fter the connection between two switches could not be established I went to see the log of the uplink switch and the first thing I have noticed was this:

%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk FastEthernet0/1 VLAN300.
%SPANTREE-7-BLOCK_PORT_TYPE: Blocking FastEthernet0/1 on VLAN0300. Inconsistent port type.

The two switches were connected via access ports and this message was on my side, since the other side was the service provider and I was not given the technical details of “the other side”.

In short, interface was receiving BPDU’s which weren’t supposed to be there. This was the interface configuration:

interface FastEthernet0/1
description UPLINK
switchport access vlan 300
switchport mode access
spanning-tree portfast

Portfast port is designed to be connected to a device where BPDU’s are not expected. When BPDU guard is enabled (globally or per interface), the port will shutdown and enter a errdisable state. BPDU guard global enable is a great solution to protect portfast ports on a access switch where you don’t expect a switch to be plugged in.

The solution is the “spanning-tree bpdufilter enable” command which disables spanning tree on a port and that is made by restricting (filtering) sending and receiving BPDU’s. When enabled on a global level, BPDU filter will apply to all portfast ports.

Here is the configuration:

switch1(config)#spanning-tree portfast bpdufilter default

switch1(config)#int fa0/1
switch1(config-if)#spanning-tree bpdufilter enable

