After the connection between two switches could not be established I went to see the log of the uplink switch and the first thing I have noticed was this:
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0/1 VLAN300.
%SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet0/1 on VLAN0300. Inconsistent port type.
The two switches were connected via access ports and this message was on my side, since the other side was the service provider and I was not given the technical details of “the other side”.
In short, interface was receiving BPDU’s which weren’t supposed to be there. This was the interface configuration:
switchport access vlan 300
switchport mode access
Portfast port is designed to be connected to a device where BPDU’s are not expected. When BPDU guard is enabled (globally or per interface), the port will shutdown and enter a errdisable state. BPDU guard global enable is a great solution to protect portfast ports on a access switch where you don’t expect a switch to be plugged in.
In short, interface was receiving BPDU’s which weren’t supposed to be there!
The solution is the “spanning-tree bpdufilter enable” command which disables spanning tree on a port and that is made by restricting (filtering) sending and receiving BPDU’s. When enabled on a global level, BPDU filter will apply to all portfast ports.
Here is the configuration:
switch1(config)#spanning-tree portfast bpdufilter default
switch1(config-if)#spanning-tree bpdufilter enable