BPDUs and topology change notifications being recorded in the switch logs and possibly causing network flapping

Hi,

For BPDU error log, it is best to find the origin of the source and isolate. This log message specifies that an invalid spanning tree BPDU was received in an interface of the switch. The reasons for a BPDU to be classified as invalid are numerous. One of the most common scenarios is when the connected device sends a BPDU with a different forward delay. We can get a clear picture of this from the debug outputs and packet capture.

Hi, Joey thanks for your reply

I will try to capture the packets in my switch for a better analisys.

So, yeah, on the logs after a port link up the logs mentioneds above, come.

Just a question, iam thinking in configure bpdu filter on all switches access ports in this model, but my doubt about its:
the comand "spanning-tree bpbud filter" what is the real action of him, in documentation we see that he will filter all packets receiveds of bpdu packets on access interfaces, but on concept of this feature is the bpdu filter will filter the bpdu packets send of access interfaces off the switch, can you explain me that, iam a little confuse about it.

one more time, ty for you reply

Hi, 

BPDU filtering should be used cautiously, especially in a production environment. Applying it globally may prevent the network from detecting loops, which could result in more severe issues. Instead of BPDU filtering, consider using BPDU Guard on access ports with PortFast enabled. BPDU Guard will disable the port if any BPDU is received, which can prevent loops while still allowing the switch to react to potential issues. This is generally safer than filtering BPDUs entirely.

Hi, thankyou Erman O
i am using as a L2 switches dell power connect 6248 version 3.3.18.1.
on this model i only have some options about it:
1 - spanning-tree bpdu-protection - enable globally on the switch

2 - spanning-tree guard (root, loop e none) - enable on interfaces off the switch
3 - spanning-tree loopguard
Are there some other options or commands what i am missing?

thankyou for the reply

Hello,

Here are spanning-tree changes that are targeted for the specific issues. In this case, we see 2 logs:

1) dot1s_txrx.c(188) 297104 %% dot1sBpduReceive(): Discarding the BPDU, since it is an invalid BPDU type

It was mentioned above that this log comes out when a BPDU is received from a neighboring switch when there is a different forward delay in that BPDU message. This means that a neighboring switch  is running a different version of spanning-tree. For example the default forward delay is 15 seconds for RSTP, but for 802.1D Spanning Tree Protocol (STP) it is 2x 15 = 30 seconds. The spanning tree version can be checked on the current switch and the connected switches using “show spanning-tree” to determine what type of spanning-tree they are running and if it is different version, can change the spanning-tree version during a maintenance time to run the same version, for example RSTP.  This will help with the convergence and may help with the flapping issue.

2) traputil.c(610) 2232 %% Spanning Tree Topology Change: 0, Unit: 1

Spanning-tree TCN (topology changes) log indicates that there are interfaces that are missing the “spanning-tree edgeport”   or “spanning-tree portfast” configuration under the interfaces that are connected to end devices (severs, printers…).  This edgeport/portfast configuration should not be set on the interfaces that connect to switches. It should be set only on the interfaces that connect to devices.  This configuration should be present on all switches in the spanning-tree domain, because the TCNs can traverse across several switches.

Hi

Thankyou for yours supports, i will revise my topology, spanning-tree configurations and also my configurations on interfaces access, and comeback for a feedback.