You are here: Home Documents BPDU Guard Testing

BPDU Guard Testing

We have confirmed the loop avoidance feature by BPDU Guard and errdisable functions.

Introduction

The affection of the broadcast storm caused by the network loop might spread to whole network. EOS has BPDU Guard function and it is able to choke off the loop with using errdisable function effectively. We have simulated the network loop and confirmed BPDU Guard function works correctly.

 

Result

We confirmed following issues;

  • Under global configuration mode, when you turns BPDU Guard on, BPDU Guard is enabled on all ports which has PortFast attribute.
  • When you turns BPDU Guard on the specific interface, BPDU Guard is enabled either off or on about the PortFast attribute.
  • When BPDU Guard activated port detects the loop, the status of that port to be errdisable.
  • You can set the timer of errdisable automatic recovery.

 

About BPDU Guard

 

When the port has PortFast attribute or specified by operator receives BPDU frame, BPDU Guard function turned the port status to error-disable. Ports which has PortFast attribute assume to be connected to the host directly then the receiving BPDU means the network loop occurrence in high probability.

Automatic recovery feature is also ready and it is adjustable the timer of it.

 

Operations

 

There are two way to set BPDU Guard function, (1) under global configuration mode and (2) under interface configuration mode.

(1) Under global configuration mode, when you turns BPDU Guard on, BPDU Guard is enabled on all ports which has PortFast attribute.

 

localhost(config)#spanning-tree portfast bpduguard default
localhost(config-if-Et7)#spanning-tree portfast

(2) Under specific interface configuration mode, BPDU Guard is enabled either off or on about the PortFast attribute.

localhost(config-if-Et7)#spanning-tree bpduguard enable
It needs to enable the recover property of Errdisable function for automatic recovery. (default is disable)
localhost(config)#errdisable recovery cause bpduguard
Timer for automatic recovery is also adjustable. (default is 300 seconds.)
localhost(config)#errdisable recovery interval <time>
 <30-86400>  Recovery time in seconds

Verification process

We have tested basic functions of BPDU Guard and errdisable in following setup and sequence. We simulates network loop in port 7 and observes the port status moves to errdisable correctly. And we confirmed that when the port 7 received BPDU packet, the port status had been changed to errdisable immediately (*1). And after the time of automatic recovery period (*2), the port status had been reseted to forwarding.

Configuration

localhost(config)#spanning-tree portfast bpduguard default
localhost(config-if-Et7)#spanning-tree portfast 
localhost(config-if-Et7)#exit
localhost(config)#errdisable recovery cause bpduguard 
localhost(config)#errdisable recovery interval 30

Normal state

localhost(config)# show errdisable recovery 
Errdisable Reason    Timer Status
-----------------    ------------
bpduguard            Enabled
portsec              Disabled
xcvr-unsupported     Disabled

Timer Interval: 30 seconds <---automatic recovery time

Interfaces that will be enabled at the next timeout:

Error state : port 7 detected loop error ( automatic recovery timer set to 30 seconds)

localhost(config)# show errdisable recovery 
Errdisable Reason    Timer Status
-----------------    ------------
bpduguard            Enabled
portsec              Disabled
xcvr-unsupported     Disabled

Timer Interval: 30 seconds

Interfaces that will be enabled at the next timeout:
Interface      Errdisable reason      Time left(sec)
---------      -----------------      --------------
Ethernet7      bpduguard              27       *1 after BPDU receiving, the status changed to errdisable
Filed under: