Disabling BPDU Forwarding

Bridge Protocol Data Unit (BPDU) is a data message that is sent between switches in an extended LAN that uses a Spanning Tree Protocol (STP) topology. When VLAN translation is configured, BPDU frames can send the incorrect VLAN number to switch ports through the bridge. This mismatch can cause the switch port to block traffic.

To resolve this issue, it is necessary to disable BPDU forwarding in a manner that survives reboot. This solution also works well for layer 2 Virtual Systems.

To permanently disable BPDU forwarding:

1. Open /etc/rc.d/init.d/network in a text editor.
2. Search for /etc/init.d/functions.
3. Add this new line after the above line:

   /sbin/sysctl -w net.bridge.bpdu_forwarding=0

4. Exit the editor and save the file.
5. Copy the file to all SGMs with this command:

   > asg_cp2blades /etc/rc.d/init.d/network

6. Reboot the system.

   If you are using a dual Chassis 61000/41000 Security System, reboot the Standby Chassis first and then reboot the Active Chassis.

To learn more, see sk98927.