Catalyst 3560 causing switches to freeze?

Discussion in 'Cisco' started by justin_ltg@yahoo.com, May 8, 2006.

  1. Guest

    I have a new 3560, and when I uplink a different switch to either port
    48 <or some other port>, the Catalyst starts complaining about:


    <on a port with a desktop macro>
    A security violation has occured. Then it gives the MAC of the
    offending switch, and states that BDPU has passed and the port is being
    shut down.

    <on port 48 with the cisco switch macro>
    No response from the other switch. the switch stops passing traffice,
    PC's hooked to that switch lose there DHCP address and cannot renew.

    The management IP of this switch is a free IP/Mask with in our network,
    so I am confused.

    I have tried this with 3com switches and Dell switches.

    Any idea why I can't pass traffic between the switches?
     
    , May 8, 2006
    #1
    1. Advertising

  2. Merv Guest

    Post the complete switch config
     
    Merv, May 8, 2006
    #2
    1. Advertising

  3. Guest

    here it is
    pretty basic


    rfg3560#sh run inactivity
    Building configuration...
    macro

    Current configuration : 16070 bytes
    spanning-tre
    !p
    version 12.2
    no service pad-tree bpduguar
    service timestamps debug uptime
    !
    interface FastEthern
    service timestamps log uptime
    switchport mode access
    no service password-encryptionport-security
    !
    hostname rfg3560 port-security a
    !n
    enable secret 5 $1$QL32$YrGAfHdOYW1iXRjC217ka0 switchport port-security
    violation restrict
    !
    no aaa new-model
    ip subnet-zeroort port-secur
    !y
    !g
    !g
    !y
    no file verify auto
    spanning-tree mode pvs
    switchport mode a
    switchport port-security
    switchport port-secur
    switchport port-security aging time 2t port-security aging time 2

    switchport port-security violation restrict-security violation
    restrict
    switchport port-security aging type inactivitycurity aging type
    inactivity
    macro description cisco-desktopro description cisco-desktop
    spanning-tree portfast
    spanning-tree por
    spanning-tree bpduguard enableanning-tree bpduguard enable
    !
    interface FastEthernet0/2!
    interface FastEthernet
    switchport mode access
    switchport mode a
    switchport port-security
    switchport port-secur
    switchport mode access
    switchport port-security
    switchport port-security aging time 2
    switchport port-security violation restrict
    switchport port-security aging type inactivity
    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable

    interface FastEthernet0/3
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/4
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/5
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/6
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/7
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/8
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/9
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/10
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/11
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/12
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/13
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/14
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/15
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/16
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/17
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/18
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/19
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/20
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/21
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/22
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/23
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/24
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/25
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/26
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/27
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/28
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/29
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/30
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/31
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/32
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/33
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/34
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/35
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/36
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/37
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/38
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop
    spanning-tree portfast
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/39
    switchport mode access
    switchport port-security
    switchport port-security aging time 2

    switchport port-security violation restrict

    switchport port-security aging type inactivity

    macro description cisco-desktop@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    spanning-tree portfast
    spanning-tree bpduguard enable
    @@@@@@@@@@@@@
    !@
    interface FastEthernet0/40@@@@@@@@@@@@@@@@@@@@@@@@@@
    switchport mode access
    switchport port-security
    @@@@@@
    switchport port-security aging time
    2@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    switchport port-security violation restrict

    @@@@@@@@@@@
    switchport port-security aging type inactivity@@@@@@@@@@@@@@@@@@@@@

    macro description cisco-desktop
    @@@@@@@@@@
    spanning-tree portfast@@@@@@@@@@@@@@@@@@@@@@@
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/41
    @@@@@@@@@@@@@@@
    switchport mode access@@@@@@@@@@@@@@@@@@@@@@@
    switchport port-security
    switchport port-security aging time 2

    !@
    interface FastEthernet0/42@@@@@@@@@@@@@@
    switchport mode access
    switchport port-security@@@@@@@@@@@@@@@@@@@@@@@@@
    switchport port-security aging time 2@@@@@@@@@@@@

    switchport port-security violation restrict
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    switchport port-security aging type inactivity

    macro description cisco-desktop@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    spanning-tree portfast@@@@@@@@@@@@@@@@@@@@@@@
    spanning-tree bpduguard enable
    !
    interface FastEthernet0/43
    switchport port-security aging time 2
    @@@@@@@@@@@@@
    switchport port-security violation restrict@@@@@@@@@@@@@@@@@@@@@@

    switchport port-security aging type inactivity
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    macro description cisco-desktop@@@@@@@@@@@
    spanning-tree portfast
    spanning-tree bpduguard enablec3560-ipbase-mz.122-25.SEB2/c35
    !-
    interface FastEthernet0/44uncompr
    switchport mode access
    switchport port-securitynstalled, entry point: 0x
    switchport port-security aging time 2
    executing...


    switchport port-security violation restrict

    Use, duplication,
    switchport port-security aging type inactivity

    subject
    macro description cisco-desktopsu
    switchport port-security aging time 2
    Software clause
    switchport port-security violation restrict

    cisco
    switchport port-security aging type inactivity 170 West Tasman
    Drive
    macro description cisco-desktope, California 95134-1706
    spanning-tree portfast



    Cisco IOS
    spanning-tree bpduguard enable-IPBASE-M), Version 12.2(25)SEB
    !
    interface FastEthernet0/46
    switchport mode access
    SE SOFTWARE (f
    switchport port-securityight (c) 1986-2005 by Cis
    switchport port-security aging time 2
    Compiled Tue 0
    switchport port-security violation restrict

    switchport port-security aging type inactivityn complete....done
    Initializing flashfs.
    macro description cisco-desktop

    POST:
    spanning-tree portfast: Begin
    spanning-tree bpduguard enableIC register Tests : End, Status
    !a
    interface FastEthernet0/48
    switchport trunk encapsulation dot1q

    switchport mode
    !
    interface GigabitEthernet0/1 CPU MIC PortASIC interface
    switchport mode accessatus Passed
    switchport port-security
    switchport port-security aging time 2s : Begin

    switchport port-security violation restricts : End, Status Passed

    switchport port-security aging type inactivityower Controller Tests :
    Begin
    macro description cisco-desktopnline Power Controller Tests : E
    spanning-tree portfast
    spanning-tree bpduguard enable: PortASIC CAM Subsystem Tests
    !B
    interface GigabitEthernet0/2
    POST: Port
    switchport mode access : End, Status Passed
    switchport port-security
    switchport port-security aging time 2: Begin

    spanning-tree portfast
    spanning-tree bpduguard enable
    es of memor
    !
    interface GigabitEthernet0/3ID CAT0925N2HU
    switchport mode accessset from power-on
    switchport port-securityal Ethernet interface
    switchport port-security aging time 2t interfaces

    switchport port-security violation restrict
    The password-recovery mechani
    switchport port-security aging type inactivity

    512K bytes of flash-simulated non-vo
    macro description cisco-desktop
    spanning-tree portfast
    Base ethernet MAC A
    spanning-tree bpduguard enable
    !
    interface GigabitEthernet0/4 assembly numbe
    switchport port-security aging type inactivity

    Motherboard
    macro description cisco-desktop
    !
    interface Vlan1
    ip address 10.0.0.24 255.255.255.0
    !
    ip default-gateway 10.0.0.1
    ip classless
    ip http server
    !
    !
    control-plane
    !
    !
    line con 0
    line vty 0 4
    password Wolv3rin3
    login
    line vty 5 15
    password Wolv3rin3
    login
    !
    !
    end
     
    , May 9, 2006
    #3
  4. Guest

    okay. this is weird. I threw up a psuedo lab. 1 El cheapo netgear 5
    port switch. I plugged my PC into that. Then Plugged an open port
    into Port 17 of the 3560. Assigned my PC an IP address, and no
    problems. Connectivity all day.

    So I went back to what I was trying to do. Basically I have a 16 port
    3com switch in my office, ran back to (2) Catalyst 2950 <which accesses
    the rest of the network>

    I plugged the 3Com into port 24 on the 3560 and this is what happens:

    rfg3560#
    00:22:04: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation
    occurred, cause
    d by MAC address 020d.56fe.149e on port FastEthernet0/24.
    00:22:05: %SPANTREE-2-BLOCK_BPDUGUARD: Received BPDU on port
    FastEthernet0/24 wi
    th BPDU Guard enabled. Disabling port.
    00:22:05: %PM-4-ERR_DISABLE: bpduguard error detected on Fa0/24,
    putting Fa0/24
    in err-disable state
     
    , May 9, 2006
    #4
  5. Merv Guest

    When the Cisco switch receives a BPDU from the other switch it disables
    the port since the BPDU guard feature is enabled.

    So any switch port to which you are going to connect another switch
    must have BPDU guard feature removed first. And it would be a good
    idea to remove portfast from the same port.
     
    Merv, May 9, 2006
    #5
  6. Guest

    It says that its disabled globally

    rfg3560#show spanning-tree summary totals
    Switch is in pvst mode
    Root bridge for: VLAN0001
    Extended system ID is enabled
    Portfast Default is disabled
    PortFast BPDU Guard Default is disabled
    Portfast BPDU Filter Default is disabled
    Loopguard Default is disabled
    EtherChannel misconfig guard is enabled
    UplinkFast is disabled
    BackboneFast is disabled
    Configured Pathcost method used is short

    Name Blocking Listening Learning Forwarding STP
    Active
    ---------------------- -------- --------- -------- ----------
    ----------
    1 vlan 0 0 0 1 1
    rfg3560#
     
    , May 9, 2006
    #6
  7. Merv Guest

    You can enable the BPDU guard feature globally or on an
    interface-by-interface basis.

    You have it disabled globally but looks like it is enabled on most
    interfaces
     
    Merv, May 9, 2006
    #7
  8. Guest

    Thank you. I was not aware that the global config was independent of
    the per port config.
     
    , May 9, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex g
    Replies:
    0
    Views:
    492
    Alex g
    Feb 21, 2006
  2. Replies:
    1
    Views:
    3,061
  3. Rich
    Replies:
    4
    Views:
    1,436
  4. Replies:
    3
    Views:
    548
  5. isptrader
    Replies:
    0
    Views:
    1,828
    isptrader
    Dec 20, 2007
Loading...

Share This Page