«

I have a new 3560, and when I uplink a different switch to either port
48 <or some other port>, the Catalyst starts complaining about:


<on a port with a desktop macro>
A security violation has occured. Then it gives the MAC of the
offending switch, and states that BDPU has passed and the port is being
shut down.

<on port 48 with the cisco switch macro>
No response from the other switch. the switch stops passing traffice,
PC's hooked to that switch lose there DHCP address and cannot renew.

The management IP of this switch is a free IP/Mask with in our network,
so I am confused.

I have tried this with 3com switches and Dell switches.

Any idea why I can't pass traffic between the switches?

Post the complete switch config

here it is
pretty basic


rfg3560#sh run inactivity
Building configuration...
macro

Current configuration : 16070 bytes
spanning-tre
!p
version 12.2
no service pad-tree bpduguar
service timestamps debug uptime
!
interface FastEthern
service timestamps log uptime
switchport mode access
no service password-encryptionport-security
!
hostname rfg3560 port-security a
!n
enable secret 5 $1$QL32$YrGAfHdOYW1iXRjC217ka0 switchport port-security
violation restrict
!
no aaa new-model
ip subnet-zeroort port-secur
!y
!g
!g
!y
no file verify auto
spanning-tree mode pvs
switchport mode a
switchport port-security
switchport port-secur
switchport port-security aging time 2t port-security aging time 2

switchport port-security violation restrict-security violation
restrict
switchport port-security aging type inactivitycurity aging type
inactivity
macro description cisco-desktopro description cisco-desktop
spanning-tree portfast
spanning-tree por
spanning-tree bpduguard enableanning-tree bpduguard enable
!
interface FastEthernet0/2!
interface FastEthernet
switchport mode access
switchport mode a
switchport port-security
switchport port-secur
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable

interface FastEthernet0/3
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/4
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/5
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/6
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/7
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/8
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/9
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/10
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/11
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/12
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/13
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/14
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/15
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/16
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/17
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/18
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/19
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/20
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/21
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/22
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/23
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/24
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/25
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/26
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/27
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/28
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/29
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/30
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/31
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/32
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/33
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/34
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/35
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/36
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/37
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/38
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet0/39
switchport mode access
switchport port-security
switchport port-security aging time 2

switchport port-security violation restrict

switchport port-security aging type inactivity

macro description cisco-desktop@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
spanning-tree portfast
spanning-tree bpduguard enable
@@@@@@@@@@@@@
!@
interface FastEthernet0/40@@@@@@@@@@@@@@@@@@@@@@@@@@
switchport mode access
switchport port-security
@@@@@@
switchport port-security aging time
2@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
switchport port-security violation restrict

@@@@@@@@@@@
switchport port-security aging type inactivity@@@@@@@@@@@@@@@@@@@@@

macro description cisco-desktop
@@@@@@@@@@
spanning-tree portfast@@@@@@@@@@@@@@@@@@@@@@@
spanning-tree bpduguard enable
!
interface FastEthernet0/41
@@@@@@@@@@@@@@@
switchport mode access@@@@@@@@@@@@@@@@@@@@@@@
switchport port-security
switchport port-security aging time 2

!@
interface FastEthernet0/42@@@@@@@@@@@@@@
switchport mode access
switchport port-security@@@@@@@@@@@@@@@@@@@@@@@@@
switchport port-security aging time 2@@@@@@@@@@@@

switchport port-security violation restrict
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
switchport port-security aging type inactivity

macro description cisco-desktop@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
spanning-tree portfast@@@@@@@@@@@@@@@@@@@@@@@
spanning-tree bpduguard enable
!
interface FastEthernet0/43
switchport port-security aging time 2
@@@@@@@@@@@@@
switchport port-security violation restrict@@@@@@@@@@@@@@@@@@@@@@

switchport port-security aging type inactivity
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
macro description cisco-desktop@@@@@@@@@@@
spanning-tree portfast
spanning-tree bpduguard enablec3560-ipbase-mz.122-25.SEB2/c35
!-
interface FastEthernet0/44uncompr
switchport mode access
switchport port-securitynstalled, entry point: 0x
switchport port-security aging time 2
executing...


switchport port-security violation restrict

Use, duplication,
switchport port-security aging type inactivity

subject
macro description cisco-desktopsu
switchport port-security aging time 2
Software clause
switchport port-security violation restrict

cisco
switchport port-security aging type inactivity 170 West Tasman
Drive
macro description cisco-desktope, California 95134-1706
spanning-tree portfast



Cisco IOS
spanning-tree bpduguard enable-IPBASE-M), Version 12.2(25)SEB
!
interface FastEthernet0/46
switchport mode access
SE SOFTWARE (f
switchport port-securityight (c) 1986-2005 by Cis
switchport port-security aging time 2
Compiled Tue 0
switchport port-security violation restrict

switchport port-security aging type inactivityn complete....done
Initializing flashfs.
macro description cisco-desktop

POST:
spanning-tree portfast: Begin
spanning-tree bpduguard enableIC register Tests : End, Status
!a
interface FastEthernet0/48
switchport trunk encapsulation dot1q

switchport mode
!
interface GigabitEthernet0/1 CPU MIC PortASIC interface
switchport mode accessatus Passed
switchport port-security
switchport port-security aging time 2s : Begin

switchport port-security violation restricts : End, Status Passed

switchport port-security aging type inactivityower Controller Tests :
Begin
macro description cisco-desktopnline Power Controller Tests : E
spanning-tree portfast
spanning-tree bpduguard enable: PortASIC CAM Subsystem Tests
!B
interface GigabitEthernet0/2
POST: Port
switchport mode access : End, Status Passed
switchport port-security
switchport port-security aging time 2: Begin

spanning-tree portfast
spanning-tree bpduguard enable
es of memor
!
interface GigabitEthernet0/3ID CAT0925N2HU
switchport mode accessset from power-on
switchport port-securityal Ethernet interface
switchport port-security aging time 2t interfaces

switchport port-security violation restrict
The password-recovery mechani
switchport port-security aging type inactivity

512K bytes of flash-simulated non-vo
macro description cisco-desktop
spanning-tree portfast
Base ethernet MAC A
spanning-tree bpduguard enable
!
interface GigabitEthernet0/4 assembly numbe
switchport port-security aging type inactivity

Motherboard
macro description cisco-desktop
!
interface Vlan1
ip address 10.0.0.24 255.255.255.0
!
ip default-gateway 10.0.0.1
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password Wolv3rin3
login
line vty 5 15
password Wolv3rin3
login
!
!
end

okay. this is weird. I threw up a psuedo lab. 1 El cheapo netgear 5
port switch. I plugged my PC into that. Then Plugged an open port
into Port 17 of the 3560. Assigned my PC an IP address, and no
problems. Connectivity all day.

So I went back to what I was trying to do. Basically I have a 16 port
3com switch in my office, ran back to (2) Catalyst 2950 <which accesses
the rest of the network>

I plugged the 3Com into port 24 on the 3560 and this is what happens:

rfg3560#
00:22:04: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation
occurred, cause
d by MAC address 020d.56fe.149e on port FastEthernet0/24.
00:22:05: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port
FastEthernet0/24 wi
th BPDU Guard enabled. Disabling port.
00:22:05: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/24,
putting Fa0/24
in err-disable state

When the Cisco switch receives a BPDU from the other switch it disables
the port since the BPDU guard feature is enabled.

So any switch port to which you are going to connect another switch
must have BPDU guard feature removed first. And it would be a good
idea to remove portfast from the same port.

It says that its disabled globally

rfg3560#show spanning-tree summary totals
Switch is in pvst mode
Root bridge for: VLAN0001
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
EtherChannel misconfig guard is enabled
UplinkFast is disabled
BackboneFast is disabled
Configured Pathcost method used is short

Name Blocking Listening Learning Forwarding STP
Active
---------------------- -------- --------- -------- ----------
----------
1 vlan 0 0 0 1 1
rfg3560#

You can enable the BPDU guard feature globally or on an
interface-by-interface basis.

You have it disabled globally but looks like it is enabled on most
interfaces

Thank you. I was not aware that the global config was independent of
the per port config.