 128.186, designated path cost 0
   Timers: message age 0, forward delay 0, hold 0
   Number of transitions to forwarding state: 1
   Link type is point-to-point by default
   Bpdu filter is enabled
   BPDU: sent 0, received 0
Did anyone had ever similar experience? By all logical explanations, this should never happen
Thanks

On the other hand, most SOHO switches do not implement Spanning Tree. If you are concerned about users installing switches, you need to take other precautions as well.
You can stop the users using a switch to fan out a port, by configuring port security and only allowing one MAC address on the port.
The BPDU guard will give you some protection against certain malicious user practices, even if the rogue switch does not do Spanning Tree. For example, the user who plug in a SOHO switch, and then plugs two other ports of that SOHO switch back-to-back with a cross-cable. In this case, your Catalyst will see its own BPDUs circulating round the loop, and will close the port down. (If the SOHO switch is not doing Spanning Tree, then it will pass the BPDUs through transparently.) This is why you should not have bdpu-guard and bpdu-filter on the same port.
Kevin Dorrell
Luxembourg

WAPs connected ports are becoming err-disabled.

Hi All,
I'm facing a strange issue. WAPs connected ports are becomming err-disabled with an attached error message. Not only a single WAP, All the WAPs connected to the 3750 are having the same issue. I have tried to identify which WAP is sending the BPDU and that inturn causing other WAP connected ports to be down.
I have 5 WAPs in that site; if I enable any WAPs connected port below logs messages are coming and that port is becomming err-disable.
Can anyone shed some light to troubleshoot this issue. Any help would be appreciated.
Dec 1 03:32:59.397 UTC: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port Gi1/0/12 with BPDU Guard enabled. Disabling port.
Dec 1 03:32:59.397 UTC: %PM-4-ERR_DISABLE: bpduguard error detected on Gi1/0/12, putting Gi1/0/12 in err-disable state
Dec 1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/12, changed state to down
Dec 1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan5, changed state to down
Dec 1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan50, changed state to down
Dec 1 03:33:00.420 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan51, changed state to down
Dec 1 03:33:01.427 UTC: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/12, changed state to down
Regards,
T.K

Can you please furnish the command output of the following:
1. sh version
2. sh run int g 1/0/12
3. sh interface status err

BPDU guard on Nexus 2k

Is there a way by which BPDU guard can be disabled on N2K?
Does N2K support normal trunking with downstream switch?
All the documentation that I have gone through mentions that you cannot disable BPDUguard on fex ports, it is enabled by default.
FEX will not allow you to connect a switch to it with trunking enabled.
We have a requirement where they want to connect switch to N2K.
What is the best practice while connecting a switch to N2K?

Is there a way by which BPDU guard can be disabled on N2K?
BPDU, on all the Nexus parent switches (5K, 7K) are PERMANENTLY enabled. No one will be able to disable BPDU Guard on the Nexus.
If you want to connect another non-Nexus switch to a 2K, you will need to disable STP on that switchport.

Assistance Disabling BPDU Guard: Catalyst 3560 CG

Good Morning Guys,
Here's the situation:
Configuring cisco wireless bridges - every time I get both devices up in my wireless controller, the port my root bridge is connected to on the catalyst 3560 CG switch gets disabled with the following error:
"SPANTREE - 2- BLOCK_BPDUGUARD: Received BPDU on port, *** with BPDU Guard enabled, disabling port."
I've done some research on BPDU Guard and I've tried applying the following commands to no avail:
1. errdisable detect cause bpdguard shutdown vlan (global and config mode)
2. spanning-tree bpduguard disable (configuration mode at the interface)
any assistance to prevent the port from shutting down would be greatly appreciated.
Christian

You should double check the interface configs on both. It is shutting the port down because it is receiving BPDUs. This could be cause your switch port is configured for access but the WLC is configured as trunk...

Bpdu guard status still reflected disabled after configuration

Hi,
Has anyone encountered after configuring
(config#)spanning-tree portfast bpduguard default
bpdu guard status still reflected disabled after configuration using
#sh spanning-tree summary totals
Thanks.
Christina

BPDU Guard takes effect only on portfast ports. You can therefore think of BPDU guard the same as portfast BPDU guard when a port is a portfast port.
PortFast BPDU guard can prevent loops by moving a nontrunking port into the errdisable state when a BPDU is received on that port. When the BPDU guard feature is enabled on the switch, spanning tree shuts down PortFast-configured interfaces that receive BPDUs, rather than putting them into the spanning tree blocking state. In a valid configuration, PortFast-configured interfaces do not receive BPDUs. Reception of a BPDU by a PortFast-configured interface signals an invalid configuration, such as connection of an unauthorized device. The BPDU guard feature provides a secure response to invalid configurations, because the administrator must manually put the interface back in service.
When enabled on the switch, spanning tree applies the PortFast BPDU guard
feature to all PortFast-configured interfaces.
Portfast BPDU guard can be enabled or disabled on a global basis, thus
affecting all ports with portfast configured.
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml

Interfaces in port-channel keep err-disabling because of keepalives

Below is the current portchannel that I am having problems with. The interfaces on Switch A keep going into an error disabled state because they receive their own loopback. Cisco says to disable keepalives and that it will fix the problem, but I do not like the idea of disabling keepalives. Has anyone found a solution other than disabling keepalives? Notice that ios's are different, but am not convinced that this is the issue. Also one is PoE and the other isn't. Lastly, i found this article "Keepalives are sent on all interfaces by default in Cisco IOS Software Release 12.1EA-based software. In Cisco IOS Software Release 12.2SE-based software and later, keepalives are not sent by default on fiber and uplink interfaces". I would think trunked interfaces in a port-channel would be uplink interfaces and if this is true, it should be sending out keepalives anyway since i am running the 12.2SE based ios. Thanks for whatever input you may have.
Switch A
C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
System image file is "flash:/c3750e-universalk9-mz.122-55.SE3/c3750e-universalk9-mz.122-55.SE3.bin"
cisco WS-C3750X-48P
Port-channels in the group:
Port-channel: Po52
Age of the Port-channel   = 219d:04h:32m:49s
Logical slot/port   = 10/39          Number of ports = 4
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =    -
Port security       = Disabled
Ports in the Port-channel:
Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
0     00     Gi1/0/35 On                 0
0     00     Gi1/0/36 On                 0
0     00     Gi2/0/45 On                 0
0     00     Gi2/0/46 On                 0
%ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on GigabitEthernet1/0/35.
%PM-4-ERR_DISABLE: loopback error detected on Gi1/0/35, putting Gi1/0/35 in err-disable state
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/35, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Port-channel39, changed state to down
%LINK-3-UPDOWN: Interface Port-channel39, changed state to down
Switch B
C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
System image file is "flash:/c3750e-universalk9-mz.122-58.SE2/c3750e-universalk9-mz.122-58.SE2.bin"
cisco WS-C3750X-48
Port-channels in the group:
Port-channel: Po52
Age of the Port-channel   = 443d:18h:43m:06s
Logical slot/port   = 10/39          Number of ports = 4
GC                  = 0x00000000      HotStandBy port = null
Port state          = Port-channel Ag-Inuse
Protocol            =    -
Port security       = Disabled
Ports in the Port-channel:
Index   Load   Port     EC state        No of bits
------+------+------+------------------+-----------
0     00     Gi1/0/35 On                 0
0     00     Gi1/0/36 On                 0
0     00     Gi1/0/45 On                 0
0     00     Gi1/0/46 On                 0

PER CISCO
Symptom:
An interface on a Catalyst switch is errordisabled after detecting a loopback.
Mar 7 03:20:40: %ETHCNTR-3-LOOP_BACK_DETECTED: Loop-back detected on
GigabitEthernet0/2. The port is forced to linkdown.
Mar 7 03:20:42: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state
to administratively down
Mar 7 03:20:43: %LINEPROTO-5-UPDOWN: Line protocol on Interface
GigabitEthernet0/2, changed state to down
Conditions:
This might be seen on a Catalyst 2940, 2950, 2950-LRE, 2955, 2970, 3550, 3560
or 3750 switch running 12.1EA or 12.2SE based code.
Workaround:
Disable keepalives by using the no keepalive interface command. This
will prevent the port from being errdisabled, but it does not resolve the root
cause of the problem. Please see section below for more information.
Additional Information:
The problem occurs because the keepalive packet is looped back to the port that
sent the keepalive. There is a loop in the network. Although disabling the
keepalive will prevent the interface from being errdisabled, it will not remove
the loop.
The problem is aggravated if there are a large number of Topology Change
Notifications on the network. When a switch receives a BPDU with the Topology
Change bit set, the switch will fast age the MAC Address table. When this
happens, the number of flooded packets increases because the MAC Address table
is empty.

Info needed on use of BPDU guard

The place where I am working, we have 7606 router which is connected to various LAN segments. Sub-interfaces are defined in Ethernet ports for VLAN segments. Each LAN segment is running RSTP in rings, so BPDU packets is expected on VLAN subinterfaces of router, but spanning-tree BPDU Guard is enabled on interface(not subinterface) as shown below.
interface GigabitEthernet1/6
description "Towards xyz"
mtu 9000
no ip address
storm-control broadcast level 0.10
storm-control multicast level 0.10
spanning-tree bpduguard enable
interface GigabitEthernet1/6.852
description "Cluster 14"
encapsulation dot1Q 852
ip address 172.19.129.188 255.255.255.224
standby version 2
standby 83 ip 172.19.129.190
standby 83 timers msec 300 1
standby 83 priority 110
standby 83 preempt
interface GigabitEthernet1/6.853
description "Cluster 14"
encapsulation dot1Q 853
ip address 172.19.145.188 255.255.255.224
standby version 2
standby 84 ip 172.19.145.190
standby 84 timers msec 300 1
standby 84 priority 110
standby 84 preempt
interface GigabitEthernet1/6.854
description "Cluster 14"
encapsulation dot1Q 854
ip address 172.19.161.188 255.255.255.224
standby version 2
standby 85 ip 172.19.161.190
standby 85 timers msec 300 1
standby 85 priority 110
standby 85 preempt
interface GigabitEthernet1/6.855
description "Cluster 14"
encapsulation dot1Q 855
ip address 172.19.177.188 255.255.255.224
standby version 2
standby 86 ip 172.19.177.190
standby 86 timers msec 300 1
standby 86 priority 110
standby 86 preempt
I need to know that will there be any effect of BPDU Guard in this situation?
Whats the point of enabling BPDU Guard here?
Will BPDU packets received on subinterface VLAN will disable the whole interface as BPDU Guard is enabled?

Please find spanning tree command output:
R1#sh spanning-tree int gi1/6
no spanning tree info available for GigabitEthernet1/6
R1#sh spanning-tree interface GigabitEthernet1/6.852
no spanning tree info available for GigabitEthernet1/6.852
R1#sh spanning-tree
MST0
Spanning tree enabled protocol mstp
Root ID    Priority    4096
             Address     588d.09b5.8740
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    4096   (priority 4096 sys-id-ext 0)
             Address     588d.09b5.8740
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi1/1               Desg FWD 20000     128.1    P2p
Gi1/2               Desg FWD 20000     128.2    P2p
Gi1/3               Desg FWD 20000     128.3    P2p
Gi1/4               Desg FWD 20000     128.4    P2p
Gi1/15              Desg FWD 20000     128.15   P2p
Gi1/16              Desg FWD 20000     128.16   P2p
Gi2/4               Desg FWD 200000    128.260 P2p
Te2/11              Desg FWD 2000      128.267 P2p
I think port is not involved in STP. Now, I would like to know what will happen if BPDU packet is received on any VLAN sub-interface of this interface. Will it simply drop BPDU packet as STP not running on it or, BPDU guard will disable the port completely ??

How to configure PortFast & BPDU Guard on an Aruba controller.

Requirement:
An Aruba controller running 6.4.3.x and above.
Solution:
PortFast:
PortFast feature basically causes a switch port or a trunk port to directly enter the forwarding state instead of going through listening and learning state of the STP.
PortFast is usually configured on an edge port, which means this port should not receive any STP BPDUs.
If this port receives any STP BPDU, this port moves back to normal/regular mode and will end up participating in listening and learning states.
BPDU Guard:
The BPDU Guard feature basically guards the port against receiving any BPDUs.
If it detects any incoming BPDUs on the port, it would put the port into ErrDis (Error-Disable).
This port remains in the ErrDis state unless until this port is manually changed by using a configuration command “shut” followed by a “no-shut” applied on this interface.
Configuration:
Below screen shot show the configuration of Portfast for both Trunk and Access ports.
Below screen shot shows the configuration of BPDU Guard for switch ports.
Verification
We can verify if the Portfast is enabled using the commands shown in below screen shot.
We can verify if the BPDU Guard is enabled using commands shown in below screen shot.

I was having troubles with this as well when a customer had an older Aruba Controller and 2 Access Points. We went with a couple IAP-205s and needed LDAP integration. Using the above configuration there were some additional items needed. I found that I needed the DISPLAY NAME of the admin for the Admin-DN. I had created a user with the first name Aruba and the last name LDAP. This made the DISPLAY NAME "Aruba LDAP". This is what needs to be in the CN= for the Admin-DN.I also found there is a difference in using the CN= and OU=Currently our admin account is in the Users group which is a “Container”. Our actual user accounts are stored in an Orginizational Unit with sub OUs as well. So the Admin-DN needed the CN=Users and the Base-DN needed the OU=MyUserOU.For the windows machines I had to download and install the Aruba GTC Shim because the customer was previously using GTC and they were not going to a RADIUS server at the moment. My Android phone and IPHONE did not need any additional addins for the authentication. The windows laptop I am using I needed to manually create a wireless profile with… Security Tab >“Choose a network authentication method:”Microsoft: Protected EAP (PEAP)Settings >Select “Trusted Root Certification Authorities”GeoTrust Global CASelect Authentication Method:EAP-Token (This is the Aruba GTC Shim) This allowed me to use my domain login credentialsUsernamePasswordDomain (This is blank because the Base-DN already has this, if anything is put in here the authentication fails)

Etherchannel - err disabled

Hello, I'm practicing forming Etherchannel groups and I have a question. I have two switches with Fa 0/5, 6 ,7 as trunks between the switches. When create the Po1 adding each interface one by one (first in one SW and then in the other SW) my Po1 goes to an err-disabled status in the first SW. Then I have to enter into the Po1 interface, apply a shutdown and then a no shutdown and then the Po1 comes up........ is this a normal behavior when you add each interface one by one to the Po? .... see the attachment.
When I create the Po1 by adding the 3 interfaces together (int range fa 0/5 - 7) in one SW the interfaces go down. Then I do the same in the other SW and once the Po1 has been configured in both SWs the Po1 comes up by itself I dont have to apply a shu/no shut to the Po1 interface.
Is there a way to create a Po without interrupting traffic? What is the normal or best way to create the Po?

Francisco, Hi It's me again!
I'd recommend you to do as follows:
- Shut all interfaces in the channel down on both sides. To avoid the order operation problems.
- start configuring Etherchannel all interfaces.
- Make sure that all interfaces have identical configuration.
- Bring all interfaces back up.
You can use a "show interface status err-disabled" command to see what's the problem.
Hopes this link can help you some:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a00806cd87b.shtml
HTH,
Toshi

Spanning Tree PortFast BPDU Guard Enhancement

Will this solve our problems interconnecting 2 ports configured in 2 different vlans?
TIA

Hi Windell,
STP portfast BPDU guard is the feature which is specifically desinged for the ports running stp portfast on them so that a temporary introduction of a switch with lower bridge ID should not disrupt the network topology.At the reception of BPDUs, the BPDU guard operation disables the port that has PortFast configured. The BPDU guard transitions the port into errdisable state.
Please see the link:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a008009482f.shtml
I didnot get your question. Can you eleborate more on this.
regards,
-amit singh

BPDU Guard

Ok, it's been a while since this was discussed, so I wanted to throw out another question about BPDU Guard...
As is taught in CCNA Security, BPDU Guard is NOT enabled by default.
If command:
spanning-tree portfast
is issued, BPDU Guard is NOT configured automatically, correct?
Now, I'm confused on the per interface and global config commands.
If I issue
spanning-tree bpduguard enable
from global config, it will be turned on with all ports running portfast that are NOT trunked, correct?
Final question, what does:
spanning-tree portfast bpduguard default
accomplish? Is this a valid command statement? Because if that command is issued, if I do a sho run on a particular interface, and if that command actually turns on bpduguard, shouldnt I see "spanning-tree bpduguard enable"?
Thanks!

Question about this topic, why recommeds Cisco LMS 4.0 Best practice to use both BPDUfilter?
LMS reports a Best Practice Deviation if PortFast is enabled and BPDU-Guard is not enabled on a port. BPDU-Guard prevents spanning-tree loops by moving a port into the errdisable state when a BPDU is received on that port. When you enable BPDU-Guard on the switch, spanning tree shuts down the interfaces that receive BPDUs instead of putting the interfaces into the spanning-tree blocking state. Impact Cisco recommends that you enable BPDUGuard to block incoming BPDUs on edge devices (end-hosts). The Cisco BPDUGuard feature, when enabled, informs the switch to disable PortFast ports if a BPDU is received on those ports. BDPUGuard can be enabled on each port or globally. When you enable BPDUGuard globally, it applies to all PortFast-enabled ports on the switch.
LMS reports a Best Practice Deviation when BPDU Filter is not enabled on access ports. Impact BPDU filtering allows you to avoid transmitting BPDUs on PortFast-enabled ports that are connected to an end system. When you enable PortFast on the switch, spanning tree places ports in the forwarding state immediately, instead of going through the listening, learning, and forwarding states. By default, spanning tree sends BPDUs from all ports regardless of whether PortFast is enabled. BDPUFilter can be enabled for each port or globally. When you enable BPDUFilter globally, it applies to all PortFast-enabled ports on the switch. When you disable PortFast on a port, the BPDU Filter that was globally enabled on the PortFast enabled port is also disabled.

WS-C6509-V-E VSS Pair: Random ports going into err-disabled due to udld error

We recently (a few months ago) put two 6509s into VSS mode and had many teething problems. One of the problems we had was random ports on switch 2 of the pair came up in err-disabled mode after a reboot. We somehow fixed them by combinations of shut/no shut, reseating or changing SFPs, etc.
Two days ago we saw half of the ports on one card were in err-disabled mode due to udld errors. We cannot find a way to bring them back up (tried udld resets, etc) and think it's really strange that it's a block of ports on the same card. Also it's strange since last time we had this problem it was on different cards (switch 2 as well though).
See below Te2/3/5-12 are in err-disabled mode. All other ports are fine. We highly doubt a physical problem with fibre and SFPs. Initially suspected the line card, but happened on different cards last time.
Is there some bug anyone is aware of? Software or physical issue?
Thanks in advance,
Paolo.
Hardware: WS-C6509-V-E
Version 15.1(2)SY3
XD#sh mod
Mod Ports Card Type Model Serial No.
1 20 DCEF2T 4 port 40GE / 16 port 10GE WS-X6904-40G SAL1737CMC3
2 20 DCEF2T 4 port 40GE / 16 port 10GE WS-X6904-40G SAL1737CMCH
3 20 DCEF2T 4 port 40GE / 16 port 10GE WS-X6904-40G SAL1737CMCQ
4 20 DCEF2T 4 port 40GE / 16 port 10GE WS-X6904-40G SAL1739D8NA
5 5 Supervisor Engine 2T 10GE w/ CTS (Acti VS-SUP2T-10G SAL1737CU10
6 5 Supervisor Engine 2T 10GE w/ CTS (CSSO VS-SUP2T-10G SAL1737CU0L
7 20 DCEF2T 4 port 40GE / 16 port 10GE WS-X6904-40G SAL1739D8PF
8 20 DCEF2T 4 port 40GE / 16 port 10GE WS-X6904-40G SAL1739D8R2
9 48 CEF720 48 port 1000mb SFP WS-X6848-SFP SAL1746GBR7
XD#sh int status | i Te2/3
Te2/3/5 Mmbr HS-10G-XA-1 err-disabled 999 full 10G 10Gbase-LR
Te2/3/6 Mmbr HS-400B2-XA-1 err-disabled 999 full 10G 10Gbase-LR
Te2/3/7 Mmbr HS-AD1-XA-1 err-disabled 999 full 10G 10Gbase-LR
Te2/3/8 Mmbr HS-AD211-XA-1 err-disabled 999 full 10G 10Gbase-LR
Te2/3/9 Mmbr HS-AR101B-XA- err-disabled 999 full 10G 10Gbase-SR
Te2/3/10 Mmbr HS-AS1-XA-1 err-disabled 999 full 10G 10Gbase-LR
Te2/3/11 Mmbr HS-AS4-XA-1 err-disabled 999 full 10G 10Gbase-LR
Te2/3/12 Mmbr HS-AV-XA-1 err-disabled 999 full 10G 10Gbase-LR
Te2/3/13 Mmbr HS-BA107-XA-1 connected trunk full 10G 10Gbase-LR
Te2/3/14 Mmbr HS-BA4-XA-1 connected trunk full 10G 10Gbase-LR
Te2/3/15 Mmbr HS-BA4-XA-2 connected trunk full 10G 10Gbase-LR
Te2/3/16 Mmbr HS-BA7-XA-1 connected trunk full 10G 10Gbase-LR
Te2/3/17 Mmbr HS-BA9-XA-1 connected trunk full 10G 10Gbase-LR
Te2/3/18 Mmbr HS-BA12-XA-1 connected trunk full 10G 10Gbase-LR
Te2/3/19 Mmbr HS-BAHUB-XA-1 disabled 999 full 10G No Connector
Te2/3/20 Mmbr HS-BOOKSHOP-X connected trunk full 10G 10Gbase-LR

What do these err-disabled ports connect to?

Administrating Data Guard without complexity of Grid Control. Possible?

I wonder if someone can shed some wisdom about implementing and administrating Data Guard without the complexity of Grid Control. Don't get me wrong, I love the Data Guard feature provided by Grid Control, but installing Grid Control just for the sake of administrating Data Guard sounds a bit overkilling. Not to mention that I still have hard time getting Grid Control properly installed on a Windows Server 2003 box (keeps getting 503 Service Unavailable and the Servlet error).
I was told by a friend that Oracle 9 has something called EMCA (Control Assistant) that allows you to administrate Data Guide. Searching for any file containing the phrase "emca" under the Oracle directory ("c:\Oracle\product\10.2.0\db_1\BIN"), I found emca.bat and some related files. Does it mean the EMCA is actually existing in Oracle 10.2G (for Microsoft Windows Server)?
Any comment? Feeling clueless right now. :-I ....
Deecay

I have set up Dataguard 9iR2 on Linux SLES8 and use Data Guard Broker to manage switchover and failover operations. It comes with the database and is command-line based.
The documentation walks you through the setup phases quite nicely.
http://www.oracle.com/pls/db92/db92.to_toc?pathname=server.920%2Fa96629%2Ftoc.htm&remark=docindex
I would suggest a read of some of the documentation on metalink surrounding dataguard and the broker before attempting to use either ;)

LMS 4.2 - Err-disable port state

Hello,
I'm trying to figure it out how exactly LMS learns about ports in err-disable state? Which MIB or command is used?
I have two ME3400 switches with err-disabled ports but LMS shows only the ports of one of the them. Both switches are ME-3400-24TS-A
and have the same IOS version (12.2(53)SE). I'm sure data collection is running fine because it updates the other discrepancies.
What i have tried by now:
- did an SNMP walk from LMS on CISCO-ERR-DISABLED-MIB - no info found there on port status
- did an SNMP walk from LMS on CISCO-STACK-MIB - I know that this MIB contains object portAdditionalOperStatus (1.3.6.1.4.1.9.5.1.4.1.1.23) which shows the operational status of the ports, but it seems that ME3400 does not support it (although it supports CISCO-STACK-MIB), because I cannot see the SNMP reponse in the trace:
========================================================================
The following is a SNMP walk of device 192.168.6.89 starting from .1.3.6.1.4.1.9.5.1.4.1.1.23
SNMP Walk Output
.1.3.6.1.4.1.9.5.1.4.1.1.23
CISCO-STACK-MIB::portAdditionalOperStatus = No Such Object available on this agent at this OID
========================================================================
So how does LMS knows which ports are in err-disable state?
Kind regards,
Velin

Hello,
The OID that LMS uses for detecting the err-disabled state of the ports is 1.3.6.1.4.1.9.9.548.1.3.1.1.2 (cErrDisableIfStatusCause) from CISCO-ERR-DISABLE-MIB
Velin

BPDU Guard without ERR-Disable

Similar Messages

Maybe you are looking for