Troubleshooting BPDU Guard

The following procedures provide information to troubleshoot issues with Bridge Protocol Data Unit (BPDU) Guard.

No Packets Received on the Port

For BPDU Guard to work on a port, the port must receive BPDU packets. Perform the following procedure to troubleshoot cases when the port does not receive packets.

Procedure

  1. Enter Privileged EXEC mode:

    enable

  2. Show the BPDU Guard status for the port:

    show spanning-tree bpduguard {sub-port]][,...][slot/all][all]}

  3. Use the following command to verify that the port receives packets:

    show interfaces gigabitEthernet statistics verbose {sub-port]][,...][slot/all][all]}

  4. Verify that the remote port is sending packets:

    show spanning-tree {mstp|rstp} port role [{sub-port]][,...][slot/all][all]}]

    show spanning-tree {mstp|rstp} port statistics [{sub-port]][,...][slot/all][all]}]

Example

Port 1/8 receives packets. The remote port is disabled and does not send BPDU packets.

The following example shows that BPDU Guard is enabled for port 1/8. The BPDU Guard administrative state for the port is enabled but the timer counter is 0. 

Switch:1>enable
Switch:1#show spanning-tree bpduguard 1/8
========================================================================================
                                   Bpdu Guard 
========================================================================================
Port      PORT         PORT                TIMER   BPDUGUARD    BPDUGUARD   
NUM MLTID ADMIN_STATE  OPER_STATE TIMEOUT  COUNT   ADMIN_STATE  ORIGIN
----------------------------------------------------------------------------
1/8        Up           Up         120      0       Enabled     CONFIG  
Switch:1#show interfaces gigabitEthernet statistics verbose 1/8
=================================================================================================
                                          Port Stats Interface Extended
=================================================================================================
PORT_NUM IN_UNICST  OUT_UNICST IN_MULTICST  OUT_MULTICST IN_BRDCST  OUT_BRDCST   IN_LSM   OUT_LSM
-------------------------------------------------------------------------------------------------
1/8    201          0          160062       60943        4          72           0         0
Switch:1#show spanning-tree mstp port role 1/8
================================================================================
                           CIST Port Roles and States
================================================================================
Port-Index  Port-Role    Port-State   PortSTPStatus  PortOperStatus
--------------------------------------------------------------------------------
1/8       Disabled     Forwarding   Disabled       Disabled     
Switch:1#show spanning-tree mstp port statistics 1/8
================================================================================
                           MSTP Cist Port Statistics
================================================================================
Port Number                        : 1/8
Cist Port Fwd Transitions          : 0
Cist Port Rx MST BPDUs Count       : 0
Cist Port Rx RST BPDUs Count       : 0
Cist Port Rx Config BPDUs Count    : 0
Cist Port Rx TCN BPDUs Count       : 0
Cist Port Tx MST BPDUs Count       : 0
Cist Port Tx RST BPDUs Count       : 0
Cist Port Tx Config BPDUs Count    : 0
Cist Port Tx TCN BPDUs Count       : 0
Cist Port Invalid MSTP BPDUs Rx    : 0
Cist Port Invalid RST BPDUs Rx     : 0
Cist Port Invalid Config BPDUs Rx  : 0
Cist Port Invalid TCN BPDUs Rx     : 0
Cist Port Proto Migr Count         : 0

Variable Definitions

Use the data in the following table to use the show spanning-tree bpduguard command.

Variable

Value

{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}
Identifies the slot and port in one of the following formats:

  • a single slot and port (slot/port)

  • a range of slots and ports (slot/port-slot/port)

  • a series of slots and ports (slot/port,slot/port,slot/port)

  • all ports on the same slot (slot/all)

  • all ports on the switch (all)

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

Use the data in the following table to use the show interfaces gigabitEthernet statistics verbose command.

Variable

Value

{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}
Identifies the slot and port in one of the following formats:

  • a single slot and port (slot/port)

  • a range of slots and ports (slot/port-slot/port)

  • a series of slots and ports (slot/port,slot/port,slot/port)

  • all ports on the same slot (slot/all)

  • all ports on the switch (all)

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

Use the data in the following table to use the show spanning-tree command.

Variable

Value

{mstp|rstp}

Specifies the spanning tree protocol.

{slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}
Identifies the slot and port in one of the following formats:

  • a single slot and port (slot/port)

  • a range of slots and ports (slot/port-slot/port)

  • a series of slots and ports (slot/port,slot/port,slot/port)

  • all ports on the same slot (slot/all)

  • all ports on the switch (all)

If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
9039040-00 Rev AB