BPDU guard and filter

bigbrother74 · ‎09-26-2007

Hi

Issue:

BPDUguard (does prevent access switches to receive bpdu packets from other foreign switches because the port will go to be error-disable)

So far so good...

Case:

I was sniffing a switch port with the following config:

config-if>spanning-tree portfast

config-if>spanning-tree bpduguard enable

I still receive stp traffic from the switch port on my sniffer???

additional config:

config-if>spanning-tree bpdufilter enable

Than I can't sniff any stp traffic on the sniffed port.

Question:

How does it make sense that an access port just with portfast and bpduguard enabled, does send out any stp traffic if otherwise the port goes down when it receive stp (bpdu) traffic???

For me this scenario does not really make sense?

Any help are appreciated

Pari Thiagasundaram · ‎09-26-2007

As you have configured bpduguard, it wouldnt receive any BPDU's.

PortFast immediately transitions the port into STP forwarding mode upon linkup. The port still participates in STP.

twarner28 · ‎05-22-2009

Hi BPDU Guard function only prevents a port from performing STP negotiations on receipt of BPDU Packets. Portfast will just go into forwarding state upon linkup. So given the first 2 config commands it will not prevent the switch from sending BPDUs out the switch - hence sniffer getting packets.

BPDUFilter - when this is enabled. It PREVENTS bpdu's from being sent. That's why you *don't* see any frames in your sniffer.