BPDU filter on a Unifi switch
Brand new Unifi Switch (48 POE-500W
) is experiencing some issues that do not affect the switch functionality, but it is filling our syslog server with messages like this:
US48P500,18e829286ff3,v4.0.80.10875 switch: DOT1S: dot1sBpduReceive(): Discarding the BPDU on port 0/1, since it is an invalid BPDU type
and
US48P500,18e829286ff3,v4.0.80.10875 switch: DOT1S: dot1sBpduReceive(): Invalid Forward Delay
Connecting to a Unifi switch
Since this is BPDU-related
, where BPDU
stands for Bridge Protocol Data Unit
, a type of L2 frame
usually exchanged between switching equipment, we can assume that the issue is with spanning-tree
. Upstream device (the one connected on port 0/1
) is an ISP device and we can’t configure it, and with limited options in the Unifi Controller
, we need to jump on the switch via SSH
:
ssh [email protected]
[email protected]'s password:
BusyBox v1.23.2 (2020-01-11 23:36:54 UTC) built-in shell (ash)
___ ___ .__________.__
| | |____ |__\_ ____/__|
| | / \| || __) | | (c) 2010-2019
| | | | \ || \ | | Ubiquiti Networks, Inc.
|______|___| /__||__/ |__|
|_/ https://www.ui.com/
Welcome to UniFi USW-48P-500!
Entering CLI on a Unifi switch
To enter the CLI
interface of the switch we need to telnet
to itself:
telnet 127.0.0.1
Entering character mode
Escape character is '^]'.
Warning!
The changes may break controller settings and only be effective until reboot.
The device is warning us that the changes we are making are only going to be effective until the last reboot. To enter privileged mode, we enter:
(UBNT) >enable
We already know that the port that’s having issues is 0/1
, so we will look at the spanning-tree
configuration of that port:
(UBNT) #show spanning-tree interface 0/1
Hello Time..................................... Not Configured
Port Mode...................................... Enabled
BPDU Guard Effect.............................. Disabled
Root Guard..................................... False
TCN Guard...................................... False
BPDU Filter Mode............................... Disabled
BPDU Flood Mode................................ Disabled
Auto Edge...................................... TRUE
Port Up Time Since Counters Last Cleared....... 13 day 19 hr 47 min 11 sec
STP BPDUs Transmitted.......................... 0
STP BPDUs Received............................. 0
RSTP BPDUs Transmitted......................... 597224
RSTP BPDUs Received............................ 0
MSTP BPDUs Transmitted......................... 0
MSTP BPDUs Received............................ 0
Configuring Unifi switch in CLI mode
At this point we are not going to go into details why this is happening, we just need to stop flooding
the syslog server
with messages. To do that, the easiest way is to enable BPDU filter
on the 0/1
interface. This will effectively ignore all BPDU
messages received on that port, and since the device connected on the other side shouldn’t participate in our STP topology
, we should be OK – at least until the next reboot 🙂
(UBNT) #configure
(UBNT) (Config)#interface 0/1
(UBNT) (Interface 0/1)#spanning-tree bpdufilter
(UBNT) (Interface 0/1)#end
Once we’re done with configuring the port, we will check once again for the spanning-tree settings on the port:
(UBNT) #show spanning-tree interface 0/1
...
BPDU Filter Mode............................... Enabled
...
As can be seen here, BPDU filter
is now enabled and the switch is no longer flooding the syslog server
.
As previously stated,
BPDU filter
is a functionality that will help us resolve the issue at hand. This still doesn’t resolve the underlying issue ofBPDU frames
being sent in the first place.BPDU filter
is a great option when you don’t control both devices that are having an issue and you need to resolve a symptom, not an underlying issue.
BPDU filter
shouldn’t be configured on ports of the devices we control unless we are trying to manually influence spanning-tree topology.BPDU
filtering on ports that are actually connected to switches in our network could causebridging loops
as the ports configured withBPDU filter
will ignore anyBPDU
they receive and will alway be in a forwarding state.
Configuration changes made in the CLI
of Unifi
equipment are not saved after a device reboot. Unfortunately, once the device is rebooted, changes made in the CLI
will be gone and this procedure will have to be repeated. This is by design as Unifi devices
should be managed by a Unifi Controller
, not directly. If anyone has an idea on how to make CLI
changes permanent, feel free to comment below.
Member discussion