BPDU Filter

pccthailand · ‎01-02-2008

q1. If i would link to disable spanning-tree process on port , could i use BPDU Filter ?

q2. I'm confused about portfast and bpdu filter, if i enable portfast then bpdu filter will auto enable on the port ? if the answer is yes , the port that have portfast enable will not process bpdu or participate spanning-tree ?

thanks

shrikar.dange · ‎01-02-2008

hi,

If you want to disable a perticular port not to particiapte in STP put that port in portfast mode.

Yes, if you configure portfast on a port the BPDU filter will automatically get enabled on that port.

You also can enable or disable BPDU filtering on specific switch ports by using the following

interface configuration command:

Switch(config-if)# spanning-tree bpdufilter {enable | disable}

Be very careful to enable BPDU filtering only under controlled circumstances in which you are

absolutely sure that a switch port will have a single host connected and that a loop will beimpossible. Enable BPDU filtering only if the connected device cannot allow BPDUs to be

accepted or sent. Otherwise, you should permit STP to operate on the switch ports as a precaution.

s.arunkumar · ‎01-02-2008

Hi

ans 1. To diable spanning tree configute portfast with bpdufilter feature,as it prevent from sending and receiving bpdu.

ans2. As i understand enabling portfast by default will not enable bpdu filter.You need to configure the port fast with "spanning-tree portfast bpdufilter default" cmd at global configuration mode.You can diable and enable at interface level as the above post says..

The port in portfast do send BPDU ,but not receive it.(when bpdu filter is not enabled)

arun :)

pccthailand · ‎01-02-2008

Thanks all reply for share knowledge

I'm not sure my idea is correct or not, please suggest me if it's wrong.

Switch port that configured portfast mode still in STP process, it can change state from forwarding to blocking , if i enble portfast the bpdu filter will auto enabled. If i'm not disable bpdu filter, port will deny any bdpu and not participate STP process but if disable bpdu filter the port will process only the portfast and participate STP process.

Thanks

shrikar.dange · ‎01-03-2008

hi,

As arun said if you enabled portfast it will NOT auto enable BPDUFILTER u have to specifically add that command on the port.

When the port is in portfast mode it will NOT participate in STP process it will be in the forwarding state.It will NOT recive BPDUS but will send BPDUS in PORTFAST mode (without BPDU filtering enabled).

If any port recieves a BPDU in a portfast (without BPDUGUARD & BPDUFILTER enabled) it will loose its PORTFAST forwading status and will go in to the errdisable or blocking state.

If you enable the BPDUFILTER on the portfast enabled port it will NOT send or recive any BPDUS & will not participate in STP process.

s.arunkumar · ‎01-03-2008

switchport in portfast mode is in spanning-tree operation.Just that it doesnt receive any bpdu.Ifa BPDU is received on a Port Fast-enabled interface, the interface loses its Port Fast-operational status,Portfast enables the port to transit fast into frowarding mode by skiping listening and leaning state ..hence saves 30 sec.

Enabling BPDU filtering on an interface is the same as disabling spanning tree on it.

Bpdu is not by default enabled when configuring portfast.It must be enabled by the cmd i mentioned in privious post.

Hope this clears u.. :)

twarner28 · ‎05-22-2009

Q1: Yes, BPDUFilter prohibits the sending of BPDUs out an interface. Take note that if enabled globally vs. interface level it is different behavior. If the port receives a BPDU when it is globally enabled, the port will proceed to negotiate STP. If enabled locally, it will just ignore the BPDU. If you want to permanently disable STP, I suggest disable on interface level basis.

interface g1/1

spanning-tree bpdufilter enable

Q2: Enabling portfast does not enable BPDU Filter.

davy.timmermans · ‎05-23-2009

it's a good practice not to enable bpdufilter. BPDUs has to be sent out all ports. If not, a loop will be created when 2 BPDU enabled ports of the same switch are directly connected.

If BPDUfilter is disabled this won't happen because or STP will block a port or go in errdisable if BPDUguard is configured (upon receive of a BPDU)