MSA Storage

Spanning Tree Trap ErrantBpdu

 
ABZ78
Occasional Advisor

Spanning Tree Trap ErrantBpdu

I have Bpdu protect and loop protect enabled on the following switch. 

I also have traps enabled.

However IMC only shows the ports being shut down and no information about the errant Bpdu trap.

Switch logs indicate:

I 05/13/21 12:45:44 00077 ports: port 1 is now off-line
I 05/13/21 12:45:44 00898 ports: BPDU protect(5) has disabled port 1
W 05/13/21 12:45:44 00840 stp: port 1 disabled - BPDU received on protected 

 

 

Software revision : WC.16.10.0012
ROM Version : WC.16.01.0008 

 

112-TEST-ROUTER# sh spanning-tree traps
Status and Counters - STP Traps Information

Trap Name | Status
---------------------- + --------
errant-bpdu | Enabled
new-root | Enabled
root-guard | Enabled
loop-guard | Enabled
topology-change | Disabled

The goal is to have IMC recieve the trap and set an alarm.  

We have other traps that IMC alerts us about which works fine.  IMC is able to snmp and ssh into the swtich with no issue. 

Am I missing something? 

7 REPLIES 7
akg7
HPE Pro

Re: Spanning Tree Trap ErrantBpdu

Hello,

 

Can you configure on switch:

Aruba(config)# logging <imc server ip>

 

then check into imc:

 

IMC-->Alarm-->Syslog Management-->Browse Syslog

 

I believe it will resolve the issue.

 

Thanks!

I am an HPE Employee

Accept or Kudo

ABZ78
Occasional Advisor

Re: Spanning Tree Trap ErrantBpdu

Adding the logging will show the BPDU in the Syslog of IMC, however I have been unsuccessful in creating an alarm from the syslog so far. 

akg7
HPE Pro

Re: Spanning Tree Trap ErrantBpdu

Hello,

Are you getting traps for BPDU?

If yes then can you try to add 'Trap to Alarm' and create a rule 'Errant BPDU'?

Thanks!

I am an HPE Employee

Accept or Kudo

ABZ78
Occasional Advisor

Re: Spanning Tree Trap ErrantBpdu

I can see the follwoing in traps:

The interface 10 is DOWN

I can see the following in the syslog:

port 10 disabled - BPDU received on protected port

I can not set the Trap to Alarm because the BPDU does not show as a trap.

If I try to set Syslog to Alarm using the name "BPDU Guard" I do not get any alarms. 

 

 

akg7
HPE Pro

Re: Spanning Tree Trap ErrantBpdu

Hello,

Alright, can you try to create a new 'Trap Rule' from Alram-->Trap Mamangement-->Trap to Alarm and click on Add.

Fill details lie below and select 'Trap Type' and do query for 'ErrantBPDU'

Select the trap name and cick 'ok' and 'ok'

 

bp1.JPG

 

 

BP2.JPG

 

Thanks!

I am an HPE Employee

Accept or Kudo

ABZ78
Occasional Advisor

Re: Spanning Tree Trap ErrantBpdu

I have set that up in IMC and still no alarm. 

I have the following set up on the switch:  spanning-tree trap errant-bpdu new-root root-guard loop-guard

All ports except the uplink is Bpdu-protected and loop-protected.

I see the following in Alarms---> Trap Management---> Browse Trap

Name   Link DOWN   OID   1.3.6.1.6.3.1.1.5.2   Trap at   2021-05-20 08:23:20   Trap Source   112 Router(10.200.5.1) More Traps...   Description   The interface 11 is DOWN.   Trap Cause   The link goes DOWN, and the possible causes are: 1.The user disables the interface. 2.The network cable on the interface is removed or damaged. 3.The IP address of the interface is deleted in the configuration. 4.The peer interface of the link is faulty.   Remediation Suggestion   1.Check if the interface is disabled. If yes, enable the interface. 2.Check if the network cable on the interface is removed or damaged. 3. Check if the interface has a correct IP address. 4.Check if the peer interface is faulty.

 

 

I see the following in Alarm--> Syslog Mangement--> Browse Syslog

 

Detailed Information

  System Name     Device IP 10.200.5.1   Receive Time 2021-05-20 08:23:20   Module Name     Level Warning   Repeat Times 1   Description <12>May 20 08:23:19 10.200.3.2 00840 stp: port 11 disabled - BPDU received on protected port.   Original Log Text <12>May 20 08:23:19 10.200.3.2 00840 stp: port 11 disabled - BPDU received on protected port.

 

akg7
HPE Pro

Re: Spanning Tree Trap ErrantBpdu

Hello,

 

Sorry for delayed response.

There is need of remote session/LAB intervention.

We request you to log a case on HPE Support Center portal for further resolution using the link:

 

https://support.hpe.com/hpesc/public/home/

 

Thanks!

I am an HPE Employee

Accept or Kudo