Many people wonder whether the AP sends the BPDU (Bridge Protocol Data Unit). The answer is that APs don't typically send BPDUs.
Obtaining a packet capture or debug log from the switch port is the only way to prove objectively that the AP is sending out the BPDU. My lab switch has an AP connected on Gig 1/0/2.
The following is my AP configuration on the switch port.
LAB_SWITCH#show running-config interface gigabitEthernet 1/0/2
Building configuration...
Current configuration : 65 bytes
!
interface GigabitEthernet1/0/2
switchport access vlan 33
end
Let's check the STP status for the VLAN 33 where I have configured my AP.
LAB_SWITCH#show spanning-tree vlan 33
VLAN0033
Spanning tree enabled protocol rstp
Root ID Priority 24576
Address 00a5.bf9d.a880
Cost 23004
Port 9 (GigabitEthernet1/0/9)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32801 (priority 32768 sys-id-ext 33)
Address 5067.ae1d.f480
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/1 Desg FWD 4 128.1 P2p
Gi1/0/2 Desg FWD 4 128.2 P2p
Gi1/0/3 Desg FWD 4 128.3 P2p Edge
Gi1/0/4 Desg FWD 4 128.4 P2p
Gi1/0/5 Desg FWD 19 128.5 P2p
Gi1/0/6 Desg FWD 19 128.6 P2p
Gi1/0/7 Desg FWD 4 128.7 P2p
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi1/0/8 Desg FWD 4 128.8 P2p
Gi1/0/9 Root FWD 4 128.9 P2p
Gi1/0/13 Desg FWD 4 128.13 P2p
Te1/1/1 Desg FWD 2 128.53 P2pThe CDP details for the AP on the switch
LAB_SWITCH#show cdp neighbors Gi1/0/1 detail
-------------------------
Device ID: AP1416-9D4A-4810
Entry address(es):
IP address: 10.106.33.191
IPv6 address: FE80::1616:9DFF:FE4A:4810 (link-local)
Platform: cisco AIR-AP1832I-D-K9, Capabilities: Router Trans-Bridge
Interface: GigabitEthernet1/0/1, Port ID (outgoing port): GigabitEthernet0
Holdtime : 136 sec
Version :
Cisco AP Software, ap1g4-k9w8 Version: 8.10.151.0
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2014-2015 by Cisco Systems, Inc.
advertisement version: 2
Duplex: full
Power drawn: 17.200 Watts
Power request id: 50799, Power management id: 8
Power request levels are:17200 15400 0 0 0
Management address(es):
IP address: 10.106.33.191
Total cdp entries displayed : 1
To determine if the AP is sending the BPDU, we will enable the STP BPDU debug on the switch.
LAB_SWITCH#debug spanning-tree bpdu trasnmit
LAB_SWITCH#debug spanning-tree bpdu receive
LAB_SWITCH#show debugging
IOSXE Conditional Debug Configs:
Conditional Debug Global State: Stop
Packet Infra debugs:
Ip Address Port
------------------------------------------------------|----------
Spanning Tree:
Spanning Tree BPDU Transmitted debugging is on
Spanning Tree BPDU Received debugging is on
As you can see, our switch is only sending BPDUs to the port where my AP is connected, but it is not receiving any from the AP.
LAB_SWITCH#
Dec 7 06:11:01.996: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:02.666: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:03.998: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:05.999: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:06.830: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:08.001: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:10.003: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:10.993: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:12.006: RSTP(33): sending BPDU out Gi1/0/2
Dec 7 06:11:14.007: RSTP(33): sending BPDU out Gi1/0/2
Based on the above, we can conclude that the AP does not send BPDU frames.
Note:
As per Cisco's recommendation, make sure that the Bridge Protocol Data Unit (BPDU) guard is disabled on the switch port that is connected to the AP. Only when the switch puts the port in portfast mode can BPDU guard be enabled.
Comments