This is an unusual situation, but it is not unheard of. Specifically, in your configuration, you are protecting the network from someone connecting a switch to the PC port of the phone. The portfast and BPDU Guard features should both be enabled as you have them, as this is best practice for security. However, it seems that the switch is “seeing” BPDUs on the Fa0/2 port and going into err-disabled state.
There are several reasons why this would occur:
- Someone is connecting a switch to the PC port of the phone. Of course, I’m sure you’ve checked that, but just including this here for completion.
- There is some software running on the PC that is sending BPDUs. This would be the case if someone is trying to hack the network using specialized network tools, or if someone is running an emulator on the device using GNS3 for example. Some configuration may have sent some BPDUs over the physical network.
- Although rare, it has happened that faulty cables have caused problems with BPDU guard being tripped.
I suggest you check out the following:
- Verify that the err-disable reason is indeed due to BPDU Guard
- Is the problem reproducible? Do you see it on other ports with other phones? Try to switch cables, switch ports on the switch, and even disconnect the PC for a while and see if that makes any changes. This way you can focus on what is causing the problem (cable, PC, phone, switch port). By changing one element at a time, you can eliminate specific sources of the problem.
Try these out and let us know the results so we can further help you in troubleshooting…
I hope this has been helpful!