I have an odd problem with my Meraki switches. Different models, but the same behaviour.
We have RSTP and BPDU Guard enabled on all our switches across the estate with the RSTP root being our core stack. We have a couple of managed Cisco (non-Meraki) switches which we installed in some key areas this week, however when connecting the switches to our network, the Meraki switch shuts down the port citing an RSTP/BPDU Guard issue. The only way I can get these other Cisco switches to function correctly on the network is to turn off RSTP for this port, which I don't like to do. This occurs even when the non-Meraki switch is the only thing connected to the Meraki switchport.
Can anyone offer me some guidance on why Meraki would see a fellow Cisco switch as a loop?
Thanks all! 🙂
Solved! Go to solution.
Well,
The BPDU guard feature can be globally enabled on the switch or can be enabled per interface, but the feature operates with some differences.
At the global level, you enable BPDU guard on Port Fast-enabled STP ports by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down STP ports that are in a Port Fast-operational state if any BPDU is received on those ports. In a valid configuration, Port Fast-enabled STP ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the error-disabled state.
I understand that in this case you should not use BPD guard between two switches.
I would be better to use the root guard on the core switch ports that uplink with other switches.
What is the bridge priority configured on your switch core:
Is the RSTP enabled on Cisco IOS switches? The ports are configured as trunk or access?
The core stack is priority 0:
The Cisco IOS devices have RSTP enabled, and the uplink is a trunk port:
Well,
The BPDU guard feature can be globally enabled on the switch or can be enabled per interface, but the feature operates with some differences.
At the global level, you enable BPDU guard on Port Fast-enabled STP ports by using the spanning-tree portfast bpduguard default global configuration command. Spanning tree shuts down STP ports that are in a Port Fast-operational state if any BPDU is received on those ports. In a valid configuration, Port Fast-enabled STP ports do not receive BPDUs. Receiving a BPDU on a Port Fast-enabled port signals an invalid configuration, such as the connection of an unauthorized device, and the BPDU guard feature puts the interface in the error-disabled state.
I understand that in this case you should not use BPD guard between two switches.
I would be better to use the root guard on the core switch ports that uplink with other switches.
Of course! I'm dumb. When I connected the switch it was sending out BPDU's like crazy, and because we had BPDU guard enabled, the Meraki port transitioned to a disabled state. Because it is a switch and not a client device it would always send BPDU's.
Thank you @ww and @alemabrahao for the info.
You are running bpdu guard on trunk ports connecting to the cisco catalyst?
They are not Catalyst switches. These are CBS-250's and 350's. BDPU guard is not enabled on those switches.
But are you running bpdu guard on the meraki trunk port?
Yes, BDPU guard was enabled on the Meraki trunk port, but I had to switch it off to get the CBS switch to work.
Yes because switches send bpdu's. Else it will never work
Ok, But like @ww said, switches send bpdu's. Else it will never work. 🙂